]>
Commit | Line | Data |
---|---|---|
00219064 CP |
1 | ## <summary>GNU network object model environment (GNOME)</summary> |
2 | ||
efa04715 | 3 | ########################################################### |
00219064 | 4 | ## <summary> |
efa04715 | 5 | ## Role access for gnome |
00219064 | 6 | ## </summary> |
efa04715 MG |
7 | ## <param name="role"> |
8 | ## <summary> | |
9 | ## Role allowed access | |
10 | ## </summary> | |
00219064 | 11 | ## </param> |
efa04715 MG |
12 | ## <param name="domain"> |
13 | ## <summary> | |
14 | ## User domain for the role | |
15 | ## </summary> | |
00219064 CP |
16 | ## </param> |
17 | # | |
296273a7 | 18 | interface(`gnome_role',` |
efa04715 MG |
19 | gen_require(` |
20 | type gconfd_t, gconfd_exec_t; | |
21 | type gconf_tmp_t; | |
22 | ') | |
00219064 | 23 | |
efa04715 | 24 | role $1 types gconfd_t; |
00219064 | 25 | |
efa04715 MG |
26 | domain_auto_trans($2, gconfd_exec_t, gconfd_t) |
27 | allow gconfd_t $2:fd use; | |
28 | allow gconfd_t $2:fifo_file write; | |
29 | allow gconfd_t $2:unix_stream_socket connectto; | |
6b19be33 | 30 | |
efa04715 | 31 | ps_process_pattern($2, gconfd_t) |
00219064 | 32 | |
31d4b0a6 | 33 | #gnome_stream_connect_gconf_template($1, $2) |
296273a7 CP |
34 | read_files_pattern($2, gconf_tmp_t, gconf_tmp_t) |
35 | allow $2 gconfd_t:unix_stream_socket connectto; | |
efa04715 | 36 | ') |
ca9e8850 | 37 | |
efa04715 MG |
38 | ###################################### |
39 | ## <summary> | |
40 | ## The role template for the gnome-keyring-daemon. | |
41 | ## </summary> | |
42 | ## <param name="user_prefix"> | |
43 | ## <summary> | |
44 | ## The user prefix. | |
45 | ## </summary> | |
46 | ## </param> | |
47 | ## <param name="user_role"> | |
48 | ## <summary> | |
49 | ## The user role. | |
50 | ## </summary> | |
51 | ## </param> | |
52 | ## <param name="user_domain"> | |
53 | ## <summary> | |
54 | ## The user domain associated with the role. | |
55 | ## </summary> | |
56 | ## </param> | |
57 | # | |
58 | interface(`gnome_role_gkeyringd',` | |
59 | gen_require(` | |
60 | attribute gkeyringd_domain; | |
b34d0dd0 | 61 | attribute gnomedomain; |
efa04715 MG |
62 | type gnome_home_t; |
63 | type gkeyringd_exec_t, gkeyringd_tmp_t, gkeyringd_gnome_home_t; | |
1d7e6f6b | 64 | class dbus send_msg; |
efa04715 MG |
65 | ') |
66 | ||
b34d0dd0 | 67 | type $1_gkeyringd_t, gnomedomain, gkeyringd_domain; |
37c03afb | 68 | typealias $1_gkeyringd_t alias gkeyringd_$1_t; |
4153537b DW |
69 | application_domain($1_gkeyringd_t, gkeyringd_exec_t) |
70 | ubac_constrained($1_gkeyringd_t) | |
71 | domain_user_exemption_target($1_gkeyringd_t) | |
ca9e8850 | 72 | |
ed2ac112 DW |
73 | userdom_home_manager($1_gkeyringd_t) |
74 | ||
4153537b | 75 | role $2 types $1_gkeyringd_t; |
ca9e8850 | 76 | |
4153537b | 77 | domtrans_pattern($3, gkeyringd_exec_t, $1_gkeyringd_t) |
ca9e8850 | 78 | |
efa04715 MG |
79 | allow $3 gkeyringd_gnome_home_t:dir { relabel_dir_perms manage_dir_perms }; |
80 | allow $3 gkeyringd_gnome_home_t:file { relabel_file_perms manage_file_perms }; | |
ca9e8850 | 81 | |
efa04715 MG |
82 | allow $3 gkeyringd_tmp_t:dir { relabel_dir_perms manage_dir_perms }; |
83 | allow $3 gkeyringd_tmp_t:sock_file { relabel_sock_file_perms manage_sock_file_perms }; | |
ca9e8850 | 84 | |
4153537b DW |
85 | corecmd_bin_domtrans($1_gkeyringd_t, $1_t) |
86 | corecmd_shell_domtrans($1_gkeyringd_t, $1_t) | |
87 | allow $1_gkeyringd_t $3:process sigkill; | |
88 | allow $3 $1_gkeyringd_t:fd use; | |
89 | allow $3 $1_gkeyringd_t:fifo_file rw_fifo_file_perms; | |
0e50301b | 90 | |
4153537b | 91 | ps_process_pattern($1_gkeyringd_t, $3) |
ca9e8850 | 92 | |
ae68f77d DW |
93 | auth_use_nsswitch($1_gkeyringd_t) |
94 | ||
4153537b | 95 | ps_process_pattern($3, $1_gkeyringd_t) |
995bdbb1 | 96 | allow $3 $1_gkeyringd_t:process signal_perms; |
efa04715 MG |
97 | dontaudit $3 gkeyringd_exec_t:file entrypoint; |
98 | ||
4153537b | 99 | stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, $1_gkeyringd_t) |
5598732f | 100 | |
4153537b DW |
101 | allow $1_gkeyringd_t $3:dbus send_msg; |
102 | allow $3 $1_gkeyringd_t:dbus send_msg; | |
efa04715 | 103 | optional_policy(` |
6b772880 | 104 | dbus_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t) |
4153537b DW |
105 | dbus_session_bus_client($1_gkeyringd_t) |
106 | gnome_home_dir_filetrans($1_gkeyringd_t) | |
107 | gnome_manage_generic_home_dirs($1_gkeyringd_t) | |
81085f1e | 108 | gnome_read_generic_data_home_files($1_gkeyringd_t) |
efa04715 | 109 | ') |
00219064 | 110 | ') |
2a98379a | 111 | |
ab8f919e CP |
112 | ######################################## |
113 | ## <summary> | |
a947daf6 | 114 | ## gconf connection template. |
ab8f919e | 115 | ## </summary> |
aa760a23 | 116 | ## <param name="domain"> |
ab8f919e | 117 | ## <summary> |
aa760a23 | 118 | ## Domain allowed access. |
ab8f919e CP |
119 | ## </summary> |
120 | ## </param> | |
121 | # | |
a947daf6 | 122 | interface(`gnome_stream_connect_gconf',` |
ab8f919e | 123 | gen_require(` |
a947daf6 | 124 | type gconfd_t, gconf_tmp_t; |
ab8f919e CP |
125 | ') |
126 | ||
a947daf6 DW |
127 | read_files_pattern($1, gconf_tmp_t, gconf_tmp_t) |
128 | allow $1 gconfd_t:unix_stream_socket connectto; | |
ab8f919e CP |
129 | ') |
130 | ||
ca9e8850 DW |
131 | ######################################## |
132 | ## <summary> | |
133 | ## Connect to gkeyringd with a unix stream socket. | |
134 | ## </summary> | |
ca9e8850 DW |
135 | ## <param name="domain"> |
136 | ## <summary> | |
