1 files changed, 58 insertions, 0 deletions

diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te
new file mode 100644
index 00000000..cd8ead33
--- /dev/null
+++ b/policy/modules/services/rdisc.te
@@ -0,0 +1,58 @@
+policy_module(rdisc, 1.9.0)
+
+########################################
+#
+# Declarations
+#
+
+type rdisc_t;
+type rdisc_exec_t;
+init_daemon_domain(rdisc_t, rdisc_exec_t)
+
+########################################
+#
+# Local policy
+#
+
+allow rdisc_t self:capability net_raw;
+dontaudit rdisc_t self:capability sys_tty_config;
+allow rdisc_t self:process signal_perms;
+allow rdisc_t self:unix_stream_socket { accept listen };
+allow rdisc_t self:udp_socket create_socket_perms;
+allow rdisc_t self:rawip_socket create_socket_perms;
+
+kernel_list_proc(rdisc_t)
+kernel_read_proc_symlinks(rdisc_t)
+kernel_read_kernel_sysctls(rdisc_t)
+
+corenet_all_recvfrom_unlabeled(rdisc_t)
+corenet_all_recvfrom_netlabel(rdisc_t)
+corenet_udp_sendrecv_generic_if(rdisc_t)
+corenet_raw_sendrecv_generic_if(rdisc_t)
+corenet_udp_sendrecv_generic_node(rdisc_t)
+corenet_raw_sendrecv_generic_node(rdisc_t)
+corenet_udp_sendrecv_all_ports(rdisc_t)
+
+dev_read_sysfs(rdisc_t)
+
+fs_search_auto_mountpoints(rdisc_t)
+
+domain_use_interactive_fds(rdisc_t)
+
+files_read_etc_files(rdisc_t)
+
+logging_send_syslog_msg(rdisc_t)
+
+miscfiles_read_localization(rdisc_t)
+
+sysnet_read_config(rdisc_t)
+
+userdom_dontaudit_use_unpriv_user_fds(rdisc_t)
+
+optional_policy(`
+	seutil_sigchld_newrole(rdisc_t)
+')
+
+optional_policy(`
+	udev_read_db(rdisc_t)
+')