1 ## <summary>GNU network object model environment (GNOME)</summary>
3 ###########################################################
5 ## Role access for gnome
12 ## <param name="domain">
14 ## User domain for the role
18 interface(`gnome_role',`
20 type gconfd_t, gconfd_exec_t;
24 role $1 types gconfd_t;
26 domain_auto_trans($2, gconfd_exec_t, gconfd_t)
27 allow gconfd_t $2:fd use;
28 allow gconfd_t $2:fifo_file write;
29 allow gconfd_t $2:unix_stream_socket connectto;
31 ps_process_pattern($2, gconfd_t)
33 #gnome_stream_connect_gconf_template($1, $2)
34 read_files_pattern($2, gconf_tmp_t, gconf_tmp_t)
35 allow $2 gconfd_t:unix_stream_socket connectto;
38 ######################################
40 ## The role template for the gnome-keyring-daemon.
42 ## <param name="user_prefix">
47 ## <param name="user_role">
52 ## <param name="user_domain">
54 ## The user domain associated with the role.
58 interface(`gnome_role_gkeyringd',`
60 attribute gkeyringd_domain;
61 attribute gnomedomain;
63 type gkeyringd_exec_t, gkeyringd_tmp_t, gkeyringd_gnome_home_t;
67 type $1_gkeyringd_t, gnomedomain, gkeyringd_domain;
68 typealias $1_gkeyringd_t alias gkeyringd_$1_t;
69 application_domain($1_gkeyringd_t, gkeyringd_exec_t)
70 ubac_constrained($1_gkeyringd_t)
71 domain_user_exemption_target($1_gkeyringd_t)
73 userdom_home_manager($1_gkeyringd_t)
75 role $2 types $1_gkeyringd_t;
77 domtrans_pattern($3, gkeyringd_exec_t, $1_gkeyringd_t)
79 allow $3 gkeyringd_gnome_home_t:dir { relabel_dir_perms manage_dir_perms };
80 allow $3 gkeyringd_gnome_home_t:file { relabel_file_perms manage_file_perms };
82 allow $3 gkeyringd_tmp_t:dir { relabel_dir_perms manage_dir_perms };
83 allow $3 gkeyringd_tmp_t:sock_file { relabel_sock_file_perms manage_sock_file_perms };
85 corecmd_bin_domtrans($1_gkeyringd_t, $1_t)
86 corecmd_shell_domtrans($1_gkeyringd_t, $1_t)
87 allow $1_gkeyringd_t $3:process sigkill;
88 allow $3 $1_gkeyringd_t:fd use;
89 allow $3 $1_gkeyringd_t:fifo_file rw_fifo_file_perms;
91 ps_process_pattern($1_gkeyringd_t, $3)
93 auth_use_nsswitch($1_gkeyringd_t)
95 ps_process_pattern($3, $1_gkeyringd_t)
96 allow $3 $1_gkeyringd_t:process signal_perms;
97 dontaudit $3 gkeyringd_exec_t:file entrypoint;
99 stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, $1_gkeyringd_t)
101 allow $1_gkeyringd_t $3:dbus send_msg;
102 allow $3 $1_gkeyringd_t:dbus send_msg;
104 dbus_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t)
105 dbus_session_bus_client($1_gkeyringd_t)
106 gnome_home_dir_filetrans($1_gkeyringd_t)
107 gnome_manage_generic_home_dirs($1_gkeyringd_t)
108 gnome_read_generic_data_home_files($1_gkeyringd_t)
112 ########################################
114 ## gconf connection template.
116 ## <param name="domain">
118 ## Domain allowed access.
122 interface(`gnome_stream_connect_gconf',`
124 type gconfd_t, gconf_tmp_t;
127 read_files_pattern($1, gconf_tmp_t, gconf_tmp_t)
128 allow $1 gconfd_t:unix_stream_socket connectto;
131 ########################################
133 ## Connect to gkeyringd with a unix stream socket.
135 ## <param name="domain">
137 ## Domain allowed access.