137 | ## Domain allowed access. | |
138 | ## </summary> | |
139 | ## </param> | |
140 | # | |
141 | interface(`gnome_stream_connect_gkeyringd',` | |
142 | gen_require(` | |
455fe183 MG |
143 | attribute gkeyringd_domain; |
144 | type gkeyringd_tmp_t; | |
145 | type gconf_tmp_t; | |
ca9e8850 DW |
146 | ') |
147 | ||
455fe183 | 148 | allow $1 gconf_tmp_t:dir search_dir_perms; |
c9799808 | 149 | stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain) |
ca9e8850 DW |
150 | ') |
151 | ||
152 | ######################################## | |
153 | ## <summary> | |
154 | ## Connect to gkeyringd with a unix stream socket. | |
155 | ## </summary> | |
ca9e8850 DW |
156 | ## <param name="domain"> |
157 | ## <summary> | |
158 | ## Domain allowed access. | |
159 | ## </summary> | |
160 | ## </param> | |
161 | # | |
162 | interface(`gnome_stream_connect_all_gkeyringd',` | |
163 | gen_require(` | |
164 | attribute gkeyringd_domain; | |
165 | type gkeyringd_tmp_t; | |
f28aaa84 | 166 | type gconf_tmp_t; |
ca9e8850 DW |
167 | ') |
168 | ||
f28aaa84 | 169 | allow $1 gconf_tmp_t:dir search_dir_perms; |
ca9e8850 | 170 | stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain) |
ca9e8850 DW |
171 | ') |
172 | ||
a947daf6 | 173 | ######################################## |
ab8f919e | 174 | ## <summary> |
a947daf6 | 175 | ## Run gconfd in gconfd domain. |
ab8f919e CP |
176 | ## </summary> |
177 | ## <param name="domain"> | |
178 | ## <summary> | |
179 | ## Domain allowed access. | |
180 | ## </summary> | |
181 | ## </param> | |
182 | # | |
a947daf6 | 183 | interface(`gnome_domtrans_gconfd',` |
ab8f919e | 184 | gen_require(` |
a947daf6 | 185 | type gconfd_t, gconfd_exec_t; |
ab8f919e CP |
186 | ') |
187 | ||
a947daf6 | 188 | domtrans_pattern($1, gconfd_exec_t, gconfd_t) |
ab8f919e CP |
189 | ') |
190 | ||
57955a25 DW |
191 | ######################################## |
192 | ## <summary> | |
193 | ## Dontaudit read gnome homedir content (.config) | |
194 | ## </summary> | |
195 | ## <param name="domain"> | |
196 | ## <summary> | |
24280f35 | 197 | ## Domain to not audit. |
57955a25 DW |
198 | ## </summary> |
199 | ## </param> | |
200 | # | |
201 | interface(`gnome_dontaudit_read_config',` | |
202 | gen_require(` | |
203 | attribute gnome_home_type; | |
204 | ') | |
205 | ||
206 | dontaudit $1 gnome_home_type:dir read_inherited_file_perms; | |
207 | ') | |
208 | ||
00219064 CP |
209 | ######################################## |
210 | ## <summary> | |
a947daf6 | 211 | ## Dontaudit search gnome homedir content (.config) |
00219064 | 212 | ## </summary> |
aa760a23 | 213 | ## <param name="domain"> |
00219064 | 214 | ## <summary> |
24280f35 | 215 | ## Domain to not audit. |
6b19be33 CP |
216 | ## </summary> |
217 | ## </param> | |
218 | # | |
a947daf6 | 219 | interface(`gnome_dontaudit_search_config',` |
6b19be33 | 220 | gen_require(` |
a947daf6 | 221 | attribute gnome_home_type; |
6b19be33 CP |
222 | ') |
223 | ||
a947daf6 | 224 | dontaudit $1 gnome_home_type:dir search_dir_perms; |
6b19be33 CP |
225 | ') |
226 | ||
ad141192 DW |
227 | ######################################## |
228 | ## <summary> | |
229 | ## Dontaudit write gnome homedir content (.config) | |
230 | ## </summary> | |
231 | ## <param name="domain"> | |
232 | ## <summary> | |
233 | ## Domain to not audit. | |
234 | ## </summary> | |
235 | ## </param> | |
236 | # | |
237 | interface(`gnome_dontaudit_write_config_files',` | |
238 | gen_require(` | |
239 | attribute gnome_home_type; | |
240 | ') | |
241 | ||
242 | dontaudit $1 gnome_home_type:file write; | |
243 | ') | |
244 | ||
ab8f919e CP |
245 | ######################################## |
246 | ## <summary> | |
a947daf6 | 247 | ## manage gnome homedir content (.config) |
3eaa9939 | 248 | ## </summary> |
aa760a23 | 249 | ## <param name="domain"> |
3eaa9939 | 250 | ## <summary> |
aa760a23 | 251 | ## Domain allowed access. |
3eaa9939 DW |
252 | ## </summary> |
253 | ## </param> | |
254 | # | |
a947daf6 | 255 | interface(`gnome_manage_config',` |
3eaa9939 DW |
256 | gen_require(` |
257 | attribute gnome_home_type; | |
258 | ') | |
259 | ||
a947daf6 DW |
260 | allow $1 gnome_home_type:dir manage_dir_perms; |
261 | allow $1 gnome_home_type:file manage_file_perms; | |
262 | allow $1 gnome_home_type:lnk_file manage_lnk_file_perms; | |
263 | userdom_search_user_home_dirs($1) | |
3eaa9939 DW |
264 | ') |
265 | ||
266 | ######################################## | |
267 | ## <summary> | |
268 | ## Send general signals to all gconf domains. | |
ab8f919e CP |
269 | ## </summary> |
270 | ## <param name="domain"> | |
271 | ## <summary> | |
272 | ## Domain allowed access. | |
273 | ## </summary> | |
274 | ## </param> | |
275 | # | |
3eaa9939 | 276 | interface(`gnome_signal_all',` |
ab8f919e | 277 | gen_require(` |
b34d0dd0 | 278 | attribute gnomedomain; |
ab8f919e CP |
279 | ') |
280 | ||
b34d0dd0 | 281 | allow $1 gnomedomain:process signal; |
ab8f919e CP |
282 | ') |
283 | ||
284 | ######################################## | |
285 | ## <summary> | |
3eaa9939 DW |
286 | ## Create objects in a Gnome cache home directory |
287 | ## with an automatic type transition to | |
288 | ## a specified private type. | |
289 | ## </summary> | |
290 | ## <param name="domain"> | |
291 | ## <summary> | |
292 | ## Domain allowed access. | |
293 | ## </summary> | |
294 | ## </param> | |
295 | ## <param name="private_type"> | |
296 | ## <summary> | |
297 | ## The type of the object to create. | |
