]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - policy/modules/apps/thumb.if
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove module for telepathy.
[people/stevee/selinux-policy.git] / policy / modules / apps / thumb.if
1
2 ## <summary>policy for thumb</summary>
3
4
5 ########################################
6 ## <summary>
7 ## Transition to thumb.
8 ## </summary>
9 ## <param name="domain">
10 ## <summary>
11 ## Domain allowed to transition.
12 ## </summary>
13 ## </param>
14 #
15 interface(`thumb_domtrans',`
16 gen_require(`
17 type thumb_t, thumb_exec_t;
18 ')
19
20 corecmd_search_bin($1)
21 domtrans_pattern($1, thumb_exec_t, thumb_t)
22 ')
23
24
25 ########################################
26 ## <summary>
27 ## Execute thumb in the thumb domain, and
28 ## allow the specified role the thumb domain.
29 ## </summary>
30 ## <param name="domain">
31 ## <summary>
32 ## Domain allowed to transition
33 ## </summary>
34 ## </param>
35 ## <param name="role">
36 ## <summary>
37 ## The role to be allowed the thumb domain.
38 ## </summary>
39 ## </param>
40 #
41 interface(`thumb_run',`
42 gen_require(`
43 type thumb_t;
44 ')
45
46 thumb_domtrans($1)
47 role $2 types thumb_t;
48
49 allow $1 thumb_t:process signal;
50 ')
51
52 ########################################
53 ## <summary>
54 ## Role access for thumb
55 ## </summary>
56 ## <param name="role">
57 ## <summary>
58 ## Role allowed access
59 ## </summary>
60 ## </param>
61 ## <param name="domain">
62 ## <summary>
63 ## User domain for the role
64 ## </summary>
65 ## </param>
66 #
67 interface(`thumb_role',`
68 gen_require(`
69 type thumb_t;
70 class dbus send_msg;
71 ')
72
73 role $1 types thumb_t;
74
75 thumb_domtrans($2)
76
77 ps_process_pattern($2, thumb_t)
78 allow $2 thumb_t:process signal;
79 allow thumb_t $2:unix_stream_socket connectto;
80
81 allow $2 thumb_t:dbus send_msg;
82 allow thumb_t $2:dbus send_msg;
83 ')
84
The IPFire selinux policy.