[people/stevee/selinux-policy.git] / policy / modules / roles / staff.te

policy_module(staff, 2.1.2)

########################################
#
# Declarations
#

role staff_r;

userdom_unpriv_user_template(staff)
fs_exec_noxattr(staff_t)

# needed for sandbox
allow staff_t self:process setexec;

########################################
#
# Local policy
#

kernel_read_ring_buffer(staff_usertype)
kernel_getattr_core_if(staff_usertype)
kernel_getattr_message_if(staff_usertype)
kernel_read_software_raid_state(staff_usertype)
kernel_read_fs_sysctls(staff_usertype)

domain_read_all_domains_state(staff_usertype)
domain_getattr_all_domains(staff_usertype)
domain_obj_id_change_exemption(staff_t)

files_read_kernel_modules(staff_usertype)

seutil_read_module_store(staff_t)
seutil_run_newrole(staff_t, staff_r)

term_use_unallocated_ttys(staff_usertype)

auth_domtrans_pam_console(staff_t)

init_dbus_chat(staff_t)
init_dbus_chat_script(staff_t)

miscfiles_read_hwdata(staff_usertype)

modutils_read_module_config(staff_usertype)
modutils_read_module_deps(staff_usertype)

netutils_run_ping(staff_t, staff_r)
netutils_signal_ping(staff_t)

optional_policy(`
	apache_role(staff_r, staff_t)
')

optional_policy(`
	auditadm_role_change(staff_r)
')

optional_policy(`
	dbadm_role_change(staff_r)
')

optional_policy(`
	accountsd_dbus_chat(staff_t)
	accountsd_read_lib_files(staff_t)
')

optional_policy(`
	gnomeclock_dbus_chat(staff_t)
')

optional_policy(`
	firewallgui_dbus_chat(staff_t)
')

optional_policy(`
	lpd_list_spool(staff_t)
')

optional_policy(`
	kerneloops_dbus_chat(staff_t)
')

optional_policy(`
	logadm_role_change(staff_r)
')

optional_policy(`
	mozilla_run_plugin(staff_t, staff_r)
')

optional_policy(`
	oident_manage_user_content(staff_t)
	oident_relabel_user_content(staff_t)
')

optional_policy(`
	postgresql_role(staff_r, staff_t)
')

optional_policy(`
	rtkit_scheduled(staff_t)
')

optional_policy(`
	rpm_dbus_chat(staff_usertype)
')

optional_policy(`
	secadm_role_change(staff_r)
')

optional_policy(`
	sandbox_transition(staff_t, staff_r)
')

optional_policy(`
	screen_role_template(staff, staff_r, staff_t)
')

optional_policy(`
	sysadm_role_change(staff_r)
	userdom_dontaudit_use_user_terminals(staff_t)
')
optional_policy(`
	setroubleshoot_stream_connect(staff_t)
	setroubleshoot_dbus_chat(staff_t)
	setroubleshoot_dbus_chat_fixit(staff_t)
')

optional_policy(`
	ssh_role_template(staff, staff_r, staff_t)
')

optional_policy(`
	sudo_role_template(staff, staff_r, staff_t)
')

optional_policy(`
	telepathy_dbus_session_role(staff_r, staff_t)
')

optional_policy(`
	userhelper_console_role_template(staff, staff_r, staff_usertype)
')

optional_policy(`
	unconfined_role_change(staff_r)
')

optional_policy(`
	virt_stream_connect(staff_t)
')

optional_policy(`
	webadm_role_change(staff_r)
')

optional_policy(`
	xserver_role(staff_r, staff_t)
')

ifndef(`distro_redhat',`
	optional_policy(`
		auth_role(staff_r, staff_t)
	')

	optional_policy(`
		bluetooth_role(staff_r, staff_t)
	')

	optional_policy(`
		cdrecord_role(staff_r, staff_t)
	')

	optional_policy(`
		cron_role(staff_r, staff_t)
	')

	optional_policy(`
		dbus_role_template(staff, staff_r, staff_t)
	')

	optional_policy(`
		evolution_role(staff_r, staff_t)
	')

	optional_policy(`
		games_role(staff_r, staff_t)
	')

	optional_policy(`
		gift_role(staff_r, staff_t)
	')

	optional_policy(`
		gnome_role(staff_r, staff_t)
	')

	optional_policy(`
		gpg_role(staff_r, staff_t)
	')

	optional_policy(`
		irc_role(staff_r, staff_t)
	')

	optional_policy(`
		java_role(staff_r, staff_t)
	')

	optional_policy(`
		lockdev_role(staff_r, staff_t)
	')

	optional_policy(`
		lpd_role(staff_r, staff_t)
	')

	optional_policy(`
		mozilla_role(staff_r, staff_t)
	')

	optional_policy(`
		mplayer_role(staff_r, staff_t)
	')

	optional_policy(`
		mta_role(staff_r, staff_t)
	')

	optional_policy(`
		pyzor_role(staff_r, staff_t)
	')

	optional_policy(`
		razor_role(staff_r, staff_t)
	')

