+++ /dev/null
-HOME_DIR/cxoffice/bin/wine.+ -- gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/google/picasa(/.*)?/Picasa3/.*exe -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/msiexec -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/progman -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/regsvr32 -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/regedit -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/uninstaller -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/wdi -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/google/picasa(/.*)?/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/teamviewer(/.*)?/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-
-/opt/picasa/wine/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-
-/usr/bin/msiexec -- gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/regsvr32 -- gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/regedit -- gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/uninstaller -- gen_context(system_u:object_r:wine_exec_t,s0)
-/usr/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
+++ /dev/null
-## <summary>Wine Is Not an Emulator. Run Windows programs in Linux.</summary>
-
-#######################################
-## <summary>
-## The per role template for the wine module.
-## </summary>
-## <desc>
-## <p>
-## This template creates a derived domains which are used
-## for wine applications.
-## </p>
-## </desc>
-## <param name="userdomain_prefix">
-## <summary>
-## The prefix of the user domain (e.g., user
-## is the prefix for user_t).
-## </summary>
-## </param>
-## <param name="user_domain">
-## <summary>
-## The type of the user domain.
-## </summary>
-## </param>
-## <param name="user_role">
-## <summary>
-## The role associated with the user domain.
-## </summary>
-## </param>
-#
-template(`wine_role',`
- gen_require(`
- type wine_t;
- type wine_home_t;
- type wine_exec_t;
- ')
-
- role $1 types wine_t;
-
- domain_auto_trans($2, wine_exec_t, wine_t)
- # Unrestricted inheritance from the caller.
- allow $2 wine_t:process { noatsecure siginh rlimitinh };
- allow wine_t $2:fd use;
- allow wine_t $2:process { sigchld signull };
- allow wine_t $2:unix_stream_socket connectto;
-
- # Allow the user domain to signal/ps.
- ps_process_pattern($2, wine_t)
- allow $2 wine_t:process signal_perms;
-
- allow $2 wine_t:fd use;
- allow $2 wine_t:shm { associate getattr unix_read unix_write };
- allow $2 wine_t:unix_stream_socket connectto;
-
- # X access, Home files
- manage_dirs_pattern($2, wine_home_t, wine_home_t)
- manage_files_pattern($2, wine_home_t, wine_home_t)
- manage_lnk_files_pattern($2, wine_home_t, wine_home_t)
- relabel_dirs_pattern($2, wine_home_t, wine_home_t)
- relabel_files_pattern($2, wine_home_t, wine_home_t)
- relabel_lnk_files_pattern($2, wine_home_t, wine_home_t)
-')
-
-#######################################
-## <summary>
-## The role template for the wine module.
-## </summary>
-## <desc>
-## <p>
-## This template creates a derived domains which are used
-## for wine applications.
-## </p>
-## </desc>
-## <param name="role_prefix">
-## <summary>
-## The prefix of the user domain (e.g., user
-## is the prefix for user_t).
-## </summary>
-## </param>
-## <param name="user_role">
-## <summary>
-## The role associated with the user domain.
-## </summary>
-## </param>
-## <param name="user_domain">
-## <summary>
-## The type of the user domain.
-## </summary>
-## </param>
-#
-template(`wine_role_template',`
- gen_require(`
- type wine_t;
- type wine_exec_t;
- ')
-
- type $1_wine_t;
- domain_type($1_wine_t)
- domain_entry_file($1_wine_t, wine_exec_t)
- ubac_constrained($1_wine_t)
- role $2 types $1_wine_t;
-
- allow $1_wine_t self:process { execmem execstack };
- allow $3 $1_wine_t:process { getattr noatsecure signal_perms };
- domtrans_pattern($3, wine_exec_t, $1_wine_t)
- corecmd_bin_domtrans($1_wine_t, $1_t)
-
- userdom_unpriv_usertype($1, $1_wine_t)
- userdom_manage_tmpfs_role($2, $1_wine_t)
-
- domain_mmap_low($1_wine_t)
-
- tunable_policy(`wine_mmap_zero_ignore',`
- dontaudit $1_wine_t self:memprotect mmap_zero;
- ')
-
- tunable_policy(`wine_mmap_zero_ignore',`
- dontaudit $1_wine_t self:memprotect mmap_zero;
- ')
-
- optional_policy(`
- xserver_role($1_r, $1_wine_t)
- ')
-')
-
-########################################
-## <summary>
-## Execute the wine program in the wine domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`wine_domtrans',`
- gen_require(`
- type wine_t, wine_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, wine_exec_t, wine_t)
-')
-
-########################################
-## <summary>
-## Execute wine in the wine domain, and
-## allow the specified role the wine domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-#
-interface(`wine_run',`
- gen_require(`
- type wine_t;
- ')
-
- wine_domtrans($1)
- role $2 types wine_t;
-')
-
-########################################
-## <summary>
-## Read and write wine Shared
-## memory segments.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`wine_rw_shm',`
- gen_require(`
- type wine_t;
- ')
-
- allow $1 wine_t:shm rw_shm_perms;
-')
+++ /dev/null
-policy_module(wine, 1.8.1)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Ignore wine mmap_zero errors.
-## </p>
-## </desc>
-gen_tunable(wine_mmap_zero_ignore, false)
-
-type wine_t;
-type wine_exec_t;
-application_domain(wine_t, wine_exec_t)
-ubac_constrained(wine_t)
-role system_r types wine_t;
-
-type wine_tmp_t;
-files_tmp_file(wine_tmp_t)
-ubac_constrained(wine_tmp_t)
-
-########################################
-#
-# Local policy
-#
-
-allow wine_t self:process { execstack execmem execheap };
-allow wine_t self:fifo_file manage_fifo_file_perms;
-
-can_exec(wine_t, wine_exec_t)
-
-manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
-manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
-files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
-
-domain_mmap_low(wine_t)
-
-files_execmod_all_files(wine_t)
-
-userdom_use_inherited_user_terminals(wine_t)
-
-tunable_policy(`wine_mmap_zero_ignore',`
- dontaudit wine_t self:memprotect mmap_zero;
-')
-
-optional_policy(`
- hal_dbus_chat(wine_t)
-')
-
-optional_policy(`
- policykit_dbus_chat(wine_t)
-')
-
-optional_policy(`
- unconfined_domain(wine_t)
-')
-
-optional_policy(`
- xserver_read_xdm_pid(wine_t)
- xserver_rw_shm(wine_t)
-')
/opt/Adobe/Reader.?/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/Adobe/Reader.?/Reader/intellinux/SPPlugins/.*\.ap[il] -- gen_context(system_u:object_r:lib_t,s0)
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/cx.*/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/ibm/java.*/jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/ibm/java.*/jre/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/xorg/modules/glesx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
-/usr/(local/)?lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?lib/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)