141 interface(`gnome_stream_connect_gkeyringd',`
143 attribute gkeyringd_domain;
144 type gkeyringd_tmp_t;
148 allow $1 gconf_tmp_t:dir search_dir_perms;
149 stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain)
152 ########################################
154 ## Connect to gkeyringd with a unix stream socket.
156 ## <param name="domain">
158 ## Domain allowed access.
162 interface(`gnome_stream_connect_all_gkeyringd',`
164 attribute gkeyringd_domain;
165 type gkeyringd_tmp_t;
169 allow $1 gconf_tmp_t:dir search_dir_perms;
170 stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain)
173 ########################################
175 ## Run gconfd in gconfd domain.
177 ## <param name="domain">
179 ## Domain allowed access.
183 interface(`gnome_domtrans_gconfd',`
185 type gconfd_t, gconfd_exec_t;
188 domtrans_pattern($1, gconfd_exec_t, gconfd_t)
191 ########################################
193 ## Dontaudit read gnome homedir content (.config)
195 ## <param name="domain">
197 ## Domain to not audit.
201 interface(`gnome_dontaudit_read_config',`
203 attribute gnome_home_type;
206 dontaudit $1 gnome_home_type:dir read_inherited_file_perms;
209 ########################################
211 ## Dontaudit search gnome homedir content (.config)
213 ## <param name="domain">
215 ## Domain to not audit.
219 interface(`gnome_dontaudit_search_config',`
221 attribute gnome_home_type;
224 dontaudit $1 gnome_home_type:dir search_dir_perms;
227 ########################################
229 ## Dontaudit write gnome homedir content (.config)
231 ## <param name="domain">
233 ## Domain to not audit.
237 interface(`gnome_dontaudit_write_config_files',`
239 attribute gnome_home_type;
242 dontaudit $1 gnome_home_type:file write;
245 ########################################
247 ## manage gnome homedir content (.config)
249 ## <param name="domain">
251 ## Domain allowed access.
255 interface(`gnome_manage_config',`
257 attribute gnome_home_type;
260 allow $1 gnome_home_type:dir manage_dir_perms;
261 allow $1 gnome_home_type:file manage_file_perms;
262 allow $1 gnome_home_type:lnk_file manage_lnk_file_perms;
263 userdom_search_user_home_dirs($1)
266 ########################################
268 ## Send general signals to all gconf domains.
270 ## <param name="domain">
272 ## Domain allowed access.
276 interface(`gnome_signal_all',`
278 attribute gnomedomain;
281 allow $1 gnomedomain:process signal;
284 ########################################
286 ## Create objects in a Gnome cache home directory
287 ## with an automatic type transition to
288 ## a specified private type.
290 ## <param name="domain">
292 ## Domain allowed access.
295 ## <param name="private_type">
297 ## The type of the object to create.
300 ## <param name="object_class">
302 ## The class of the object to be created.
306 interface(`gnome_cache_filetrans',`
311 filetrans_pattern($1, cache_home_t, $2, $3, $4)
312 userdom_search_user_home_dirs($1)
315 ########################################
317 ## Create objects in a Gnome cache home directory
318 ## with an automatic type transition to
319 ## a specified private type.
321 ## <param name="domain">
323 ## Domain allowed access.
326 ## <param name="private_type">
328 ## The type of the object to create.
331 ## <param name="object_class">
333 ## The class of the object to be created.
337 interface(`gnome_config_filetrans',`
342 filetrans_pattern($1, config_home_t, $2, $3, $4)
343 userdom_search_user_home_dirs($1)
346 ########################################
348 ## Read generic cache home files (.cache)
350 ## <param name="domain">
352 ## Domain allowed access.
356 interface(`gnome_read_generic_cache_files',`
361 read_files_pattern($1, cache_home_t, cache_home_t)
362 userdom_search_user_home_dirs($1)
365 ########################################
367 ## Set attributes of cache home dir (.cache)
369 ## <param name="domain">
371 ## Domain allowed access.
375 interface(`gnome_setattr_cache_home_dir',`
380 setattr_dirs_pattern($1, cache_home_t, cache_home_t)
381 userdom_search_user_home_dirs($1)
384 ########################################
386 ## append to generic cache home files (.cache)
388 ## <param name="domain">
390 ## Domain allowed access.
