psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame evolution.if

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   evolution.if
Blob History Raw
Dominick Grift d842008 
## <summary>Evolution email client.</summary>
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Dominick Grift d842008 
##	Role access for evolution.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="role">
Chris PeBenito 9401ae1 
##	<summary>
Dominick Grift 8bba02a 
##	Role allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Dominick Grift 8bba02a 
##	User domain for the role.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`evolution_role',`
Chris PeBenito 9401ae1 
	gen_require(`
Dominick Grift d842008 
		attribute_role evolution_roles;
Chris PeBenito 9401ae1 
		type evolution_t, evolution_exec_t, evolution_home_t;
Dominick Grift 691d69f 
		type evolution_alarm_t, evolution_alarm_exec_t, evolution_alarm_orbit_tmp_t;
Dominick Grift 691d69f 
		type evolution_exchange_t, evolution_exchange_exec_t, evolution_exchange_tmp_t;
Dominick Grift 691d69f 
		type evolution_exchange_orbit_tmp_t, evolution_orbit_tmp_t, evolution_server_orbit_tmp_t;
Dominick Grift 691d69f 
		type evolution_server_t, evolution_server_exec_t, evolution_webcal_t;
Dominick Grift 691d69f 
		type evolution_webcal_exec_t, evolution_alarm_tmpfs_t, evolution_exchange_tmpfs_t;
Dominick Grift 691d69f 
		type evolution_tmpfs_t, evolution_webcal_tmpfs_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Dominick Grift d842008 
	roleattribute $1 evolution_roles;
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	domtrans_pattern($2, evolution_exec_t, evolution_t)
Chris PeBenito 9401ae1 
	domtrans_pattern($2, evolution_alarm_exec_t, evolution_alarm_t)
Chris PeBenito 9401ae1 
	domtrans_pattern($2, evolution_exchange_exec_t, evolution_exchange_t)
Chris PeBenito 9401ae1 
	domtrans_pattern($2, evolution_server_exec_t, evolution_server_t)
Chris PeBenito 9401ae1 
	domtrans_pattern($2, evolution_webcal_exec_t, evolution_webcal_t)
Chris PeBenito 9401ae1
Dominick Grift 691d69f 
	allow $2 { evolution_t evolution_alarm_t evolution_exchange_t evolution_server_t evolution_webcal_t }:process { noatsecure ptrace signal_perms };
Dominick Grift d842008 
	ps_process_pattern($2, { evolution_t evolution_alarm_t evolution_exchange_t })
Dominick Grift d842008 
	ps_process_pattern($2, { evolution_server_t evolution_webcal_t })
Chris PeBenito 9401ae1
Dominick Grift 691d69f 
	allow evolution_t $2:dir search_dir_perms;
Dominick Grift 691d69f 
	allow evolution_t $2:file read_file_perms;
Dominick Grift 691d69f 
	allow evolution_t $2:lnk_file read_lnk_file_perms;
Chris PeBenito 9401ae1
Dominick Grift d842008 
	allow $2 evolution_home_t:dir { relabel_dir_perms manage_dir_perms };
Dominick Grift d842008 
	allow $2 evolution_home_t:file { relabel_file_perms manage_file_perms };
Dominick Grift d842008 
	allow $2 evolution_home_t:lnk_file { relabel_lnk_file_perms manage_lnk_file_perms };
Chris PeBenito 9401ae1
Dominick Grift 691d69f 
	userdom_user_home_dir_filetrans($2, evolution_home_t, dir, ".camel_certs")
Dominick Grift 691d69f 
	userdom_user_home_dir_filetrans($2, evolution_home_t, dir, ".evolution")
Dominick Grift 691d69f
Dominick Grift 691d69f 
	allow $2 evolution_exchange_tmp_t:dir { manage_dir_perms relabel_dir_perms };
Dominick Grift 691d69f 
	allow $2 { evolution_alarm_orbit_tmp_t evolution_exchange_orbit_tmp_t evolution_orbit_tmp_t evolution_server_orbit_tmp_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
Dominick Grift 691d69f
Dominick Grift 691d69f 
	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
Dominick Grift 691d69f 
	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:file { manage_file_perms relabel_file_perms };
Dominick Grift 691d69f 
	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
Dominick Grift 691d69f 
	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
Dominick Grift 691d69f 
	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
Dominick Grift 691d69f
Dominick Grift d842008 
	allow { evolution_t evolution_exchange_t } $2:unix_stream_socket connectto;
Chris PeBenito 9401ae1
Dominick Grift d842008 
	stream_connect_pattern($2, evolution_orbit_tmp_t, evolution_orbit_tmp_t, evolution_t)
Dominick Grift d842008 
	stream_connect_pattern($2, evolution_exchange_orbit_tmp_t, evolution_exchange_orbit_tmp_t, evolution_exchange_t)
Dominick Grift 961bed8
Dominick Grift 961bed8 
	optional_policy(`
Dominick Grift 961bed8 
		evolution_dbus_chat($2)
Dominick Grift 961bed8 
		evolution_alarm_dbus_chat($2)
Dominick Grift 961bed8 
	')
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Dominick Grift d842008 
##	Create objects in the evolution home
Dominick Grift d842008 
##	directories with a private type.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Dominick Grift d842008 
## <param name="private_type">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Private file type.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Dominick Grift d842008 
## <param name="object_class">
Chris PeBenito 9401ae1 
##	<summary>
Dominick Grift d842008 
##	Class of the object being created.
Dominick Grift d842008 
##	</summary>
Dominick Grift d842008 
## </param>
Dominick Grift d842008 
## <param name="name" optional="true">
Dominick Grift d842008 
##	<summary>
Dominick Grift d842008 
##	The name of the object being created.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`evolution_home_filetrans',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type evolution_home_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Dominick Grift d842008 
	userdom_search_user_home_dirs($1)
Dominick Grift d842008 
	filetrans_pattern($1, evolution_home_t, $2, $3, $4)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Dominick Grift d842008 
##	Connect to evolution using a unix
Dominick Grift d842008 
##	domain stream socket.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`evolution_stream_connect',`
Chris PeBenito 9401ae1 
	gen_require(`
Dominick Grift d842008 
		type evolution_t, evolution_orbit_tmp_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Dominick Grift d842008
Dominick Grift d842008 
	files_search_tmp($1)
Dominick Grift d842008 
	stream_connect_pattern($1, evolution_orbit_tmp_t, evolution_orbit_tmp_t, evolution_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Chris PeBenito 9401ae1 
##	Send and receive messages from
Chris PeBenito 9401ae1 
##	evolution over dbus.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`evolution_dbus_chat',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type evolution_t;
Chris PeBenito 9401ae1 
		class dbus send_msg;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	allow $1 evolution_t:dbus send_msg;
Chris PeBenito 9401ae1 
	allow evolution_t $1:dbus send_msg;
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Chris PeBenito 9401ae1 
##	Send and receive messages from
Chris PeBenito 9401ae1 
##	evolution_alarm over dbus.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`evolution_alarm_dbus_chat',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type evolution_alarm_t;
Chris PeBenito 9401ae1 
		class dbus send_msg;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	allow $1 evolution_alarm_t:dbus send_msg;
Chris PeBenito 9401ae1 
	allow evolution_alarm_t $1:dbus send_msg;
Chris PeBenito 9401ae1 
')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.