[DSE-User] SELinux on Wheezy: apm

[Arno Schuring]

acpid in Wheezy apparently uses a netlink socket and wants to read
input events. I haven't given it much of my time, but the input device
appears to be the power button.


Regards,
Arno

-8<--
diff --git a/policy/modules/services/apm.fc b/policy/modules/services/apm.fc
index 0123777..041a26a 100644
--- a/policy/modules/services/apm.fc
+++ b/policy/modules/services/apm.fc
@@ -14,6 +14,7 @@
 /var/log/acpid.*	--	gen_context(system_u:object_r:apmd_log_t,s0)
 
 /var/run/\.?acpid\.socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
+/run/\.?acpid\.socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
 /var/run/apmd\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
 /var/run/powersaved\.pid --	gen_context(system_u:object_r:apmd_var_run_t,s0)
 /var/run/powersave_socket -s	gen_context(system_u:object_r:apmd_var_run_t,s0)
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index 8047894..4fa1de0 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -1,4 +1,4 @@
-policy_module(apm, 1.11.0)
+policy_module(apm, 1.11.2)
 
 ########################################
 #
@@ -64,6 +64,7 @@ allow apmd_t self:process { signal_perms getsession };
 allow apmd_t self:fifo_file rw_fifo_file_perms;
 allow apmd_t self:unix_dgram_socket create_socket_perms;
 allow apmd_t self:unix_stream_socket create_stream_socket_perms;
+allow apmd_t self:netlink_socket create_socket_perms;
 
 allow apmd_t apmd_log_t:file manage_file_perms;
 logging_log_filetrans(apmd_t, apmd_log_t, file)
@@ -81,6 +82,7 @@ kernel_rw_all_sysctls(apmd_t)
 kernel_read_system_state(apmd_t)
 kernel_write_proc_files(apmd_t)
 
+dev_read_input(apmd_t)
 dev_read_realtime_clock(apmd_t)
 dev_read_urand(apmd_t)
 dev_rw_apm_bios(apmd_t)