Dont audit writes to leaked file descriptors or redirected output for nacl

[people/stevee/selinux-policy.git] / policy / modules / apps / gnome.if

diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index 8fe4b662a642c55047fcbaf8ecaf56de1c8e429a..45580b57ef068c47a98830f5dc31c1fe4f1de3c0 100644 (file)
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -58,13 +58,13 @@ interface(`gnome_role',`
 interface(`gnome_role_gkeyringd',`
         gen_require(`
                 attribute gkeyringd_domain;
-                attribute gnome_domain;
+                attribute gnomedomain;
                 type gnome_home_t;
                 type gkeyringd_exec_t, gkeyringd_tmp_t, gkeyringd_gnome_home_t;
                class dbus send_msg;
         ')
 
-       type $1_gkeyringd_t, gnome_domain, gkeyringd_domain;
+       type $1_gkeyringd_t, gnomedomain, gkeyringd_domain;
        typealias $1_gkeyringd_t alias gkeyringd_$1_t;
        application_domain($1_gkeyringd_t, gkeyringd_exec_t)
        ubac_constrained($1_gkeyringd_t)
@@ -228,6 +228,24 @@ interface(`gnome_dontaudit_search_config',`
        dontaudit $1 gnome_home_type:dir search_dir_perms;
 ')
 
+########################################
+## <summary>
+##     Dontaudit write gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain to not audit.
+##     </summary>
+## </param>
+#
+interface(`gnome_dontaudit_write_config_files',`
+       gen_require(`
+               attribute gnome_home_type;
+       ')
+
+       dontaudit $1 gnome_home_type:file write;
+')
+
 ########################################
 ## <summary>
 ##     manage gnome homedir content (.config)
@@ -261,10 +279,10 @@ interface(`gnome_manage_config',`
 #
 interface(`gnome_signal_all',`
        gen_require(`
-               attribute gnome_domain;
+               attribute gnomedomain;
        ')
 
-       allow $1 gnome_domain:process signal;
+       allow $1 gnomedomain:process signal;
 ')
 
 ########################################
@@ -929,6 +947,24 @@ interface(`gnome_delete_home_config',`
     delete_files_pattern($1, config_home_t, config_home_t)
 ')
 
+#######################################
+## <summary>
+##  setattr gnome homedir content (.config)
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`gnome_setattr_home_config_dirs',`
+    gen_require(`
+        type config_home_t;
+    ')
+
+    setattr_dirs_pattern($1, config_home_t, config_home_t)
+')
+
 ########################################
 ## <summary>
 ##     manage gnome homedir content (.config)
@@ -1185,7 +1221,6 @@ interface(`gnome_transition_gkeyringd',`
        allow gkeyringd_domain $1:fifo_file rw_inherited_fifo_file_perms;
 ')
 
-
 ########################################
 ## <summary>
 ##     Create gnome content in the user home directory