1 ## <summary>GNU network object model environment (GNOME)</summary>
3 ###########################################################
5 ## Role access for gnome
12 ## <param name="domain">
14 ## User domain for the role
18 interface(`gnome_role',`
20 type gconfd_t, gconfd_exec_t;
24 role $1 types gconfd_t;
26 domain_auto_trans($2, gconfd_exec_t, gconfd_t)
27 allow gconfd_t $2:fd use;
28 allow gconfd_t $2:fifo_file write;
29 allow gconfd_t $2:unix_stream_socket connectto;
31 ps_process_pattern($2, gconfd_t)
33 #gnome_stream_connect_gconf_template($1, $2)
34 read_files_pattern($2, gconf_tmp_t, gconf_tmp_t)
35 allow $2 gconfd_t:unix_stream_socket connectto;
38 ######################################
40 ## The role template for the gnome-keyring-daemon.
42 ## <param name="user_prefix">
47 ## <param name="user_role">
52 ## <param name="user_domain">
54 ## The user domain associated with the role.
58 interface(`gnome_role_gkeyringd',`
60 attribute gkeyringd_domain;
61 attribute gnomedomain;
63 type gkeyringd_exec_t, gkeyringd_tmp_t, gkeyringd_gnome_home_t;
67 type $1_gkeyringd_t, gnomedomain, gkeyringd_domain;
68 typealias $1_gkeyringd_t alias gkeyringd_$1_t;
69 application_domain($1_gkeyringd_t, gkeyringd_exec_t)
70 ubac_constrained($1_gkeyringd_t)
71 domain_user_exemption_target($1_gkeyringd_t)
73 userdom_home_manager($1_gkeyringd_t)
75 role $2 types $1_gkeyringd_t;
77 domtrans_pattern($3, gkeyringd_exec_t, $1_gkeyringd_t)
79 allow $3 gkeyringd_gnome_home_t:dir { relabel_dir_perms manage_dir_perms };
80 allow $3 gkeyringd_gnome_home_t:file { relabel_file_perms manage_file_perms };
82 allow $3 gkeyringd_tmp_t:dir { relabel_dir_perms manage_dir_perms };
83 allow $3 gkeyringd_tmp_t:sock_file { relabel_sock_file_perms manage_sock_file_perms };
85 corecmd_bin_domtrans($1_gkeyringd_t, $1_t)
86 corecmd_shell_domtrans($1_gkeyringd_t, $1_t)
87 allow $1_gkeyringd_t $3:process sigkill;
88 allow $3 $1_gkeyringd_t:fd use;
89 allow $3 $1_gkeyringd_t:fifo_file rw_fifo_file_perms;
91 ps_process_pattern($1_gkeyringd_t, $3)
93 auth_use_nsswitch($1_gkeyringd_t)
95 ps_process_pattern($3, $1_gkeyringd_t)
96 allow $3 $1_gkeyringd_t:process signal_perms;
97 dontaudit $3 gkeyringd_exec_t:file entrypoint;
99 stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, $1_gkeyringd_t)
101 allow $1_gkeyringd_t $3:dbus send_msg;
102 allow $3 $1_gkeyringd_t:dbus send_msg;
104 dbus_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t)
105 dbus_session_bus_client($1_gkeyringd_t)
106 gnome_home_dir_filetrans($1_gkeyringd_t)
107 gnome_manage_generic_home_dirs($1_gkeyringd_t)
108 gnome_read_generic_data_home_files($1_gkeyringd_t)
111 telepathy_mission_control_read_state($1_gkeyringd_t)
116 ########################################
118 ## gconf connection template.
120 ## <param name="domain">
122 ## Domain allowed access.
126 interface(`gnome_stream_connect_gconf',`
128 type gconfd_t, gconf_tmp_t;
131 read_files_pattern($1, gconf_tmp_t, gconf_tmp_t)
132 allow $1 gconfd_t:unix_stream_socket connectto;
135 ########################################
137 ## Connect to gkeyringd with a unix stream socket.
139 ## <param name="domain">
141 ## Domain allowed access.
145 interface(`gnome_stream_connect_gkeyringd',`
147 attribute gkeyringd_domain;
148 type gkeyringd_tmp_t;
152 allow $1 gconf_tmp_t:dir search_dir_perms;
153 stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain)
156 ########################################
158 ## Connect to gkeyringd with a unix stream socket.
