| type cros_chapsd, domain, chromeos_domain; |
| |
| domain_auto_trans(cros_init, cros_chapsd_exec, cros_chapsd); |
| allow cros_chapsd cros_init:fd use; |
| |
| log_writer(cros_chapsd); |
| uma_writer(cros_chapsd); |
| cros_dbus_client(cros_chapsd); |
| cros_tcsd_client(cros_chapsd); |
| |
| r_dir_file(cros_chapsd, cgroup); |
| |
| allow cros_chapsd self:capability { setuid setgid }; |
| |
| rw_dir_file(cros_chapsd, cros_var_lib_chaps); |
| allow cros_chapsd cros_var_lib_chaps:{file dir} { create unlink rename }; |
| |
| r_dir_file(cros_chapsd, cros_passwd_file); |
| |
| cros_tcp_connect(cros_chapsd); |
| |
| allow cros_chapsd sysfs:file r_file_perms; |
| |
| |
| allow cros_chapsd cros_power_override_lock_file:dir rw_dir_perms; |
| allow cros_chapsd cros_power_override_lock_file:file create_file_perms; |
| |
| allow cros_chapsd kernel:system module_request; |
| |
| allow cros_chapsd cros_home_shadow_uid_root:dir { getattr search }; |
| allow cros_chapsd cros_home_root:dir { getattr search }; |
| allow cros_chapsd cros_home:dir { getattr search }; |
| allow cros_chapsd cros_home_shadow_uid_root_chaps:dir create_dir_perms; |
| allow cros_chapsd cros_home_shadow_uid_root_chaps:file create_file_perms; |
