policy/modules/apps/telepathy.if

   1
   2 ## <summary>Telepathy framework.</summary>
   3
   4 #######################################
   5 ## <summary>
   6 ##  Creates basic types for telepathy
   7 ##  domain
   8 ## </summary>
   9 ## <param name="prefix">
  10 ##  <summary>
  11 ##  Prefix for the domain.
  12 ##  </summary>
  13 ## </param>
  14 #
  15 #
  16 template(`telepathy_domain_template',`
  17
  18         gen_require(`
  19                 attribute telepathy_domain;
  20                 attribute telepathy_executable;
  21         ')
  22
  23         type telepathy_$1_t, telepathy_domain;
  24         type telepathy_$1_exec_t, telepathy_executable;
  25         application_domain(telepathy_$1_t, telepathy_$1_exec_t)
  26         ubac_constrained(telepathy_$1_t)
  27
  28         type telepathy_$1_tmp_t;
  29         files_tmp_file(telepathy_$1_tmp_t)
  30         ubac_constrained(telepathy_$1_tmp_t)
  31
  32         ifdef(`TODO',`
  33                 dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
  34         ')
  35 ')
  36
  37 #######################################
  38 ## <summary>
  39 ##      Role access for telepathy domains
  40 ###     that executes via dbus-session
  41 ## </summary>
  42 ## <param name="user_role">
  43 ##      <summary>
  44 ##      The role associated with the user domain.
  45 ##      </summary>
  46 ## </param>
  47 ## <param name="user_domain">
  48 ##      <summary>
  49 ##      The type of the user domain.
  50 ##      </summary>
  51 ## </param>
  52 #
  53 template(`telepathy_dbus_session_role', `
  54         gen_require(`
  55                 attribute telepathy_domain;
  56         ')
  57
  58         role $1 types telepathy_domain;
  59
  60         allow $2 telepathy_domain:process { ptrace signal_perms };
  61         ps_process_pattern($2, telepathy_domain)
  62
  63         optional_policy(`
  64                 telepathy_dbus_chat($2)
  65         ')
  66
  67         telepathy_gabble_stream_connect($2)
  68         telepathy_msn_stream_connect($2)
  69         telepathy_salut_stream_connect($2)
  70 ')
  71
  72 ########################################
  73 ## <summary>
  74 ##      Send DBus messages to and from
  75 ##      all Telepathy domain.
  76 ## </summary>
  77 ## <param name="domain">
  78 ##      <summary>
  79 ##      Domain allowed access.
  80 ##      </summary>
  81 ## </param>
  82 #
  83 interface(`telepathy_dbus_chat', `
  84         gen_require(`
  85                 attribute telepathy_domain;
  86                 class dbus send_msg;
  87         ')
  88
  89         allow $1 telepathy_domain:dbus send_msg;
  90         allow telepathy_domain $1:dbus send_msg;
  91 ')
  92
  93 ########################################
  94 ## <summary>
  95 ##      Send DBus messages to and from
  96 ##      Telepathy Gabble.
  97 ## </summary>
  98 ## <param name="domain">
  99 ##      <summary>
 100 ##      Domain allowed access.
 101 ##      </summary>
 102 ## </param>
 103 #
 104 interface(`telepathy_gabble_dbus_chat', `
 105         gen_require(`
 106                 type telepathy_gabble_t;
 107                 class dbus send_msg;
 108         ')
 109
 110         allow $1 telepathy_gabble_t:dbus send_msg;
 111         allow telepathy_gabble_t $1:dbus send_msg;
 112 ')
 113
 114 ########################################
 115 ## <summary>
 116 ##      Read and write Telepathy Butterfly
 117 ##      temporary files.
 118 ## </summary>
 119 ## <param name="domain">
 120 ##      <summary>
 121 ##      Domain allowed access.
 122 ##      </summary>
 123 ## </param>
 124 #
 125 interface(`telepathy_butterfly_rw_tmp_files', `
 126         gen_require(`
 127                 type telepathy_butterfly_tmp_t;
 128         ')
 129
 130         allow $1 telepathy_butterfly_tmp_t:file rw_file_perms;
 131         files_search_tmp($1)
 132 ')
 133
 134 ########################################
 135 ## <summary>
 136 ##      Stream connect to Telepathy Gabble
 137 ## </summary>
 138 ## <param name="domain">
 139 ##      <summary>
 140 ##      Domain allowed access.
 141 ##      </summary>
 142 ## </param>
 143 #
 144 interface(`telepathy_gabble_stream_connect', `
 145         gen_require(`
 146                 type telepathy_gabble_t, telepathy_gabble_tmp_t;
 147         ')
 148
 149         stream_connect_pattern($1, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t, telepathy_gabble_t)
 150         files_search_tmp($1)
 151 ')
 152
 153 #######################################
 154 ## <summary>
 155 ##      Stream connect to telepathy MSN managers
 156 ## </summary>
 157 ## <param name="domain">
 158 ##      <summary>
 159 ##      Domain allowed access.
 160 ##      </summary>
 161 ## </param>
 162 #
 163 interface(`telepathy_msn_stream_connect', `
 164         gen_require(`
 165                 type telepathy_msn_t, telepathy_msn_tmp_t;
 166         ')
 167
 168         stream_connect_pattern($1, telepathy_msn_tmp_t, telepathy_msn_tmp_t, telepathy_msn_t)
 169         files_search_tmp($1)
 170 ')
 171
 172
 173 ########################################
 174 ## <summary>
 175 ##      Stream connect to Telepathy Salut
 176 ## </summary>
 177 ## <param name="domain">
 178 ##      <summary>
 179 ##      Domain allowed access.
 180 ##      </summary>
 181 ## </param>
 182 #
 183 interface(`telepathy_salut_stream_connect', `
 184         gen_require(`
 185                 type telepathy_salut_t, telepathy_salut_tmp_t;
 186         ')
 187
 188         stream_connect_pattern($1, telepathy_salut_tmp_t, telepathy_salut_tmp_t, telepathy_salut_t)
 189         files_search_tmp($1)
 190 ')