160 ## <param name="domain">
162 ## Domain allowed access.
166 interface(`gnome_stream_connect_all_gkeyringd',`
168 attribute gkeyringd_domain;
169 type gkeyringd_tmp_t;
173 allow $1 gconf_tmp_t:dir search_dir_perms;
174 stream_connect_pattern($1, gkeyringd_tmp_t, gkeyringd_tmp_t, gkeyringd_domain)
177 ########################################
179 ## Run gconfd in gconfd domain.
181 ## <param name="domain">
183 ## Domain allowed access.
187 interface(`gnome_domtrans_gconfd',`
189 type gconfd_t, gconfd_exec_t;
192 domtrans_pattern($1, gconfd_exec_t, gconfd_t)
195 ########################################
197 ## Dontaudit read gnome homedir content (.config)
199 ## <param name="domain">
201 ## Domain to not audit.
205 interface(`gnome_dontaudit_read_config',`
207 attribute gnome_home_type;
210 dontaudit $1 gnome_home_type:dir read_inherited_file_perms;
213 ########################################
215 ## Dontaudit search gnome homedir content (.config)
217 ## <param name="domain">
219 ## Domain to not audit.
223 interface(`gnome_dontaudit_search_config',`
225 attribute gnome_home_type;
228 dontaudit $1 gnome_home_type:dir search_dir_perms;
231 ########################################
233 ## manage gnome homedir content (.config)
235 ## <param name="domain">
237 ## Domain allowed access.
241 interface(`gnome_manage_config',`
243 attribute gnome_home_type;
246 allow $1 gnome_home_type:dir manage_dir_perms;
247 allow $1 gnome_home_type:file manage_file_perms;
248 allow $1 gnome_home_type:lnk_file manage_lnk_file_perms;
249 userdom_search_user_home_dirs($1)
252 ########################################
254 ## Send general signals to all gconf domains.
256 ## <param name="domain">
258 ## Domain allowed access.
262 interface(`gnome_signal_all',`
264 attribute gnomedomain;
267 allow $1 gnomedomain:process signal;
270 ########################################
272 ## Create objects in a Gnome cache home directory
273 ## with an automatic type transition to
274 ## a specified private type.
276 ## <param name="domain">
278 ## Domain allowed access.
281 ## <param name="private_type">
283 ## The type of the object to create.
286 ## <param name="object_class">
288 ## The class of the object to be created.
292 interface(`gnome_cache_filetrans',`
297 filetrans_pattern($1, cache_home_t, $2, $3, $4)
298 userdom_search_user_home_dirs($1)
301 ########################################
303 ## Create objects in a Gnome cache home directory
304 ## with an automatic type transition to
305 ## a specified private type.
307 ## <param name="domain">
309 ## Domain allowed access.
312 ## <param name="private_type">
314 ## The type of the object to create.
317 ## <param name="object_class">
319 ## The class of the object to be created.
323 interface(`gnome_config_filetrans',`
328 filetrans_pattern($1, config_home_t, $2, $3, $4)
329 userdom_search_user_home_dirs($1)
332 ########################################
334 ## Read generic cache home files (.cache)
336 ## <param name="domain">
338 ## Domain allowed access.
342 interface(`gnome_read_generic_cache_files',`
347 read_files_pattern($1, cache_home_t, cache_home_t)
348 userdom_search_user_home_dirs($1)
351 ########################################
353 ## Set attributes of cache home dir (.cache)
355 ## <param name="domain">
357 ## Domain allowed access.
361 interface(`gnome_setattr_cache_home_dir',`
366 setattr_dirs_pattern($1, cache_home_t, cache_home_t)
367 userdom_search_user_home_dirs($1)
370 ########################################
372 ## append to generic cache home files (.cache)
374 ## <param name="domain">
376 ## Domain allowed access.
380 interface(`gnome_append_generic_cache_files',`
385 append_files_pattern($1, cache_home_t, cache_home_t)
386 userdom_search_user_home_dirs($1)
389 ########################################
391 ## write to generic cache home files (.cache)
393 ## <param name="domain">
395 ## Domain allowed access.
