From 9ea539a6ecc25c6c279cdbed1aa3359d5cdd8239 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 14 Jan 2012 15:58:19 +0100 Subject: [PATCH] Remove module for telepathy. --- policy/modules/apps/gnome.if | 4 - policy/modules/apps/telepathy.fc | 21 -- policy/modules/apps/telepathy.if | 291 ---------------- policy/modules/apps/telepathy.te | 442 ------------------------- policy/modules/roles/staff.te | 4 - policy/modules/roles/unconfineduser.te | 4 - policy/modules/roles/unprivuser.te | 4 - policy/modules/roles/xguest.te | 4 - policy/modules/system/userdomain.if | 2 - policy/modules/system/userdomain.te | 4 - 10 files changed, 780 deletions(-) delete mode 100644 policy/modules/apps/telepathy.fc delete mode 100644 policy/modules/apps/telepathy.if delete mode 100644 policy/modules/apps/telepathy.te diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if index 45580b57..6ba6bbda 100644 --- a/policy/modules/apps/gnome.if +++ b/policy/modules/apps/gnome.if @@ -106,10 +106,6 @@ interface(`gnome_role_gkeyringd',` gnome_home_dir_filetrans($1_gkeyringd_t) gnome_manage_generic_home_dirs($1_gkeyringd_t) gnome_read_generic_data_home_files($1_gkeyringd_t) - - optional_policy(` - telepathy_mission_control_read_state($1_gkeyringd_t) - ') ') ') diff --git a/policy/modules/apps/telepathy.fc b/policy/modules/apps/telepathy.fc deleted file mode 100644 index a275bd62..00000000 --- a/policy/modules/apps/telepathy.fc +++ /dev/null @@ -1,21 +0,0 @@ -HOME_DIR/\.cache/\.mc_connections -- gen_context(system_u:object_r:telepathy_mission_control_cache_home_t, s0) -HOME_DIR/\.cache/telepathy(/.*)? gen_context(system_u:object_r:telepathy_cache_home_t, s0) -HOME_DIR/\.cache/telepathy/logger(/.*)? gen_context(system_u:object_r:telepathy_logger_cache_home_t,s0) -HOME_DIR/\.cache/telepathy/gabble(/.*)? gen_context(system_u:object_r:telepathy_gabble_cache_home_t, s0) -HOME_DIR/\.cache/wocky(/.*)? gen_context(system_u:object_r:telepathy_gabble_cache_home_t, s0) -HOME_DIR/\.mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_home_t, s0) -HOME_DIR/\.local/share/telepathy(/.*)? gen_context(system_u:object_r:telepathy_data_home_t,s0) -HOME_DIR/\.local/share/telepathy/mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_data_home_t, s0) -HOME_DIR/\.telepathy-sunshine(/.*)? gen_context(system_u:object_r:telepathy_sunshine_home_t, s0) -HOME_DIR/\.local/share/TpLogger(/.*)? gen_context(system_u:object_r:telepathy_logger_data_home_t,s0) - -/usr/libexec/mission-control-5 -- gen_context(system_u:object_r:telepathy_mission_control_exec_t, s0) -/usr/libexec/telepathy-butterfly -- gen_context(system_u:object_r:telepathy_msn_exec_t, s0) -/usr/libexec/telepathy-gabble -- gen_context(system_u:object_r:telepathy_gabble_exec_t, s0) -/usr/libexec/telepathy-haze -- gen_context(system_u:object_r:telepathy_msn_exec_t, s0) -/usr/libexec/telepathy-idle -- gen_context(system_u:object_r:telepathy_idle_exec_t, s0) -/usr/libexec/telepathy-logger -- gen_context(system_u:object_r:telepathy_logger_exec_t,s0) -/usr/libexec/telepathy-salut -- gen_context(system_u:object_r:telepathy_salut_exec_t, s0) -/usr/libexec/telepathy-sofiasip -- gen_context(system_u:object_r:telepathy_sofiasip_exec_t, s0) -/usr/libexec/telepathy-stream-engine -- gen_context(system_u:object_r:telepathy_stream_engine_exec_t, s0) -/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0) diff --git a/policy/modules/apps/telepathy.if b/policy/modules/apps/telepathy.if deleted file mode 100644 index d49274d6..00000000 --- a/policy/modules/apps/telepathy.if +++ /dev/null @@ -1,291 +0,0 @@ -## Telepathy communications framework. - -####################################### -## -## Creates basic types for telepathy -## domain -## -## -## -## Prefix for the domain. -## -## -# -template(`telepathy_domain_template',` - gen_require(` - attribute telepathy_domain; - attribute telepathy_executable; - ') - - type telepathy_$1_t, telepathy_domain; - type telepathy_$1_exec_t, telepathy_executable; - application_domain(telepathy_$1_t, telepathy_$1_exec_t) - ubac_constrained(telepathy_$1_t) - auth_use_nsswitch(telepathy_$1_t) - - type telepathy_$1_tmp_t; - files_tmp_file(telepathy_$1_tmp_t) - ubac_constrained(telepathy_$1_tmp_t) - -') - -####################################### -## -## Role access for telepathy domains -## that executes via dbus-session -## -## -## -## The role associated with the user domain. -## -## -## -## -## The type of the user domain. -## -## -## -## -## User domain prefix to be used. -## -## -# -template(`telepathy_role',` - gen_require(` - attribute telepathy_domain; - type telepathy_gabble_t, telepathy_sofiasip_t, telepathy_idle_t; - type telepathy_mission_control_t, telepathy_salut_t, telepathy_sunshine_t; - type telepathy_stream_engine_t, telepathy_msn_t, telepathy_gabble_exec_t; - type telepathy_sofiasip_exec_t, telepathy_idle_exec_t; - type telepathy_logger_t, telepathy_logger_exec_t; - type telepathy_mission_control_exec_t, telepathy_salut_exec_t; - type telepathy_sunshine_exec_t, telepathy_stream_engine_exec_t; - type telepathy_msn_exec_t; - ') - - role $1 types telepathy_domain; - - allow $2 telepathy_domain:process signal_perms; - ps_process_pattern($2, telepathy_domain) - - telepathy_gabble_stream_connect($2) - telepathy_msn_stream_connect($2) - telepathy_salut_stream_connect($2) - - dbus_session_domain($3, telepathy_gabble_exec_t, telepathy_gabble_t) - dbus_session_domain($3, telepathy_sofiasip_exec_t, telepathy_sofiasip_t) - dbus_session_domain($3, telepathy_idle_exec_t, telepathy_idle_t) - dbus_session_domain($3, telepathy_logger_exec_t, telepathy_logger_t) - dbus_session_domain($3, telepathy_mission_control_exec_t, telepathy_mission_control_t) - dbus_session_domain($3, telepathy_salut_exec_t, telepathy_salut_t) - dbus_session_domain($3, telepathy_sunshine_exec_t, telepathy_sunshine_t) - dbus_session_domain($3, telepathy_stream_engine_exec_t, telepathy_stream_engine_t) - dbus_session_domain($3, telepathy_msn_exec_t, telepathy_msn_t) - - telepathy_dbus_chat($2) -') - -######################################## -## -## Stream connect to Telepathy Gabble -## -## -## -## Domain allowed access. -## -## -# -interface(`telepathy_gabble_stream_connect', ` - gen_require(` - type telepathy_gabble_t, telepathy_gabble_tmp_t; - ') - - stream_connect_pattern($1, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t, telepathy_gabble_t) - files_search_tmp($1) -') - -######################################## -## -## Send DBus messages to and from -## Telepathy Gabble. -## -## -## -## Domain allowed access. -## -## -# -interface(`telepathy_gabble_dbus_chat', ` - gen_require(` - type telepathy_gabble_t; - class dbus send_msg; - ') - - allow $1 telepathy_gabble_t:dbus send_msg; - allow telepathy_gabble_t $1:dbus send_msg; -') - -######################################## -## -## Read telepathy mission control state. -## -## -## -## Domain allowed access. -## -## -# -interface(`telepathy_mission_control_read_state',` - gen_require(` - type telepathy_mission_control_t; - ') - - kernel_search_proc($1) - ps_process_pattern($1, telepathy_mission_control_t) -') - -####################################### -## -## Stream