]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/modules/apps/gnome.if
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix typo
[people/stevee/selinux-policy.git] / policy / modules / apps / gnome.if
CommitLineData
00219064
CP		 1## <summary>GNU network object model environment (GNOME)</summary>
2
efa04715 3###########################################################
00219064 4## <summary>
efa04715 5## Role access for gnome
00219064 6## </summary>
efa04715
MG		 7## <param name="role">
8## <summary>
9## Role allowed access
10## </summary>
00219064 11## </param>
efa04715
MG		 12## <param name="domain">
13## <summary>
14## User domain for the role
15## </summary>
00219064
CP		 16## </param>
17#
296273a7 18interface(`gnome_role',`
efa04715
MG		 19 gen_require(`
20 type gconfd_t, gconfd_exec_t;
21 type gconf_tmp_t;
22 ')
00219064 23
efa04715 24 role $1 types gconfd_t;
00219064 25
efa04715
MG		 26 domain_auto_trans($2, gconfd_exec_t, gconfd_t)
27 allow gconfd_t $2:fd use;
28 allow gconfd_t $2:fifo_file write;
29 allow gconfd_t $2:unix_stream_socket connectto;
6b19be33 30
efa04715 31 ps_process_pattern($2, gconfd_t)
00219064 32
31d4b0a6 33 #gnome_stream_connect_gconf_template($1, $2)
296273a7
CP		 34 read_files_pattern($2, gconf_tmp_t, gconf_tmp_t)
35 allow $2 gconfd_t:unix_stream_socket connectto;
efa04715 36')
ca9e8850 37
efa04715
MG		 38######################################
39## <summary>
40## The role template for the gnome-keyring-daemon.
41## </summary>
42## <param name="user_prefix">
43## <summary>
44## The user prefix.
45## </summary>
46## </param>
47## <param name="user_role">
48## <summary>
49## The user role.
50## </summary>
51## </param>
52## <param name="user_domain">
53## <summary>
54## The user domain associated with the role.
55## </summary>
56## </param>
57#
58interface(`gnome_role_gkeyringd',`
59 gen_require(`
60 attribute gkeyringd_domain;
61 attribute gnome_domain;
62 type gnome_home_t;
63 type gkeyringd_exec_t, gkeyringd_tmp_t, gkeyringd_gnome_home_t;
1d7e6f6b 64 class dbus send_msg;
efa04715
MG		 65 ')
66
67 type gkeyringd_$1_t, gnome_domain, gkeyringd_domain;
68 application_domain(gkeyringd_$1_t, gkeyringd_exec_t)
69 ubac_constrained(gkeyringd_$1_t)
ca9e8850 70
efa04715 71 role $2 types gkeyringd_$1_t;
ca9e8850 72
efa04715 73 domtrans_pattern($3, gkeyringd_exec_t, gkeyringd_$1_t)
ca9e8850 74
efa04715
MG		 75 allow $3 gkeyringd_gnome_home_t:dir { relabel_dir_perms manage_dir_perms };
76 allow $3 gkeyringd_gnome_home_t:file { relabel_file_perms manage_file_perms };
ca9e8850 77
efa04715
MG		 78 allow $3 gkeyringd_tmp_t:dir { relabel_dir_perms manage_dir_perms };
79 allow $3 gkeyringd_tmp_t:sock_file { relabel_sock_file_perms manage_sock_file_perms };
ca9e8850 80
0e50301b
DW		 81 corecmd_bin_domtrans(gkeyringd_$1_t, $1_t)
82 corecmd_shell_domtrans(gkeyringd_$1_t, $1_t)
83 allow gkeyringd_$1_t $3:process sigkill;
84 allow $3 gkeyringd_$1_t:fd use;
85 allow $3 gkeyringd_$1_t:fifo_file rw_fifo_file_perms;
86
efa04715 87 ps_process_pattern(gkeyringd_$1_t, $3)
ca9e8850 88
efa04715
MG		 89 ps_process_pattern($3, gkeyringd_$1_t)
90 allow $3 gkeyringd_$1_t:process { ptrace signal_perms };
ca9e8850 91
efa04715
MG		 92 dontaudit $3 gkeyringd_exec_t:file entrypoint;
93
5598732f
DW		 94 stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_$1_t)
95
1d7e6f6b
DW		 96 allow gkeyringd_$1_t $3:dbus send_msg;
97 allow $3 gkeyringd_$1_t:dbus send_msg;
efa04715 98 optional_policy(`
1d7e6f6b
DW		 99 dbus_session_domain(gkeyringd_$1_t, gkeyringd_exec_t)
100 dbus_session_bus_client(gkeyringd_$1_t)
101 gnome_home_dir_filetrans(gkeyringd_$1_t)
102 gnome_manage_generic_home_dirs(gkeyringd_$1_t)
efa04715 103
1d7e6f6b 104 optional_policy(`
efa04715 105 telepathy_mission_control_read_state(gkeyringd_$1_t)
1d7e6f6b 106 ')
efa04715 107 ')
00219064 108')
2a98379a 109
ab8f919e
CP		 110########################################
111## <summary>
a947daf6 112## gconf connection template.
