commit: 0e6ef13cb306c6334acaf45ac032a9db4bda3680
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Jan 20 14:23:22 2015 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Mon Jan 26 06:42:28 2015 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0e6ef13c
Introduce networkmanager_rw_rawip_sockets
---
policy/modules/contrib/networkmanager.if | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/policy/modules/contrib/networkmanager.if
b/policy/modules/contrib/networkmanager.if
index 5aced8c..b512ce0 100644
--- a/policy/modules/contrib/networkmanager.if
+++ b/policy/modules/contrib/networkmanager.if
@@ -381,3 +381,23 @@ interface(`networkmanager_run_wpa_cli',`
networkmanager_domtrans_wpa_cli($1)
role $2 types wpa_cli_t;
')
+
+# Gentoo specific interfaces follow but not allowed ifdef
+
+########################################
+## <summary>
+## Read and write networkmanager rawip sockets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`networkmanager_rw_rawip_sockets',`
+ gen_require(`
+ type NetworkManager_t;
+ ')
+
+ allow $1 NetworkManager_t:rawip_socket { read write };
+')