298 | ## </summary> | |
299 | ## </param> | |
300 | ## <param name="object_class"> | |
301 | ## <summary> | |
302 | ## The class of the object to be created. | |
303 | ## </summary> | |
304 | ## </param> | |
305 | # | |
306 | interface(`gnome_cache_filetrans',` | |
307 | gen_require(` | |
308 | type cache_home_t; | |
309 | ') | |
310 | ||
2ea29241 | 311 | filetrans_pattern($1, cache_home_t, $2, $3, $4) |
3eaa9939 DW |
312 | userdom_search_user_home_dirs($1) |
313 | ') | |
314 | ||
14c739f0 DW |
315 | ######################################## |
316 | ## <summary> | |
317 | ## Create objects in a Gnome cache home directory | |
318 | ## with an automatic type transition to | |
319 | ## a specified private type. | |
320 | ## </summary> | |
321 | ## <param name="domain"> | |
322 | ## <summary> | |
323 | ## Domain allowed access. | |
324 | ## </summary> | |
325 | ## </param> | |
326 | ## <param name="private_type"> | |
327 | ## <summary> | |
328 | ## The type of the object to create. | |
329 | ## </summary> | |
330 | ## </param> | |
331 | ## <param name="object_class"> | |
332 | ## <summary> | |
333 | ## The class of the object to be created. | |
334 | ## </summary> | |
335 | ## </param> | |
336 | # | |
337 | interface(`gnome_config_filetrans',` | |
338 | gen_require(` | |
339 | type config_home_t; | |
340 | ') | |
341 | ||
342 | filetrans_pattern($1, config_home_t, $2, $3, $4) | |
343 | userdom_search_user_home_dirs($1) | |
344 | ') | |
345 | ||
3eaa9939 DW |
346 | ######################################## |
347 | ## <summary> | |
348 | ## Read generic cache home files (.cache) | |
349 | ## </summary> | |
350 | ## <param name="domain"> | |
351 | ## <summary> | |
352 | ## Domain allowed access. | |
353 | ## </summary> | |
354 | ## </param> | |
355 | # | |
356 | interface(`gnome_read_generic_cache_files',` | |
357 | gen_require(` | |
358 | type cache_home_t; | |
359 | ') | |
360 | ||
361 | read_files_pattern($1, cache_home_t, cache_home_t) | |
362 | userdom_search_user_home_dirs($1) | |
363 | ') | |
364 | ||
365 | ######################################## | |
366 | ## <summary> | |
367 | ## Set attributes of cache home dir (.cache) | |
368 | ## </summary> | |
369 | ## <param name="domain"> | |
370 | ## <summary> | |
371 | ## Domain allowed access. | |
372 | ## </summary> | |
373 | ## </param> | |
374 | # | |
375 | interface(`gnome_setattr_cache_home_dir',` | |
376 | gen_require(` | |
377 | type cache_home_t; | |
378 | ') | |
379 | ||
380 | setattr_dirs_pattern($1, cache_home_t, cache_home_t) | |
381 | userdom_search_user_home_dirs($1) | |
382 | ') | |
383 | ||
c71f02c0 DW |
384 | ######################################## |
385 | ## <summary> | |
386 | ## append to generic cache home files (.cache) | |
387 | ## </summary> | |
388 | ## <param name="domain"> | |
389 | ## <summary> | |
390 | ## Domain allowed access. | |
391 | ## </summary> | |
392 | ## </param> | |
393 | # | |
394 | interface(`gnome_append_generic_cache_files',` | |
395 | gen_require(` | |
396 | type cache_home_t; | |
397 | ') | |
398 | ||
399 | append_files_pattern($1, cache_home_t, cache_home_t) | |
400 | userdom_search_user_home_dirs($1) | |
401 | ') | |
402 | ||
3eaa9939 DW |
403 | ######################################## |
404 | ## <summary> | |
405 | ## write to generic cache home files (.cache) | |
406 | ## </summary> | |
407 | ## <param name="domain"> | |
408 | ## <summary> | |
409 | ## Domain allowed access. | |
410 | ## </summary> | |
411 | ## </param> | |
412 | # | |
413 | interface(`gnome_write_generic_cache_files',` | |
414 | gen_require(` | |
415 | type cache_home_t; | |
416 | ') | |
417 | ||
418 | write_files_pattern($1, cache_home_t, cache_home_t) | |
419 | userdom_search_user_home_dirs($1) | |
420 | ') | |
421 | ||
24280f35 DW |
422 | ######################################## |
423 | ## <summary> | |
424 | ## Dontaudit read/write to generic cache home files (.cache) | |
425 | ## </summary> | |
426 | ## <param name="domain"> | |
427 | ## <summary> | |
428 | ## Domain to not audit. | |
429 | ## </summary> | |
430 | ## </param> | |
431 | # | |
432 | interface(`gnome_dontaudit_rw_generic_cache_files',` | |
433 | gen_require(` | |
434 | type cache_home_t; | |
435 | ') | |
436 | ||
437 | dontaudit $1 cache_home_t:file rw_inherited_file_perms; | |
438 | ') | |
439 | ||
a947daf6 DW |
440 | ######################################## |
441 | ## <summary> | |
442 | ## read gnome homedir content (.config) | |
443 | ## </summary> | |
aa760a23 | 444 | ## <param name="domain"> |
a947daf6 | 445 | ## <summary> |
aa760a23 | 446 | ## Domain allowed access. |
a947daf6 DW |
447 | ## </summary> |
448 | ## </param> | |
449 | # | |
efa04715 | 450 | interface(`gnome_read_config',` |
a947daf6 DW |
451 | gen_require(` |
452 | attribute gnome_home_type; | |
453 | ') | |
454 | ||
455 | list_dirs_pattern($1, gnome_home_type, gnome_home_type) | |
456 | read_files_pattern($1, gnome_home_type, gnome_home_type) | |
457 | read_lnk_files_pattern($1, gnome_home_type, gnome_home_type) | |
458 | ') | |
459 | ||
3eaa9939 DW |
460 | ######################################## |
461 | ## <summary> | |
462 | ## Create objects in a Gnome gconf home directory | |
463 | ## with an automatic type transition to | |
464 | ## a specified private type. | |
465 | ## </summary> | |
466 | ## <param name="domain"> | |
467 | ## <summary> | |
468 | ## Domain allowed access. | |
469 | ## </summary> | |
470 | ## </param> | |
471 | ## <param name="private_type"> | |