connect to telepathy MSN managers -## -## -## -## Domain allowed access. -## -## -# -interface(`telepathy_msn_stream_connect', ` - gen_require(` - type telepathy_msn_t, telepathy_msn_tmp_t; - ') - - stream_connect_pattern($1, telepathy_msn_tmp_t, telepathy_msn_tmp_t, telepathy_msn_t) - files_search_tmp($1) -') - -######################################## -## -## Stream connect to Telepathy Salut -## -## -## -## Domain allowed access. -## -## -# -interface(`telepathy_salut_stream_connect', ` - gen_require(` - type telepathy_salut_t, telepathy_salut_tmp_t; - ') - - stream_connect_pattern($1, telepathy_salut_tmp_t, telepathy_salut_tmp_t, telepathy_salut_t) - files_search_tmp($1) -') - -####################################### -## -## Send DBus messages to and from -## all Telepathy domain. -## -## -## -## Domain allowed access. -## -## -# -interface(`telepathy_dbus_chat',` - gen_require(` - attribute telepathy_domain; - class dbus send_msg; - ') - - allow $1 telepathy_domain:dbus send_msg; - allow telepathy_domain $1:dbus send_msg; -') - -###################################### -## -## Execute telepathy executable -## in the specified domain. -## -## -##

-## Execute a telepathy executable -## in the specified domain. This allows -## the specified domain to execute any file -## on these filesystems in the specified -## domain. -##

-##

-## No interprocess communication (signals, pipes, -## etc.) is provided by this interface since -## the domains are not owned by this module. -##

-## -## -## -## Domain allowed to transition. -## -## -## -## -## The type of the new process. -## -## -# -interface(`telepathy_command_domtrans', ` - gen_require(` - attribute telepathy_executable; - ') - - allow $2 telepathy_executable:file entrypoint; - domain_transition_pattern($1, telepathy_executable, $2) - type_transition $1 telepathy_executable:process $2; - - # needs to dbus chat with unconfined_t and unconfined_dbusd_t - optional_policy(` - telepathy_dbus_chat($1) - telepathy_dbus_chat($2) - ') -') - -######################################## -## -## Create telepathy content in the user home directory -## with an correct label. -## -## -## -## Domain allowed access. -## -## -# -interface(`telepathy_filetrans_home_content',` - gen_require(` - type telepathy_mission_control_cache_home_t; - type telepathy_mission_control_home_t; - type telepathy_logger_cache_home_t; - type telepathy_gabble_cache_home_t; - type telepathy_sunshine_home_t; - type telepathy_logger_data_home_t; - type telepathy_cache_home_t, telepathy_data_home_t; - type telepathy_mission_control_data_home_t; - ') - - filetrans_pattern($1, telepathy_cache_home_t, telepathy_logger_cache_home_t, dir, "logger") - filetrans_pattern($1, telepathy_cache_home_t, telepathy_logger_cache_home_t, file, "sqlite-data-journal") - filetrans_pattern($1, telepathy_cache_home_t, telepathy_gabble_cache_home_t, dir, "gabble") - - filetrans_pattern($1, telepathy_data_home_t, telepathy_mission_control_data_home_t, dir, "mission-control") - - userdom_user_home_dir_filetrans($1, telepathy_mission_control_home_t, dir, ".mission-control") - userdom_user_home_dir_filetrans($1, telepathy_sunshine_home_t, dir, ".telepathy-sunshine") - - gnome_cache_filetrans($1, telepathy_mission_control_cache_home_t, file, ".mc_connections") - gnome_cache_filetrans($1, telepathy_gabble_cache_home_t, dir, "gabble") - gnome_cache_filetrans($1, telepathy_gabble_cache_home_t, dir, "wocky") - gnome_cache_filetrans($1, telepathy_cache_home_t, dir, "telepathy") - - gnome_data_filetrans($1, telepathy_logger_data_home_t, dir, "TpLogger") - gnome_data_filetrans($1, telepathy_data_home_t, dir, "telepathy") -') diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te deleted file mode 100644 index a36ed88a..00000000 --- a/policy/modules/apps/telepathy.te +++ /dev/null @@ -1,442 +0,0 @@ -policy_module(telepathy, 1.0.1) - -######################################## -# -# Declarations. -# - -## -##

