Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # gpsd - GPS daemon |
| 2 | type gpsd, domain; |
| 3 | type gpsd_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(gpsd) |
| 6 | net_domain(gpsd) |
Stephen Smalley | a60abdc | 2013-10-29 14:42:36 -0400 | [diff] [blame] | 7 | allow gpsd gps_data_file:dir rw_dir_perms; |
| 8 | allow gpsd gps_data_file:notdevfile_class_set create_file_perms; |
Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 9 | # Socket is created by the daemon, not by init, and under /data/gps, |
| 10 | # not under /dev/socket. |
| 11 | type_transition gpsd gps_data_file:sock_file gps_socket; |
Stephen Smalley | a60abdc | 2013-10-29 14:42:36 -0400 | [diff] [blame] | 12 | allow gpsd gps_socket:sock_file create_file_perms; |
| 13 | # XXX Label sysfs files with a specific type? |
| 14 | allow gpsd sysfs:file rw_file_perms; |
rpcraig | e07b8a5 | 2012-08-13 06:09:39 -0400 | [diff] [blame] | 15 | |
Stephen Smalley | a60abdc | 2013-10-29 14:42:36 -0400 | [diff] [blame] | 16 | allow gpsd gps_device:chr_file rw_file_perms; |
| 17 | |
| 18 | # Execute the shell or system commands. |
| 19 | allow gpsd shell_exec:file rx_file_perms; |
| 20 | allow gpsd system_file:file rx_file_perms; |