472 | ## <summary> | |
473 | ## The type of the object to create. | |
474 | ## </summary> | |
475 | ## </param> | |
476 | ## <param name="object_class"> | |
477 | ## <summary> | |
478 | ## The class of the object to be created. | |
479 | ## </summary> | |
480 | ## </param> | |
481 | # | |
482 | interface(`gnome_data_filetrans',` | |
483 | gen_require(` | |
484 | type data_home_t; | |
485 | ') | |
486 | ||
2ea29241 | 487 | filetrans_pattern($1, data_home_t, $2, $3, $4) |
3eaa9939 DW |
488 | gnome_search_gconf($1) |
489 | ') | |
490 | ||
4b7fe5b4 DW |
491 | ####################################### |
492 | ## <summary> | |
c98bb1bc | 493 | ## Read generic data home files. |
4b7fe5b4 DW |
494 | ## </summary> |
495 | ## <param name="domain"> | |
c98bb1bc DG |
496 | ## <summary> |
497 | ## Domain allowed access. | |
498 | ## </summary> | |
499 | ## </param> | |
500 | # | |
501 | interface(`gnome_read_generic_data_home_files',` | |
502 | gen_require(` | |
503 | type data_home_t, gconf_home_t; | |
504 | ') | |
505 | ||
506 | read_files_pattern($1, { gconf_home_t data_home_t }, data_home_t) | |
507 | ') | |
508 | ||
509 | ####################################### | |
510 | ## <summary> | |
511 | ## Manage gconf data home files | |
512 | ## </summary> | |
513 | ## <param name="domain"> | |
514 | ## <summary> | |
515 | ## Domain allowed access. | |
516 | ## </summary> | |
4b7fe5b4 DW |
517 | ## </param> |
518 | # | |
519 | interface(`gnome_manage_data',` | |
c98bb1bc DG |
520 | gen_require(` |
521 | type data_home_t; | |
522 | type gconf_home_t; | |
523 | ') | |
4b7fe5b4 | 524 | |
ceacf954 | 525 | allow $1 gconf_home_t:dir search_dir_perms; |
a768052f | 526 | manage_dirs_pattern($1, data_home_t, data_home_t) |
c98bb1bc | 527 | manage_files_pattern($1, data_home_t, data_home_t) |
a768052f | 528 | manage_lnk_files_pattern($1, data_home_t, data_home_t) |
4b7fe5b4 DW |
529 | ') |
530 | ||
290e6f41 DG |
531 | ######################################## |
532 | ## <summary> | |
533 | ## Read icc data home content. | |
534 | ## </summary> | |
535 | ## <param name="domain"> | |
536 | ## <summary> | |
537 | ## Domain allowed access. | |
538 | ## </summary> | |
539 | ## </param> | |
540 | # | |
541 | interface(`gnome_read_home_icc_data_content',` | |
542 | gen_require(` | |
543 | type icc_data_home_t, gconf_home_t, data_home_t; | |
544 | ') | |
545 | ||
546 | userdom_search_user_home_dirs($1) | |
547 | allow $1 { gconf_home_t data_home_t }:dir search_dir_perms; | |
548 | list_dirs_pattern($1, icc_data_home_t, icc_data_home_t) | |
549 | read_files_pattern($1, icc_data_home_t, icc_data_home_t) | |
550 | read_lnk_files_pattern($1, icc_data_home_t, icc_data_home_t) | |
551 | ') | |
552 | ||
553 | ######################################## | |
554 | ## <summary> | |
555 | ## Read inherited icc data home files. | |
556 | ## </summary> | |
557 | ## <param name="domain"> | |
558 | ## <summary> | |
559 | ## Domain allowed access. | |
560 | ## </summary> | |
561 | ## </param> | |
562 | # | |
563 | interface(`gnome_read_inherited_home_icc_data_files',` | |
564 | gen_require(` | |
565 | type icc_data_home_t; | |
566 | ') | |
567 | ||
568 | allow $1 icc_data_home_t:file read_inherited_file_perms; | |
569 | ') | |
570 | ||
3eaa9939 DW |
571 | ######################################## |
572 | ## <summary> | |
573 | ## Create gconf_home_t objects in the /root directory | |
574 | ## </summary> | |
575 | ## <param name="domain"> | |
576 | ## <summary> | |
577 | ## Domain allowed access. | |
578 | ## </summary> | |
579 | ## </param> | |
580 | ## <param name="object_class"> | |
581 | ## <summary> | |
582 | ## The class of the object to be created. | |
583 | ## </summary> | |
584 | ## </param> | |
585 | # | |
586 | interface(`gnome_admin_home_gconf_filetrans',` | |
587 | gen_require(` | |
588 | type gconf_home_t; | |
589 | ') | |
590 | ||
591 | userdom_admin_home_dir_filetrans($1, gconf_home_t, $2) | |
592 | ') | |
593 | ||
c98dcd43 DG |
594 | ######################################## |
595 | ## <summary> | |
596 | ## Do not audit attempts to read | |
597 | ## inherited gconf config files. | |
598 | ## </summary> | |
599 | ## <param name="domain"> | |
600 | ## <summary> | |
601 | ## Domain to not audit. | |
602 | ## </summary> | |
603 | ## </param> | |
604 | # | |
605 | interface(`gnome_dontaudit_read_inherited_gconf_config_files',` | |
606 | gen_require(` | |
607 | type gconf_etc_t; | |
608 | ') | |
609 | ||
610 | dontaudit $1 gconf_etc_t:file read_inherited_file_perms; | |
611 | ') | |
612 | ||
3eaa9939 DW |
613 | ######################################## |
614 | ## <summary> | |
615 | ## read gconf config files | |
ab8f919e | 616 | ## </summary> |
aa760a23 | 617 | ## <param name="domain"> |
ab8f919e | 618 | ## <summary> |
aa760a23 | 619 | ## Domain allowed access. |
3eaa9939 DW |
620 | ## </summary> |
621 | ## </param> | |
622 | # | |
d15b40a5 | 623 | interface(`gnome_read_gconf_config',` |
3eaa9939 DW |
624 | gen_require(` |
625 | type gconf_etc_t; | |
626 | ') | |
627 | ||
628 | allow $1 gconf_etc_t:dir list_dir_perms; | |
629 | read_files_pattern($1, gconf_etc_t, gconf_etc_t) | |
f33c5066 | 630 | files_search_etc($1) |
3eaa9939 DW |
631 | ') |
632 | ||
633 | ####################################### | |
634 | ## <summary> | |
635 | ## Manage gconf config files | |
636 | ## </summary> | |
637 | ## <param name="domain"> | |
638 | ## <summary> | |
639 | ## Domain allowed access. | |
640 | ## </summary> | |
