policy/modules/apps/telepathy.if

   1
   2 ## <summary>Telepathy framework.</summary>
   3
   4 #######################################
   5 ## <summary>
   6 ##  Creates basic types for telepathy
   7 ##  domain
   8 ## </summary>
   9 ## <param name="prefix">
  10 ##  <summary>
  11 ##  Prefix for the domain.
  12 ##  </summary>
  13 ## </param>
  14 #
  15 #
  16 template(`telepathy_domain_template',`
  17
  18         gen_require(`
  19                 attribute telepathy_domain;
  20                 attribute telepathy_executable;
  21         ')
  22
  23         type telepathy_$1_t, telepathy_domain;
  24         type telepathy_$1_exec_t, telepathy_executable;
  25         application_domain(telepathy_$1_t, telepathy_$1_exec_t)
  26         ubac_constrained(telepathy_$1_t)
  27
  28         type telepathy_$1_tmp_t;
  29         files_tmp_file(telepathy_$1_tmp_t)
  30         ubac_constrained(telepathy_$1_tmp_t)
  31
  32         dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
  33 ')
  34
  35 #######################################
  36 ## <summary>
  37 ##      Role access for telepathy domains
  38 ###     that executes via dbus-session
  39 ## </summary>
  40 ## <param name="user_role">
  41 ##      <summary>
  42 ##      The role associated with the user domain.
  43 ##      </summary>
  44 ## </param>
  45 ## <param name="user_domain">
  46 ##      <summary>
  47 ##      The type of the user domain.
  48 ##      </summary>
  49 ## </param>
  50 #
  51 template(`telepathy_dbus_session_role', `
  52         gen_require(`
  53                 attribute telepathy_domain;
  54         ')
  55
  56         role $1 types telepathy_domain;
  57
  58         allow $2 telepathy_domain:process { ptrace signal_perms };
  59         ps_process_pattern($2, telepathy_domain)
  60
  61         optional_policy(`
  62                 telepathy_dbus_chat($2)
  63         ')
  64
  65         telepathy_gabble_stream_connect($2)
  66         telepathy_msn_stream_connect($2)
  67         telepathy_salut_stream_connect($2)
  68 ')
  69
  70 ########################################
  71 ## <summary>
  72 ##      Send DBus messages to and from
  73 ##      all Telepathy domain.
  74 ## </summary>
  75 ## <param name="domain">
  76 ##      <summary>
  77 ##      Domain allowed access.
  78 ##      </summary>
  79 ## </param>
  80 #
  81 interface(`telepathy_dbus_chat', `
  82         gen_require(`
  83                 attribute telepathy_domain;
  84                 class dbus send_msg;
  85         ')
  86
  87         allow $1 telepathy_domain:dbus send_msg;
  88         allow telepathy_domain $1:dbus send_msg;
  89 ')
  90
  91 ########################################
  92 ## <summary>
  93 ##      Send DBus messages to and from
  94 ##      Telepathy Gabble.
  95 ## </summary>
  96 ## <param name="domain">
  97 ##      <summary>
  98 ##      Domain allowed access.
  99 ##      </summary>
 100 ## </param>
 101 #
 102 interface(`telepathy_gabble_dbus_chat', `
 103         gen_require(`
 104                 type telepathy_gabble_t;
 105                 class dbus send_msg;
 106         ')
 107
 108         allow $1 telepathy_gabble_t:dbus send_msg;
 109         allow telepathy_gabble_t $1:dbus send_msg;
 110 ')
 111
 112 ########################################
 113 ## <summary>
 114 ##      Stream connect to Telepathy Gabble
 115 ## </summary>
 116 ## <param name="domain">
 117 ##      <summary>
 118 ##      Domain allowed access.
 119 ##      </summary>
 120 ## </param>
 121 #
 122 interface(`telepathy_gabble_stream_connect', `
 123         gen_require(`
 124                 type telepathy_gabble_t, telepathy_gabble_tmp_t;
 125         ')
 126
 127         stream_connect_pattern($1, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t, telepathy_gabble_t)
 128         files_search_tmp($1)
 129 ')
 130
 131 #######################################
 132 ## <summary>
 133 ##      Stream connect to telepathy MSN managers
 134 ## </summary>
 135 ## <param name="domain">
 136 ##      <summary>
 137 ##      Domain allowed access.
 138 ##      </summary>
 139 ## </param>
 140 #
 141 interface(`telepathy_msn_stream_connect', `
 142         gen_require(`
 143                 type telepathy_msn_t, telepathy_msn_tmp_t;
 144         ')
 145
 146         stream_connect_pattern($1, telepathy_msn_tmp_t, telepathy_msn_tmp_t, telepathy_msn_t)
 147         files_search_tmp($1)
 148 ')
 149
 150
 151 ########################################
 152 ## <summary>
 153 ##      Stream connect to Telepathy Salut
 154 ## </summary>
 155 ## <param name="domain">
 156 ##      <summary>
 157 ##      Domain allowed access.
 158 ##      </summary>
 159 ## </param>
 160 #
 161 interface(`telepathy_salut_stream_connect', `
 162         gen_require(`
 163                 type telepathy_salut_t, telepathy_salut_tmp_t;
 164         ')
 165
 166         stream_connect_pattern($1, telepathy_salut_tmp_t, telepathy_salut_tmp_t, telepathy_salut_t)
 167         files_search_tmp($1)
 168 ')
 169
 170 ########################################
 171 ## <summary>
 172 ##      Read telepathy mission control state.
 173 ## </summary>
 174 ## <param name="role_prefix">
 175 ##      <summary>
 176 ##      Prefix to be used.
 177 ##      </summary>
 178 ## </param>
 179 ## <param name="domain">
 180 ##      <summary>
 181 ##      Domain allowed access.
 182 ##      </summary>
 183 ## </param>
 184 #
 185 interface(`telepathy_mission_control_read_state',`
 186         gen_require(`
 187                 type telepathy_mission_control_t;
 188         ')
 189
 190         kernel_search_proc($1)
 191         ps_process_pattern($1, telepathy_mission_control_t)
 192 ')
 193