|
|
1ec3d1a |
|
|
|
1ec3d1a |
## <summary>policy for nsplugin</summary>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Create, read, write, and delete
|
|
|
1ec3d1a |
## nsplugin rw files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_manage_rw_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_rw_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 nsplugin_rw_t:file manage_file_perms;
|
|
|
1ec3d1a |
allow $1 nsplugin_rw_t:dir rw_dir_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Manage nsplugin rw files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_manage_rw',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_rw_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
manage_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
manage_lnk_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The per role template for the nsplugin module.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="user_role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The role associated with the user domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="user_domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The type of the user domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_role_notrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_rw_t;
|
|
|
1ec3d1a |
type nsplugin_home_t;
|
|
|
1ec3d1a |
type nsplugin_exec_t;
|
|
|
1ec3d1a |
type nsplugin_config_exec_t;
|
|
|
1ec3d1a |
type nsplugin_t;
|
|
|
1ec3d1a |
type nsplugin_config_t;
|
|
|
1ec3d1a |
class x_drawable all_x_drawable_perms;
|
|
|
1ec3d1a |
class x_resource all_x_resource_perms;
|
|
|
1ec3d1a |
class dbus send_msg;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
role $1 types nsplugin_t;
|
|
|
1ec3d1a |
role $1 types nsplugin_config_t;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow nsplugin_t $2:process signull;
|
|
|
1ec3d1a |
allow nsplugin_t $2:dbus send_msg;
|
|
|
1ec3d1a |
allow $2 nsplugin_t:dbus send_msg;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
list_dirs_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
can_exec($2, nsplugin_rw_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#Leaked File Descriptors
|
|
|
1ec3d1a |
ifdef(`hide_broken_symptoms', `
|
|
|
1ec3d1a |
dontaudit nsplugin_t $2:fifo_file rw_inherited_fifo_file_perms;
|
|
|
1ec3d1a |
dontaudit nsplugin_config_t $2:fifo_file rw_inherited_fifo_file_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
allow nsplugin_t $2:unix_stream_socket connectto;
|
|
|
1ec3d1a |
dontaudit nsplugin_t $2:process ptrace;
|
|
|
1ec3d1a |
allow nsplugin_t $2:sem rw_sem_perms;
|
|
|
1ec3d1a |
allow nsplugin_t $2:shm rw_shm_perms;
|
|
|
1ec3d1a |
dontaudit nsplugin_t $2:shm destroy;
|
|
|
1ec3d1a |
allow $2 nsplugin_t:sem rw_sem_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $2 nsplugin_t:process { getattr signal_perms };
|
|
|
1ec3d1a |
allow $2 nsplugin_t:unix_stream_socket connectto;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
# Connect to pulseaudit server
|
|
|
1ec3d1a |
stream_connect_pattern(nsplugin_t, user_home_t, user_home_t, $2)
|
|
|
1ec3d1a |
gnome_stream_connect(nsplugin_t, $2)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
userdom_use_inherited_user_terminals(nsplugin_t)
|
|
|
1ec3d1a |
userdom_use_inherited_user_terminals(nsplugin_config_t)
|
|
|
1ec3d1a |
userdom_dontaudit_setattr_user_home_content_files(nsplugin_t)
|
|
|
1ec3d1a |
userdom_manage_tmpfs_role($1, nsplugin_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
pulseaudio_role($1, nsplugin_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role access for nsplugin
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="user_role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The role associated with the user domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="user_domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The type of the user domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_role',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_exec_t;
|
|
|
1ec3d1a |
type nsplugin_config_exec_t;
|
|
|
1ec3d1a |
type nsplugin_t;
|
|
|
1ec3d1a |
type nsplugin_config_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
nsplugin_role_notrans($1, $2)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domtrans_pattern($2, nsplugin_exec_t, nsplugin_t)
|
|
|
1ec3d1a |
domtrans_pattern($2, nsplugin_config_exec_t, nsplugin_config_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The per role template for the nsplugin module.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="user_domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The type of the user domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_domtrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_exec_t;
|
|
|
1ec3d1a |
type nsplugin_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domtrans_pattern($1, nsplugin_exec_t, nsplugin_t)
|
|
|
1ec3d1a |
allow $1 nsplugin_t:unix_stream_socket connectto;
|
|
|
1ec3d1a |
allow nsplugin_t $1:process signal;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The per role template for the nsplugin module.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="user_domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The type of the user domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_domtrans_config',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_config_exec_t;
|
|
|
1ec3d1a |
type nsplugin_config_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domtrans_pattern($1, nsplugin_config_exec_t, nsplugin_config_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Search nsplugin rw directories.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_search_rw_dir',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_rw_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 nsplugin_rw_t:dir search_dir_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Read nsplugin rw files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_read_rw_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_rw_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
list_dirs_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
read_lnk_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Read nsplugin home files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_read_home',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
list_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
|
|
|
1ec3d1a |
read_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
|
|
|
1ec3d1a |
read_lnk_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Exec nsplugin rw files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_rw_exec',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_rw_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
can_exec($1, nsplugin_rw_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Create, read, write, and delete
|
|
|
1ec3d1a |
## nsplugin home files.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_manage_home_files',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## manage nnsplugin home dirs.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_manage_home_dirs',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Allow attempts to read and write to
|
|
|
1ec3d1a |
## nsplugin named pipes.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain to not audit.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_rw_pipes',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 nsplugin_home_t:fifo_file rw_fifo_file_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Read and write to nsplugin shared memory.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_rw_shm',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 nsplugin_t:shm rw_shm_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#####################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Allow read and write access to nsplugin semaphores.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_rw_semaphores',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 nsplugin_t:sem rw_sem_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute nsplugin_exec_t
|
|
|
1ec3d1a |
## in the specified domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <desc>
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
## Execute a nsplugin_exec_t
|
|
|
1ec3d1a |
## in the specified domain.
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
## No interprocess communication (signals, pipes,
|
|
|
1ec3d1a |
## etc.) is provided by this interface since
|
|
|
1ec3d1a |
## the domains are not owned by this module.
|
|
|
1ec3d1a |
##
|
|
|
1ec3d1a |
## </desc>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="target_domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The type of the new process.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_exec_domtrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_exec_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $2 nsplugin_exec_t:file entrypoint;
|
|
|
1ec3d1a |
domtrans_pattern($1, nsplugin_exec_t, $2)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Send generic signals to user nsplugin processes.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_signal',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 nsplugin_t:process signal;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Create objects in a user home directory
|
|
|
1ec3d1a |
## with an automatic type transition to
|
|
|
1ec3d1a |
## the nsplugin home file type.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="object_class">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The class of the object to be created.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_user_home_dir_filetrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, nsplugin_home_t, $2)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Create objects in a user home directory
|
|
|
1ec3d1a |
## with an automatic type transition to
|
|
|
1ec3d1a |
## the nsplugin home file type.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="object_class">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The class of the object to be created.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_user_home_filetrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
userdom_user_home_content_filetrans($1, nsplugin_home_t, $2)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Send signull signal to nsplugin
|
|
|
1ec3d1a |
## processes.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`nsplugin_signull',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type nsplugin_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 nsplugin_t:process signull;
|
|
|
1ec3d1a |
')
|