[people/stevee/selinux-policy.git] / policy / modules / apps / thumb.if


## <summary>policy for thumb</summary>


########################################
## <summary>
##	Transition to thumb.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`thumb_domtrans',`
	gen_require(`
		type thumb_t, thumb_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, thumb_exec_t, thumb_t)
')


########################################
## <summary>
##	Execute thumb in the thumb domain, and
##	allow the specified role the thumb domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the thumb domain.
##	</summary>
## </param>
#
interface(`thumb_run',`
	gen_require(`
		type thumb_t;
	')

	thumb_domtrans($1)
	role $2 types thumb_t;

	allow $1 thumb_t:process signal;
')

########################################
## <summary>
##	Role access for thumb
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`thumb_role',`
	gen_require(`
		type thumb_t;
		class dbus send_msg;
	')

	role $1 types thumb_t;

	thumb_domtrans($2)

	ps_process_pattern($2, thumb_t)
	allow $2 thumb_t:process signal;
	allow thumb_t $2:unix_stream_socket connectto;

	allow $2 thumb_t:dbus send_msg;
	allow thumb_t $2:dbus send_msg;
')
Commit	Line	Data
41a828ed DW	1
	2	## <summary>policy for thumb</summary>
	3
	4
	5	########################################
	6	## <summary>
	7	## Transition to thumb.
	8	## </summary>
	9	## <param name="domain">
	10	## <summary>
	11	## Domain allowed to transition.
	12	## </summary>
	13	## </param>
	14	#
	15	interface(`thumb_domtrans',`
	16	gen_require(`
	17	type thumb_t, thumb_exec_t;
	18	')
	19
	20	corecmd_search_bin($1)
	21	domtrans_pattern($1, thumb_exec_t, thumb_t)
	22	')
	23
	24
	25	########################################
	26	## <summary>
	27	## Execute thumb in the thumb domain, and
	28	## allow the specified role the thumb domain.
	29	## </summary>
	30	## <param name="domain">
	31	## <summary>
	32	## Domain allowed to transition
	33	## </summary>
	34	## </param>
	35	## <param name="role">
	36	## <summary>
	37	## The role to be allowed the thumb domain.
	38	## </summary>
	39	## </param>
	40	#
	41	interface(`thumb_run',`
	42	gen_require(`
	43	type thumb_t;
	44	')
	45
	46	thumb_domtrans($1)
	47	role $2 types thumb_t;
26dc6690 MG	48
26dc6690 MG	49	allow $1 thumb_t:process signal;
41a828ed DW	50	')
	51
	52	########################################
	53	## <summary>
	54	## Role access for thumb
	55	## </summary>
	56	## <param name="role">
	57	## <summary>
	58	## Role allowed access
	59	## </summary>
	60	## </param>
	61	## <param name="domain">
	62	## <summary>
	63	## User domain for the role
	64	## </summary>
	65	## </param>
	66	#
	67	interface(`thumb_role',`
	68	gen_require(`
	69	type thumb_t;
b2d2ad1c	70	class dbus send_msg;
41a828ed DW	71	')
	72
	73	role $1 types thumb_t;
	74
	75	thumb_domtrans($2)
	76
	77	ps_process_pattern($2, thumb_t)
	78	allow $2 thumb_t:process signal;
0ee96110	79	allow thumb_t $2:unix_stream_socket connectto;
b2d2ad1c	80
c623f6c6 MG	81	allow $2 thumb_t:dbus send_msg;
c623f6c6 MG	82	allow thumb_t $2:dbus send_msg;
41a828ed DW	83	')
41a828ed DW	84