]>
Commit | Line | Data |
---|---|---|
677c4c2f CP |
1 | ## <summary>Devicekit modular hardware abstraction layer</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Execute a domain transition to run devicekit. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
8 | ## <summary> | |
9 | ## Domain allowed to transition. | |
10 | ## </summary> | |
11 | ## </param> | |
12 | # | |
13 | interface(`devicekit_domtrans',` | |
14 | gen_require(` | |
15 | type devicekit_t, devicekit_exec_t; | |
16 | ') | |
17 | ||
18 | domtrans_pattern($1, devicekit_exec_t, devicekit_t) | |
19 | ') | |
20 | ||
21 | ######################################## | |
22 | ## <summary> | |
23 | ## Send to devicekit over a unix domain | |
24 | ## datagram socket. | |
25 | ## </summary> | |
26 | ## <param name="domain"> | |
27 | ## <summary> | |
28 | ## Domain allowed access. | |
29 | ## </summary> | |
30 | ## </param> | |
31 | # | |
32 | interface(`devicekit_dgram_send',` | |
33 | gen_require(` | |
34 | type devicekit_t; | |
35 | ') | |
36 | ||
37 | allow $1 devicekit_t:unix_dgram_socket sendto; | |
38 | ') | |
39 | ||
40 | ######################################## | |
41 | ## <summary> | |
42 | ## Send and receive messages from | |
43 | ## devicekit over dbus. | |
44 | ## </summary> | |
45 | ## <param name="domain"> | |
46 | ## <summary> | |
47 | ## Domain allowed access. | |
48 | ## </summary> | |
49 | ## </param> | |
50 | # | |
51 | interface(`devicekit_dbus_chat',` | |
52 | gen_require(` | |
53 | type devicekit_t; | |
54 | class dbus send_msg; | |
55 | ') | |
56 | ||
57 | allow $1 devicekit_t:dbus send_msg; | |
58 | allow devicekit_t $1:dbus send_msg; | |
59 | ') | |
60 | ||
61 | ######################################## | |
62 | ## <summary> | |
63 | ## Send and receive messages from | |
64 | ## devicekit disk over dbus. | |
65 | ## </summary> | |
66 | ## <param name="domain"> | |
67 | ## <summary> | |
68 | ## Domain allowed access. | |
69 | ## </summary> | |
70 | ## </param> | |
71 | # | |
72 | interface(`devicekit_dbus_chat_disk',` | |
73 | gen_require(` | |
74 | type devicekit_disk_t; | |
75 | class dbus send_msg; | |
76 | ') | |
77 | ||
78 | allow $1 devicekit_disk_t:dbus send_msg; | |
79 | allow devicekit_disk_t $1:dbus send_msg; | |
80 | ') | |
81 | ||
82 | ######################################## | |
83 | ## <summary> | |
84 | ## Send signal devicekit power | |
85 | ## </summary> | |
86 | ## <param name="domain"> | |
87 | ## <summary> | |
88 | ## Domain allowed access. | |
89 | ## </summary> | |
90 | ## </param> | |
91 | # | |
92 | interface(`devicekit_signal_power',` | |
93 | gen_require(` | |
94 | type devicekit_power_t; | |
95 | ') | |
96 | ||
97 | allow $1 devicekit_power_t:process signal; | |
98 | ') | |
99 | ||
100 | ######################################## | |
101 | ## <summary> | |
102 | ## Send and receive messages from | |
103 | ## devicekit power over dbus. | |
104 | ## </summary> | |
105 | ## <param name="domain"> | |
106 | ## <summary> | |
107 | ## Domain allowed access. | |
108 | ## </summary> | |
109 | ## </param> | |
110 | # | |
111 | interface(`devicekit_dbus_chat_power',` | |
112 | gen_require(` | |
113 | type devicekit_power_t; | |
114 | class dbus send_msg; | |
115 | ') | |
116 | ||
117 | allow $1 devicekit_power_t:dbus send_msg; | |
118 | allow devicekit_power_t $1:dbus send_msg; | |
119 | ') | |
120 | ||
121 | ######################################## | |
122 | ## <summary> | |
123 | ## Read devicekit PID files. | |
124 | ## </summary> | |
125 | ## <param name="domain"> | |
126 | ## <summary> | |
127 | ## Domain allowed access. | |
128 | ## </summary> | |
129 | ## </param> | |
130 | # | |
131 | interface(`devicekit_read_pid_files',` | |
132 | gen_require(` | |
133 | type devicekit_var_run_t; | |
134 | ') | |
135 | ||
136 | files_search_pids($1) | |
137 | read_files_pattern($1, devicekit_var_run_t, devicekit_var_run_t) | |
138 | ') | |
139 | ||
140 | ######################################## | |
141 | ## <summary> | |
61738f11 | 142 | ## All of the rules required to administrate |
677c4c2f CP |
143 | ## an devicekit environment |
144 | ## </summary> | |
145 | ## <param name="domain"> | |
146 | ## <summary> | |
147 | ## Domain allowed access. | |
148 | ## </summary> | |
149 | ## </param> | |
150 | ## <param name="role"> | |
151 | ## <summary> | |
152 | ## The role to be allowed to manage the devicekit domain. | |
153 | ## </summary> | |
154 | ## </param> | |
155 | ## <param name="terminal"> | |
156 | ## <summary> | |
157 | ## The type of the user terminal. | |
158 | ## </summary> | |
159 | ## </param> | |
160 | ## <rolecap/> | |
161 | # | |
162 | interface(`devicekit_admin',` | |
163 | gen_require(` | |
164 | type devicekit_t, devicekit_disk_t, devicekit_power_t; | |
61738f11 | 165 | type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t; |
677c4c2f CP |
166 | ') |
167 | ||
47cf98dd | 168 | allow $1 devicekit_t:process { ptrace signal_perms }; |
677c4c2f CP |
169 | ps_process_pattern($1, devicekit_t) |
170 | ||
47cf98dd | 171 | allow $1 devicekit_disk_t:process { ptrace signal_perms }; |
677c4c2f CP |
172 | ps_process_pattern($1, devicekit_disk_t) |
173 | ||
47cf98dd | 174 | allow $1 devicekit_power_t:process { ptrace signal_perms }; |
677c4c2f CP |
175 | ps_process_pattern($1, devicekit_power_t) |
176 | ||
177 | admin_pattern($1, devicekit_tmp_t) | |
178 | files_search_tmp($1) | |
179 | ||
180 | admin_pattern($1, devicekit_var_lib_t) | |
181 | files_search_var_lib($1) | |
182 | ||
183 | admin_pattern($1, devicekit_var_run_t) | |
184 | files_search_pids($1) | |
185 | ') |