Allow mpdecision dac_override.

Addresses denials such as: avc: denied { dac_override } for comm="mpdecision" capability=1 scontext=u:r:mpdecision:s0 tcontext=u:r:mpdecision:s0 tclass=capability Also auditallow them so that we can track its usage and hopefully eliminate the need for this capability in the future. Change-Id: Ieb617183dadc6e8655d1f808691cdfeeab4a96f3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2014-06-11 09:23:05 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> 2014-06-11 12:04:20 -0400
commit: a06a056fd08bc13212a424b58153d85be8ab3d22 (patch)
tree: 63fc13edb86858904c4f3bf9375ff8b00ab48cfb /sepolicy
parent: 8b15fef6ee2caf45be4d9360ec29fc4ef3028220 (diff)
download: mako-a06a056fd08bc13212a424b58153d85be8ab3d22.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/mpdecision.te b/sepolicy/mpdecision.te
index c4455da..838836d 100644
--- a/sepolicy/mpdecision.te
+++ b/sepolicy/mpdecision.te
@@ -2,6 +2,10 @@
 type mpdecision, domain;
 type mpdecision_exec, exec_type, file_type;
 
+# DAC overrides
+allow mpdecision self:capability dac_override;
+auditallow mpdecision self:capability dac_override;
+
 # Started by init
 init_daemon_domain(mpdecision)
author	Stephen Smalley <sds@tycho.nsa.gov>	2014-06-11 09:23:05 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	2014-06-11 12:04:20 -0400
commit	a06a056fd08bc13212a424b58153d85be8ab3d22 (patch)
tree	63fc13edb86858904c4f3bf9375ff8b00ab48cfb /sepolicy
parent	8b15fef6ee2caf45be4d9360ec29fc4ef3028220 (diff)
download	mako-a06a056fd08bc13212a424b58153d85be8ab3d22.tar.gz