[people/stevee/selinux-policy.git] / policy / modules / apps / firewallgui.te

policy_module(firewallgui,1.0.0)

########################################
#
# Declarations
#

type firewallgui_t;
type firewallgui_exec_t;
dbus_system_domain(firewallgui_t, firewallgui_exec_t)

type firewallgui_tmp_t;
files_tmp_file(firewallgui_tmp_t)

########################################
#
# firewallgui local policy
#

allow firewallgui_t self:capability { net_admin sys_rawio } ;
allow firewallgui_t self:fifo_file rw_fifo_file_perms;

manage_files_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
manage_dirs_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
files_tmp_filetrans(firewallgui_t,firewallgui_tmp_t, { file dir })

kernel_read_system_state(firewallgui_t)
kernel_read_network_state(firewallgui_t)
kernel_rw_net_sysctls(firewallgui_t)
kernel_rw_kernel_sysctl(firewallgui_t)
kernel_rw_vm_sysctls(firewallgui_t)

corecmd_exec_shell(firewallgui_t)
corecmd_exec_bin(firewallgui_t)

dev_read_urand(firewallgui_t)
dev_read_sysfs(firewallgui_t)

files_manage_system_conf_files(firewallgui_t)
files_etc_filetrans_system_conf(firewallgui_t)
files_read_etc_files(firewallgui_t)
files_read_usr_files(firewallgui_t)
files_search_kernel_modules(firewallgui_t)
files_list_kernel_modules(firewallgui_t)

auth_use_nsswitch(firewallgui_t)

miscfiles_read_localization(firewallgui_t)

seutil_read_config(firewallgui_t)

userdom_dontaudit_search_user_home_dirs(firewallgui_t)

optional_policy(`
	consoletype_exec(firewallgui_t)
')

optional_policy(`
	gnome_read_gconf_home_files(firewallgui_t)
')

optional_policy(`
	iptables_domtrans(firewallgui_t)
	iptables_initrc_domtrans(firewallgui_t)
	iptables_systemctl(firewallgui_t)
')

optional_policy(`
	modutils_getattr_module_deps(firewallgui_t)
')

optional_policy(`
	policykit_dbus_chat(firewallgui_t)
')
Commit	Line	Data
3eaa9939 DW	1	policy_module(firewallgui,1.0.0)
	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type firewallgui_t;
	9	type firewallgui_exec_t;
	10	dbus_system_domain(firewallgui_t, firewallgui_exec_t)
	11
	12	type firewallgui_tmp_t;
	13	files_tmp_file(firewallgui_tmp_t)
	14
	15	########################################
	16	#
	17	# firewallgui local policy
	18	#
	19
fb52482a	20	allow firewallgui_t self:capability { net_admin sys_rawio } ;
3eaa9939 DW	21	allow firewallgui_t self:fifo_file rw_fifo_file_perms;
	22
	23	manage_files_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
	24	manage_dirs_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
	25	files_tmp_filetrans(firewallgui_t,firewallgui_tmp_t, { file dir })
	26
3eaa9939 DW	27	kernel_read_system_state(firewallgui_t)
	28	kernel_read_network_state(firewallgui_t)
	29	kernel_rw_net_sysctls(firewallgui_t)
	30	kernel_rw_kernel_sysctl(firewallgui_t)
	31	kernel_rw_vm_sysctls(firewallgui_t)
	32
5212892e DW	33	corecmd_exec_shell(firewallgui_t)
5212892e DW	34	corecmd_exec_bin(firewallgui_t)
5212892e DW	35
	36	dev_read_urand(firewallgui_t)
	37	dev_read_sysfs(firewallgui_t)
	38
	39	files_manage_system_conf_files(firewallgui_t)
	40	files_etc_filetrans_system_conf(firewallgui_t)
3eaa9939 DW	41	files_read_etc_files(firewallgui_t)
	42	files_read_usr_files(firewallgui_t)
	43	files_search_kernel_modules(firewallgui_t)
	44	files_list_kernel_modules(firewallgui_t)
	45
b03af87d DW	46	auth_use_nsswitch(firewallgui_t)
b03af87d DW	47
5212892e DW	48	miscfiles_read_localization(firewallgui_t)
5212892e DW	49
be4d17b0 DW	50	seutil_read_config(firewallgui_t)
be4d17b0 DW	51
5212892e	52	userdom_dontaudit_search_user_home_dirs(firewallgui_t)
3eaa9939	53
46107d62 MG	54	optional_policy(`
	55	consoletype_exec(firewallgui_t)
	56	')
	57
3eaa9939 DW	58	optional_policy(`
	59	gnome_read_gconf_home_files(firewallgui_t)
	60	')
	61
	62	optional_policy(`
24984458 MG	63	iptables_domtrans(firewallgui_t)
24984458 MG	64	iptables_initrc_domtrans(firewallgui_t)
234aa6ec	65	iptables_systemctl(firewallgui_t)
3eaa9939 DW	66	')
3eaa9939 DW	67
2371d8d8 MG	68	optional_policy(`
	69	modutils_getattr_module_deps(firewallgui_t)
	70	')
	71
24984458 MG	72	optional_policy(`
	73	policykit_dbus_chat(firewallgui_t)
	74	')