641 | ## </param> | |
642 | # | |
643 | interface(`gnome_manage_gconf_config',` | |
644 | gen_require(` | |
645 | type gconf_etc_t; | |
646 | ') | |
647 | ||
648 | allow $1 gconf_etc_t:dir list_dir_perms; | |
649 | manage_files_pattern($1, gconf_etc_t, gconf_etc_t) | |
650 | ') | |
651 | ||
652 | ######################################## | |
653 | ## <summary> | |
654 | ## Execute gconf programs in | |
655 | ## in the caller domain. | |
656 | ## </summary> | |
657 | ## <param name="domain"> | |
658 | ## <summary> | |
ab8f919e CP |
659 | ## Domain allowed access. |
660 | ## </summary> | |
661 | ## </param> | |
662 | # | |
3eaa9939 DW |
663 | interface(`gnome_exec_gconf',` |
664 | gen_require(` | |
665 | type gconfd_exec_t; | |
666 | ') | |
667 | ||
668 | can_exec($1, gconfd_exec_t) | |
669 | ') | |
670 | ||
ca9e8850 DW |
671 | ######################################## |
672 | ## <summary> | |
673 | ## Execute gnome keyringd in the caller domain. | |
674 | ## </summary> | |
675 | ## <param name="domain"> | |
676 | ## <summary> | |
677 | ## Domain allowed access. | |
678 | ## </summary> | |
679 | ## </param> | |
680 | # | |
681 | interface(`gnome_exec_keyringd',` | |
682 | gen_require(` | |
683 | type gkeyringd_exec_t; | |
684 | ') | |
685 | ||
686 | can_exec($1, gkeyringd_exec_t) | |
687 | corecmd_search_bin($1) | |
688 | ') | |
689 | ||
3eaa9939 DW |
690 | ######################################## |
691 | ## <summary> | |
692 | ## Read gconf home files | |
693 | ## </summary> | |
694 | ## <param name="domain"> | |
695 | ## <summary> | |
696 | ## Domain allowed access. | |
697 | ## </summary> | |
698 | ## </param> | |
699 | # | |
700 | interface(`gnome_read_gconf_home_files',` | |
701 | gen_require(` | |
702 | type gconf_home_t; | |
703 | type data_home_t; | |
704 | ') | |
705 | ||
78ea2abe | 706 | userdom_search_user_home_dirs($1) |
3eaa9939 DW |
707 | allow $1 gconf_home_t:dir list_dir_perms; |
708 | allow $1 data_home_t:dir list_dir_perms; | |
709 | read_files_pattern($1, gconf_home_t, gconf_home_t) | |
710 | read_files_pattern($1, data_home_t, data_home_t) | |
3d21c02c DW |
711 | read_lnk_files_pattern($1, gconf_home_t, gconf_home_t) |
712 | read_lnk_files_pattern($1, data_home_t, data_home_t) | |
3eaa9939 DW |
713 | ') |
714 | ||
ca9e8850 DW |
715 | ######################################## |
716 | ## <summary> | |
717 | ## Search gkeyringd temporary directories. | |
718 | ## </summary> | |
719 | ## <param name="domain"> | |
720 | ## <summary> | |
721 | ## Domain allowed access. | |
722 | ## </summary> | |
723 | ## </param> | |
724 | # | |
725 | interface(`gnome_search_gkeyringd_tmp_dirs',` | |
726 | gen_require(` | |
727 | type gkeyringd_tmp_t; | |
728 | ') | |
729 | ||
730 | files_search_tmp($1) | |
731 | allow $1 gkeyringd_tmp_t:dir search_dir_perms; | |
732 | ') | |
733 | ||
3eaa9939 DW |
734 | ######################################## |
735 | ## <summary> | |
736 | ## search gconf homedir (.local) | |
737 | ## </summary> | |
aa760a23 | 738 | ## <param name="domain"> |
3eaa9939 | 739 | ## <summary> |
aa760a23 | 740 | ## Domain allowed access. |
3eaa9939 DW |
741 | ## </summary> |
742 | ## </param> | |
743 | # | |
744 | interface(`gnome_search_gconf',` | |
745 | gen_require(` | |
746 | type gconf_home_t; | |
747 | ') | |
748 | ||
749 | allow $1 gconf_home_t:dir search_dir_perms; | |
750 | userdom_search_user_home_dirs($1) | |
751 | ') | |
752 | ||
4251ae10 DW |
753 | ######################################## |
754 | ## <summary> | |
755 | ## Set attributes of Gnome config dirs. | |
756 | ## </summary> | |
757 | ## <param name="domain"> | |
758 | ## <summary> | |
759 | ## Domain allowed access. | |
760 | ## </summary> | |
761 | ## </param> | |
762 | # | |
763 | interface(`gnome_setattr_config_dirs',` | |
764 | gen_require(` | |
765 | type gnome_home_t; | |
766 | ') | |
767 | ||
768 | setattr_dirs_pattern($1, gnome_home_t, gnome_home_t) | |
769 | files_search_home($1) | |
770 | ') | |
771 | ||
ca9e8850 DW |
772 | ######################################## |
773 | ## <summary> | |
774 | ## Manage generic gnome home files. | |
775 | ## </summary> | |
776 | ## <param name="domain"> | |
777 | ## <summary> | |
778 | ## Domain allowed access. | |
779 | ## </summary> | |
780 | ## </param> | |
781 | # | |
782 | interface(`gnome_manage_generic_home_files',` | |
783 | gen_require(` | |
784 | type gnome_home_t; | |
785 | ') | |
786 | ||
787 | userdom_search_user_home_dirs($1) | |
788 | manage_files_pattern($1, gnome_home_t, gnome_home_t) | |
789 | ') | |
790 | ||
791 | ######################################## | |
792 | ## <summary> | |
793 | ## Manage generic gnome home directories. | |
794 | ## </summary> | |
795 | ## <param name="domain"> | |
796 | ## <summary> | |
797 | ## Domain allowed access. | |
798 | ## </summary> | |
799 | ## </param> | |
800 | # | |
801 | interface(`gnome_manage_generic_home_dirs',` | |
802 | gen_require(` | |
803 | type gnome_home_t; | |
804 | ') | |
805 | ||
806 | userdom_search_user_home_dirs($1) | |
807 | allow $1 gnome_home_t:dir manage_dir_perms; | |
808 | ') | |
809 | ||
3eaa9939 DW |
810 | ######################################## |
811 | ## <summary> | |
812 | ## Append gconf home files | |
813 | ## </summary> | |
814 | ## <param name="domain"> | |
815 | ## <summary> | |
816 | ## Domain allowed access. | |
817 | ## </summary> | |
818 | ## </param> | |
819 | # | |
820 | interface(`gnome_append_gconf_home_files',` | |
821 | gen_require(` | |