-## Allow the Telepathy connection managers -## to connect to any generic TCP port. -##

-## -gen_tunable(telepathy_tcp_connect_generic_network_ports, false) - -## -##

-## Allow the Telepathy connection managers -## to connect to any network port. -##

-## -gen_tunable(telepathy_connect_all_ports, false) - -attribute telepathy_domain; -attribute telepathy_executable; - -telepathy_domain_template(gabble) - -type telepathy_cache_home_t; -userdom_user_home_content(telepathy_cache_home_t) - -type telepathy_gabble_cache_home_t; -userdom_user_home_content(telepathy_gabble_cache_home_t) - -telepathy_domain_template(idle) -telepathy_domain_template(logger) - -type telepathy_data_home_t; -userdom_user_home_content(telepathy_data_home_t) - -type telepathy_logger_cache_home_t; -userdom_user_home_content(telepathy_logger_cache_home_t) - -type telepathy_logger_data_home_t; -userdom_user_home_content(telepathy_logger_data_home_t) - -telepathy_domain_template(mission_control) - -type telepathy_mission_control_home_t; -userdom_user_home_content(telepathy_mission_control_home_t) - -type telepathy_mission_control_data_home_t; -userdom_user_home_content(telepathy_mission_control_data_home_t) - -type telepathy_mission_control_cache_home_t; -userdom_user_home_content(telepathy_mission_control_cache_home_t) - -telepathy_domain_template(msn) -telepathy_domain_template(salut) -telepathy_domain_template(sofiasip) -telepathy_domain_template(stream_engine) -telepathy_domain_template(sunshine) - -type telepathy_sunshine_home_t; -userdom_user_home_content(telepathy_sunshine_home_t) - -####################################### -# -# Telepathy Gabble local policy. -# - -allow telepathy_gabble_t self:tcp_socket create_stream_socket_perms; -allow telepathy_gabble_t self:unix_dgram_socket { create_socket_perms sendto }; - -manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t) -manage_sock_files_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t) -files_tmp_filetrans(telepathy_gabble_t, telepathy_gabble_tmp_t, { dir sock_file }) - -# ~/.cache/telepathy/gabble/caps-cache.db-journal -optional_policy(` - manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t) - manage_files_pattern(telepathy_gabble_t, telepathy_gabble_cache_home_t, telepathy_gabble_cache_home_t) - filetrans_pattern(telepathy_gabble_t, telepathy_cache_home_t, telepathy_gabble_cache_home_t, dir) - # ~/.cache/wocky - gnome_cache_filetrans(telepathy_gabble_t, telepathy_gabble_cache_home_t, dir) -') - -corenet_all_recvfrom_netlabel(telepathy_gabble_t) -corenet_all_recvfrom_unlabeled(telepathy_gabble_t) -corenet_tcp_sendrecv_generic_if(telepathy_gabble_t) -corenet_tcp_sendrecv_generic_node(telepathy_gabble_t) -corenet_tcp_connect_http_port(telepathy_gabble_t) -corenet_tcp_connect_jabber_client_port(telepathy_gabble_t) -corenet_tcp_connect_vnc_port(telepathy_gabble_t) -corenet_sendrecv_http_client_packets(telepathy_gabble_t) -corenet_sendrecv_jabber_client_client_packets(telepathy_gabble_t) -corenet_sendrecv_vnc_client_packets(telepathy_gabble_t) - -dev_read_