blob: 3175cd1b8438e5bd881a2930d06e8cfd371f27c9 [file] [log] [blame]
# firewalld.
type firewalld, domain;
type firewalld_exec, exec_type, file_type;
brillo_domain(firewalld)
net_domain(firewalld)
# Allow crash_reporter access to core dump files.
allow_crash_reporter(firewalld)
allow firewalld self:capability { net_admin net_raw };
allow firewalld self:rawip_socket create_socket_perms;
allow firewalld system_file:file rx_file_perms;
r_dir_file(firewalld, proc)
allow firewalld proc:filesystem getattr;
allow firewalld proc_net:file getattr;
allow firewalld firewalld_service:service_manager { add find };