[people/stevee/selinux-policy.git] / policy / modules / roles / unprivuser.te

policy_module(unprivuser, 2.2.0)

# this module should be named user, but that is
# a compile error since user is a keyword.

########################################
#
# Declarations
#

role user_r;

userdom_unpriv_user_template(user)

fs_exec_noxattr(user_t)
fs_read_hugetlbfs_files(user_usertype)

storage_read_scsi_generic(user_t)
storage_write_scsi_generic(user_t)

tunable_policy(`allow_execmod',`
	userdom_execmod_user_home_files(user_usertype)
')

optional_policy(`
	abrt_read_cache(user_t)
')

optional_policy(`
	apache_role(user_r, user_t)
')

optional_policy(`
	blueman_dbus_chat(staff_t)
')

optional_policy(`
	colord_dbus_chat(user_t)
')

optional_policy(`
	chrome_role(user_r, user_usertype)
')

optional_policy(`
	gnome_role(user_r, user_t)
')

optional_policy(`
	irc_role(user_r, user_t)
')

optional_policy(`
	oident_manage_user_content(user_t)
	oident_relabel_user_content(user_t)
')

optional_policy(`
	mozilla_run_plugin(user_usertype, user_r)
')

optional_policy(`
	mta_role(user_r, user_t)
')

optional_policy(`
	netutils_run_ping_cond(user_t, user_r)
	netutils_run_traceroute_cond(user_t, user_r)
')

optional_policy(`
	polipo_role(user_r, user_t)
	polipo_named_filetrans_cache_home_dirs(user_t)
	polipo_named_filetrans_config_home_files(user_t)
')

optional_policy(`
	rpm_dontaudit_dbus_chat(user_t)
')

optional_policy(`
	rtkit_scheduled(user_t)
')

optional_policy(`
	sandbox_transition(user_t, user_r)
')

optional_policy(`
	ssh_role_template(user, user_r, user_t)
')

optional_policy(`
	screen_role_template(user, user_r, user_t)
')

optional_policy(`
	setroubleshoot_dontaudit_stream_connect(user_t)
')

#optional_policy(`
#	telepathy_dbus_session_role(user_r, user_t)
#')

optional_policy(`
	usbmuxd_stream_connect(user_t)
')

optional_policy(`
	vlock_run(user_t, user_r)
')

optional_policy(`
	xserver_role(user_r, user_t)
')

ifndef(`distro_redhat',`
	optional_policy(`
		auth_role(user_r, user_t)
	')

	optional_policy(`
		bluetooth_role(user_r, user_t)
	')

	optional_policy(`
		cdrecord_role(user_r, user_t)
	')

	optional_policy(`
		cron_role(user_r, user_t)
	')

	optional_policy(`
		dbus_role_template(user, user_r, user_t)
	')

	optional_policy(`
		evolution_role(user_r, user_t)
	')

	optional_policy(`
		games_role(user_r, user_t)
	')

	optional_policy(`
		gift_role(user_r, user_t)
	')

	optional_policy(`
		gpg_role(user_r, user_t)
	')

	optional_policy(`
		hadoop_role(user_r, user_t)
	')

	optional_policy(`
		java_role(user_r, user_t)
	')

	optional_policy(`
		lockdev_role(user_r, user_t)
	')

	optional_policy(`
		lpd_role(user_r, user_t)
	')

	optional_policy(`
		mozilla_role(user_r, user_t)
	')

	optional_policy(`
		mplayer_role(user_r, user_t)
	')

	optional_policy(`
		postgresql_role(user_r, user_t)
	')

	optional_policy(`
		pyzor_role(user_r, user_t)
	')

	optional_policy(`
		razor_role(user_r, user_t)
	')

	optional_policy(`
		rssh_role(user_r, user_t)
	')

	optional_policy(`
		spamassassin_role(user_r, user_t)
	')

	optional_policy(`
		su_role_template(user, user_r, user_t)
	')

	optional_policy(`
		sudo_role_template(user, user_r, user_t)
	')

	optional_policy(`
		thunderbird_role(user_r, user_t)
	')

	optional_policy(`
		tvtime_role(user_r, user_t)
	')

	optional_policy(`
		uml_role(user_r, user_t)
	')

	optional_policy(`
		userhelper_role_template(user, user_r, user_t)
	')

	optional_policy(`
		vmware_role(user_r, user_t)
	')

