]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - policy/modules/services/bluetooth.if
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
add main part of role-o-matic
[people/stevee/selinux-policy.git] / policy / modules / services / bluetooth.if
1 ## <summary>Bluetooth tools and system services.</summary>
2
3 ########################################
4 ## <summary>
5 ## Execute bluetooth in the bluetooth domain.
6 ## </summary>
7 ## <param name="domain">
8 ## <summary>
9 ## The type of the process performing this action.
10 ## </summary>
11 ## </param>
12 #
13 interface(`bluetooth_domtrans',`
14 gen_require(`
15 type bluetooth_t, bluetooth_exec_t;
16 ')
17
18 domain_auto_trans($1,bluetooth_exec_t,bluetooth_t)
19 allow bluetooth_t $1:fd use;
20 allow bluetooth_t $1:fifo_file rw_file_perms;
21 allow bluetooth_t $1:process sigchld;
22 ')
23
24 ########################################
25 ## <summary>
26 ## Read bluetooth daemon configuration.
27 ## </summary>
28 ## <param name="domain">
29 ## <summary>
30 ## Domain allowed access.
31 ## </summary>
32 ## </param>
33 #
34 interface(`bluetooth_read_config',`
35 gen_require(`
36 type bluetooth_conf_t;
37 ')
38
39 allow $1 bluetooth_conf_t:file { getattr read ioctl };
40 ')
41
42 ########################################
43 ## <summary>
44 ## Execute bluetooth_helper in the bluetooth_helper domain.
45 ## </summary>
46 ## <param name="domain">
47 ## <summary>
48 ## The type of the process performing this action.
49 ## </summary>
50 ## </param>
51 #
52 interface(`bluetooth_domtrans_helper',`
53 gen_require(`
54 type bluetooth_helper_t, bluetooth_helper_exec_t;
55 ')
56
57 domain_auto_trans($1,bluetooth_helper_exec_t,bluetooth_helper_t)
58
59 allow $1 bluetooth_helper_t:fd use;
60 allow bluetooth_helper_t $1:fd use;
61 allow bluetooth_helper_t $1:fifo_file rw_file_perms;
62 allow bluetooth_helper_t $1:process sigchld;
63 ')
64
65 ########################################
66 ## <summary>
67 ## Send and receive messages from
68 ## bluetooth over dbus.
69 ## </summary>
70 ## <param name="domain">
71 ## <summary>
72 ## Domain allowed access.
73 ## </summary>
74 ## </param>
75 #
76 interface(`bluetooth_dbus_chat',`
77 gen_require(`
78 type bluetooth_t;
79 class dbus send_msg;
80 ')
81
82 allow $1 bluetooth_t:dbus send_msg;
83 allow bluetooth_t $1:dbus send_msg;
84 ')
85
86 ########################################
87 ## <summary>
88 ## Execute bluetooth_helper in the bluetooth_helper domain, and
89 ## allow the specified role the bluetooth_helper domain.
90 ## </summary>
91 ## <param name="domain">
92 ## <summary>
93 ## The type of the process performing this action.
94 ## </summary>
95 ## </param>
96 ## <param name="role">
97 ## <summary>
98 ## The role to be allowed the bluetooth_helper domain.
99 ## </summary>
100 ## </param>
101 ## <param name="terminal">
102 ## <summary>
103 ## The type of the terminal allow the bluetooth_helper domain to use.
104 ## </summary>
105 ## </param>
106 ## <rolecap/>
107 #
108 interface(`bluetooth_run_helper',`
109 gen_require(`
110 type bluetooth_helper_t;
111 ')
112
113 bluetooth_domtrans_helper($1)
114 role $2 types bluetooth_helper_t;
115 allow bluetooth_helper_t $3:chr_file rw_term_perms;
116 ')
117
118 ########################################
119 ## <summary>
120 ## Read bluetooth helper files.
121 ## </summary>
122 ## <param name="domain">
123 ## <summary>
124 ## Domain allowed access.
125 ## </summary>
126 ## </param>
127 #
128 interface(`bluetooth_dontaudit_read_helper_files',`
129 gen_require(`
130 type bluetooth_helper_t;
131 ')
132
133 dontaudit $1 bluetooth_helper_t:dir search;
134 dontaudit $1 bluetooth_helper_t:file { read getattr };
135 ')
The IPFire selinux policy.