399 interface(`gnome_write_generic_cache_files',`
404 write_files_pattern($1, cache_home_t, cache_home_t)
405 userdom_search_user_home_dirs($1)
408 ########################################
410 ## Dontaudit read/write to generic cache home files (.cache)
412 ## <param name="domain">
414 ## Domain to not audit.
418 interface(`gnome_dontaudit_rw_generic_cache_files',`
423 dontaudit $1 cache_home_t:file rw_inherited_file_perms;
426 ########################################
428 ## read gnome homedir content (.config)
430 ## <param name="domain">
432 ## Domain allowed access.
436 interface(`gnome_read_config',`
438 attribute gnome_home_type;
441 list_dirs_pattern($1, gnome_home_type, gnome_home_type)
442 read_files_pattern($1, gnome_home_type, gnome_home_type)
443 read_lnk_files_pattern($1, gnome_home_type, gnome_home_type)
446 ########################################
448 ## Create objects in a Gnome gconf home directory
449 ## with an automatic type transition to
450 ## a specified private type.
452 ## <param name="domain">
454 ## Domain allowed access.
457 ## <param name="private_type">
459 ## The type of the object to create.
462 ## <param name="object_class">
464 ## The class of the object to be created.
468 interface(`gnome_data_filetrans',`
473 filetrans_pattern($1, data_home_t, $2, $3, $4)
474 gnome_search_gconf($1)
477 #######################################
479 ## Read generic data home files.
481 ## <param name="domain">
483 ## Domain allowed access.
487 interface(`gnome_read_generic_data_home_files',`
489 type data_home_t, gconf_home_t;
492 read_files_pattern($1, { gconf_home_t data_home_t }, data_home_t)
495 #######################################
497 ## Manage gconf data home files
499 ## <param name="domain">
501 ## Domain allowed access.
505 interface(`gnome_manage_data',`
511 allow $1 gconf_home_t:dir search_dir_perms;
512 manage_dirs_pattern($1, data_home_t, data_home_t)
513 manage_files_pattern($1, data_home_t, data_home_t)
514 manage_lnk_files_pattern($1, data_home_t, data_home_t)
517 ########################################
519 ## Read icc data home content.
521 ## <param name="domain">
523 ## Domain allowed access.
527 interface(`gnome_read_home_icc_data_content',`
529 type icc_data_home_t, gconf_home_t, data_home_t;
532 userdom_search_user_home_dirs($1)
533 allow $1 { gconf_home_t data_home_t }:dir search_dir_perms;
534 list_dirs_pattern($1, icc_data_home_t, icc_data_home_t)
535 read_files_pattern($1, icc_data_home_t, icc_data_home_t)
536 read_lnk_files_pattern($1, icc_data_home_t, icc_data_home_t)
539 ########################################
541 ## Read inherited icc data home files.
543 ## <param name="domain">
545 ## Domain allowed access.
549 interface(`gnome_read_inherited_home_icc_data_files',`
551 type icc_data_home_t;
554 allow $1 icc_data_home_t:file read_inherited_file_perms;
557 ########################################
559 ## Create gconf_home_t objects in the /root directory
561 ## <param name="domain">
563 ## Domain allowed access.
566 ## <param name="object_class">
568 ## The class of the object to be created.
572 interface(`gnome_admin_home_gconf_filetrans',`
577 userdom_admin_home_dir_filetrans($1, gconf_home_t, $2)
580 ########################################
582 ## Do not audit attempts to read
583 ## inherited gconf config files.
585 ## <param name="domain">
587 ## Domain to not audit.
591 interface(`gnome_dontaudit_read_inherited_gconf_config_files',`
596 dontaudit $1 gconf_etc_t:file read_inherited_file_perms;
599 ########################################
601 ## read gconf config files
603 ## <param name="domain">
605 ## Domain allowed access.
609 interface(`gnome_read_gconf_config',`
614 allow $1 gconf_etc_t:dir list_dir_perms;
615 read_files_pattern($1, gconf_etc_t, gconf_etc_t)
619 #######################################
621 ## Manage gconf config files
623 ## <param name="domain">
625 ## Domain allowed access.
629 interface(`gnome_manage_gconf_config',`
634 allow $1 gconf_etc_t:dir list_dir_perms;
635 manage_files_pattern($1, gconf_etc_t, gconf_etc_t)
638 ########################################
640 ## Execute gconf programs in
641 ## in the caller domain.
