interface(`gnome_role_gkeyringd',`
gen_require(`
attribute gkeyringd_domain;
- attribute gnome_domain;
+ attribute gnomedomain;
type gnome_home_t;
type gkeyringd_exec_t, gkeyringd_tmp_t, gkeyringd_gnome_home_t;
class dbus send_msg;
')
- type $1_gkeyringd_t, gnome_domain, gkeyringd_domain;
+ type $1_gkeyringd_t, gnomedomain, gkeyringd_domain;
typealias $1_gkeyringd_t alias gkeyringd_$1_t;
application_domain($1_gkeyringd_t, gkeyringd_exec_t)
ubac_constrained($1_gkeyringd_t)
dontaudit $1 gnome_home_type:dir search_dir_perms;
')
+########################################
+## <summary>
+## Dontaudit write gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`gnome_dontaudit_write_config_files',`
+ gen_require(`
+ attribute gnome_home_type;
+ ')
+
+ dontaudit $1 gnome_home_type:file write;
+')
+
########################################
## <summary>
## manage gnome homedir content (.config)
#
interface(`gnome_signal_all',`
gen_require(`
- attribute gnome_domain;
+ attribute gnomedomain;
')
- allow $1 gnome_domain:process signal;
+ allow $1 gnomedomain:process signal;
')
########################################
delete_files_pattern($1, config_home_t, config_home_t)
')
+#######################################
+## <summary>
+## setattr gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gnome_setattr_home_config_dirs',`
+ gen_require(`
+ type config_home_t;
+ ')
+
+ setattr_dirs_pattern($1, config_home_t, config_home_t)
+')
+
########################################
## <summary>
## manage gnome homedir content (.config)
allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms;
')
-
########################################
## <summary>
## Create gnome content in the user home directory