projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| f862c35c | 1 | |
| 29af4c13 | 2 | policy_module(gpm, 1.8.0) |
| f862c35c CP |
3 | |
| 4 | ######################################## | |
| 5 | # | |
| 6 | # Declarations | |
| 7 | # | |
| 8 | ||
| 9 | type gpm_t; | |
| 10 | type gpm_exec_t; | |
| 0bfccda4 | 11 | init_daemon_domain(gpm_t, gpm_exec_t) |
| f862c35c CP |
12 | |
| 13 | type gpm_conf_t; | |
| 14 | files_type(gpm_conf_t) | |
| 15 | ||
| 16 | type gpm_tmp_t; | |
| 17 | files_tmp_file(gpm_tmp_t) | |
| 18 | ||
| 19 | type gpm_var_run_t; | |
| 20 | files_pid_file(gpm_var_run_t) | |
| 21 | ||
| 22 | type gpmctl_t; | |
| 23 | files_type(gpmctl_t) | |
| 24 | ||
| 25 | ######################################## | |
| 26 | # | |
| 27 | # Local policy | |
| 28 | # | |
| 29 | ||
| d7b98c89 CP |
30 | allow gpm_t self:capability { setpcap setuid dac_override sys_admin sys_tty_config }; |
| 31 | allow gpm_t self:process { getcap setcap }; | |
| 9cca1cd5 | 32 | allow gpm_t self:unix_stream_socket create_stream_socket_perms; |
| f862c35c | 33 | |
| c0868a7a | 34 | allow gpm_t gpm_conf_t:dir list_dir_perms; |
| 0bfccda4 CP |
35 | read_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t) |
| 36 | read_lnk_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t) | |
| f862c35c | 37 | |
| 0bfccda4 CP |
38 | manage_dirs_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t) |
| 39 | manage_files_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t) | |
| 103fe280 | 40 | files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir }) |
| f862c35c | 41 | |
| c0868a7a | 42 | allow gpm_t gpm_var_run_t:file manage_file_perms; |
| 3f67f722 | 43 | files_pid_filetrans(gpm_t, gpm_var_run_t, file) |
| f862c35c | 44 | |
| cbe82b17 CP |
45 | allow gpm_t gpmctl_t:sock_file manage_sock_file_perms; |
| 46 | allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms; | |
| 0bfccda4 | 47 | dev_filetrans(gpm_t, gpmctl_t, { sock_file fifo_file }) |
| f862c35c | 48 | |
| 445522dc | 49 | kernel_read_kernel_sysctls(gpm_t) |
| f862c35c CP |
50 | kernel_list_proc(gpm_t) |
| 51 | kernel_read_proc_symlinks(gpm_t) | |
| 52 | ||
| 53 | dev_read_sysfs(gpm_t) | |
| 54 | # Access the mouse. | |
| 8cfa5a00 | 55 | dev_rw_input_dev(gpm_t) |
| 4ac451f1 | 56 | dev_rw_mouse(gpm_t) |
| f862c35c | 57 | |
| 45515556 CP |
58 | files_read_etc_files(gpm_t) |
| 59 | ||
| f862c35c CP |
60 | fs_getattr_all_fs(gpm_t) |
| 61 | fs_search_auto_mountpoints(gpm_t) | |
| 62 | ||
| 1815bad1 | 63 | term_use_unallocated_ttys(gpm_t) |
| f862c35c | 64 | |
| 15722ec9 | 65 | domain_use_interactive_fds(gpm_t) |
| f862c35c | 66 | |
| f862c35c CP |
67 | logging_send_syslog_msg(gpm_t) |
| 68 | ||
| 69 | miscfiles_read_localization(gpm_t) | |
| 70 | ||
| 15722ec9 | 71 | userdom_dontaudit_use_unpriv_user_fds(gpm_t) |
| 296273a7 | 72 | userdom_dontaudit_search_user_home_dirs(gpm_t) |
| f862c35c | 73 | |
| bb7170f6 | 74 | optional_policy(` |
| f862c35c CP |
75 | seutil_sigchld_newrole(gpm_t) |
| 76 | ') | |
| 77 | ||
| bb7170f6 | 78 | optional_policy(` |
| f862c35c CP |
79 | udev_read_db(gpm_t) |
| 80 | ') |