rand(telepathy_gabble_t) - -files_read_config_files(telepathy_gabble_t) -files_read_usr_files(telepathy_gabble_t) - -fs_getattr_all_fs(telepathy_gabble_t) - -miscfiles_read_all_certs(telepathy_gabble_t) - -tunable_policy(`telepathy_connect_all_ports',` - corenet_tcp_connect_all_ports(telepathy_gabble_t) - corenet_tcp_sendrecv_all_ports(telepathy_gabble_t) - corenet_udp_sendrecv_all_ports(telepathy_gabble_t) -') - -tunable_policy(`telepathy_tcp_connect_generic_network_ports',` - corenet_tcp_connect_generic_port(telepathy_gabble_t) - corenet_sendrecv_generic_client_packets(telepathy_gabble_t) -') - -userdom_home_manager(telepathy_gabble_t) - -optional_policy(` - dbus_system_bus_client(telepathy_gabble_t) -') - -optional_policy(` - gnome_manage_home_config(telepathy_gabble_t) -') - -####################################### -# -# Telepathy Idle local policy. -# - -corenet_all_recvfrom_netlabel(telepathy_idle_t) -corenet_all_recvfrom_unlabeled(telepathy_idle_t) -corenet_tcp_sendrecv_generic_if(telepathy_idle_t) -corenet_tcp_sendrecv_generic_node(telepathy_idle_t) -corenet_tcp_connect_gatekeeper_port(telepathy_idle_t) -corenet_tcp_connect_ircd_port(telepathy_idle_t) -corenet_sendrecv_ircd_client_packets(telepathy_idle_t) - -dev_read_rand(telepathy_idle_t) - -files_read_etc_files(telepathy_idle_t) - -tunable_policy(`telepathy_connect_all_ports',` - corenet_tcp_connect_all_ports(telepathy_idle_t) - corenet_tcp_sendrecv_all_ports(telepathy_idle_t) - corenet_udp_sendrecv_all_ports(telepathy_idle_t) -') - -tunable_policy(`telepathy_tcp_connect_generic_network_ports',` - corenet_tcp_connect_generic_port(telepathy_idle_t) - corenet_sendrecv_generic_client_packets(telepathy_idle_t) -') - -####################################### -# -# Telepathy Logger local policy. -# - -allow telepathy_logger_t self:unix_stream_socket create_socket_perms; - -manage_dirs_pattern(telepathy_logger_t, telepathy_logger_cache_home_t, telepathy_logger_cache_home_t) -manage_files_pattern(telepathy_logger_t, telepathy_logger_cache_home_t, telepathy_logger_cache_home_t) -filetrans_pattern(telepathy_logger_t, telepathy_cache_home_t, telepathy_logger_cache_home_t, dir) - -manage_dirs_pattern(telepathy_logger_t, telepathy_logger_data_home_t, telepathy_logger_data_home_t) -manage_files_pattern(telepathy_logger_t, telepathy_logger_data_home_t, telepathy_logger_data_home_t) -gnome_data_filetrans(telepathy_logger_t, telepathy_logger_data_home_t, dir) - -files_read_etc_files(telepathy_logger_t) -files_read_usr_files(telepathy_logger_t) -files_search_pids(telepathy_logger_t) - -fs_getattr_all_fs(telepathy_logger_t) - -userdom_home_manager(telepathy_logger_t) - -optional_policy(` - # ~/.config/dconf/user - gnome_manage_home_config(telepathy_logger_t) -') - -####################################### -# -# Telepathy Mission-Control local policy. -# - -manage_dirs_pattern(telepathy_mission_control_t, telepathy_mission_control_home_t, telepathy_mission_control_home_t) -manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_home_t, telepathy_mission_control_home_t) -userdom_user_home_dir_filetrans(telepathy_mission_control_t, telepathy_mission_control_home_t, { dir file }) -userdom_search_user_home_dirs(telepathy_mission_control_t) - -manage_dirs_pattern(telepathy_mission_control_t, { telepathy_data_home_t telepathy_mission_control_data_home_t }, { telepathy_data_home_t telepathy_mission_control_data_home_t }) -manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_data_home_t, telepathy_mission_control_data_home_t) -filetrans_pattern(telepathy_mission_control_t, telepathy_data_home_t, telepathy_mission_control_data_home_t, { dir