colord_dbus_chat(staff_t)
')
-optional_policy(`
- gnomeclock_dbus_chat(staff_t)
-')
-
optional_policy(`
gnome_role(staff_r, staff_t)
')
')
optional_policy(`
- gnomeclock_dbus_chat(unconfined_t)
gnome_dbus_chat_gconfdefault(unconfined_t)
gnome_command_domtrans_gkeyringd(unconfined_dbusd_t,unconfined_t)
')
gnome_role(xguest_r, xguest_t)
')
-optional_policy(`
- gnomeclock_dontaudit_dbus_chat(xguest_t)
-')
-
optional_policy(`
pcscd_read_pub_files(xguest_t)
pcscd_stream_connect(xguest_t)
+++ /dev/null
-
-/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
-
-/usr/libexec/gsd-datetime-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+++ /dev/null
-## <summary>Gnome clock handler for setting the time.</summary>
-
-########################################
-## <summary>
-## Execute a domain transition to run gnomeclock.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`gnomeclock_domtrans',`
- gen_require(`
- type gnomeclock_t, gnomeclock_exec_t;
- ')
-
- domtrans_pattern($1, gnomeclock_exec_t, gnomeclock_t)
-')
-
-########################################
-## <summary>
-## Execute gnomeclock in the gnomeclock domain, and
-## allow the specified role the gnomeclock domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-#
-interface(`gnomeclock_run',`
- gen_require(`
- type gnomeclock_t;
- ')
-
- gnomeclock_domtrans($1)
- role $2 types gnomeclock_t;
-')
-
-########################################
-## <summary>
-## Send and receive messages from
-## gnomeclock over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`gnomeclock_dbus_chat',`
- gen_require(`
- type gnomeclock_t;
- class dbus send_msg;
- ')
-
- allow $1 gnomeclock_t:dbus send_msg;
- allow gnomeclock_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-## Do not audit send and receive messages from
-## gnomeclock over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`gnomeclock_dontaudit_dbus_chat',`
- gen_require(`
- type gnomeclock_t;
- class dbus send_msg;
- ')
-
- dontaudit $1 gnomeclock_t:dbus send_msg;
- dontaudit gnomeclock_t $1:dbus send_msg;
-')
+++ /dev/null
-policy_module(gnomeclock, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type gnomeclock_t;
-type gnomeclock_exec_t;
-dbus_system_domain(gnomeclock_t, gnomeclock_exec_t)
-
-########################################
-#
-# gnomeclock local policy
-#
-
-allow gnomeclock_t self:capability { sys_nice sys_time };
-allow gnomeclock_t self:process { getattr getsched signal };
-allow gnomeclock_t self:fifo_file rw_fifo_file_perms;
-allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms;
-allow gnomeclock_t self:unix_dgram_socket create_socket_perms;
-
-kernel_read_system_state(gnomeclock_t)
-
-corecmd_exec_bin(gnomeclock_t)
-corecmd_exec_shell(gnomeclock_t)
-corecmd_dontaudit_access_check_bin(gnomeclock_t)
-
-dev_read_sysfs(gnomeclock_t)
-
-files_read_etc_runtime_files(gnomeclock_t)
-files_read_usr_files(gnomeclock_t)
-
-fs_getattr_xattr_fs(gnomeclock_t)
-
-auth_use_nsswitch(gnomeclock_t)
-
-logging_send_syslog_msg(gnomeclock_t)
-
-miscfiles_read_localization(gnomeclock_t)
-miscfiles_manage_localization(gnomeclock_t)
-miscfiles_etc_filetrans_localization(gnomeclock_t)
-
-userdom_read_all_users_state(gnomeclock_t)
-
-optional_policy(`
- chronyd_systemctl(gnomeclock_t)
-')
-
-optional_policy(`
- clock_domtrans(gnomeclock_t)
-')
-
-optional_policy(`
- consolekit_dbus_chat(gnomeclock_t)
-')
-
-optional_policy(`
- consoletype_exec(gnomeclock_t)
-')
-
-optional_policy(`
- gnome_manage_usr_config(gnomeclock_t)
-')
-
-optional_policy(`
- ntp_domtrans_ntpdate(gnomeclock_t)
- ntp_initrc_domtrans(gnomeclock_t)
- init_dontaudit_getattr_all_script_files(gnomeclock_t)
- ntp_systemctl(gnomeclock_t)
-')
-
-optional_policy(`
- policykit_dbus_chat(gnomeclock_t)
- policykit_domtrans_auth(gnomeclock_t)
- policykit_read_lib(gnomeclock_t)
- policykit_read_reload(gnomeclock_t)
-')
gpg_role($1_r, $1_usertype)
')
- optional_policy(`
- gnomeclock_dbus_chat($1_t)
- ')
-
optional_policy(`
gpm_stream_connect($1_usertype)
')