blob: d0ff9f0301f3ba655e0e5e7f963df1caa85fd407 [file] [log] [blame]
policy_module(swtpm, 1.0.0)
########################################
#
# Declarations
#
attribute_role swtpm_roles;
roleattribute system_r swtpm_roles;
type swtpm_t;
type swtpm_exec_t;
application_domain(swtpm_t, swtpm_exec_t)
role swtpm_roles types swtpm_t;
########################################
#
# swtpm local policy
#
allow swtpm_t self:capability { setgid setuid dac_override dac_read_search };
allow swtpm_t self:fifo_file manage_fifo_file_perms;
allow swtpm_t self:unix_stream_socket create_stream_socket_perms;
domain_use_interactive_fds(swtpm_t)
files_read_etc_files(swtpm_t)
auth_use_nsswitch(swtpm_t)
miscfiles_read_localization(swtpm_t)