2 policy_module(dbus, 1.9.0)
5 class dbus all_dbus_perms;
8 ##############################
13 type dbusd_etc_t alias etc_dbusd_t;
14 files_type(dbusd_etc_t)
16 type system_dbusd_t alias dbusd_t;
17 type system_dbusd_exec_t;
18 init_system_domain(system_dbusd_t, system_dbusd_exec_t)
20 type system_dbusd_tmp_t;
21 files_tmp_file(system_dbusd_tmp_t)
23 type system_dbusd_var_lib_t;
24 files_pid_file(system_dbusd_var_lib_t)
26 type system_dbusd_var_run_t;
27 files_pid_file(system_dbusd_var_run_t)
29 ##############################
34 # dac_override: /var/run/dbus is owned by messagebus on Debian
35 # cjp: dac_override should probably go in a distro_debian
36 allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
37 dontaudit system_dbusd_t self:capability sys_tty_config;
38 allow system_dbusd_t self:process { getattr signal_perms setcap };
39 allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
40 allow system_dbusd_t self:dbus { send_msg acquire_svc };
41 allow system_dbusd_t self:unix_stream_socket { connectto create_stream_socket_perms connectto };
42 allow system_dbusd_t self:unix_dgram_socket create_socket_perms;
43 # Receive notifications of policy reloads and enforcing status changes.
44 allow system_dbusd_t self:netlink_selinux_socket { create bind read };
46 allow system_dbusd_t dbusd_etc_t:dir list_dir_perms;
47 read_files_pattern(system_dbusd_t, dbusd_etc_t, dbusd_etc_t)
48 read_lnk_files_pattern(system_dbusd_t, dbusd_etc_t, dbusd_etc_t)
50 manage_dirs_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
51 manage_files_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
52 files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
54 read_files_pattern(system_dbusd_t, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
56 manage_files_pattern(system_dbusd_t, system_dbusd_var_run_t, system_dbusd_var_run_t)
57 manage_sock_files_pattern(system_dbusd_t, system_dbusd_var_run_t, system_dbusd_var_run_t)
58 files_pid_filetrans(system_dbusd_t, system_dbusd_var_run_t, file)
60 kernel_read_system_state(system_dbusd_t)
61 kernel_read_kernel_sysctls(system_dbusd_t)
63 dev_read_urand(system_dbusd_t)
64 dev_read_sysfs(system_dbusd_t)
66 fs_getattr_all_fs(system_dbusd_t)
67 fs_search_auto_mountpoints(system_dbusd_t)
69 selinux_get_fs_mount(system_dbusd_t)
70 selinux_validate_context(system_dbusd_t)
71 selinux_compute_access_vector(system_dbusd_t)
72 selinux_compute_create_context(system_dbusd_t)
73 selinux_compute_relabel_context(system_dbusd_t)
74 selinux_compute_user_contexts(system_dbusd_t)
76 term_dontaudit_use_console(system_dbusd_t)
78 auth_use_nsswitch(system_dbusd_t)
79 auth_read_pam_console_data(system_dbusd_t)
81 corecmd_list_bin(system_dbusd_t)
82 corecmd_read_bin_pipes(system_dbusd_t)
83 corecmd_read_bin_sockets(system_dbusd_t)
84 corecmd_exec_bin(system_dbusd_t)
86 domain_use_interactive_fds(system_dbusd_t)
88 files_read_etc_files(system_dbusd_t)
89 files_list_home(system_dbusd_t)
90 files_read_usr_files(system_dbusd_t)
92 init_use_fds(system_dbusd_t)
93 init_use_script_ptys(system_dbusd_t)
95 libs_use_ld_so(system_dbusd_t)
96 libs_use_shared_libs(system_dbusd_t)
98 logging_send_audit_msgs(system_dbusd_t)
99 logging_send_syslog_msg(system_dbusd_t)
101 miscfiles_read_localization(system_dbusd_t)
102 miscfiles_read_certs(system_dbusd_t)
104 seutil_read_config(system_dbusd_t)
105 seutil_read_default_contexts(system_dbusd_t)
106 seutil_sigchld_newrole(system_dbusd_t)
108 userdom_dontaudit_use_unpriv_user_fds(system_dbusd_t)
110 sysadm_dontaudit_search_home_dirs(system_dbusd_t)
112 tunable_policy(`read_default_t',`
113 files_list_default(system_dbusd_t)
114 files_read_default_files(system_dbusd_t)
115 files_read_default_symlinks(system_dbusd_t)
116 files_read_default_sockets(system_dbusd_t)
117 files_read_default_pipes(system_dbusd_t)
121 bind_domtrans(system_dbusd_t)
125 sysnet_domtrans_dhcpc(system_dbusd_t)
129 udev_read_db(system_dbusd_t)
projects / people / stevee / selinux-policy.git / blob