	optional_policy(`
		rssh_role(staff_r, staff_t)
	')

	optional_policy(`
		spamassassin_role(staff_r, staff_t)
	')

	optional_policy(`
		su_role_template(staff, staff_r, staff_t)
	')

	optional_policy(`
		thunderbird_role(staff_r, staff_t)
	')

	optional_policy(`
		tvtime_role(staff_r, staff_t)
	')

	optional_policy(`
		uml_role(staff_r, staff_t)
	')

	optional_policy(`
		userhelper_role_template(staff, staff_r, staff_t)
	')

	optional_policy(`
		vmware_role(staff_r, staff_t)
	')

	optional_policy(`
		wireshark_role(staff_r, staff_t)
	')
')
Commit	Line	Data
25d796ed	1	policy_module(staff, 2.1.2)
e9c6cda7 CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	role staff_r;
	9
	10	userdom_unpriv_user_template(staff)
3eaa9939 DW	11	fs_exec_noxattr(staff_t)
	12
	13	# needed for sandbox
	14	allow staff_t self:process setexec;
e9c6cda7 CP	15
	16	########################################
	17	#
	18	# Local policy
	19	#
	20
3eaa9939 DW	21	kernel_read_ring_buffer(staff_usertype)
	22	kernel_getattr_core_if(staff_usertype)
	23	kernel_getattr_message_if(staff_usertype)
	24	kernel_read_software_raid_state(staff_usertype)
2968e068 DW	25	kernel_read_fs_sysctls(staff_usertype)
	26
	27	domain_read_all_domains_state(staff_usertype)
	28	domain_getattr_all_domains(staff_usertype)
	29	domain_obj_id_change_exemption(staff_t)
	30
	31	files_read_kernel_modules(staff_usertype)
	32
	33	seutil_read_module_store(staff_t)
	34	seutil_run_newrole(staff_t, staff_r)
	35
	36	term_use_unallocated_ttys(staff_usertype)
3eaa9939 DW	37
	38	auth_domtrans_pam_console(staff_t)
	39
	40	init_dbus_chat(staff_t)
	41	init_dbus_chat_script(staff_t)
	42
2968e068 DW	43	miscfiles_read_hwdata(staff_usertype)
	44
	45	modutils_read_module_config(staff_usertype)
	46	modutils_read_module_deps(staff_usertype)
	47
3eaa9939 DW	48	netutils_run_ping(staff_t, staff_r)
	49	netutils_signal_ping(staff_t)
	50
e9c6cda7	51	optional_policy(`
296273a7	52	apache_role(staff_r, staff_t)
e9c6cda7 CP	53	')
e9c6cda7 CP	54
3eaa9939	55	optional_policy(`
296273a7	56	auditadm_role_change(staff_r)
3eaa9939 DW	57	')
3eaa9939 DW	58
e9c6cda7	59	optional_policy(`
c62f1bef	60	dbadm_role_change(staff_r)
e9c6cda7 CP	61	')
e9c6cda7 CP	62
c62f1bef	63	optional_policy(`
14ffaf83 DW	64	accountsd_dbus_chat(staff_t)
14ffaf83 DW	65	accountsd_read_lib_files(staff_t)
3eaa9939 DW	66	')
	67
	68	optional_policy(`
14ffaf83	69	gnomeclock_dbus_chat(staff_t)
3eaa9939 DW	70	')
3eaa9939 DW	71
3eaa9939	72	optional_policy(`
14ffaf83 DW	73	firewallgui_dbus_chat(staff_t)
	74	')
	75
	76	optional_policy(`
	77	lpd_list_spool(staff_t)
3eaa9939 DW	78	')
	79
	80	optional_policy(`
14ffaf83 DW	81	kerneloops_dbus_chat(staff_t)
	82	')
	83
	84	optional_policy(`
	85	logadm_role_change(staff_r)
	86	')
	87
	88	optional_policy(`
	89	mozilla_run_plugin(staff_t, staff_r)
3eaa9939 DW	90	')
3eaa9939 DW	91
366396d8 DW	92	optional_policy(`
	93	oident_manage_user_content(staff_t)
	94	oident_relabel_user_content(staff_t)
	95	')
	96
3eaa9939	97	optional_policy(`
2968e068	98	postgresql_role(staff_r, staff_t)
3eaa9939 DW	99	')
	100
	101	optional_policy(`
14ffaf83	102	rtkit_scheduled(staff_t)
3eaa9939 DW	103	')
	104
	105	optional_policy(`
14ffaf83	106	rpm_dbus_chat(staff_usertype)
3eaa9939 DW	107	')
	108
	109	optional_policy(`
c87e1502	110	secadm_role_change(staff_r)
296273a7 CP	111	')
	112
	113	optional_policy(`
14ffaf83	114	sandbox_transition(staff_t, staff_r)
3eaa9939 DW	115	')
	116
	117	optional_policy(`
2968e068	118	screen_role_template(staff, staff_r, staff_t)
3eaa9939 DW	119	')
3eaa9939 DW	120
296273a7	121	optional_policy(`
