1 ## <summary>Openoffice</summary>
3 #######################################
5 ## The per role template for the openoffice module.
7 ## <param name="user_domain">
9 ## The type of the user domain.
13 interface(`openoffice_plugin_role',`
15 type openoffice_exec_t;
19 ########################################
24 domtrans_pattern($1, openoffice_exec_t, openoffice_t)
25 allow $1 openoffice_t:process { signal sigkill };
28 #######################################
30 ## role for openoffice
34 ## This template creates a derived domains which are used
35 ## for java applications.
38 ## <param name="role_prefix">
40 ## The prefix of the user domain (e.g., user
41 ## is the prefix for user_t).
44 ## <param name="user_role">
46 ## The role associated with the user domain.
49 ## <param name="user_domain">
51 ## The type of the user domain.
55 interface(`openoffice_role_template',`
57 type openoffice_exec_t;
60 role $2 types $1_openoffice_t;
63 domain_type($1_openoffice_t)
64 domain_entry_file($1_openoffice_t, openoffice_exec_t)
65 domain_interactive_fd($1_openoffice_t)
67 userdom_unpriv_usertype($1, $1_openoffice_t)
68 userdom_exec_user_home_content_files($1_openoffice_t)
70 allow $1_openoffice_t self:process { getsched sigkill execmem execstack };
72 allow $3 $1_openoffice_t:process { getattr signal_perms noatsecure siginh rlimitinh };
73 allow $1_openoffice_t $3:tcp_socket { read write };
75 domtrans_pattern($3, openoffice_exec_t, $1_openoffice_t)
77 dev_read_urand($1_openoffice_t)
78 dev_read_rand($1_openoffice_t)
80 fs_dontaudit_rw_tmpfs_files($1_openoffice_t)
82 allow $3 $1_openoffice_t:process { signal sigkill };
83 allow $1_openoffice_t $3:unix_stream_socket connectto;
86 xserver_role($2, $1_openoffice_t)
90 ########################################
92 ## Execute openoffice_exec_t
93 ## in the specified domain.
97 ## Execute a openoffice_exec_t
98 ## in the specified domain.
101 ## No interprocess communication (signals, pipes,
102 ## etc.) is provided by this interface since
103 ## the domains are not owned by this module.
106 ## <param name="domain">
108 ## Domain allowed access.
111 ## <param name="target_domain">
113 ## The type of the new process.
117 interface(`openoffice_exec_domtrans',`
119 type openoffice_exec_t;
122 allow $2 openoffice_exec_t:file entrypoint;
123 domtrans_pattern($1, openoffice_exec_t, $2)