ab8f919e 113## </summary>
aa760a23 114## <param name="domain">
ab8f919e 115## <summary>
aa760a23 116## Domain allowed access.
ab8f919e
CP		 117## </summary>
118## </param>
119#
a947daf6 120interface(`gnome_stream_connect_gconf',`
ab8f919e 121 gen_require(`
a947daf6 122 type gconfd_t, gconf_tmp_t;
ab8f919e
CP		 123 ')
124
a947daf6
DW		 125 read_files_pattern($1, gconf_tmp_t, gconf_tmp_t)
126 allow $1 gconfd_t:unix_stream_socket connectto;
ab8f919e
CP		 127')
128
ca9e8850
DW		 129########################################
130## <summary>
131## Connect to gkeyringd with a unix stream socket.
132## </summary>
133## <param name="role_prefix">
134## <summary>
135## Role prefix.
136## </summary>
137## </param>
138## <param name="domain">
139## <summary>
140## Domain allowed access.
141## </summary>
142## </param>
143#
144interface(`gnome_stream_connect_gkeyringd',`
145 gen_require(`
455fe183
MG		 146 attribute gkeyringd_domain;
147 type gkeyringd_tmp_t;
148 type gconf_tmp_t;
ca9e8850
DW		 149 ')
150
455fe183 151 allow $1 gconf_tmp_t:dir search_dir_perms;
c9799808 152 stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain)
ca9e8850
DW		 153')
154
155########################################
156## <summary>
157## Connect to gkeyringd with a unix stream socket.
158## </summary>
159## <param name="role_prefix">
160## <summary>
161## Role prefix.
162## </summary>
163## </param>
164## <param name="domain">
165## <summary>
166## Domain allowed access.
167## </summary>
168## </param>
169#
170interface(`gnome_stream_connect_all_gkeyringd',`
171 gen_require(`
172 attribute gkeyringd_domain;
173 type gkeyringd_tmp_t;
f28aaa84 174 type gconf_tmp_t;
ca9e8850
DW		 175 ')
176
f28aaa84 177 allow $1 gconf_tmp_t:dir search_dir_perms;
ca9e8850 178 stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain)
ca9e8850
DW		 179')
180
a947daf6 181########################################
ab8f919e 182## <summary>
a947daf6 183## Run gconfd in gconfd domain.
ab8f919e
CP		 184## </summary>
185## <param name="domain">
186## <summary>
187## Domain allowed access.
188## </summary>
189## </param>
190#
a947daf6 191interface(`gnome_domtrans_gconfd',`
ab8f919e 192 gen_require(`
a947daf6 193 type gconfd_t, gconfd_exec_t;
ab8f919e
CP		 194 ')
195
a947daf6 196 domtrans_pattern($1, gconfd_exec_t, gconfd_t)
ab8f919e
CP		 197')
198
57955a25
DW		 199########################################
200## <summary>
201## Dontaudit read gnome homedir content (.config)
202## </summary>
203## <param name="domain">
204## <summary>
205## Domain allowed access.
