+++ /dev/null
-
-## <summary>policy for firewallgui</summary>
-
-########################################
-## <summary>
-## Send and receive messages from
-## firewallgui over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`firewallgui_dbus_chat',`
- gen_require(`
- type firewallgui_t;
- class dbus send_msg;
- ')
-
- allow $1 firewallgui_t:dbus send_msg;
- allow firewallgui_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-## Read and write firewallgui unnamed pipes.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`firewallgui_dontaudit_rw_pipes',`
- gen_require(`
- type firewallgui_t;
- ')
-
- dontaudit $1 firewallgui_t:fifo_file rw_inherited_fifo_file_perms;
-')
+++ /dev/null
-policy_module(firewallgui,1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type firewallgui_t;
-type firewallgui_exec_t;
-dbus_system_domain(firewallgui_t, firewallgui_exec_t)
-
-type firewallgui_tmp_t;
-files_tmp_file(firewallgui_tmp_t)
-
-########################################
-#
-# firewallgui local policy
-#
-
-allow firewallgui_t self:capability { net_admin sys_rawio } ;
-allow firewallgui_t self:fifo_file rw_fifo_file_perms;
-
-manage_files_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
-manage_dirs_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
-files_tmp_filetrans(firewallgui_t,firewallgui_tmp_t, { file dir })
-
-kernel_read_system_state(firewallgui_t)
-kernel_read_network_state(firewallgui_t)
-kernel_rw_net_sysctls(firewallgui_t)
-kernel_rw_kernel_sysctl(firewallgui_t)
-kernel_rw_vm_sysctls(firewallgui_t)
-
-corecmd_exec_shell(firewallgui_t)
-corecmd_exec_bin(firewallgui_t)
-
-dev_read_urand(firewallgui_t)
-dev_read_sysfs(firewallgui_t)
-
-files_manage_system_conf_files(firewallgui_t)
-files_etc_filetrans_system_conf(firewallgui_t)
-files_read_etc_files(firewallgui_t)
-files_read_usr_files(firewallgui_t)
-files_search_kernel_modules(firewallgui_t)
-files_list_kernel_modules(firewallgui_t)
-
-auth_use_nsswitch(firewallgui_t)
-
-miscfiles_read_localization(firewallgui_t)
-
-seutil_read_config(firewallgui_t)
-
-userdom_dontaudit_search_user_home_dirs(firewallgui_t)
-
-optional_policy(`
- consoletype_exec(firewallgui_t)
-')
-
-optional_policy(`
- gnome_read_gconf_home_files(firewallgui_t)
-')
-
-optional_policy(`
- iptables_domtrans(firewallgui_t)
- iptables_initrc_domtrans(firewallgui_t)
- iptables_systemctl(firewallgui_t)
-')
-
-optional_policy(`
- modutils_getattr_module_deps(firewallgui_t)
-')
-
-optional_policy(`
- policykit_dbus_chat(firewallgui_t)
-')
projects / people / stevee / selinux-policy.git / commitdiff
