[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/

[Jason Zaman]

commit:     1404015272ed6954f662683dfc503bbaac7da319
Author:     Russell Coker <russell <AT> coker <DOT> com <DOT> au>
AuthorDate: Mon Jan 28 08:48:40 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 10 04:11:25 2019 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=14040152

yet another little patch

This should all be obvious.

Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

 policy/modules/services/devicekit.te | 2 ++
 policy/modules/system/lvm.te         | 1 +
 policy/modules/system/sysnetwork.te  | 1 +
 3 files changed, 4 insertions(+)

diff --git a/policy/modules/services/devicekit.te 
b/policy/modules/services/devicekit.te
index ca9de7cc..941880ef 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -91,6 +91,7 @@ files_pid_filetrans(devicekit_disk_t, devicekit_var_run_t, { 
dir file })
 kernel_getattr_message_if(devicekit_disk_t)
 kernel_list_unlabeled(devicekit_disk_t)
 kernel_dontaudit_getattr_unlabeled_files(devicekit_disk_t)
+kernel_read_crypto_sysctls(devicekit_disk_t)
 kernel_read_fs_sysctls(devicekit_disk_t)
 kernel_read_network_state(devicekit_disk_t)
 kernel_read_software_raid_state(devicekit_disk_t)
@@ -108,6 +109,7 @@ dev_getattr_all_chr_files(devicekit_disk_t)
 dev_getattr_mtrr_dev(devicekit_disk_t)
 dev_getattr_usbfs_dirs(devicekit_disk_t)
 dev_manage_generic_files(devicekit_disk_t)
+dev_read_rand(devicekit_disk_t)
 dev_read_urand(devicekit_disk_t)
 dev_rw_sysfs(devicekit_disk_t)
 

diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index f4999e1b..bff2baa7 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -308,6 +308,7 @@ init_use_fds(lvm_t)
 init_dontaudit_getattr_initctl(lvm_t)
 init_use_script_ptys(lvm_t)
 init_read_script_state(lvm_t)
+init_read_script_tmp_files(lvm_t)
 # for systemd-cryptsetup to talk to /run/systemd/journal/socket
 init_stream_connect(lvm_t)
 

diff --git a/policy/modules/system/sysnetwork.te 
b/policy/modules/system/sysnetwork.te
index 08f62ccd..ece5a301 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -375,6 +375,7 @@ ifdef(`hide_broken_symptoms',`
 
 optional_policy(`
        devicekit_read_pid_files(ifconfig_t)
+       devicekit_append_inherited_log_files(ifconfig_t)
 ')
 
 optional_policy(`