394 interface(`gnome_append_generic_cache_files',`
399 append_files_pattern($1, cache_home_t, cache_home_t)
400 userdom_search_user_home_dirs($1)
403 ########################################
405 ## write to generic cache home files (.cache)
407 ## <param name="domain">
409 ## Domain allowed access.
413 interface(`gnome_write_generic_cache_files',`
418 write_files_pattern($1, cache_home_t, cache_home_t)
419 userdom_search_user_home_dirs($1)
422 ########################################
424 ## Dontaudit read/write to generic cache home files (.cache)
426 ## <param name="domain">
428 ## Domain to not audit.
432 interface(`gnome_dontaudit_rw_generic_cache_files',`
437 dontaudit $1 cache_home_t:file rw_inherited_file_perms;
440 ########################################
442 ## read gnome homedir content (.config)
444 ## <param name="domain">
446 ## Domain allowed access.
450 interface(`gnome_read_config',`
452 attribute gnome_home_type;
455 list_dirs_pattern($1, gnome_home_type, gnome_home_type)
456 read_files_pattern($1, gnome_home_type, gnome_home_type)
457 read_lnk_files_pattern($1, gnome_home_type, gnome_home_type)
460 ########################################
462 ## Create objects in a Gnome gconf home directory
463 ## with an automatic type transition to
464 ## a specified private type.
466 ## <param name="domain">
468 ## Domain allowed access.
471 ## <param name="private_type">
473 ## The type of the object to create.
476 ## <param name="object_class">
478 ## The class of the object to be created.
482 interface(`gnome_data_filetrans',`
487 filetrans_pattern($1, data_home_t, $2, $3, $4)
488 gnome_search_gconf($1)
491 #######################################
493 ## Read generic data home files.
495 ## <param name="domain">
497 ## Domain allowed access.
501 interface(`gnome_read_generic_data_home_files',`
503 type data_home_t, gconf_home_t;
506 read_files_pattern($1, { gconf_home_t data_home_t }, data_home_t)
509 #######################################
511 ## Manage gconf data home files
513 ## <param name="domain">
515 ## Domain allowed access.
519 interface(`gnome_manage_data',`
525 allow $1 gconf_home_t:dir search_dir_perms;
526 manage_dirs_pattern($1, data_home_t, data_home_t)
527 manage_files_pattern($1, data_home_t, data_home_t)
528 manage_lnk_files_pattern($1, data_home_t, data_home_t)
531 ########################################
533 ## Read icc data home content.
535 ## <param name="domain">
537 ## Domain allowed access.
541 interface(`gnome_read_home_icc_data_content',`
543 type icc_data_home_t, gconf_home_t, data_home_t;
546 userdom_search_user_home_dirs($1)
547 allow $1 { gconf_home_t data_home_t }:dir search_dir_perms;
548 list_dirs_pattern($1, icc_data_home_t, icc_data_home_t)
549 read_files_pattern($1, icc_data_home_t, icc_data_home_t)
550 read_lnk_files_pattern($1, icc_data_home_t, icc_data_home_t)
553 ########################################
555 ## Read inherited icc data home files.
557 ## <param name="domain">
559 ## Domain allowed access.
563 interface(`gnome_read_inherited_home_icc_data_files',`
565 type icc_data_home_t;
568 allow $1 icc_data_home_t:file read_inherited_file_perms;
571 ########################################
573 ## Create gconf_home_t objects in the /root directory
575 ## <param name="domain">
577 ## Domain allowed access.
580 ## <param name="object_class">
582 ## The class of the object to be created.
586 interface(`gnome_admin_home_gconf_filetrans',`
591 userdom_admin_home_dir_filetrans($1, gconf_home_t, $2)
594 ########################################
596 ## Do not audit attempts to read
597 ## inherited gconf config files.
599 ## <param name="domain">
601 ## Domain to not audit.
605 interface(`gnome_dontaudit_read_inherited_gconf_config_files',`
610 dontaudit $1 gconf_etc_t:file read_inherited_file_perms;
613 ########################################
615 ## read gconf config files
617 ## <param name="domain">
619 ## Domain allowed access.