file }) -gnome_data_filetrans(telepathy_mission_control_t, telepathy_data_home_t, dir) -gnome_manage_home_config(telepathy_mission_control_t) - -dev_read_rand(telepathy_mission_control_t) - -fs_getattr_all_fs(telepathy_mission_control_t) - -files_read_etc_files(telepathy_mission_control_t) -files_read_usr_files(telepathy_mission_control_t) - -userdom_home_manager(telepathy_mission_control_t) - -optional_policy(` - dbus_system_bus_client(telepathy_mission_control_t) - - optional_policy(` - devicekit_dbus_chat_power(telepathy_mission_control_t) - ') - optional_policy(` - gnome_dbus_chat_gkeyringd(telepathy_mission_control_t) - ') - optional_policy(` - networkmanager_dbus_chat(telepathy_mission_control_t) - ') -') - -# ~/.cache/.mc_connections. -optional_policy(` - manage_files_pattern(telepathy_mission_control_t, telepathy_mission_control_cache_home_t, telepathy_mission_control_cache_home_t) - gnome_cache_filetrans(telepathy_mission_control_t, telepathy_mission_control_cache_home_t, file) -') - -####################################### -# -# Telepathy Butterfly and Haze local policy. -# - -allow telepathy_msn_t self:process setsched; -allow telepathy_msn_t self:unix_dgram_socket { write create connect }; - -manage_dirs_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t) -manage_files_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t) -manage_sock_files_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t) -exec_files_pattern(telepathy_msn_t, telepathy_msn_tmp_t, telepathy_msn_tmp_t) -files_tmp_filetrans(telepathy_msn_t, telepathy_msn_tmp_t, { dir file sock_file }) -userdom_user_tmp_filetrans(telepathy_msn_t, telepathy_msn_tmp_t, { dir file sock_file }) -userdom_dontaudit_setattr_user_tmp(telepathy_msn_t) -can_exec(telepathy_msn_t, telepathy_msn_tmp_t) - -corenet_all_recvfrom_netlabel(telepathy_msn_t) -corenet_all_recvfrom_unlabeled(telepathy_msn_t) -corenet_tcp_sendrecv_generic_if(telepathy_msn_t) -corenet_tcp_sendrecv_generic_node(telepathy_msn_t) -corenet_tcp_bind_generic_node(telepathy_msn_t) -corenet_tcp_connect_http_port(telepathy_msn_t) -corenet_tcp_connect_mmcc_port(telepathy_msn_t) -corenet_tcp_connect_msnp_port(telepathy_msn_t) -corenet_tcp_connect_sip_port(telepathy_msn_t) -corenet_sendrecv_http_client_packets(telepathy_msn_t) -corenet_sendrecv_mmcc_client_packets(telepathy_msn_t) -corenet_sendrecv_msnp_client_packets(telepathy_msn_t) - -corecmd_exec_bin(telepathy_msn_t) -corecmd_exec_shell(telepathy_msn_t) -corecmd_read_bin_symlinks(telepathy_msn_t) - -files_read_etc_files(telepathy_msn_t) -files_read_usr_files(telepathy_msn_t) - -init_read_state(telepathy_msn_t) - -libs_exec_ldconfig(telepathy_msn_t) - -logging_send_syslog_msg(telepathy_msn_t) - -miscfiles_read_all_certs(telepathy_msn_t) - -tunable_policy(`telepathy_connect_all_ports',` - corenet_tcp_connect_all_ports(telepathy_msn_t) - corenet_tcp_sendrecv_all_ports(telepathy_msn_t) - corenet_udp_sendrecv_all_ports(telepathy_msn_t) -') - -tunable_policy(`telepathy_tcp_connect_generic_network_ports',` - corenet_tcp_connect_generic_port(telepathy_msn_t) - corenet_sendrecv_generic_client_packets(telepathy_msn_t) -') - -optional_policy(` - gnome_read_gconf_home_files(telepathy_msn_t) -') - -optional_policy(` - dbus_system_bus_client(telepathy_msn_t) - - optional_policy(` - networkmanager_dbus_chat(telepathy_msn_t) - ') -') - -####################################### -# -# Telepathy Salut local