206## </summary>
207## </param>
208#
209interface(`gnome_dontaudit_read_config',`
210 gen_require(`
211 attribute gnome_home_type;
212 ')
213
214 dontaudit $1 gnome_home_type:dir read_inherited_file_perms;
215')
216
00219064
CP		 217########################################
218## <summary>
a947daf6 219## Dontaudit search gnome homedir content (.config)
00219064 220## </summary>
aa760a23 221## <param name="domain">
00219064 222## <summary>
aa760a23 223## Domain allowed access.
6b19be33
CP		 224## </summary>
225## </param>
226#
a947daf6 227interface(`gnome_dontaudit_search_config',`
6b19be33 228 gen_require(`
a947daf6 229 attribute gnome_home_type;
6b19be33
CP		 230 ')
231
a947daf6 232 dontaudit $1 gnome_home_type:dir search_dir_perms;
6b19be33
CP		 233')
234
ab8f919e
CP		 235########################################
236## <summary>
a947daf6 237## manage gnome homedir content (.config)
3eaa9939 238## </summary>
aa760a23 239## <param name="domain">
3eaa9939 240## <summary>
aa760a23 241## Domain allowed access.
3eaa9939
DW		 242## </summary>
243## </param>
244#
a947daf6 245interface(`gnome_manage_config',`
3eaa9939
DW		 246 gen_require(`
247 attribute gnome_home_type;
248 ')
249
a947daf6
DW		 250 allow $1 gnome_home_type:dir manage_dir_perms;
251 allow $1 gnome_home_type:file manage_file_perms;
252 allow $1 gnome_home_type:lnk_file manage_lnk_file_perms;
253 userdom_search_user_home_dirs($1)
3eaa9939
DW		 254')
255
256########################################
257## <summary>
258## Send general signals to all gconf domains.
ab8f919e
CP		 259## </summary>
260## <param name="domain">
261## <summary>
262## Domain allowed access.
263## </summary>
264## </param>
265#
3eaa9939 266interface(`gnome_signal_all',`
ab8f919e 267 gen_require(`
ca9e8850 268 attribute gnome_domain;
ab8f919e
CP		 269 ')
270
ca9e8850 271 allow $1 gnome_domain:process signal;
ab8f919e
CP		 272')
273
274########################################
275## <summary>
3eaa9939
DW		 276## Create objects in a Gnome cache home directory
277## with an automatic type transition to
278## a specified private type.
279## </summary>
280## <param name="domain">
281## <summary>
282## Domain allowed access.
283## </summary>
284## </param>
285## <param name="private_type">
286## <summary>
287## The type of the object to create.
288## </summary>
289## </param>
290## <param name="object_class">
291## <summary>
292## The class of the object to be created.
293## </summary>
294## </param>
295#
296interface(`gnome_cache_filetrans',`
297 gen_require(`
298 type cache_home_t;
299 ')
300
301 filetrans_pattern($1, cache_home_t, $2, $3)
302 userdom_search_user_home_dirs($1)
303')
304
305########################################
306## <summary>
307## Read generic cache home files (.cache)
308## </summary>
309## <param name="domain">
310## <summary>
311## Domain allowed access.
312## </summary>
313## </param>
314#
315interface(`gnome_read_generic_cache_files',`
316 gen_require(`
317 type cache_home_t;
318 ')
319
320 read_files_pattern($1, cache_home_t, cache_home_t)
321 userdom_search_user_home_dirs($1)
322')
323
324########################################
325## <summary>
326## Set attributes of cache home dir (.cache)
327## </summary>
328## <param name="domain">
329## <summary>
330## Domain allowed access.
331## </summary>
332## </param>
333#
334interface(`gnome_setattr_cache_home_dir',`
335 gen_require(`
336 type cache_home_t;
337 ')
338
339 setattr_dirs_pattern($1, cache_home_t, cache_home_t)
340 userdom_search_user_home_dirs($1)
341')
342
c71f02c0
DW		 343########################################
344## <summary>
345## append to generic cache home files (.cache)
346## </summary>
347## <param name="domain">
348## <summary>
349## Domain allowed access.
