PERFORCE change 113398 for review
Todd Miller
millert at FreeBSD.org
Mon Jan 22 20:11:29 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113398
Change 113398 by millert at millert_macbook on 2007/01/22 19:58:59
Clean up memberd.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#7 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#7 (text+ko) ====
@@ -28,6 +28,8 @@
## internal communication is often done using fifo and unix sockets.
allow memberd_t self:fifo_file { read write };
allow memberd_t self:unix_stream_socket create_stream_socket_perms;
+allow memberd_t self:socket { connect write };
+allow memberd_t self:unix_dgram_socket create;
# pid file
allow memberd_t memberd_var_run_t:file manage_file_perms;
@@ -55,11 +57,21 @@
# Talk to WindowServer
WindowServer_allow_ipc(memberd_t)
-# Allow shared memory usage w/ notifyd
+# Talk to notifyd
+notifyd_allow_ipc(memberd_t)
notifyd_allow_shm(memberd_t)
# Use Frameworks
frameworks_read(memberd_t)
+# Read CoreServices
+darwin_allow_CoreServices_read(memberd_t)
+
# read /System
darwin_allow_system_read(memberd_t)
+
+# Read /private
+darwin_allow_private_read(memberd_t)
+
+# Read /var symlinks
+files_read_var_files(memberd_t)
More information about the trustedbsd-cvs
mailing list