643 ## <param name="domain">
645 ## Domain allowed access.
649 interface(`gnome_exec_gconf',`
654 can_exec($1, gconfd_exec_t)
657 ########################################
659 ## Execute gnome keyringd in the caller domain.
661 ## <param name="domain">
663 ## Domain allowed access.
667 interface(`gnome_exec_keyringd',`
669 type gkeyringd_exec_t;
672 can_exec($1, gkeyringd_exec_t)
673 corecmd_search_bin($1)
676 ########################################
678 ## Read gconf home files
680 ## <param name="domain">
682 ## Domain allowed access.
686 interface(`gnome_read_gconf_home_files',`
692 userdom_search_user_home_dirs($1)
693 allow $1 gconf_home_t:dir list_dir_perms;
694 allow $1 data_home_t:dir list_dir_perms;
695 read_files_pattern($1, gconf_home_t, gconf_home_t)
696 read_files_pattern($1, data_home_t, data_home_t)
697 read_lnk_files_pattern($1, gconf_home_t, gconf_home_t)
698 read_lnk_files_pattern($1, data_home_t, data_home_t)
701 ########################################
703 ## Search gkeyringd temporary directories.
705 ## <param name="domain">
707 ## Domain allowed access.
711 interface(`gnome_search_gkeyringd_tmp_dirs',`
713 type gkeyringd_tmp_t;
717 allow $1 gkeyringd_tmp_t:dir search_dir_perms;
720 ########################################
722 ## search gconf homedir (.local)
724 ## <param name="domain">
726 ## Domain allowed access.
730 interface(`gnome_search_gconf',`
735 allow $1 gconf_home_t:dir search_dir_perms;
736 userdom_search_user_home_dirs($1)
739 ########################################
741 ## Set attributes of Gnome config dirs.
743 ## <param name="domain">
745 ## Domain allowed access.
749 interface(`gnome_setattr_config_dirs',`
754 setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
755 files_search_home($1)
758 ########################################
760 ## Manage generic gnome home files.
762 ## <param name="domain">
764 ## Domain allowed access.
768 interface(`gnome_manage_generic_home_files',`
773 userdom_search_user_home_dirs($1)
774 manage_files_pattern($1, gnome_home_t, gnome_home_t)
777 ########################################
779 ## Manage generic gnome home directories.
781 ## <param name="domain">
783 ## Domain allowed access.
787 interface(`gnome_manage_generic_home_dirs',`
792 userdom_search_user_home_dirs($1)
793 allow $1 gnome_home_t:dir manage_dir_perms;
796 ########################################
798 ## Append gconf home files
800 ## <param name="domain">
802 ## Domain allowed access.
806 interface(`gnome_append_gconf_home_files',`
811 append_files_pattern($1, gconf_home_t, gconf_home_t)
814 ########################################
816 ## manage gconf home files
818 ## <param name="domain">
820 ## Domain allowed access.
824 interface(`gnome_manage_gconf_home_files',`
829 allow $1 gconf_home_t:dir list_dir_perms;
830 manage_files_pattern($1, gconf_home_t, gconf_home_t)
833 ########################################
835 ## Connect to gnome over an unix stream socket.
837 ## <param name="domain">
839 ## Domain allowed access.
842 ## <param name="user_domain">
844 ## The type of the user domain.
848 interface(`gnome_stream_connect',`
850 attribute gnome_home_type;
853 # Connect to pulseaudit server
854 stream_connect_pattern($1, gnome_home_type, gnome_home_type, $2)
857 ########################################
859 ## list gnome homedir content (.config)
861 ## <param name="domain">
863 ## Domain allowed access.
867 interface(`gnome_list_home_config',`
872 allow $1 config_home_t:dir list_dir_perms;
875 ########################################
877 ## Set attributes of gnome homedir content (.config)
879 ## <param name="domain">
881 ## Domain allowed access.
885 interface(`gnome_setattr_home_config',`
890 setattr_dirs_pattern($1, config_home_t, config_home_t)
891 userdom_search_user_home_dirs($1)
894 ########################################
896 ## read gnome homedir content (.config)
898 ## <param name="domain">
900 ## Domain allowed access.