policy. -# - -allow telepathy_salut_t self:tcp_socket create_stream_socket_perms; - -manage_sock_files_pattern(telepathy_salut_t, telepathy_salut_tmp_t, telepathy_salut_tmp_t) -files_tmp_filetrans(telepathy_salut_t, telepathy_salut_tmp_t, sock_file) - -corenet_all_recvfrom_netlabel(telepathy_salut_t) -corenet_all_recvfrom_unlabeled(telepathy_salut_t) -corenet_tcp_sendrecv_generic_if(telepathy_salut_t) -corenet_tcp_sendrecv_generic_node(telepathy_salut_t) -corenet_tcp_bind_generic_node(telepathy_salut_t) -corenet_tcp_bind_presence_port(telepathy_salut_t) -corenet_tcp_connect_presence_port(telepathy_salut_t) -corenet_sendrecv_presence_server_packets(telepathy_salut_t) - -files_read_etc_files(telepathy_salut_t) - -tunable_policy(`telepathy_connect_all_ports',` - corenet_tcp_connect_all_ports(telepathy_salut_t) - corenet_tcp_sendrecv_all_ports(telepathy_salut_t) - corenet_udp_sendrecv_all_ports(telepathy_salut_t) -') - -tunable_policy(`telepathy_tcp_connect_generic_network_ports',` - corenet_tcp_connect_generic_port(telepathy_salut_t) - corenet_sendrecv_generic_client_packets(telepathy_salut_t) -') - -optional_policy(` - dbus_system_bus_client(telepathy_salut_t) - - optional_policy(` - avahi_dbus_chat(telepathy_salut_t) - ') -') - -####################################### -# -# Telepathy Sofiasip local policy. -# - -allow telepathy_sofiasip_t self:rawip_socket { create_socket_perms listen }; -allow telepathy_sofiasip_t self:tcp_socket create_stream_socket_perms; - -corenet_all_recvfrom_netlabel(telepathy_sofiasip_t) -corenet_all_recvfrom_unlabeled(telepathy_sofiasip_t) -corenet_tcp_sendrecv_generic_if(telepathy_sofiasip_t) -corenet_raw_sendrecv_generic_if(telepathy_sofiasip_t) -corenet_raw_sendrecv_generic_node(telepathy_sofiasip_t) -corenet_tcp_sendrecv_generic_node(telepathy_sofiasip_t) -corenet_tcp_bind_generic_node(telepathy_sofiasip_t) -corenet_raw_bind_generic_node(telepathy_sofiasip_t) -corenet_tcp_bind_all_unreserved_ports(telepathy_sofiasip_t) -corenet_dontaudit_tcp_bind_all_ports(telepathy_sofiasip_t) -corenet_tcp_connect_sip_port(telepathy_sofiasip_t) -corenet_sendrecv_sip_client_packets(telepathy_sofiasip_t) - -kernel_request_load_module(telepathy_sofiasip_t) - -tunable_policy(`telepathy_connect_all_ports',` - corenet_tcp_connect_all_ports(telepathy_sofiasip_t) - corenet_tcp_sendrecv_all_ports(telepathy_sofiasip_t) - corenet_udp_sendrecv_all_ports(telepathy_sofiasip_t) -') - -tunable_policy(`telepathy_tcp_connect_generic_network_ports',` - corenet_tcp_connect_generic_port(telepathy_sofiasip_t) - corenet_sendrecv_generic_client_packets(telepathy_sofiasip_t) -') - -####################################### -# -# Telepathy Sunshine local policy. -# - -manage_dirs_pattern(telepathy_sunshine_t, telepathy_sunshine_home_t, telepathy_sunshine_home_t) -manage_files_pattern(telepathy_sunshine_t, telepathy_sunshine_home_t, telepathy_sunshine_home_t) -userdom_user_home_dir_filetrans(telepathy_sunshine_t, telepathy_sunshine_home_t, { dir file }) -userdom_search_user_home_dirs(telepathy_sunshine_t) - -manage_files_pattern(telepathy_sunshine_t, telepathy_sunshine_tmp_t, telepathy_sunshine_tmp_t) -exec_files_pattern(telepathy_sunshine_t, telepathy_sunshine_tmp_t, telepathy_sunshine_tmp_t) -files_tmp_filetrans(telepathy_sunshine_t, telepathy_sunshine_tmp_t, file) - -corecmd_exec_bin(telepathy_sunshine_t) - -files_read_etc_files(telepathy_sunshine_t) -files_read_usr_files(telepathy_sunshine_t) - -optional_policy(` - xserver_read_xdm_pid(telepathy_sunshine_t) - xserver_stream_connect(telepathy_sunshine_t) -') - -####################################### -# -# telepathy