/bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
-
-/usr/(local/)?bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
-/usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
/usr/bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:cache_home_t,s0)
HOME_DIR/\.color/icc(/.*)? gen_context(system_u:object_r:icc_data_home_t,s0)
HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:config_home_t,s0)
-HOME_DIR/\.kde(/.*)? gen_context(system_u:object_r:config_home_t,s0)
HOME_DIR/\.gconf(d)?(/.*)? gen_context(system_u:object_r:gconf_home_t,s0)
HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gkeyringd_gnome_home_t,s0)
/root/\.cache(/.*)? gen_context(system_u:object_r:cache_home_t,s0)
/root/\.color/icc(/.*)? gen_context(system_u:object_r:icc_data_home_t,s0)
/root/\.config(/.*)? gen_context(system_u:object_r:config_home_t,s0)
-/root/\.kde(/.*)? gen_context(system_u:object_r:config_home_t,s0)
/root/\.gconf(d)?(/.*)? gen_context(system_u:object_r:gconf_home_t,s0)
/root/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
/root/\.gnome2/keyrings(/.*)? gen_context(system_u:object_r:gkeyringd_gnome_home_t,s0)
/usr/libexec/gconf-defaults-mechanism -- gen_context(system_u:object_r:gconfdefaultsm_exec_t,s0)
/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
-/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
userdom_search_user_home_dirs($1)
')
-######################################
-## <summary>
-## Allow read kde config content
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`gnome_read_usr_config',`
- gen_require(`
- type config_usr_t;
- ')
-
- files_search_usr($1)
- list_dirs_pattern($1, config_usr_t, config_usr_t)
- read_files_pattern($1, config_usr_t, config_usr_t)
- read_lnk_files_pattern($1, config_usr_t, config_usr_t)
-')
-
-#######################################
-## <summary>
-## Allow manage kde config content
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`gnome_manage_usr_config',`
- gen_require(`
- type config_usr_t;
- ')
-
- files_search_usr($1)
- manage_dirs_pattern($1, config_usr_t, config_usr_t)
- manage_files_pattern($1, config_usr_t, config_usr_t)
- manage_lnk_files_pattern($1, config_usr_t, config_usr_t)
-')
-
########################################
## <summary>
## Execute gnome-keyring in the user gkeyring domain
userdom_user_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
userdom_user_home_dir_filetrans($1, config_home_t, dir, ".xine")
userdom_user_home_dir_filetrans($1, cache_home_t, dir, ".cache")
- userdom_user_home_dir_filetrans($1, config_home_t, dir, ".kde")
userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
userdom_user_home_dir_filetrans($1, gconf_home_t, dir, ".local")
userdom_admin_home_dir_filetrans($1, config_home_t, file, ".Xdefaults")
userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".xine")
userdom_admin_home_dir_filetrans($1, cache_home_t, dir, ".cache")
- userdom_admin_home_dir_filetrans($1, config_home_t, dir, ".kde")
userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconf")
userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".gconfd")
userdom_admin_home_dir_filetrans($1, gconf_home_t, dir, ".local")
+++ /dev/null
-#/usr/libexec/kde(3|4)/backlighthelper -- gen_context(system_u:object_r:kdebacklighthelper_exec_t,s0)
+++ /dev/null
-## <summary> Policy for KDE components </summary>
-
-#######################################
-## <summary>
-## Send and receive messages from
-## firewallgui over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`kde_dbus_chat_backlighthelper',`
- gen_require(`
- type kdebacklighthelper_t;
- class dbus send_msg;
- ')
-
- allow $1 kdebacklighthelper_t:dbus send_msg;
- allow kdebacklighthelper_t $1:dbus send_msg;
-')
+++ /dev/null
-policy_module(kde,1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type kdebacklighthelper_t;
-type kdebacklighthelper_exec_t;
-dbus_system_domain(kdebacklighthelper_t, kdebacklighthelper_exec_t)
-
-########################################
-#
-# backlighthelper local policy
-#
-allow kdebacklighthelper_t self:fifo_file rw_fifo_file_perms;
-
-kernel_read_system_state(kdebacklighthelper_t)
-
-# r/w brightness values
-dev_rw_sysfs(kdebacklighthelper_t)
-
-files_read_etc_files(kdebacklighthelper_t)
-files_read_etc_runtime_files(kdebacklighthelper_t)
-files_read_usr_files(kdebacklighthelper_t)
-
-fs_getattr_all_fs(kdebacklighthelper_t)
-
-logging_send_syslog_msg(kdebacklighthelper_t)
-
-miscfiles_read_localization(kdebacklighthelper_t)
-
-optional_policy(`
- consolekit_dbus_chat(kdebacklighthelper_t)
-')
-
-optional_policy(`
- policykit_dbus_chat(kdebacklighthelper_t)
-')
-
/etc/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
-/etc/kde/env(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/etc/kde/shutdown(/.*)? gen_context(system_u:object_r:bin_t,s0)
-
/etc/mail/make -- gen_context(system_u:object_r:bin_t,s0)
/etc/mcelog/cache-error-trigger -- gen_context(system_u:object_r:bin_t,s0)
/etc/mcelog/triggers(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/kde4/apps/kajongg/kajongg.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
/usr/libexec/gsd-datetime-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
-
-/usr/libexec/kde(3|4)/kcmdatetimehelper -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
HOME_DIR/Audio(/.*)? gen_context(system_u:object_r:audio_home_t,s0)
HOME_DIR/Music(/.*)? gen_context(system_u:object_r:audio_home_t,s0)
HOME_DIR/\.cert(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
-HOME_DIR/.kde/share/apps/networkmanagement/certificates(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
HOME_DIR/\.pki(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
HOME_DIR/\.gvfs/.* <<none>>
HOME_DIR/\.debug(/.*)? <<none>>
hal_dbus_chat($1_usertype)
')
- optional_policy(`
- kde_dbus_chat_backlighthelper($1_usertype)
- ')
-
optional_policy(`
modemmanager_dbus_chat($1_usertype)
')
projects / people / stevee / selinux-policy.git / commitdiff
