projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 826d0142 | 1 | policy_module(tvtime, 2.1.0) |
| b77d019f CP |
2 | |
| 3 | ######################################## | |
| 4 | # | |
| 5 | # Declarations | |
| 6 | # | |
| 7 | ||
| 296273a7 | 8 | type tvtime_t; |
| b77d019f | 9 | type tvtime_exec_t; |
| 296273a7 CP |
10 | typealias tvtime_t alias { user_tvtime_t staff_tvtime_t sysadm_tvtime_t }; |
| 11 | typealias tvtime_t alias { auditadm_tvtime_t secadm_tvtime_t }; | |
| 12 | application_domain(tvtime_t, tvtime_exec_t) | |
| 13 | ubac_constrained(tvtime_t) | |
| b77d019f | 14 | |
| 296273a7 CP |
15 | type tvtime_home_t alias tvtime_rw_t; |
| 16 | typealias tvtime_home_t alias { user_tvtime_home_t staff_tvtime_home_t sysadm_tvtime_home_t }; | |
| 17 | typealias tvtime_home_t alias { auditadm_tvtime_home_t secadm_tvtime_home_t }; | |
| 18 | userdom_user_home_content(tvtime_home_t) | |
| 296273a7 CP |
19 | |
| 20 | type tvtime_tmp_t; | |
| 21 | typealias tvtime_tmp_t alias { user_tvtime_tmp_t staff_tvtime_tmp_t sysadm_tvtime_tmp_t }; | |
| 22 | typealias tvtime_tmp_t alias { auditadm_tvtime_tmp_t secadm_tvtime_tmp_t }; | |
| 23 | files_tmp_file(tvtime_tmp_t) | |
| 24 | ubac_constrained(tvtime_tmp_t) | |
| 25 | ||
| 26 | type tvtime_tmpfs_t; | |
| 27 | typealias tvtime_tmpfs_t alias { user_tvtime_tmpfs_t staff_tvtime_tmpfs_t sysadm_tvtime_tmpfs_t }; | |
| 28 | typealias tvtime_tmpfs_t alias { auditadm_tvtime_tmpfs_t secadm_tvtime_tmpfs_t }; | |
| 29 | files_tmpfs_file(tvtime_tmpfs_t) | |
| 30 | ubac_constrained(tvtime_tmpfs_t) | |
| 31 | ||
| 32 | ######################################## | |
| 33 | # | |
| 34 | # Local policy | |
| 35 | # | |
| 36 | ||
| 37 | allow tvtime_t self:capability { setuid sys_nice sys_resource }; | |
| 38 | allow tvtime_t self:process setsched; | |
| 39 | allow tvtime_t self:unix_dgram_socket rw_socket_perms; | |
| 40 | allow tvtime_t self:unix_stream_socket rw_stream_socket_perms; | |
| 41 | ||
| 42 | # X access, Home files | |
| 43 | manage_dirs_pattern(tvtime_t, tvtime_home_t, tvtime_home_t) | |
| 44 | manage_files_pattern(tvtime_t, tvtime_home_t, tvtime_home_t) | |
| 45 | manage_lnk_files_pattern(tvtime_t, tvtime_home_t, tvtime_home_t) | |
| 46 | userdom_user_home_dir_filetrans(tvtime_t, tvtime_home_t, dir) | |
| 47 | ||
| 48 | manage_dirs_pattern(tvtime_t, tvtime_tmp_t, tvtime_tmp_t) | |
| 49 | manage_files_pattern(tvtime_t, tvtime_tmp_t, tvtime_tmp_t) | |
| 50 | files_tmp_filetrans(tvtime_t, tvtime_tmp_t,{ file dir }) | |
| 51 | ||
| 52 | manage_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t) | |
| 53 | manage_lnk_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t) | |
| 54 | manage_fifo_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t) | |
| 55 | manage_sock_files_pattern(tvtime_t, tvtime_tmpfs_t, tvtime_tmpfs_t) | |
| 56 | fs_tmpfs_filetrans(tvtime_t, tvtime_tmpfs_t,{ file lnk_file sock_file fifo_file }) | |
| 57 | ||
| 58 | kernel_read_all_sysctls(tvtime_t) | |
| 59 | kernel_get_sysvipc_info(tvtime_t) | |
| 60 | ||
| 61 | dev_read_urand(tvtime_t) | |
| 62 | dev_read_realtime_clock(tvtime_t) | |
| 63 | dev_read_sound(tvtime_t) | |
| 64 | ||
| 65 | files_read_usr_files(tvtime_t) | |
| 66 | files_search_pids(tvtime_t) | |
| 67 | # Read /etc/tvtime | |
| 68 | files_read_etc_files(tvtime_t) | |
| 69 | ||
| 70 | # X access, Home files | |
| 71 | fs_search_auto_mountpoints(tvtime_t) | |
| 72 | ||
| 73 | miscfiles_read_localization(tvtime_t) | |
| 74 | miscfiles_read_fonts(tvtime_t) | |
| 75 | ||
| af2d8802 | 76 | userdom_use_inherited_user_terminals(tvtime_t) |
| 296273a7 CP |
77 | userdom_read_user_home_content_files(tvtime_t) |
| 78 | ||
| 79 | # X access, Home files | |
| ed2ac112 | 80 | userdom_home_manager(tvtime_t) |
| 296273a7 CP |
81 | |
| 82 | optional_policy(` | |
| 83 | xserver_user_x_domain_template(tvtime, tvtime_t, tvtime_tmpfs_t) | |
| 84 | ') |