350## </summary>
351## </param>
352#
353interface(`gnome_append_generic_cache_files',`
354 gen_require(`
355 type cache_home_t;
356 ')
357
358 append_files_pattern($1, cache_home_t, cache_home_t)
359 userdom_search_user_home_dirs($1)
360')
361
3eaa9939
DW		 362########################################
363## <summary>
364## write to generic cache home files (.cache)
365## </summary>
366## <param name="domain">
367## <summary>
368## Domain allowed access.
369## </summary>
370## </param>
371#
372interface(`gnome_write_generic_cache_files',`
373 gen_require(`
374 type cache_home_t;
375 ')
376
377 write_files_pattern($1, cache_home_t, cache_home_t)
378 userdom_search_user_home_dirs($1)
379')
380
a947daf6
DW		 381########################################
382## <summary>
383## read gnome homedir content (.config)
384## </summary>
aa760a23 385## <param name="domain">
a947daf6 386## <summary>
aa760a23 387## Domain allowed access.
a947daf6
DW		 388## </summary>
389## </param>
390#
efa04715 391interface(`gnome_read_config',`
a947daf6
DW		 392 gen_require(`
393 attribute gnome_home_type;
394 ')
395
396 list_dirs_pattern($1, gnome_home_type, gnome_home_type)
397 read_files_pattern($1, gnome_home_type, gnome_home_type)
398 read_lnk_files_pattern($1, gnome_home_type, gnome_home_type)
399')
400
3eaa9939
DW		 401########################################
402## <summary>
403## Create objects in a Gnome gconf home directory
404## with an automatic type transition to
405## a specified private type.
406## </summary>
407## <param name="domain">
408## <summary>
409## Domain allowed access.
410## </summary>
411## </param>
412## <param name="private_type">
413## <summary>
414## The type of the object to create.
415## </summary>
416## </param>
417## <param name="object_class">
418## <summary>
419## The class of the object to be created.
420## </summary>
421## </param>
422#
423interface(`gnome_data_filetrans',`
424 gen_require(`
425 type data_home_t;
426 ')
427
428 filetrans_pattern($1, data_home_t, $2, $3)
429 gnome_search_gconf($1)
430')
431
4b7fe5b4
DW		 432#######################################
433## <summary>
434## Manage gconf data home files
435## </summary>
436## <param name="domain">
437## <summary>
438## Domain allowed access.
439## </summary>
440## </param>
441#
442interface(`gnome_manage_data',`
443 gen_require(`
060d0f18 444 type data_home_t;
3e2ff02b 445 type gconf_home_t;
4b7fe5b4
DW		 446 ')
447
ceacf954 448 allow $1 gconf_home_t:dir search_dir_perms;
a768052f 449 manage_dirs_pattern($1, data_home_t, data_home_t)
4b7fe5b4 450 manage_files_pattern($1, data_home_t, data_home_t)
a768052f 451 manage_lnk_files_pattern($1, data_home_t, data_home_t)
4b7fe5b4
DW		 452')
453
3eaa9939
DW		 454########################################
455## <summary>
456## Create gconf_home_t objects in the /root directory
457## </summary>
458## <param name="domain">
459## <summary>
460## Domain allowed access.
461## </summary>
462## </param>
463## <param name="object_class">
464## <summary>
465## The class of the object to be created.
466## </summary>
467## </param>
468#
469interface(`gnome_admin_home_gconf_filetrans',`
470 gen_require(`
471 type gconf_home_t;
472 ')
473
474 userdom_admin_home_dir_filetrans($1, gconf_home_t, $2)
475')
476
477########################################
478## <summary>
479## read gconf config files
ab8f919e 480## </summary>
aa760a23 481## <param name="domain">
ab8f919e 482## <summary>
aa760a23 483## Domain allowed access.
3eaa9939
DW		 484## </summary>
485## </param>
486#
d15b40a5 487interface(`gnome_read_gconf_config',`
3eaa9939
DW		 488 gen_require(`
489 type gconf_etc_t;
490 ')
491
492 allow $1 gconf_etc_t:dir list_dir_perms;
493 read_files_pattern($1, gconf_etc_t, gconf_etc_t)
f33c5066 494 files_search_etc($1)
3eaa9939
DW		 495')
496
497#######################################
498## <summary>
499## Manage gconf config files
500## </summary>
501## <param name="domain">
502## <summary>
503## Domain allowed access.