623 interface(`gnome_read_gconf_config',`
628 allow $1 gconf_etc_t:dir list_dir_perms;
629 read_files_pattern($1, gconf_etc_t, gconf_etc_t)
633 #######################################
635 ## Manage gconf config files
637 ## <param name="domain">
639 ## Domain allowed access.
643 interface(`gnome_manage_gconf_config',`
648 allow $1 gconf_etc_t:dir list_dir_perms;
649 manage_files_pattern($1, gconf_etc_t, gconf_etc_t)
652 ########################################
654 ## Execute gconf programs in
655 ## in the caller domain.
657 ## <param name="domain">
659 ## Domain allowed access.
663 interface(`gnome_exec_gconf',`
668 can_exec($1, gconfd_exec_t)
671 ########################################
673 ## Execute gnome keyringd in the caller domain.
675 ## <param name="domain">
677 ## Domain allowed access.
681 interface(`gnome_exec_keyringd',`
683 type gkeyringd_exec_t;
686 can_exec($1, gkeyringd_exec_t)
687 corecmd_search_bin($1)
690 ########################################
692 ## Read gconf home files
694 ## <param name="domain">
696 ## Domain allowed access.
700 interface(`gnome_read_gconf_home_files',`
706 userdom_search_user_home_dirs($1)
707 allow $1 gconf_home_t:dir list_dir_perms;
708 allow $1 data_home_t:dir list_dir_perms;
709 read_files_pattern($1, gconf_home_t, gconf_home_t)
710 read_files_pattern($1, data_home_t, data_home_t)
711 read_lnk_files_pattern($1, gconf_home_t, gconf_home_t)
712 read_lnk_files_pattern($1, data_home_t, data_home_t)
715 ########################################
717 ## Search gkeyringd temporary directories.
719 ## <param name="domain">
721 ## Domain allowed access.
725 interface(`gnome_search_gkeyringd_tmp_dirs',`
727 type gkeyringd_tmp_t;
731 allow $1 gkeyringd_tmp_t:dir search_dir_perms;
734 ########################################
736 ## search gconf homedir (.local)
738 ## <param name="domain">
740 ## Domain allowed access.
744 interface(`gnome_search_gconf',`
749 allow $1 gconf_home_t:dir search_dir_perms;
750 userdom_search_user_home_dirs($1)
753 ########################################
755 ## Set attributes of Gnome config dirs.
757 ## <param name="domain">
759 ## Domain allowed access.
763 interface(`gnome_setattr_config_dirs',`
768 setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
769 files_search_home($1)
772 ########################################
774 ## Manage generic gnome home files.
776 ## <param name="domain">
778 ## Domain allowed access.
782 interface(`gnome_manage_generic_home_files',`
787 userdom_search_user_home_dirs($1)
788 manage_files_pattern($1, gnome_home_t, gnome_home_t)
791 ########################################
793 ## Manage generic gnome home directories.
795 ## <param name="domain">
797 ## Domain allowed access.
801 interface(`gnome_manage_generic_home_dirs',`
806 userdom_search_user_home_dirs($1)
807 allow $1 gnome_home_t:dir manage_dir_perms;
810 ########################################
812 ## Append gconf home files
814 ## <param name="domain">
816 ## Domain allowed access.
820 interface(`gnome_append_gconf_home_files',`
825 append_files_pattern($1, gconf_home_t, gconf_home_t)
828 ########################################
830 ## manage gconf home files
832 ## <param name="domain">
834 ## Domain allowed access.
838 interface(`gnome_manage_gconf_home_files',`
843 allow $1 gconf_home_t:dir list_dir_perms;
844 manage_files_pattern($1, gconf_home_t, gconf_home_t)
847 ########################################
849 ## Connect to gnome over an unix stream socket.
851 ## <param name="domain">
853 ## Domain allowed access.
856 ## <param name="user_domain">
858 ## The type of the user domain.
862 interface(`gnome_stream_connect',`
864 attribute gnome_home_type;
867 # Connect to pulseaudit server
868 stream_connect_pattern($1, gnome_home_type, gnome_home_type, $2)
871 ########################################
873 ## list gnome homedir content (.config)
875 ## <param name="domain">
877 ## Domain allowed access.