904 interface(`gnome_read_home_config',`
909 list_dirs_pattern($1, config_home_t, config_home_t)
910 read_files_pattern($1, config_home_t, config_home_t)
911 read_lnk_files_pattern($1, config_home_t, config_home_t)
914 #######################################
916 ## delete gnome homedir content (.config)
918 ## <param name="domain">
920 ## Domain allowed access.
924 interface(`gnome_delete_home_config',`
929 delete_files_pattern($1, config_home_t, config_home_t)
932 #######################################
934 ## setattr gnome homedir content (.config)
936 ## <param name="domain">
938 ## Domain allowed access.
942 interface(`gnome_setattr_home_config_dirs',`
947 setattr_dirs_pattern($1, config_home_t, config_home_t)
950 ########################################
952 ## manage gnome homedir content (.config)
954 ## <param name="domain">
956 ## Domain allowed access.
960 interface(`gnome_manage_home_config',`
965 manage_files_pattern($1, config_home_t, config_home_t)
968 #######################################
970 ## delete gnome homedir content (.config)
972 ## <param name="domain">
974 ## Domain allowed access.
978 interface(`gnome_delete_home_config_dirs',`
983 delete_dirs_pattern($1, config_home_t, config_home_t)
986 ########################################
988 ## manage gnome homedir content (.config)
990 ## <param name="domain">
992 ## Domain allowed access.
996 interface(`gnome_manage_home_config_dirs',`
1001 manage_dirs_pattern($1, config_home_t, config_home_t)
1004 ########################################
1006 ## manage gstreamer home content files.
1008 ## <param name="domain">
1010 ## Domain allowed access.
1014 interface(`gnome_manage_gstreamer_home_files',`
1016 type gstreamer_home_t;
1019 manage_files_pattern($1, gstreamer_home_t, gstreamer_home_t)
1022 ########################################
1024 ## Read/Write all inherited gnome home config
1026 ## <param name="domain">
1028 ## Domain allowed access.
1032 interface(`gnome_rw_inherited_config',`
1034 attribute gnome_home_type;
1037 allow $1 gnome_home_type:file rw_inherited_file_perms;
1040 ########################################
1042 ## Send and receive messages from
1043 ## gconf system service over dbus.
1045 ## <param name="domain">
1047 ## Domain allowed access.
1051 interface(`gnome_dbus_chat_gconfdefault',`
1053 type gconfdefaultsm_t;
1054 class dbus send_msg;
1057 allow $1 gconfdefaultsm_t:dbus send_msg;
1058 allow gconfdefaultsm_t $1:dbus send_msg;
1061 ########################################
1063 ## Send and receive messages from
1064 ## gkeyringd over dbus.
1066 ## <param name="domain">
1068 ## Domain allowed access.
1072 interface(`gnome_dbus_chat_gkeyringd',`
1074 attribute gkeyringd_domain;
1075 class dbus send_msg;
1078 allow $1 gkeyringd_domain:dbus send_msg;
1079 allow gkeyringd_domain $1:dbus send_msg;
1082 ########################################
1084 ## Send signull signal to gkeyringd processes.
1086 ## <param name="domain">
1088 ## Domain allowed access.
1092 interface(`gnome_signull_gkeyringd',`
1094 attribute gkeyringd_domain;
1097 allow $1 gkeyringd_domain:process signull;
1100 ########################################
1102 ## Allow the domain to read gkeyringd state files in /proc.
1104 ## <param name="domain">
1106 ## Domain allowed access.
1110 interface(`gnome_read_gkeyringd_state',`
1112 attribute gkeyringd_domain;
1115 ps_process_pattern($1, gkeyringd_domain)
1118 ########################################
1120 ## Create directories in user home directories
1121 ## with the gnome home file type.
1123 ## <param name="domain">
1125 ## Domain allowed access.
1129 interface(`gnome_home_dir_filetrans',`
1134 userdom_user_home_dir_filetrans($1, gnome_home_t, dir)
1135 userdom_search_user_home_dirs($1)
1138 ######################################
1140 ## Allow read kde config content
1142 ## <param name="domain">
1144 ## Domain allowed access.
1148 interface(`gnome_read_usr_config',`
1153 files_search_usr($1)
1154 list_dirs_pattern($1, config_usr_t, config_usr_t)
1155 read_files_pattern($1, config_usr_t, config_usr_t)
1156 read_lnk_files_pattern($1, config_usr_t, config_usr_t)
1159 #######################################
1161 ## Allow manage kde config content
1163 ## <param name="domain">
1165 ## Domain allowed access.