	optional_policy(`
		wireshark_role(user_r, user_t)
	')
')
Commit	Line	Data
826d0142	1	policy_module(unprivuser, 2.2.0)
e9c6cda7 CP	2
	3	# this module should be named user, but that is
	4	# a compile error since user is a keyword.
	5
	6	########################################
	7	#
	8	# Declarations
	9	#
	10
	11	role user_r;
	12
	13	userdom_unpriv_user_template(user)
	14
3eaa9939	15	fs_exec_noxattr(user_t)
acba86e0	16	fs_read_hugetlbfs_files(user_usertype)
3eaa9939	17
56dc5bdf DW	18	storage_read_scsi_generic(user_t)
	19	storage_write_scsi_generic(user_t)
	20
4d22fba0 DW	21	tunable_policy(`allow_execmod',`
	22	userdom_execmod_user_home_files(user_usertype)
	23	')
	24
4ad28653	25	optional_policy(`
0e7fbb58	26	abrt_read_cache(user_t)
4ad28653 DW	27	')
4ad28653 DW	28
296273a7 CP	29	optional_policy(`
	30	apache_role(user_r, user_t)
	31	')
	32
a3cfe808 DW	33	optional_policy(`
	34	blueman_dbus_chat(staff_t)
	35	')
	36
27608c5b DW	37	optional_policy(`
	38	colord_dbus_chat(user_t)
	39	')
	40
00a867b0	41	optional_policy(`
2d858ecd	42	chrome_role(user_r, user_usertype)
00a867b0 DG	43	')
00a867b0 DG	44
ca9e8850 DW	45	optional_policy(`
	46	gnome_role(user_r, user_t)
	47	')
	48
f8f030aa DG	49	optional_policy(`
	50	irc_role(user_r, user_t)
	51	')
	52
941e3db5 DG	53	optional_policy(`
	54	oident_manage_user_content(user_t)
	55	oident_relabel_user_content(user_t)
	56	')
	57
296273a7	58	optional_policy(`
c0460983	59	mozilla_run_plugin(user_usertype, user_r)
296273a7 CP	60	')
296273a7 CP	61
9a52a69e MG	62	optional_policy(`
	63	mta_role(user_r, user_t)
	64	')
	65
27720a24 DW	66	optional_policy(`
	67	netutils_run_ping_cond(user_t, user_r)
	68	netutils_run_traceroute_cond(user_t, user_r)
	69	')
	70
f1b7d092 DG	71	optional_policy(`
	72	polipo_role(user_r, user_t)
	73	polipo_named_filetrans_cache_home_dirs(user_t)
	74	polipo_named_filetrans_config_home_files(user_t)
	75	')
	76
3eaa9939 DW	77	optional_policy(`
	78	rpm_dontaudit_dbus_chat(user_t)
	79	')
296273a7	80
3eaa9939 DW	81	optional_policy(`
	82	rtkit_scheduled(user_t)
	83	')
296273a7	84
3eaa9939 DW	85	optional_policy(`
	86	sandbox_transition(user_t, user_r)
	87	')
296273a7	88
32c61288	89	optional_policy(`
4e857ebf	90	ssh_role_template(user, user_r, user_t)
32c61288 MG	91	')
32c61288 MG	92
3eaa9939 DW	93	optional_policy(`
	94	screen_role_template(user, user_r, user_t)
	95	')
296273a7	96
3eaa9939	97	optional_policy(`
14ffaf83	98	setroubleshoot_dontaudit_stream_connect(user_t)
3eaa9939	99	')
296273a7	100
6b772880 DW	101	#optional_policy(`
	102	# telepathy_dbus_session_role(user_r, user_t)
	103	#')
3eaa9939	104
3bf6566d	105	optional_policy(`
	106	usbmuxd_stream_connect(user_t)
	107	')
	108
d35e2ee0	109	optional_policy(`
7f9f5bce	110	vlock_run(user_t, user_r)
d35e2ee0 HC	111	')
d35e2ee0 HC	112
3eaa9939 DW	113	optional_policy(`
3eaa9939 DW	114	xserver_role(user_r, user_t)
296273a7	115	')
2968e068 DW	116
	117	ifndef(`distro_redhat',`
	118	optional_policy(`
	119	auth_role(user_r, user_t)
c87e1502	120	')
2968e068 DW	121
	122	optional_policy(`
	123	bluetooth_role(user_r, user_t)
	124	')
	125
	126	optional_policy(`
	127	cdrecord_role(user_r, user_t)
	128	')
	129
	130	optional_policy(`
	131	cron_role(user_r, user_t)
	132	')
	133
	134	optional_policy(`
	135	dbus_role_template(user, user_r, user_t)
	136	')
296273a7	137
2968e068 DW	138	optional_policy(`
	139	evolution_role(user_r, user_t)
	140	')
	141
	142	optional_policy(`
	143	games_role(user_r, user_t)
	144	')
	145
	146	optional_policy(`
	147	gift_role(user_r, user_t)
	148	')
	149
2968e068 DW	150	optional_policy(`
	151	gpg_role(user_r, user_t)
	152	')
	153
fcb67e8c	154	optional_policy(`
f8f030aa	155	hadoop_role(user_r, user_t)
2968e068 DW	156	')
	157
	158	optional_policy(`
	159	java_role(user_r, user_t)
	160	')
	161
	162	optional_policy(`
	163	lockdev_role(user_r, user_t)
	164	')
	165
	166	optional_policy(`
	167	lpd_role(user_r, user_t)
	168	')
	169
	170	optional_policy(`
	171	mozilla_role(user_r, user_t)
	172	')
	173
	174	optional_policy(`
	175	mplayer_role(user_r, user_t)
	176	')
	177
2968e068 DW	178	optional_policy(`
	179	postgresql_role(user_r, user_t)
	180	')
	181
	182	optional_policy(`
	183	pyzor_role(user_r, user_t)
	184	')
	185
	186	optional_policy(`
	187	razor_role(user_r, user_t)
	188	')
	189
	190	optional_policy(`
	191	rssh_role(user_r, user_t)
	192	')
	193
	194	optional_policy(`
	195	spamassassin_role(user_r, user_t)
	196	')
	197
2968e068 DW	198	optional_policy(`
	199	su_role_template(user, user_r, user_t)
	200	')
	201
	202	optional_policy(`
	203	sudo_role_template(user, user_r, user_t)
	204	')
	205
	206	optional_policy(`
	207	thunderbird_role(user_r, user_t)
	208	')
	209
	210	optional_policy(`
	211	tvtime_role(user_r, user_t)
	212	')
	213
	214	optional_policy(`
	215	uml_role(user_r, user_t)
	216	')
	217
	218	optional_policy(`
	219	userhelper_role_template(user, user_r, user_t)
	220	')
	221
	222	optional_policy(`
	223	vmware_role(user_r, user_t)
	224	')
	225
	226	optional_policy(`
	227	wireshark_role(user_r, user_t)
	228	')
	229	')
27720a24	230