[people/stevee/selinux-policy.git] / policy / modules / services / consolekit.te


policy_module(consolekit, 1.4.0)

########################################
#
# Declarations
#

type consolekit_t;
type consolekit_exec_t;
init_daemon_domain(consolekit_t, consolekit_exec_t)

type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)

########################################
#
# consolekit local policy
#

allow consolekit_t self:capability { setuid setgid sys_tty_config dac_override sys_nice sys_ptrace };
allow consolekit_t self:process { getsched signal };
allow consolekit_t self:fifo_file rw_fifo_file_perms;
allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
allow consolekit_t self:unix_dgram_socket create_socket_perms;

manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
files_pid_filetrans(consolekit_t, consolekit_var_run_t, file)

kernel_read_system_state(consolekit_t)

corecmd_exec_bin(consolekit_t)

dev_read_urand(consolekit_t)
dev_read_sysfs(consolekit_t)

domain_read_all_domains_state(consolekit_t)
domain_use_interactive_fds(consolekit_t)

files_read_etc_files(consolekit_t)
# needs to read /var/lib/dbus/machine-id
files_read_var_lib_files(consolekit_t)

fs_list_inotifyfs(consolekit_t)

term_use_all_terms(consolekit_t)

auth_use_nsswitch(consolekit_t)

miscfiles_read_localization(consolekit_t)

optional_policy(`
	dbus_system_bus_client(consolekit_t)
	dbus_connect_system_bus(consolekit_t)

	hal_dbus_chat(consolekit_t)

	optional_policy(`
		unconfined_dbus_chat(consolekit_t)
	')
')

optional_policy(`
	xserver_read_user_xauth(consolekit_t)
	xserver_stream_connect(consolekit_t)
')
Commit	Line	Data
c224d91c	1
17ec8c1f	2	policy_module(consolekit, 1.4.0)
c224d91c CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	type consolekit_t;
	10	type consolekit_exec_t;
	11	init_daemon_domain(consolekit_t, consolekit_exec_t)
	12
99064c9f CP	13	type consolekit_var_run_t;
	14	files_pid_file(consolekit_var_run_t)
	15
c224d91c CP	16	########################################
	17	#
	18	# consolekit local policy
	19	#
	20
4967aaa3	21	allow consolekit_t self:capability { setuid setgid sys_tty_config dac_override sys_nice sys_ptrace };
99064c9f	22	allow consolekit_t self:process { getsched signal };
c224d91c CP	23	allow consolekit_t self:fifo_file rw_fifo_file_perms;
c224d91c CP	24	allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
4967aaa3	25	allow consolekit_t self:unix_dgram_socket create_socket_perms;
c224d91c	26
0bfccda4 CP	27	manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
0bfccda4 CP	28	files_pid_filetrans(consolekit_t, consolekit_var_run_t, file)
99064c9f	29
4967aaa3 CP	30	kernel_read_system_state(consolekit_t)
	31
	32	corecmd_exec_bin(consolekit_t)
	33
c224d91c CP	34	dev_read_urand(consolekit_t)
	35	dev_read_sysfs(consolekit_t)
	36
	37	domain_read_all_domains_state(consolekit_t)
	38	domain_use_interactive_fds(consolekit_t)
	39
	40	files_read_etc_files(consolekit_t)
4029f116 CP	41	# needs to read /var/lib/dbus/machine-id
4029f116 CP	42	files_read_var_lib_files(consolekit_t)
c224d91c	43
4967aaa3 CP	44	fs_list_inotifyfs(consolekit_t)
	45
	46	term_use_all_terms(consolekit_t)
99064c9f	47
c0cf6e0a CP	48	auth_use_nsswitch(consolekit_t)
c0cf6e0a CP	49
c224d91c CP	50	miscfiles_read_localization(consolekit_t)
c224d91c CP	51
c224d91c	52	optional_policy(`
296273a7	53	dbus_system_bus_client(consolekit_t)
c224d91c CP	54	dbus_connect_system_bus(consolekit_t)
	55
	56	hal_dbus_chat(consolekit_t)
99064c9f CP	57
	58	optional_policy(`
	59	unconfined_dbus_chat(consolekit_t)
	60	')
c224d91c	61	')
4967aaa3 CP	62
4967aaa3 CP	63	optional_policy(`
296273a7 CP	64	xserver_read_user_xauth(consolekit_t)
296273a7 CP	65	xserver_stream_connect(consolekit_t)
4967aaa3	66	')