policy/modules/apps/wine.te

   1 policy_module(wine, 1.8.1)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 ## <desc>
   9 ## <p>
  10 ##      Ignore wine mmap_zero errors.
  11 ## </p>
  12 ## </desc>
  13 gen_tunable(wine_mmap_zero_ignore, false)
  14
  15 type wine_t;
  16 type wine_exec_t;
  17 application_domain(wine_t, wine_exec_t)
  18 ubac_constrained(wine_t)
  19 role system_r types wine_t;
  20
  21 type wine_tmp_t;
  22 files_tmp_file(wine_tmp_t)
  23 ubac_constrained(wine_tmp_t)
  24
  25 ########################################
  26 #
  27 # Local policy
  28 #
  29
  30 allow wine_t self:process { execstack execmem execheap };
  31 allow wine_t self:fifo_file manage_fifo_file_perms;
  32
  33 can_exec(wine_t, wine_exec_t)
  34
  35 manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
  36 manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
  37 files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
  38
  39 domain_mmap_low(wine_t)
  40
  41 files_execmod_all_files(wine_t)
  42
  43 userdom_use_inherited_user_terminals(wine_t)
  44
  45 tunable_policy(`wine_mmap_zero_ignore',`
  46         dontaudit wine_t self:memprotect mmap_zero;
  47 ')
  48
  49 optional_policy(`
  50         hal_dbus_chat(wine_t)
  51 ')
  52
  53 optional_policy(`
  54         policykit_dbus_chat(wine_t)
  55 ')
  56
  57 optional_policy(`
  58         unconfined_domain(wine_t)
  59 ')
  60
  61 optional_policy(`
  62         xserver_read_xdm_pid(wine_t)
  63         xserver_rw_shm(wine_t)
  64 ')