type telepathy_$1_tmp_t;
files_tmp_file(telepathy_$1_tmp_t)
ubac_constrained(telepathy_$1_tmp_t)
-
- dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
')
#######################################
template(`telepathy_dbus_session_role', `
gen_require(`
attribute telepathy_domain;
+ type telepathy_gabble_t;
+ type telepathy_sofiasip_t;
+ type telepathy_idle_t;
+ type telepathy_mission_control_t;
+ type telepathy_salut_t;
+ type telepathy_sunshine_t;
+ type telepathy_stream_engine_t;
+ type telepathy_msn_t;
+ type telepathy_gabble_exec_t;
+ type telepathy_sofiasip_exec_t;
+ type telepathy_idle_exec_t;
+ type telepathy_mission_control_exec_t;
+ type telepathy_salut_exec_t;
+ type telepathy_sunshine_exec_t;
+ type telepathy_stream_engine_exec_t;
+ type telepathy_msn_exec_t;
')
role $1 types telepathy_domain;
telepathy_gabble_stream_connect($2)
telepathy_msn_stream_connect($2)
telepathy_salut_stream_connect($2)
+
+ dbus_session_domain($3, telepathy_gabble_exec_t, telepathy_gabble_t)
+ dbus_session_domain($3, telepathy_sofiasip_exec_t, telepathy_sofiasip_t)
+ dbus_session_domain($3, telepathy_idle_exec_t, telepathy_idle_t)
+ dbus_session_domain($3, telepathy_mission_control_exec_t, telepathy_mission_control_t)
+ dbus_session_domain($3, telepathy_salut_exec_t, telepathy_salut_t)
+ dbus_session_domain($3, telepathy_sunshine_exec_t, telepathy_sunshine_t)
+ dbus_session_domain($3, telepathy_stream_engine_exec_t, telepathy_stream_engine_t)
+ dbus_session_domain($3, telepathy_msn_exec_t, telepathy_msn_t)
+
')
########################################
allow telepathy_gabble_t $1:dbus send_msg;
')
-########################################
-## <summary>
-## Read and write Telepathy Butterfly
-## temporary files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`telepathy_butterfly_rw_tmp_files', `
- gen_require(`
- type telepathy_butterfly_tmp_t;
- ')
-
- allow $1 telepathy_butterfly_tmp_t:file rw_file_perms;
- files_search_tmp($1)
-')
-
########################################
## <summary>
## Stream connect to Telepathy Gabble
stream_connect_pattern($1, telepathy_salut_tmp_t, telepathy_salut_tmp_t, telepathy_salut_t)
files_search_tmp($1)
')
+
+########################################
+## <summary>
+## Read telepathy mission control state.
+## </summary>
+## <param name="role_prefix">
+## <summary>
+## Prefix to be used.
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`telepathy_mission_control_read_state',`
+ gen_require(`
+ type telepathy_mission_control_t;
+ ')
+
+ kernel_search_proc($1)
+ ps_process_pattern($1, telepathy_mission_control_t)
+')
+
+#######################################
+## <summary>
+## Execute telepathy executable
+## in the specified domain.
+## </summary>
+## <desc>
+## <p>
+## Execute a telepathy executable
+## in the specified domain. This allows
+## the specified domain to execute any file
+## on these filesystems in the specified
+## domain.
+## </p>
+## <p>
+## No interprocess communication (signals, pipes,
+## etc.) is provided by this interface since
+## the domains are not owned by this module.
+## </p>
+## <p>
+## This interface was added to handle
+## the ssh-agent policy.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="target_domain">
+## <summary>
+## The type of the new process.
+## </summary>
+## </param>
+#
+interface(`telepathy_command_domtrans', `
+ gen_require(`
+ attribute telepathy_executable;
+ ')
+
+ allow $2 telepathy_executable:file entrypoint;
+ domain_transition_pattern($1, telepathy_executable, $2)
+ type_transition $1 telepathy_executable:process $2;
+
+ # needs to dbus chat with unconfined_t and unconfined_dbusd_t
+ optional_policy(`
+ telepathy_dbus_chat($1)
+ telepathy_dbus_chat($2)
+ ')
+')
projects / people / stevee / selinux-policy.git / blobdiff