selinux-policy/tabrmd.te

policy_module(tabrmd, 0.0.2)

########################################
#
# Declarations
#

gen_tunable(`tabrmd_connect_all_unreserved', false)

type tabrmd_t;
type tabrmd_exec_t;
init_daemon_domain(tabrmd_t, tabrmd_exec_t)

allow tabrmd_t self:unix_dgram_socket { create_socket_perms };

dev_rw_tpm(tabrmd_t)
logging_send_syslog_msg(tabrmd_t)
sysnet_dns_name_resolve(tabrmd_t)

optional_policy(`
    dbus_stub()
    dbus_system_domain(tabrmd_t, tabrmd_exec_t)
    allow system_dbusd_t tabrmd_t:unix_stream_socket rw_stream_socket_perms;
    fwupd_dbus_chat(tabrmd_t)
')

tunable_policy(`tabrmd_connect_all_unreserved',`
    corenet_tcp_connect_all_unreserved_ports(tabrmd_t)
')