policy/modules/apps/gnome.if

   1 ## <summary>GNU network object model environment (GNOME)</summary>
   2
   3 ############################################################
   4 ## <summary>
   5 ##      Role access for gnome
   6 ## </summary>
   7 ## <param name="role">
   8 ##      <summary>
   9 ##      Role allowed access
  10 ##      </summary>
  11 ## </param>
  12 ## <param name="domain">
  13 ##      <summary>
  14 ##      User domain for the role
  15 ##      </summary>
  16 ## </param>
  17 #
  18 interface(`gnome_role',`
  19         gen_require(`
  20                 type gconfd_t, gconfd_exec_t;
  21                 type gconf_tmp_t;
  22         ')
  23
  24         role $1 types gconfd_t;
  25
  26         domain_auto_trans($2, gconfd_exec_t, gconfd_t)
  27         allow gconfd_t $2:fd use;
  28         allow gconfd_t $2:fifo_file write;
  29         allow gconfd_t $2:unix_stream_socket connectto;
  30
  31         ps_process_pattern($2, gconfd_t)
  32
  33         #gnome_stream_connect_gconf_template($1, $2)
  34         read_files_pattern($2, gconf_tmp_t, gconf_tmp_t)
  35         allow $2 gconfd_t:unix_stream_socket connectto;
  36 ')
  37
  38 ########################################
  39 ## <summary>
  40 ##      Execute gconf programs in
  41 ##      in the caller domain.
  42 ## </summary>
  43 ## <param name="domain">
  44 ##      <summary>
  45 ##      Domain allowed access.
  46 ##      </summary>
  47 ## </param>
  48 #
  49 interface(`gnome_exec_gconf',`
  50         gen_require(`
  51                 type gconfd_exec_t;
  52         ')
  53
  54         can_exec($1, gconfd_exec_t)
  55 ')
  56
  57 ########################################
  58 ## <summary>
  59 ##      Read gconf config files.
  60 ## </summary>
  61 ## <param name="user_domain">
  62 ##      <summary>
  63 ##      Domain allowed access.
  64 ##      </summary>
  65 ## </param>
  66 #
  67 template(`gnome_read_gconf_config',`
  68         gen_require(`
  69                 type gconf_etc_t;
  70         ')
  71
  72         allow $1 gconf_etc_t:dir list_dir_perms;
  73         read_files_pattern($1, gconf_etc_t, gconf_etc_t)
  74         files_search_etc($1)
  75 ')
  76
  77 #######################################
  78 ## <summary>
  79 ##      Create, read, write, and delete gconf config files.
  80 ## </summary>
  81 ## <param name="domain">
  82 ##      <summary>
  83 ##      Domain allowed access.
  84 ##      </summary>
  85 ## </param>
  86 #
  87 interface(`gnome_manage_gconf_config',`
  88         gen_require(`
  89                 type gconf_etc_t;
  90         ')
  91
  92         manage_files_pattern($1, gconf_etc_t, gconf_etc_t)
  93         files_search_etc($1)
  94 ')
  95
  96 ########################################
  97 ## <summary>
  98 ##      gconf connection template.
  99 ## </summary>
 100 ## <param name="user_domain">
 101 ##      <summary>
 102 ##      Domain allowed access.
 103 ##      </summary>
 104 ## </param>
 105 #
 106 interface(`gnome_stream_connect_gconf',`
 107         gen_require(`
 108                 type gconfd_t, gconf_tmp_t;
 109         ')
 110
 111         read_files_pattern($1, gconf_tmp_t, gconf_tmp_t)
 112         allow $1 gconfd_t:unix_stream_socket connectto;
 113 ')
 114
 115 ########################################
 116 ## <summary>
 117 ##      Run gconfd in gconfd domain.
 118 ## </summary>
 119 ## <param name="domain">
 120 ##      <summary>
 121 ##      Domain allowed access.
 122 ##      </summary>
 123 ## </param>
 124 #
 125 interface(`gnome_domtrans_gconfd',`
 126         gen_require(`
 127                 type gconfd_t, gconfd_exec_t;
 128         ')
 129
 130         domtrans_pattern($1, gconfd_exec_t, gconfd_t)
 131 ')
 132
 133 ########################################
 134 ## <summary>
 135 ##      Set attributes of Gnome config dirs.
 136 ## </summary>
 137 ## <param name="domain">
 138 ##      <summary>
 139 ##      Domain allowed access.
 140 ##      </summary>
 141 ## </param>
 142 #
 143 interface(`gnome_setattr_config_dirs',`
 144         gen_require(`
 145                 type gnome_home_t;
 146         ')
 147
 148         setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
 149         files_search_home($1)
 150 ')
 151
 152 ########################################
 153 ## <summary>
 154 ##      Read gnome homedir content (.config)
 155 ## </summary>
 156 ## <param name="user_domain">
 157 ##      <summary>
 158 ##      Domain allowed access.
 159 ##      </summary>
 160 ## </param>
 161 #
 162 template(`gnome_read_config',`
 163         gen_require(`
 164                 type gnome_home_t;
 165         ')
 166
 167         list_dirs_pattern($1, gnome_home_t, gnome_home_t)
 168         read_files_pattern($1, gnome_home_t, gnome_home_t)
 169         read_lnk_files_pattern($1, gnome_home_t, gnome_home_t)
 170 ')
 171
 172 ########################################
 173 ## <summary>
 174 ##      manage gnome homedir content (.config)
 175 ## </summary>
 176 ## <param name="user_domain">
 177 ##      <summary>
 178 ##      Domain allowed access.
 179 ##      </summary>
 180 ## </param>
 181 #
 182 interface(`gnome_manage_config',`
 183         gen_require(`
 184                 type gnome_home_t;
 185         ')
 186
 187         allow $1 gnome_home_t:dir manage_dir_perms;
 188         allow $1 gnome_home_t:file manage_file_perms;
 189         userdom_search_user_home_dirs($1)
 190 ')