projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 29af4c13 | 1 | policy_module(gpm, 1.8.0) |
| f862c35c CP |
2 | |
| 3 | ######################################## | |
| 4 | # | |
| 5 | # Declarations | |
| 6 | # | |
| 7 | ||
| 8 | type gpm_t; | |
| 9 | type gpm_exec_t; | |
| 0bfccda4 | 10 | init_daemon_domain(gpm_t, gpm_exec_t) |
| f862c35c CP |
11 | |
| 12 | type gpm_conf_t; | |
| 5e4542af | 13 | files_config_file(gpm_conf_t) |
| f862c35c CP |
14 | |
| 15 | type gpm_tmp_t; | |
| 16 | files_tmp_file(gpm_tmp_t) | |
| 17 | ||
| 18 | type gpm_var_run_t; | |
| 19 | files_pid_file(gpm_var_run_t) | |
| 20 | ||
| 21 | type gpmctl_t; | |
| 22 | files_type(gpmctl_t) | |
| 23 | ||
| 24 | ######################################## | |
| 25 | # | |
| 26 | # Local policy | |
| 27 | # | |
| 28 | ||
| d7b98c89 CP |
29 | allow gpm_t self:capability { setpcap setuid dac_override sys_admin sys_tty_config }; |
| 30 | allow gpm_t self:process { getcap setcap }; | |
| 9cca1cd5 | 31 | allow gpm_t self:unix_stream_socket create_stream_socket_perms; |
| f862c35c | 32 | |
| c0868a7a | 33 | allow gpm_t gpm_conf_t:dir list_dir_perms; |
| 0bfccda4 CP |
34 | read_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t) |
| 35 | read_lnk_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t) | |
| f862c35c | 36 | |
| 0bfccda4 CP |
37 | manage_dirs_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t) |
| 38 | manage_files_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t) | |
| 103fe280 | 39 | files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir }) |
| f862c35c | 40 | |
| c0868a7a | 41 | allow gpm_t gpm_var_run_t:file manage_file_perms; |
| 3f67f722 | 42 | files_pid_filetrans(gpm_t, gpm_var_run_t, file) |
| f862c35c | 43 | |
| cbe82b17 CP |
44 | allow gpm_t gpmctl_t:sock_file manage_sock_file_perms; |
| 45 | allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms; | |
| 0bfccda4 | 46 | dev_filetrans(gpm_t, gpmctl_t, { sock_file fifo_file }) |
| f862c35c | 47 | |
| 445522dc | 48 | kernel_read_kernel_sysctls(gpm_t) |
| f862c35c CP |
49 | kernel_list_proc(gpm_t) |
| 50 | kernel_read_proc_symlinks(gpm_t) | |
| 51 | ||
| 52 | dev_read_sysfs(gpm_t) | |
| 53 | # Access the mouse. | |
| 8cfa5a00 | 54 | dev_rw_input_dev(gpm_t) |
| 4ac451f1 | 55 | dev_rw_mouse(gpm_t) |
| f862c35c | 56 | |
| 45515556 CP |
57 | files_read_etc_files(gpm_t) |
| 58 | ||
| f862c35c CP |
59 | fs_getattr_all_fs(gpm_t) |
| 60 | fs_search_auto_mountpoints(gpm_t) | |
| 61 | ||
| 1815bad1 | 62 | term_use_unallocated_ttys(gpm_t) |
| f862c35c | 63 | |
| 15722ec9 | 64 | domain_use_interactive_fds(gpm_t) |
| f862c35c | 65 | |
| f862c35c CP |
66 | logging_send_syslog_msg(gpm_t) |
| 67 | ||
| 68 | miscfiles_read_localization(gpm_t) | |
| 69 | ||
| 15722ec9 | 70 | userdom_dontaudit_use_unpriv_user_fds(gpm_t) |
| 296273a7 | 71 | userdom_dontaudit_search_user_home_dirs(gpm_t) |
| af2d8802 | 72 | userdom_use_inherited_user_terminals(gpm_t) |
| f862c35c | 73 | |
| bb7170f6 | 74 | optional_policy(` |
| f862c35c CP |
75 | seutil_sigchld_newrole(gpm_t) |
| 76 | ') | |
| 77 | ||
| bb7170f6 | 78 | optional_policy(` |
| f862c35c CP |
79 | udev_read_db(gpm_t) |
| 80 | ') |