selinux: Add Type Enforcement rule compilation

The SELinux rules are needed for VPN. They allow various vpn clients to send notifications to connman-vpnd via net.connman.Task dbus interface if the connman processes are run under systemd and the system is in enforcing mode.
author: Jukka Rissanen <jukka.rissanen@linux.intel.com> 2012-11-12 14:07:58 +0200
committer: Patrik Flykt <patrik.flykt@linux.intel.com> 2012-11-23 12:58:52 +0200
commit: acedf9d49b9a326771aeec755179e3ede3872cdd (patch)
tree: b4eff171ca55eb9a4cb1d9fdfd9f6638848e051c /vpn/connman-task.te
parent: 9b45848a88af4ae202bce346062a7c8db9bc6a66 (diff)
download: connman-acedf9d49b9a326771aeec755179e3ede3872cdd.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/vpn/connman-task.te b/vpn/connman-task.te
new file mode 100644
index 00000000..dd777107
--- /dev/null
+++ b/vpn/connman-task.te
@@ -0,0 +1,16 @@
+# SElinux policy file for allowing various vpn clients
+# to access net.connman.Task dbus interface
+
+module connman-task 1.0;
+
+require {
+	type openvpn_t;
+	type openconnect_t;
+	type vpnc_t;
+	type initrc_t;
+	class dbus send_msg;
+}
+
+allow openvpn_t initrc_t:dbus send_msg;
+allow openconnect_t initrc_t:dbus send_msg;
+allow vpnc_t initrc_t:dbus send_msg;
author	Jukka Rissanen <jukka.rissanen@linux.intel.com>	2012-11-12 14:07:58 +0200
committer	Patrik Flykt <patrik.flykt@linux.intel.com>	2012-11-23 12:58:52 +0200
commit	acedf9d49b9a326771aeec755179e3ede3872cdd (patch)
tree	b4eff171ca55eb9a4cb1d9fdfd9f6638848e051c /vpn/connman-task.te
parent	9b45848a88af4ae202bce346062a7c8db9bc6a66 (diff)
download	connman-acedf9d49b9a326771aeec755179e3ede3872cdd.tar.gz