504## </summary>
505## </param>
506#
507interface(`gnome_manage_gconf_config',`
508 gen_require(`
509 type gconf_etc_t;
510 ')
511
512 allow $1 gconf_etc_t:dir list_dir_perms;
513 manage_files_pattern($1, gconf_etc_t, gconf_etc_t)
514')
515
516########################################
517## <summary>
518## Execute gconf programs in
519## in the caller domain.
520## </summary>
521## <param name="domain">
522## <summary>
ab8f919e
CP		 523## Domain allowed access.
524## </summary>
525## </param>
526#
3eaa9939
DW		 527interface(`gnome_exec_gconf',`
528 gen_require(`
529 type gconfd_exec_t;
530 ')
531
532 can_exec($1, gconfd_exec_t)
533')
534
ca9e8850
DW		 535########################################
536## <summary>
537## Execute gnome keyringd in the caller domain.
538## </summary>
539## <param name="domain">
540## <summary>
541## Domain allowed access.
542## </summary>
543## </param>
544#
545interface(`gnome_exec_keyringd',`
546 gen_require(`
547 type gkeyringd_exec_t;
548 ')
549
550 can_exec($1, gkeyringd_exec_t)
551 corecmd_search_bin($1)
552')
553
3eaa9939
DW		 554########################################
555## <summary>
556## Read gconf home files
557## </summary>
558## <param name="domain">
559## <summary>
560## Domain allowed access.
561## </summary>
562## </param>
563#
564interface(`gnome_read_gconf_home_files',`
565 gen_require(`
566 type gconf_home_t;
567 type data_home_t;
568 ')
569
78ea2abe 570 userdom_search_user_home_dirs($1)
3eaa9939
DW		 571 allow $1 gconf_home_t:dir list_dir_perms;
572 allow $1 data_home_t:dir list_dir_perms;
573 read_files_pattern($1, gconf_home_t, gconf_home_t)
574 read_files_pattern($1, data_home_t, data_home_t)
575')
576
ca9e8850
DW		 577########################################
578## <summary>
579## Search gkeyringd temporary directories.
580## </summary>
581## <param name="domain">
582## <summary>
583## Domain allowed access.
584## </summary>
585## </param>
586#
587interface(`gnome_search_gkeyringd_tmp_dirs',`
588 gen_require(`
589 type gkeyringd_tmp_t;
590 ')
591
592 files_search_tmp($1)
593 allow $1 gkeyringd_tmp_t:dir search_dir_perms;
594')
595
3eaa9939
DW		 596########################################
597## <summary>
598## search gconf homedir (.local)
599## </summary>
aa760a23 600## <param name="domain">
3eaa9939 601## <summary>
aa760a23 602## Domain allowed access.
3eaa9939
DW		 603## </summary>
604## </param>
605#
606interface(`gnome_search_gconf',`
607 gen_require(`
608 type gconf_home_t;
609 ')
610
611 allow $1 gconf_home_t:dir search_dir_perms;
612 userdom_search_user_home_dirs($1)
613')
614
4251ae10
DW		 615########################################
616## <summary>
617## Set attributes of Gnome config dirs.
618## </summary>
619## <param name="domain">
620## <summary>
621## Domain allowed access.
622## </summary>
623## </param>
624#
625interface(`gnome_setattr_config_dirs',`
626 gen_require(`
627 type gnome_home_t;
628 ')
629
630 setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
631 files_search_home($1)
632')
633
ca9e8850
DW		 634########################################
635## <summary>
636## Manage generic gnome home files.
637## </summary>
638## <param name="domain">
639## <summary>
640## Domain allowed access.
641## </summary>
642## </param>
643#
644interface(`gnome_manage_generic_home_files',`
645 gen_require(`
646 type gnome_home_t;
647 ')
648
649 userdom_search_user_home_dirs($1)
650 manage_files_pattern($1, gnome_home_t, gnome_home_t)
651')
652
653########################################
654## <summary>
655## Manage generic gnome home directories.