881 interface(`gnome_list_home_config',`
886 allow $1 config_home_t:dir list_dir_perms;
889 ########################################
891 ## Set attributes of gnome homedir content (.config)
893 ## <param name="domain">
895 ## Domain allowed access.
899 interface(`gnome_setattr_home_config',`
904 setattr_dirs_pattern($1, config_home_t, config_home_t)
905 userdom_search_user_home_dirs($1)
908 ########################################
910 ## read gnome homedir content (.config)
912 ## <param name="domain">
914 ## Domain allowed access.
918 interface(`gnome_read_home_config',`
923 list_dirs_pattern($1, config_home_t, config_home_t)
924 read_files_pattern($1, config_home_t, config_home_t)
925 read_lnk_files_pattern($1, config_home_t, config_home_t)
928 #######################################
930 ## delete gnome homedir content (.config)
932 ## <param name="domain">
934 ## Domain allowed access.
938 interface(`gnome_delete_home_config',`
943 delete_files_pattern($1, config_home_t, config_home_t)
946 #######################################
948 ## setattr gnome homedir content (.config)
950 ## <param name="domain">
952 ## Domain allowed access.
956 interface(`gnome_setattr_home_config_dirs',`
961 setattr_dirs_pattern($1, config_home_t, config_home_t)
964 ########################################
966 ## manage gnome homedir content (.config)
968 ## <param name="domain">
970 ## Domain allowed access.
974 interface(`gnome_manage_home_config',`
979 manage_files_pattern($1, config_home_t, config_home_t)
982 #######################################
984 ## delete gnome homedir content (.config)
986 ## <param name="domain">
988 ## Domain allowed access.
992 interface(`gnome_delete_home_config_dirs',`
997 delete_dirs_pattern($1, config_home_t, config_home_t)
1000 ########################################
1002 ## manage gnome homedir content (.config)
1004 ## <param name="domain">
1006 ## Domain allowed access.
1010 interface(`gnome_manage_home_config_dirs',`
1015 manage_dirs_pattern($1, config_home_t, config_home_t)
1018 ########################################
1020 ## manage gstreamer home content files.
1022 ## <param name="domain">
1024 ## Domain allowed access.
1028 interface(`gnome_manage_gstreamer_home_files',`
1030 type gstreamer_home_t;
1033 manage_files_pattern($1, gstreamer_home_t, gstreamer_home_t)
1036 ########################################
1038 ## Read/Write all inherited gnome home config
1040 ## <param name="domain">
1042 ## Domain allowed access.
1046 interface(`gnome_rw_inherited_config',`
1048 attribute gnome_home_type;
1051 allow $1 gnome_home_type:file rw_inherited_file_perms;
1054 ########################################
1056 ## Send and receive messages from
1057 ## gconf system service over dbus.
1059 ## <param name="domain">
1061 ## Domain allowed access.
1065 interface(`gnome_dbus_chat_gconfdefault',`
1067 type gconfdefaultsm_t;
1068 class dbus send_msg;
1071 allow $1 gconfdefaultsm_t:dbus send_msg;
1072 allow gconfdefaultsm_t $1:dbus send_msg;
1075 ########################################
1077 ## Send and receive messages from
1078 ## gkeyringd over dbus.
1080 ## <param name="domain">
1082 ## Domain allowed access.
1086 interface(`gnome_dbus_chat_gkeyringd',`
1088 attribute gkeyringd_domain;
1089 class dbus send_msg;
1092 allow $1 gkeyringd_domain:dbus send_msg;
1093 allow gkeyringd_domain $1:dbus send_msg;
1096 ########################################
1098 ## Send signull signal to gkeyringd processes.
1100 ## <param name="domain">
1102 ## Domain allowed access.
1106 interface(`gnome_signull_gkeyringd',`
1108 attribute gkeyringd_domain;
1111 allow $1 gkeyringd_domain:process signull;
1114 ########################################
1116 ## Allow the domain to read gkeyringd state files in /proc.