domains common policy -# - -allow telepathy_domain self:process { getsched signal sigkill }; -allow telepathy_domain self:fifo_file rw_fifo_file_perms; -allow telepathy_domain self:tcp_socket create_socket_perms; -allow telepathy_domain self:udp_socket create_socket_perms; - -manage_dirs_pattern(telepathy_domain, telepathy_cache_home_t, telepathy_cache_home_t) -gnome_cache_filetrans(telepathy_domain, telepathy_cache_home_t, dir, "telepathy") - -dev_read_urand(telepathy_domain) - -kernel_read_system_state(telepathy_domain) - -fs_getattr_all_fs(telepathy_domain) -fs_search_auto_mountpoints(telepathy_domain) - -miscfiles_read_localization(telepathy_domain) - -optional_policy(` - automount_dontaudit_getattr_tmp_dirs(telepathy_domain) -') - -optional_policy(` - gnome_read_generic_cache_files(telepathy_domain) - gnome_write_generic_cache_files(telepathy_domain) -') - -optional_policy(` - telepathy_dbus_chat(telepathy_domain) -') - -optional_policy(` - xserver_rw_xdm_pipes(telepathy_domain) -') - -# Just for F15 -optional_policy(` - gen_require(` - role unconfined_r; - ') - - role unconfined_r types telepathy_domain; -') diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index effb7e56..f7e2734d 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -184,10 +184,6 @@ optional_policy(` sudo_role_template(staff, staff_r, staff_t) ') -#optional_policy(` -# telepathy_dbus_session_role(staff_r, staff_t) -#') - optional_policy(` userhelper_console_role_template(staff, staff_r, staff_t) ') diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te index 794785d5..226a9b54 100644 --- a/policy/modules/roles/unconfineduser.te +++ b/policy/modules/roles/unconfineduser.te @@ -233,10 +233,6 @@ optional_policy(` kerneloops_dbus_chat(unconfined_t) ') - optional_policy(` - telepathy_command_domtrans(unconfined_dbusd_t, unconfined_t) - ') - optional_policy(` oddjob_dbus_chat(unconfined_t) ') diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te index 4625e2de..e2b3626d 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te @@ -90,10 +90,6 @@ optional_policy(` setroubleshoot_dontaudit_stream_connect(user_t) ') -#optional_policy(` -# telepathy_dbus_session_role(user_r, user_t) -#') - optional_policy(` usbmuxd_stream_connect(user_t) ') diff --git a/policy/modules/roles/xguest.te b/policy/modules/roles/xguest.te index b168c0a8..1ffb54d8 100644 --- a/policy/modules/roles/xguest.te +++ b/policy/modules/roles/xguest.te @@ -155,10 +155,6 @@ optional_policy(` corenet_tcp_sendrecv_transproxy_port(xguest_t) corenet_tcp_connect_transproxy_port(xguest_t) ') - - #optional_policy(` - # telepathy_dbus_session_role(xguest_r, xguest_t) - #') ') gen_user(xguest_u, user, xguest_r, s0, s0) diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index c20830f0..ba1b5ecb 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -1097,8 +1097,6 @@ template(`userdom_restricted_xwindows_user_template',` optional_policy(` gnome_read_usr_config($1_usertype) gnome_role_gkeyringd($1, $1_r, $1_usertype) - # cjp: telepathy F15 bugs - telepathy_role($1_r, $1_t, $1) ') optional_policy(` diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te index ced52ff5..63f769a5 100644 --- a/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te @@ -168,10 +168,6 @@ optional_policy(` ssh_filetrans_home_content(userdomain) ') -optional_policy(` - telepathy_filetrans_home_content(userdomain) -') - optional_policy(` xserver_filetrans_home_content(userdomain) ') -- 2.47.3