1# gpsd - GPS daemon 2type gpsd, domain; 3type gpsd_exec, exec_type, file_type; 4 5init_daemon_domain(gpsd) 6net_domain(gpsd) 7allow gpsd gps_data_file:dir rw_dir_perms; 8allow gpsd gps_data_file:notdevfile_class_set create_file_perms; 9# Socket is created by the daemon, not by init, and under /data/gps, 10# not under /dev/socket. 11type_transition gpsd gps_data_file:sock_file gps_socket; 12allow gpsd gps_socket:sock_file create_file_perms; 13# XXX Label sysfs files with a specific type? 14allow gpsd sysfs:file rw_file_perms; 15 16allow gpsd gps_device:chr_file rw_file_perms; 17 18# Execute the shell or system commands. 19allow gpsd shell_exec:file rx_file_perms; 20allow gpsd system_file:file rx_file_perms; 21 22### 23### neverallow 24### 25 26# gpsd can never have capabilities other than block_suspend 27neverallow gpsd self:capability *; 28neverallow gpsd self:capability2 ~block_suspend; 29