656## </summary>
657## <param name="domain">
658## <summary>
659## Domain allowed access.
660## </summary>
661## </param>
662#
663interface(`gnome_manage_generic_home_dirs',`
664 gen_require(`
665 type gnome_home_t;
666 ')
667
668 userdom_search_user_home_dirs($1)
669 allow $1 gnome_home_t:dir manage_dir_perms;
670')
671
3eaa9939
DW		 672########################################
673## <summary>
674## Append gconf home files
675## </summary>
676## <param name="domain">
677## <summary>
678## Domain allowed access.
679## </summary>
680## </param>
681#
682interface(`gnome_append_gconf_home_files',`
683 gen_require(`
684 type gconf_home_t;
685 ')
686
687 append_files_pattern($1, gconf_home_t, gconf_home_t)
688')
689
690########################################
691## <summary>
692## manage gconf home files
693## </summary>
694## <param name="domain">
695## <summary>
696## Domain allowed access.
697## </summary>
698## </param>
699#
700interface(`gnome_manage_gconf_home_files',`
701 gen_require(`
702 type gconf_home_t;
703 ')
704
705 allow $1 gconf_home_t:dir list_dir_perms;
706 manage_files_pattern($1, gconf_home_t, gconf_home_t)
707')
708
709########################################
710## <summary>
711## Connect to gnome over an unix stream socket.
712## </summary>
713## <param name="domain">
714## <summary>
715## Domain allowed access.
716## </summary>
717## </param>
718## <param name="user_domain">
719## <summary>
720## The type of the user domain.
721## </summary>
722## </param>
723#
724interface(`gnome_stream_connect',`
725 gen_require(`
726 attribute gnome_home_type;
727 ')
728
729 # Connect to pulseaudit server
730 stream_connect_pattern($1, gnome_home_type, gnome_home_type, $2)
731')
732
733########################################
734## <summary>
2d4a79a0 735## list gnome homedir content (.config)
3eaa9939 736## </summary>
aa760a23 737## <param name="domain">
3eaa9939 738## <summary>
aa760a23 739## Domain allowed access.
3eaa9939
DW		 740## </summary>
741## </param>
742#
d15b40a5 743interface(`gnome_list_home_config',`
3eaa9939
DW		 744 gen_require(`
745 type config_home_t;
746 ')
747
748 allow $1 config_home_t:dir list_dir_perms;
749')
750
5ef740e5
DW		 751########################################
752## <summary>
753## Set attributes of gnome homedir content (.config)
754## </summary>
755## <param name="domain">
756## <summary>
757## Domain allowed access.
758## </summary>
759## </param>
760#
761template(`gnome_setattr_home_config',`
762 gen_require(`
763 type config_home_t;
764 ')
765
766 setattr_dirs_pattern($1, config_home_t, config_home_t)
767 userdom_search_user_home_dirs($1)
768')
769
2d4a79a0
DW		 770########################################
771## <summary>
772## read gnome homedir content (.config)
773## </summary>
aa760a23 774## <param name="domain">
2d4a79a0 775## <summary>
aa760a23 776## Domain allowed access.
2d4a79a0
DW		 777## </summary>
778## </param>
779#
d15b40a5 780interface(`gnome_read_home_config',`
2d4a79a0
DW		 781 gen_require(`
782 type config_home_t;
783 ')
784
b533b084 785 list_dirs_pattern($1, config_home_t, config_home_t)
2d4a79a0 786 read_files_pattern($1, config_home_t, config_home_t)
6f93adfa 787 read_lnk_files_pattern($1, config_home_t, config_home_t)
2d4a79a0
DW		 788')
789
f5b49a5e
DW		 790########################################
791## <summary>
792## manage gnome homedir content (.config)
793## </summary>
aa760a23 794## <param name="domain">
f5b49a5e 795## <summary>
aa760a23 796## Domain allowed access.
f5b49a5e
DW		 797## </summary>
798## </param>
799#
800template(`gnome_manage_home_config',`
801 gen_require(`
802 type config_home_t;
803 ')
804
805 manage_files_pattern($1, config_home_t, config_home_t)
806')
807
3eaa9939
DW		 808########################################
809## <summary>
810## Read/Write all inherited gnome home config
811## </summary>
812## <param name="domain">
813## <summary>
814## Domain allowed access.
