[people/stevee/selinux-policy.git] / policy / modules / services / fprintd.te

policy_module(fprintd, 1.1.0)

########################################
#
# Declarations
#

type fprintd_t;
type fprintd_exec_t;
dbus_system_domain(fprintd_t, fprintd_exec_t)

type fprintd_var_lib_t;
files_type(fprintd_var_lib_t)

########################################
#
# Local policy
#

allow fprintd_t self:capability sys_nice;

allow fprintd_t self:fifo_file rw_fifo_file_perms;
allow fprintd_t self:process { getsched setsched signal };

manage_dirs_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
manage_files_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
files_var_lib_filetrans(fprintd_t, fprintd_var_lib_t, { dir file })

kernel_read_system_state(fprintd_t)

corecmd_search_bin(fprintd_t)

dev_list_usbfs(fprintd_t)
dev_rw_generic_usb_dev(fprintd_t)
dev_read_sysfs(fprintd_t)

files_read_etc_files(fprintd_t)
files_read_usr_files(fprintd_t)

fs_getattr_all_fs(fprintd_t)

auth_use_nsswitch(fprintd_t)

miscfiles_read_localization(fprintd_t)

userdom_use_user_ptys(fprintd_t)
userdom_read_all_users_state(fprintd_t)

optional_policy(`
	consolekit_dbus_chat(fprintd_t)
')

optional_policy(`
	policykit_read_reload(fprintd_t)
	policykit_read_lib(fprintd_t)
	policykit_dbus_chat(fprintd_t)
	policykit_domtrans_auth(fprintd_t)
	policykit_dbus_chat_auth(fprintd_t)
')
Commit	Line	Data
29af4c13	1	policy_module(fprintd, 1.1.0)
20c3ccee CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type fprintd_t;
	9	type fprintd_exec_t;
	10	dbus_system_domain(fprintd_t, fprintd_exec_t)
	11
	12	type fprintd_var_lib_t;
	13	files_type(fprintd_var_lib_t)
	14
	15	########################################
	16	#
	17	# Local policy
	18	#
	19
995bdbb1	20	allow fprintd_t self:capability sys_nice;
995bdbb1	21
20c3ccee	22	allow fprintd_t self:fifo_file rw_fifo_file_perms;
0b8f4cfe	23	allow fprintd_t self:process { getsched setsched signal };
20c3ccee CP	24
	25	manage_dirs_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
	26	manage_files_pattern(fprintd_t, fprintd_var_lib_t, fprintd_var_lib_t)
	27	files_var_lib_filetrans(fprintd_t, fprintd_var_lib_t, { dir file })
	28
	29	kernel_read_system_state(fprintd_t)
	30
	31	corecmd_search_bin(fprintd_t)
	32
	33	dev_list_usbfs(fprintd_t)
	34	dev_rw_generic_usb_dev(fprintd_t)
	35	dev_read_sysfs(fprintd_t)
	36
	37	files_read_etc_files(fprintd_t)
	38	files_read_usr_files(fprintd_t)
	39
00808a9b CP	40	fs_getattr_all_fs(fprintd_t)
00808a9b CP	41
20c3ccee CP	42	auth_use_nsswitch(fprintd_t)
	43
	44	miscfiles_read_localization(fprintd_t)
	45
	46	userdom_use_user_ptys(fprintd_t)
	47	userdom_read_all_users_state(fprintd_t)
	48
	49	optional_policy(`
	50	consolekit_dbus_chat(fprintd_t)
	51	')
	52
	53	optional_policy(`
	54	policykit_read_reload(fprintd_t)
	55	policykit_read_lib(fprintd_t)
00808a9b	56	policykit_dbus_chat(fprintd_t)
20c3ccee	57	policykit_domtrans_auth(fprintd_t)
3eaa9939	58	policykit_dbus_chat_auth(fprintd_t)
20c3ccee	59	')