trousers.te

来自「可信计算 TPM 很重要的应用底层接口封装中间层 IBM资深人员开发」· TE 代码 · 共 34 行

type tcsd_device_t, device_type, dev_fs;
type tcsd_readwrite_t, file_type;
type tcsd_config_t, file_type, sysadmfile;
daemon_domain(tcsd, `')
general_domain_access(tcsd_t)
allow unconfined_t tcsd_t:process transition;
type_transition unconfined_t tcsd_exec_t:process tcsd_t;
allow tcsd_t tcsd_exec_t:dir r_dir_perms;
allow tcsd_t etc_t:file { read getattr lock ioctl };
allow tcsd_t etc_t:lnk_file { read getattr };
allow tcsd_t devtty_t:chr_file { ioctl read getattr lock write append };
allow tcsd_t devpts_t:chr_file { ioctl read getattr lock write append };
can_network(tcsd_t)
read_sysctl(tcsd_t, full)
r_dir_file(tcsd_t, usr_t)
r_dir_file(tcsd_t, tcsd_config_t)
rw_dir_file(tcsd_t, tcsd_readwrite_t)
allow tcsd_t tcsd_readwrite_t:file { setattr };
allow tcsd_t tcsd_readwrite_t:dir { setattr };
allow tcsd_t tcsd_device_t:chr_file { ioctl read getattr lock write append };
allow tcsd_t { random_device_t }:chr_file { read getattr };
allow tcsd_t lib_t:dir r_dir_perms;
allow tcsd_t lib_t:file { rx_file_perms execmod };
allow tcsd_t lib_t:lnk_file r_file_perms;
allow tcsd_t lib_t:file { rx_file_perms execmod };
allow tcsd_t lib_t:lnk_file r_file_perms;
allow tcsd_t lib_t:file { rx_file_perms execmod };
allow tcsd_t lib_t:lnk_file r_file_perms;
allow tcsd_t var_lib_t:dir r_dir_perms;
allow tcsd_t var_lib_t:file { rx_file_perms execmod };
allow tcsd_t var_lib_t:lnk_file r_file_perms;
allow tcsd_t port_type:tcp_socket { send_msg recv_msg name_bind };
allow tcsd_t self:capability { chown net_bind_service dac_override fowner fsetid };