815## </summary>
816## </param>
817#
818interface(`gnome_rw_inherited_config',`
819 gen_require(`
820 attribute gnome_home_type;
821 ')
822
823 allow $1 gnome_home_type:file rw_inherited_file_perms;
824')
825
826########################################
827## <summary>
828## Send and receive messages from
829## gconf system service over dbus.
830## </summary>
831## <param name="domain">
832## <summary>
833## Domain allowed access.
834## </summary>
835## </param>
836#
837interface(`gnome_dbus_chat_gconfdefault',`
838 gen_require(`
839 type gconfdefaultsm_t;
840 class dbus send_msg;
841 ')
842
843 allow $1 gconfdefaultsm_t:dbus send_msg;
844 allow gconfdefaultsm_t $1:dbus send_msg;
845')
ca9e8850
DW		 846
847########################################
848## <summary>
849## Send and receive messages from
850## gkeyringd over dbus.
851## </summary>
852## <param name="role_prefix">
853## <summary>
854## Role prefix.
855## </summary>
856## </param>
857## <param name="domain">
858## <summary>
859## Domain allowed access.
860## </summary>
861## </param>
862#
863interface(`gnome_dbus_chat_gkeyringd',`
864 gen_require(`
31f04122 865 attribute gkeyringd_domain;
ca9e8850
DW		 866 class dbus send_msg;
867 ')
868
31f04122
DW		 869 allow $2 gkeyringd_domain:dbus send_msg;
870 allow gkeyringd_domain $2:dbus send_msg;
ca9e8850 871')
31f04122 872
ca9e8850
DW		 873########################################
874## <summary>
875## Create directories in user home directories
876## with the gnome home file type.
877## </summary>
878## <param name="domain">
879## <summary>
880## Domain allowed access.
881## </summary>
882## </param>
883#
884interface(`gnome_home_dir_filetrans',`
885 gen_require(`
886 type gnome_home_t;
887 ')
888
889 userdom_user_home_dir_filetrans($1, gnome_home_t, dir)
890 userdom_search_user_home_dirs($1)
891')
a8183914
MG		 892
893######################################
894## <summary>
895## Allow read kde config content
896## </summary>
897## <param name="domain">
898## <summary>
899## Domain allowed access.
900## </summary>
901## </param>
902#
903interface(`gnome_read_usr_config',`
904 gen_require(`
905 type config_usr_t;
906 ')
907
908 files_search_usr($1)
909 list_dirs_pattern($1, config_usr_t, config_usr_t)
910 read_files_pattern($1, config_usr_t, config_usr_t)
911 read_lnk_files_pattern($1, config_usr_t, config_usr_t)
912')
913
914#######################################
915## <summary>
916## Allow manage kde config content
917## </summary>
918## <param name="domain">
919## <summary>
920## Domain allowed access.
921## </summary>
922## </param>
923#
924interface(`gnome_manage_usr_config',`
925 gen_require(`
926 type config_usr_t;
927 ')
928
929 files_search_usr($1)
930 manage_dirs_pattern($1, config_usr_t, config_usr_t)
931 manage_files_pattern($1, config_usr_t, config_usr_t)
932 manage_lnk_files_pattern($1, config_usr_t, config_usr_t)
933')
31f04122
DW		 934
935########################################
936## <summary>
937## Execute gnome-keyring in the user gkeyring domain
938## </summary>
939## <param name="domain">
940## <summary>
941## Domain allowed access
942## </summary>
943## </param>
944## <param name="role">
945## <summary>
946## The role to be allowed the gkeyring domain.
947## </summary>
948## </param>
949#
950interface(`gnome_transition_gkeyringd',`
951 gen_require(`
952 attribute gkeyringd_domain;
953 ')
954
955 allow $1 gkeyringd_domain:process transition;
956 dontaudit $1 gkeyringd_domain:process { noatsecure siginh rlimitinh };
957 allow gkeyringd_domain $1:process { sigchld signull };
958 allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms;
959')
960
The IPFire selinux policy.