822 | type gconf_home_t; | |
823 | ') | |
824 | ||
825 | append_files_pattern($1, gconf_home_t, gconf_home_t) | |
826 | ') | |
827 | ||
828 | ######################################## | |
829 | ## <summary> | |
830 | ## manage gconf home files | |
831 | ## </summary> | |
832 | ## <param name="domain"> | |
833 | ## <summary> | |
834 | ## Domain allowed access. | |
835 | ## </summary> | |
836 | ## </param> | |
837 | # | |
838 | interface(`gnome_manage_gconf_home_files',` | |
839 | gen_require(` | |
840 | type gconf_home_t; | |
841 | ') | |
842 | ||
843 | allow $1 gconf_home_t:dir list_dir_perms; | |
844 | manage_files_pattern($1, gconf_home_t, gconf_home_t) | |
845 | ') | |
846 | ||
847 | ######################################## | |
848 | ## <summary> | |
849 | ## Connect to gnome over an unix stream socket. | |
850 | ## </summary> | |
851 | ## <param name="domain"> | |
852 | ## <summary> | |
853 | ## Domain allowed access. | |
854 | ## </summary> | |
855 | ## </param> | |
856 | ## <param name="user_domain"> | |
857 | ## <summary> | |
858 | ## The type of the user domain. | |
859 | ## </summary> | |
860 | ## </param> | |
861 | # | |
862 | interface(`gnome_stream_connect',` | |
863 | gen_require(` | |
864 | attribute gnome_home_type; | |
865 | ') | |
866 | ||
867 | # Connect to pulseaudit server | |
868 | stream_connect_pattern($1, gnome_home_type, gnome_home_type, $2) | |
869 | ') | |
870 | ||
871 | ######################################## | |
872 | ## <summary> | |
2d4a79a0 | 873 | ## list gnome homedir content (.config) |
3eaa9939 | 874 | ## </summary> |
aa760a23 | 875 | ## <param name="domain"> |
3eaa9939 | 876 | ## <summary> |
aa760a23 | 877 | ## Domain allowed access. |
3eaa9939 DW |
878 | ## </summary> |
879 | ## </param> | |
880 | # | |
d15b40a5 | 881 | interface(`gnome_list_home_config',` |
3eaa9939 DW |
882 | gen_require(` |
883 | type config_home_t; | |
884 | ') | |
885 | ||
886 | allow $1 config_home_t:dir list_dir_perms; | |
887 | ') | |
888 | ||
5ef740e5 DW |
889 | ######################################## |
890 | ## <summary> | |
891 | ## Set attributes of gnome homedir content (.config) | |
892 | ## </summary> | |
893 | ## <param name="domain"> | |
894 | ## <summary> | |
895 | ## Domain allowed access. | |
896 | ## </summary> | |
897 | ## </param> | |
898 | # | |
448d2cf1 | 899 | interface(`gnome_setattr_home_config',` |
5ef740e5 DW |
900 | gen_require(` |
901 | type config_home_t; | |
902 | ') | |
903 | ||
904 | setattr_dirs_pattern($1, config_home_t, config_home_t) | |
905 | userdom_search_user_home_dirs($1) | |
906 | ') | |
907 | ||
2d4a79a0 DW |
908 | ######################################## |
909 | ## <summary> | |
910 | ## read gnome homedir content (.config) | |
911 | ## </summary> | |
aa760a23 | 912 | ## <param name="domain"> |
2d4a79a0 | 913 | ## <summary> |
aa760a23 | 914 | ## Domain allowed access. |
2d4a79a0 DW |
915 | ## </summary> |
916 | ## </param> | |
917 | # | |
d15b40a5 | 918 | interface(`gnome_read_home_config',` |
2d4a79a0 DW |
919 | gen_require(` |
920 | type config_home_t; | |
921 | ') | |
922 | ||
b533b084 | 923 | list_dirs_pattern($1, config_home_t, config_home_t) |
2d4a79a0 | 924 | read_files_pattern($1, config_home_t, config_home_t) |
6f93adfa | 925 | read_lnk_files_pattern($1, config_home_t, config_home_t) |
2d4a79a0 DW |
926 | ') |
927 | ||
93b53615 MG |
928 | ####################################### |
929 | ## <summary> | |
930 | ## delete gnome homedir content (.config) | |
931 | ## </summary> | |
932 | ## <param name="domain"> | |
933 | ## <summary> | |
934 | ## Domain allowed access. | |
935 | ## </summary> | |
936 | ## </param> | |
937 | # | |
938 | interface(`gnome_delete_home_config',` | |
939 | gen_require(` | |
940 | type config_home_t; | |
941 | ') | |
942 | ||
943 | delete_files_pattern($1, config_home_t, config_home_t) | |
944 | ') | |
945 | ||
464aa685 MG |
946 | ####################################### |
947 | ## <summary> | |
948 | ## setattr gnome homedir content (.config) | |
949 | ## </summary> | |
950 | ## <param name="domain"> | |
951 | ## <summary> | |
952 | ## Domain allowed access. | |
953 | ## </summary> | |
954 | ## </param> | |
955 | # | |
956 | interface(`gnome_setattr_home_config_dirs',` | |
957 | gen_require(` | |
958 | type config_home_t; | |
959 | ') | |
960 | ||
961 | setattr_dirs_pattern($1, config_home_t, config_home_t) | |
962 | ') | |
963 | ||
f5b49a5e DW |
964 | ######################################## |
965 | ## <summary> | |
966 | ## manage gnome homedir content (.config) | |
967 | ## </summary> | |
aa760a23 | 968 | ## <param name="domain"> |
f5b49a5e | 969 | ## <summary> |
aa760a23 | 970 | ## Domain allowed access. |
f5b49a5e DW |
971 | ## </summary> |
972 | ## </param> | |
973 | # | |
448d2cf1 | 974 | interface(`gnome_manage_home_config',` |
f5b49a5e DW |
975 | gen_require(` |
976 | type config_home_t; | |
977 | ') | |
978 | ||
979 | manage_files_pattern($1, config_home_t, config_home_t) | |
980 | ') | |
981 | ||
93b53615 MG |
982 | ####################################### |
983 | ## <summary> | |
984 | ## delete gnome homedir content (.config) | |
985 | ## </summary> | |
986 | ## <param name="domain"> | |
987 | ## <summary> | |
988 | ## Domain allowed access. | |
989 | ## </summary> | |
990 | ## </param> | |
991 | # | |
992 | interface(`gnome_delete_home_config_dirs',` | |
993 | gen_require(` | |
994 | type config_home_t; | |
995 | ') | |
996 | ||