1169 interface(`gnome_manage_usr_config',`
1174 files_search_usr($1)
1175 manage_dirs_pattern($1, config_usr_t, config_usr_t)
1176 manage_files_pattern($1, config_usr_t, config_usr_t)
1177 manage_lnk_files_pattern($1, config_usr_t, config_usr_t)
1180 ########################################
1182 ## Execute gnome-keyring in the user gkeyring domain
1184 ## <param name="domain">
1186 ## Domain allowed access
1189 ## <param name="role">
1191 ## The role to be allowed the gkeyring domain.
1195 interface(`gnome_transition_gkeyringd',`
1197 attribute gkeyringd_domain;
1200 allow $1 gkeyringd_domain:process transition;
1201 dontaudit $1 gkeyringd_domain:process { noatsecure siginh rlimitinh };
1202 allow gkeyringd_domain $1:process { sigchld signull };
1203 allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms;
1207 ########################################
1209 ## Create gnome content in the user home directory
1210 ## with an correct label.
1212 ## <param name="domain">
1214 ## Domain allowed access.
1218 interface(`gnome_filetrans_home_content',`
1223 type gstreamer_home_t;
1226 type data_home_t, icc_data_home_t;
1227 type gkeyringd_gnome_home_t;
1230 userdom_user_home_dir_filetrans($1, config_home_t, dir, ".config")
1231 userdom_user_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
1232 userdom_user_home_dir_filetrans($1, config_home_t, dir, ".xine")
1233 userdom_user_home_dir_filetrans($1, cache_home_t, dir, ".cache")
1234 userdom_user_home_dir_filetrans($1, config_home_t, dir, ".kde")
1235 userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
1236 userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
1237 userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".local")
1238 userdom_user_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2")
1239 userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10")
1240 userdom_user_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12")
1241 # ~/.color/icc: legacy
1242 userdom_user_home_content_filetrans($1, icc_data_home_t, dir, "icc")
1243 filetrans_pattern($1, gnome_home_t, gkeyringd_gnome_home_t, dir, "keyrings")
1244 filetrans_pattern($1, gconf_home_t, data_home_t, dir, "share")
1245 filetrans_pattern($1, data_home_t, icc_data_home_t, dir, "icc")
1246 userdom_user_tmp_filetrans($1, config_home_t, dir, "dconf")
1249 ########################################
1251 ## Create gnome directory in the /root directory
1252 ## with an correct label.
1254 ## <param name="domain">
1256 ## Domain allowed access.
1260 interface(`gnome_filetrans_admin_home_content',`
1265 type gstreamer_home_t;
1268 type icc_data_home_t;
1271 userdom_admin_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
1272 userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".xine")
1273 userdom_admin_home_dir_filetrans($1, cache_home_t, dir, ".cache")
1274 userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".kde")
1275 userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
1276 userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
1277 userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".local")
1278 userdom_admin_home_dir_filetrans($1, gnome_home_t, dir, ".gnome2")
1279 userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-10")
1280 userdom_admin_home_dir_filetrans($1, gstreamer_home_t, dir, ".gstreamer-12")
1281 # /root/.color/icc: legacy
1282 userdom_admin_home_dir_filetrans($1, icc_data_home_t, dir, "icc")
1285 ######################################
1287 ## Execute gnome-keyring executable
1288 ## in the specified domain.
1292 ## Execute a telepathy executable
1293 ## in the specified domain. This allows
1294 ## the specified domain to execute any file
1295 ## on these filesystems in the specified
1299 ## No interprocess communication (signals, pipes,
1300 ## etc.) is provided by this interface since
1301 ## the domains are not owned by this module.
1304 ## This interface was added to handle
1305 ## the ssh-agent policy.
1308 ## <param name="domain">
1310 ## Domain allowed to transition.
1313 ## <param name="target_domain">
1315 ## The type of the new process.
1319 interface(`gnome_command_domtrans_gkeyringd', `
1321 type gkeyringd_exec_t;
1324 allow $2 gkeyringd_exec_t:file entrypoint;
1325 domain_transition_pattern($1, gkeyringd_exec_t, $2)
1326 type_transition $1 gkeyringd_exec_t:process $2;