c87e1502 JS	122	sysadm_role_change(staff_r)
c87e1502 JS	123	userdom_dontaudit_use_user_terminals(staff_t)
296273a7	124	')
14ffaf83 DW	125	optional_policy(`
	126	setroubleshoot_stream_connect(staff_t)
	127	setroubleshoot_dbus_chat(staff_t)
	128	setroubleshoot_dbus_chat_fixit(staff_t)
	129	')
	130
3eaa9939	131	optional_policy(`
2968e068	132	ssh_role_template(staff, staff_r, staff_t)
3eaa9939 DW	133	')
	134
	135	optional_policy(`
2968e068	136	sudo_role_template(staff, staff_r, staff_t)
3eaa9939 DW	137	')
	138
	139	optional_policy(`
14ffaf83	140	telepathy_dbus_session_role(staff_r, staff_t)
c62f1bef CP	141	')
c62f1bef CP	142
296273a7	143	optional_policy(`
14ffaf83 DW	144	userhelper_console_role_template(staff, staff_r, staff_usertype)
	145	')
	146
	147	optional_policy(`
	148	unconfined_role_change(staff_r)
	149	')
	150
	151	optional_policy(`
	152	virt_stream_connect(staff_t)
	153	')
	154
	155	optional_policy(`
	156	webadm_role_change(staff_r)
296273a7 CP	157	')
296273a7 CP	158
3eaa9939	159	optional_policy(`
2968e068	160	xserver_role(staff_r, staff_t)
3eaa9939 DW	161	')
	162
	163	ifndef(`distro_redhat',`
2968e068 DW	164	optional_policy(`
	165	auth_role(staff_r, staff_t)
	166	')
	167
	168	optional_policy(`
	169	bluetooth_role(staff_r, staff_t)
	170	')
	171
	172	optional_policy(`
	173	cdrecord_role(staff_r, staff_t)
	174	')
	175
	176	optional_policy(`
	177	cron_role(staff_r, staff_t)
	178	')
	179
	180	optional_policy(`
	181	dbus_role_template(staff, staff_r, staff_t)
	182	')
3eaa9939	183
2968e068 DW	184	optional_policy(`
	185	evolution_role(staff_r, staff_t)
	186	')
3eaa9939	187
2968e068 DW	188	optional_policy(`
	189	games_role(staff_r, staff_t)
	190	')
3eaa9939	191
2968e068 DW	192	optional_policy(`
	193	gift_role(staff_r, staff_t)
	194	')
296273a7	195
2968e068 DW	196	optional_policy(`
	197	gnome_role(staff_r, staff_t)
	198	')
3eaa9939	199
2968e068 DW	200	optional_policy(`
	201	gpg_role(staff_r, staff_t)
	202	')
296273a7	203
2968e068 DW	204	optional_policy(`
	205	irc_role(staff_r, staff_t)
	206	')
3eaa9939	207
2968e068 DW	208	optional_policy(`
	209	java_role(staff_r, staff_t)
	210	')
296273a7	211
2968e068 DW	212	optional_policy(`
	213	lockdev_role(staff_r, staff_t)
	214	')
296273a7	215
2968e068 DW	216	optional_policy(`
	217	lpd_role(staff_r, staff_t)
	218	')
296273a7	219
2968e068 DW	220	optional_policy(`
	221	mozilla_role(staff_r, staff_t)
	222	')
3eaa9939	223
2968e068 DW	224	optional_policy(`
	225	mplayer_role(staff_r, staff_t)
	226	')
3eaa9939	227
2968e068 DW	228	optional_policy(`
	229	mta_role(staff_r, staff_t)
	230	')
3eaa9939	231
2968e068 DW	232	optional_policy(`
	233	pyzor_role(staff_r, staff_t)
	234	')
3eaa9939	235
2968e068 DW	236	optional_policy(`
	237	razor_role(staff_r, staff_t)
	238	')
3eaa9939	239
2968e068 DW	240	optional_policy(`
	241	rssh_role(staff_r, staff_t)
	242	')
3eaa9939	243
2968e068 DW	244	optional_policy(`
	245	spamassassin_role(staff_r, staff_t)
	246	')
3eaa9939	247
2968e068 DW	248	optional_policy(`
	249	su_role_template(staff, staff_r, staff_t)
	250	')
3eaa9939	251
2968e068 DW	252	optional_policy(`
	253	thunderbird_role(staff_r, staff_t)
	254	')
3eaa9939	255
2968e068 DW	256	optional_policy(`
	257	tvtime_role(staff_r, staff_t)
	258	')
3eaa9939	259
2968e068 DW	260	optional_policy(`
	261	uml_role(staff_r, staff_t)
	262	')
3eaa9939	263
2968e068 DW	264	optional_policy(`
	265	userhelper_role_template(staff, staff_r, staff_t)
	266	')
3eaa9939	267
2968e068 DW	268	optional_policy(`
	269	vmware_role(staff_r, staff_t)
	270	')
3eaa9939	271
2968e068 DW	272	optional_policy(`
	273	wireshark_role(staff_r, staff_t)
	274	')
	275	')