997 | delete_dirs_pattern($1, config_home_t, config_home_t) | |
998 | ') | |
999 | ||
63c324b2 MG |
1000 | ######################################## |
1001 | ## <summary> | |
1002 | ## manage gnome homedir content (.config) | |
1003 | ## </summary> | |
1004 | ## <param name="domain"> | |
1005 | ## <summary> | |
1006 | ## Domain allowed access. | |
1007 | ## </summary> | |
1008 | ## </param> | |
1009 | # | |
1010 | interface(`gnome_manage_home_config_dirs',` | |
1011 | gen_require(` | |
1012 | type config_home_t; | |
1013 | ') | |
1014 | ||
1015 | manage_dirs_pattern($1, config_home_t, config_home_t) | |
1016 | ') | |
1017 | ||
0b71fec3 DG |
1018 | ######################################## |
1019 | ## <summary> | |
1020 | ## manage gstreamer home content files. | |
1021 | ## </summary> | |
1022 | ## <param name="domain"> | |
1023 | ## <summary> | |
1024 | ## Domain allowed access. | |
1025 | ## </summary> | |
1026 | ## </param> | |
1027 | # | |
1028 | interface(`gnome_manage_gstreamer_home_files',` | |
1029 | gen_require(` | |
1030 | type gstreamer_home_t; | |
1031 | ') | |
1032 | ||
1033 | manage_files_pattern($1, gstreamer_home_t, gstreamer_home_t) | |
1034 | ') | |
1035 | ||
3eaa9939 DW |
1036 | ######################################## |
1037 | ## <summary> | |
1038 | ## Read/Write all inherited gnome home config | |
1039 | ## </summary> | |
1040 | ## <param name="domain"> | |
1041 | ## <summary> | |
1042 | ## Domain allowed access. | |
1043 | ## </summary> | |
1044 | ## </param> | |
1045 | # | |
1046 | interface(`gnome_rw_inherited_config',` | |
1047 | gen_require(` | |
1048 | attribute gnome_home_type; | |
1049 | ') | |
1050 | ||
1051 | allow $1 gnome_home_type:file rw_inherited_file_perms; | |
1052 | ') | |
1053 | ||
1054 | ######################################## | |
1055 | ## <summary> | |
1056 | ## Send and receive messages from | |
1057 | ## gconf system service over dbus. | |
1058 | ## </summary> | |
1059 | ## <param name="domain"> | |
1060 | ## <summary> | |
1061 | ## Domain allowed access. | |
1062 | ## </summary> | |
1063 | ## </param> | |
1064 | # | |
1065 | interface(`gnome_dbus_chat_gconfdefault',` | |
1066 | gen_require(` | |
1067 | type gconfdefaultsm_t; | |
1068 | class dbus send_msg; | |
1069 | ') | |
1070 | ||
1071 | allow $1 gconfdefaultsm_t:dbus send_msg; | |
1072 | allow gconfdefaultsm_t $1:dbus send_msg; | |
1073 | ') | |
ca9e8850 DW |
1074 | |
1075 | ######################################## | |
1076 | ## <summary> | |
1077 | ## Send and receive messages from | |
1078 | ## gkeyringd over dbus. | |
1079 | ## </summary> | |
ca9e8850 DW |
1080 | ## <param name="domain"> |
1081 | ## <summary> | |
1082 | ## Domain allowed access. | |
1083 | ## </summary> | |
1084 | ## </param> | |
1085 | # | |
1086 | interface(`gnome_dbus_chat_gkeyringd',` | |
1087 | gen_require(` | |
31f04122 | 1088 | attribute gkeyringd_domain; |
ca9e8850 DW |
1089 | class dbus send_msg; |
1090 | ') | |
1091 | ||
f80308f9 MG |
1092 | allow $1 gkeyringd_domain:dbus send_msg; |
1093 | allow gkeyringd_domain $1:dbus send_msg; | |
ca9e8850 | 1094 | ') |
31f04122 | 1095 | |
b094d593 DW |
1096 | ######################################## |
1097 | ## <summary> | |
1098 | ## Send signull signal to gkeyringd processes. | |
1099 | ## </summary> | |
1100 | ## <param name="domain"> | |
1101 | ## <summary> | |
1102 | ## Domain allowed access. | |
1103 | ## </summary> | |
1104 | ## </param> | |
1105 | # | |
1106 | interface(`gnome_signull_gkeyringd',` | |
1107 | gen_require(` | |
1108 | attribute gkeyringd_domain; | |
1109 | ') | |
1110 | ||
1111 | allow $1 gkeyringd_domain:process signull; | |
1112 | ') | |
1113 | ||
1114 | ######################################## | |
1115 | ## <summary> | |
1116 | ## Allow the domain to read gkeyringd state files in /proc. | |
1117 | ## </summary> | |
1118 | ## <param name="domain"> | |
1119 | ## <summary> | |
1120 | ## Domain allowed access. | |
1121 | ## </summary> | |
1122 | ## </param> | |
1123 | # | |
1124 | interface(`gnome_read_gkeyringd_state',` | |
1125 | gen_require(` | |
1126 | attribute gkeyringd_domain; | |
1127 | ') | |
1128 | ||
1129 | ps_process_pattern($1, gkeyringd_domain) | |
1130 | ') | |
1131 | ||
ca9e8850 DW |
1132 | ######################################## |
1133 | ## <summary> | |
1134 | ## Create directories in user home directories | |
1135 | ## with the gnome home file type. | |
1136 | ## </summary> | |
1137 | ## <param name="domain"> | |
1138 | ## <summary> | |
1139 | ## Domain allowed access. | |
1140 | ## </summary> | |
1141 | ## </param> | |
1142 | # | |
1143 | interface(`gnome_home_dir_filetrans',` | |
1144 | gen_require(` | |
1145 | type gnome_home_t; | |
1146 | ') | |
1147 | ||
1148 | userdom_user_home_dir_filetrans($1, gnome_home_t, dir) | |
1149 | userdom_search_user_home_dirs($1) | |
1150 | ') | |
a8183914 | 1151 | |
31f04122 DW |
1152 | ######################################## |
1153 | ## <summary> | |
1154 | ## Execute gnome-keyring in the user gkeyring domain | |
1155 | ## </summary> | |
1156 | ## <param name="domain"> | |
1157 | ## <summary> | |
1158 | ## Domain allowed access | |
1159 | ## </summary> | |
1160 | ## </param> | |
1161 | ## <param name="role"> | |
1162 | ## <summary> | |
1163 | ## The role to be allowed the gkeyring domain. | |
1164 | ## </summary> | |
1165 | ## </param> | |
1166 | # | |
1167 | interface(`gnome_transition_gkeyringd',` | |
1168 | gen_require(` | |
1169 | attribute gkeyringd_domain; | |
1170 | ') | |
1171 | ||
