|
Dominick Grift |
1272233 |
policy_module(blueman, 1.0.4)
|
|
 |
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# Declarations
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type blueman_t;
|
|
|
1ec3d1a |
type blueman_exec_t;
|
|
|
1ec3d1a |
init_daemon_domain(blueman_t, blueman_exec_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type blueman_var_lib_t;
|
|
|
1ec3d1a |
files_type(blueman_var_lib_t)
|
|
|
1ec3d1a |
|
|
 |
8883bdb |
type blueman_var_run_t;
|
|
|
8883bdb |
files_pid_file(blueman_var_run_t)
|
|
|
8883bdb |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
Dominick Grift |
35d2ea0 |
# Local policy
|
|
|
1ec3d1a |
#
|
|
|
f77acbb |
|
|
|
de5a52c |
allow blueman_t self:capability { net_admin sys_nice };
|
|
|
7db1037 |
allow blueman_t self:process { execmem signal_perms setsched };
|
|
|
f77acbb |
|
|
|
1ec3d1a |
allow blueman_t self:fifo_file rw_fifo_file_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
|
|
|
1ec3d1a |
manage_files_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
|
|
|
3bae354 |
files_var_lib_filetrans(blueman_t, blueman_var_lib_t, dir)
|
|
|
1ec3d1a |
|
|
|
8883bdb |
manage_dirs_pattern(blueman_t, blueman_var_run_t, blueman_var_run_t)
|
|
|
8883bdb |
manage_files_pattern(blueman_t, blueman_var_run_t, blueman_var_run_t)
|
|
|
8883bdb |
files_pid_filetrans(blueman_t, blueman_var_run_t, { dir file })
|
|
|
8883bdb |
|
|
Dominick Grift |
1272233 |
kernel_read_net_sysctls(blueman_t)
|
|
|
1ec3d1a |
kernel_read_system_state(blueman_t)
|
|
|
de5a52c |
kernel_request_load_module(blueman_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
corecmd_exec_bin(blueman_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
dev_read_rand(blueman_t)
|
|
|
1ec3d1a |
dev_read_urand(blueman_t)
|
|
|
1ec3d1a |
dev_rw_wireless(blueman_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domain_use_interactive_fds(blueman_t)
|
|
|
1ec3d1a |
|
|
Dominick Grift |
ed886ae |
files_list_tmp(blueman_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
auth_use_nsswitch(blueman_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
logging_send_syslog_msg(blueman_t)
|
|
|
1ec3d1a |
|
|
|
8883bdb |
sysnet_domtrans_ifconfig(blueman_t)
|
|
|
8883bdb |
sysnet_dns_name_resolve(blueman_t)
|
|
|
8883bdb |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
avahi_domtrans(blueman_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
07b7aba |
dbus_system_domain(blueman_t, blueman_exec_t)
|
|
|
07b7aba |
')
|
|
|
07b7aba |
|
|
|
07b7aba |
optional_policy(`
|
|
|
8883bdb |
dnsmasq_domtrans(blueman_t)
|
|
|
8883bdb |
dnsmasq_read_pid_files(blueman_t)
|
|
|
8883bdb |
')
|
|
|
8883bdb |
|
|
|
8883bdb |
optional_policy(`
|
|
|
1ec3d1a |
gnome_search_gconf(blueman_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
8883bdb |
iptables_domtrans(blueman_t)
|
|
|
8883bdb |
')
|
|
|
8883bdb |
|
|
|
8883bdb |
optional_policy(`
|
|
|
1ec3d1a |
xserver_read_state_xdm(blueman_t)
|
|
|
1ec3d1a |
')
|