1118 ## <param name="domain">
1120 ## Domain allowed access.
1124 interface(`gnome_read_gkeyringd_state',`
1126 attribute gkeyringd_domain;
1129 ps_process_pattern($1, gkeyringd_domain)
1132 ########################################
1134 ## Create directories in user home directories
1135 ## with the gnome home file type.
1137 ## <param name="domain">
1139 ## Domain allowed access.
1143 interface(`gnome_home_dir_filetrans',`
1148 userdom_user_home_dir_filetrans($1, gnome_home_t, dir)
1149 userdom_search_user_home_dirs($1)
1152 ########################################
1154 ## Execute gnome-keyring in the user gkeyring domain
1156 ## <param name="domain">
1158 ## Domain allowed access
1161 ## <param name="role">
1163 ## The role to be allowed the gkeyring domain.
1167 interface(`gnome_transition_gkeyringd',`
1169 attribute gkeyringd_domain;
1172 allow $1 gkeyringd_domain:process transition;
1173 dontaudit $1 gkeyringd_domain:process { noatsecure siginh rlimitinh };
1174 allow gkeyringd_domain $1:process { sigchld signull };
1175 allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms;
1178 ########################################
1180 ## Create gnome content in the user home directory
1181 ## with an correct label.
1183 ## <param name="domain">
1185 ## Domain allowed access.
1189 interface(`gnome_filetrans_home_content',`
1194 type gstreamer_home_t;
1197 type data_home_t, icc_data_home_t;
1198 type gkeyringd_gnome_home_t;
1201 userdom_user_home_dir_filetrans($1, config_home_t, dir, ".config")
1202 userdom_user_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
1203 userdom_user_home_dir_filetrans($1, config_home_t, dir, ".xine")
1204 userdom_user_home_dir_filetrans($1, cache_home_t, dir, ".cache")
1205 userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
1206 userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
1207 userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".local")
1208 userdom_user_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2")
1209 userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10")
1210 userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12")
1211 # ~/.color/icc: legacy
1212 userdom_user_home_content_filetrans($1, icc_data_home_t, dir, "icc")
1213 filetrans_pattern($1, gnome_home_t, gkeyringd_gnome_home_t, dir, "keyrings")
1214 filetrans_pattern($1, gconf_home_t, data_home_t, dir, "share")
1215 filetrans_pattern($1, data_home_t, icc_data_home_t, dir, "icc")
1216 userdom_user_tmp_filetrans($1, config_home_t, dir, "dconf")
1219 ########################################
1221 ## Create gnome directory in the /root directory
1222 ## with an correct label.
1224 ## <param name="domain">
1226 ## Domain allowed access.
1230 interface(`gnome_filetrans_admin_home_content',`
1235 type gstreamer_home_t;
1238 type icc_data_home_t;
1241 userdom_admin_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
1242 userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".xine")
1243 userdom_admin_home_dir_filetrans($1, cache_home_t, dir, ".cache")
1244 userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
1245 userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
1246 userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".local")
1247 userdom_admin_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2")
1248 userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10")
1249 userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12")
1250 # /root/.color/icc: legacy
1251 userdom_admin_home_dir_filetrans($1, icc_data_home_t, dir, "icc")
1254 ######################################
1256 ## Execute gnome-keyring executable
1257 ## in the specified domain.
1261 ## Execute a telepathy executable
1262 ## in the specified domain. This allows
1263 ## the specified domain to execute any file
1264 ## on these filesystems in the specified
1268 ## No interprocess communication (signals, pipes,
1269 ## etc.) is provided by this interface since
1270 ## the domains are not owned by this module.
1273 ## This interface was added to handle
1274 ## the ssh-agent policy.
1277 ## <param name="domain">
1279 ## Domain allowed to transition.
1282 ## <param name="target_domain">
1284 ## The type of the new process.
1288 interface(`gnome_command_domtrans_gkeyringd', `
1290 type gkeyringd_exec_t;
1293 allow $2 gkeyringd_exec_t:file entrypoint;
1294 domain_transition_pattern($1, gkeyringd_exec_t, $2)
1295 type_transition $1 gkeyringd_exec_t:process $2;