1172 | allow $1 gkeyringd_domain:process transition; | |
1173 | dontaudit $1 gkeyringd_domain:process { noatsecure siginh rlimitinh }; | |
1174 | allow gkeyringd_domain $1:process { sigchld signull }; | |
1175 | allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms; | |
1176 | ') | |
1177 | ||
15b2e336 DW |
1178 | ######################################## |
1179 | ## <summary> | |
c181b91f | 1180 | ## Create gnome content in the user home directory |
15b2e336 DW |
1181 | ## with an correct label. |
1182 | ## </summary> | |
1183 | ## <param name="domain"> | |
1184 | ## <summary> | |
1185 | ## Domain allowed access. | |
1186 | ## </summary> | |
1187 | ## </param> | |
1188 | # | |
a11cc065 | 1189 | interface(`gnome_filetrans_home_content',` |
15b2e336 DW |
1190 | |
1191 | gen_require(` | |
1192 | type config_home_t; | |
1193 | type cache_home_t; | |
1194 | type gstreamer_home_t; | |
1195 | type gconf_home_t; | |
1196 | type gnome_home_t; | |
290e6f41 | 1197 | type data_home_t, icc_data_home_t; |
15b2e336 DW |
1198 | type gkeyringd_gnome_home_t; |
1199 | ') | |
1200 | ||
c181b91f | 1201 | userdom_user_home_dir_filetrans($1, config_home_t, dir, ".config") |
26a75b33 DW |
1202 | userdom_user_home_dir_filetrans($1, config_home_t, file, ".Xdefaults") |
1203 | userdom_user_home_dir_filetrans($1, config_home_t, dir, ".xine") | |
1204 | userdom_user_home_dir_filetrans($1, cache_home_t, dir, ".cache") | |
26a75b33 DW |
1205 | userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconf") |
1206 | userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd") | |
1207 | userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".local") | |
1208 | userdom_user_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2") | |
1209 | userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10") | |
1210 | userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12") | |
290e6f41 DG |
1211 | # ~/.color/icc: legacy |
1212 | userdom_user_home_content_filetrans($1, icc_data_home_t, dir, "icc") | |
26a75b33 DW |
1213 | filetrans_pattern($1, gnome_home_t, gkeyringd_gnome_home_t, dir, "keyrings") |
1214 | filetrans_pattern($1, gconf_home_t, data_home_t, dir, "share") | |
290e6f41 | 1215 | filetrans_pattern($1, data_home_t, icc_data_home_t, dir, "icc") |
bf587d64 | 1216 | userdom_user_tmp_filetrans($1, config_home_t, dir, "dconf") |
15b2e336 DW |
1217 | ') |
1218 | ||
1219 | ######################################## | |
1220 | ## <summary> | |
1221 | ## Create gnome directory in the /root directory | |
1222 | ## with an correct label. | |
1223 | ## </summary> | |
1224 | ## <param name="domain"> | |
1225 | ## <summary> | |
1226 | ## Domain allowed access. | |
1227 | ## </summary> | |
1228 | ## </param> | |
1229 | # | |
a11cc065 | 1230 | interface(`gnome_filetrans_admin_home_content',` |
15b2e336 DW |
1231 | |
1232 | gen_require(` | |
1233 | type config_home_t; | |
1234 | type cache_home_t; | |
1235 | type gstreamer_home_t; | |
1236 | type gconf_home_t; | |
1237 | type gnome_home_t; | |
290e6f41 | 1238 | type icc_data_home_t; |
15b2e336 DW |
1239 | ') |
1240 | ||
26a75b33 DW |
1241 | userdom_admin_home_dir_filetrans($1, config_home_t, file, ".Xdefaults") |
1242 | userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".xine") | |
1243 | userdom_admin_home_dir_filetrans($1, cache_home_t, dir, ".cache") | |
26a75b33 DW |
1244 | userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconf") |
1245 | userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd") | |
1246 | userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".local") | |
1247 | userdom_admin_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2") | |
1248 | userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10") | |
1249 | userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12") | |
290e6f41 DG |
1250 | # /root/.color/icc: legacy |
1251 | userdom_admin_home_dir_filetrans($1, icc_data_home_t, dir, "icc") | |
15b2e336 | 1252 | ') |
98d519e9 | 1253 | |
3a7aacc9 MG |
1254 | ###################################### |
1255 | ## <summary> | |
1256 | ## Execute gnome-keyring executable | |
1257 | ## in the specified domain. | |
1258 | ## </summary> | |
1259 | ## <desc> | |
1260 | ## <p> | |
1261 | ## Execute a telepathy executable | |
1262 | ## in the specified domain. This allows | |
1263 | ## the specified domain to execute any file | |
1264 | ## on these filesystems in the specified | |
1265 | ## domain. | |
1266 | ## </p> | |
1267 | ## <p> | |
1268 | ## No interprocess communication (signals, pipes, | |
1269 | ## etc.) is provided by this interface since | |
1270 | ## the domains are not owned by this module. | |
1271 | ## </p> | |
1272 | ## <p> | |
1273 | ## This interface was added to handle | |
1274 | ## the ssh-agent policy. | |
1275 | ## </p> | |
1276 | ## </desc> | |
1277 | ## <param name="domain"> | |
1278 | ## <summary> | |
1279 | ## Domain allowed to transition. | |
1280 | ## </summary> | |
1281 | ## </param> | |
1282 | ## <param name="target_domain"> | |
1283 | ## <summary> | |
1284 | ## The type of the new process. | |
1285 | ## </summary> | |
1286 | ## </param> | |
1287 | # | |
1288 | interface(`gnome_command_domtrans_gkeyringd', ` | |
1289 | gen_require(` | |
1290 | type gkeyringd_exec_t; | |
1291 | ') | |
1292 | ||
1293 | allow $2 gkeyringd_exec_t:file entrypoint; | |
1294 | domain_transition_pattern($1, gkeyringd_exec_t, $2) | |
1295 | type_transition $1 gkeyringd_exec_t:process $2; | |
1296 | ') |