Merge "Make ppp permissive or unconfined."

commit: 00abfd61a80c42cb72e5a658c25acb9a4da4d349 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Feb 12 23:20:39 2014 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Feb 12 23:20:39 2014 +0000
tree: 2aee7ad8494e361e9700b0eec370cd322c59aae7
parent: 9145918ddfd9a646b0f90afab2848d7cd0f9c0b0 [diff]
parent: cc65fe8271ee7ed3c54a641a6c87262925db8f9f [diff]
diff --git a/ppp.te b/ppp.te
index 1f61fdd..21838f1 100644
--- a/ppp.te
+++ b/ppp.te

@@ -1,6 +1,15 @@
 # Point to Point Protocol daemon
 type ppp, domain;
+permissive_or_unconfined(ppp)
 type ppp_device, dev_type;
 type ppp_exec, exec_type, file_type;
-unconfined_domain(ppp)
 domain_auto_trans(mtp, ppp_exec, ppp)
+
+allow ppp mtp:socket rw_socket_perms;
+allow ppp ppp_device:chr_file rw_file_perms;
+allow ppp self:capability net_admin;
+allow ppp self:udp_socket create_socket_perms;
+allow ppp system_file:file rx_file_perms;
+allow ppp vpn_data_file:dir w_dir_perms;
+allow ppp vpn_data_file:file create_file_perms;
+allow ppp mtp:fd use;
commit	00abfd61a80c42cb72e5a658c25acb9a4da4d349	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Feb 12 23:20:39 2014 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Feb 12 23:20:39 2014 +0000
tree	2aee7ad8494e361e9700b0eec370cd322c59aae7
parent	9145918ddfd9a646b0f90afab2848d7cd0f9c0b0 [diff]
parent	cc65fe8271ee7ed3c54a641a6c87262925db8f9f [diff]