|
|
1ec3d1a |
|
|
|
1ec3d1a |
## <summary>policy for thumb</summary>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Transition to thumb.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`thumb_domtrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type thumb_t, thumb_exec_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
corecmd_search_bin($1)
|
|
|
1ec3d1a |
domtrans_pattern($1, thumb_exec_t, thumb_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute thumb in the thumb domain, and
|
|
|
1ec3d1a |
## allow the specified role the thumb domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The role to be allowed the thumb domain.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`thumb_run',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type thumb_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
thumb_domtrans($1)
|
|
|
1ec3d1a |
role $2 types thumb_t;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 thumb_t:process signal;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role access for thumb
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role allowed access
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## User domain for the role
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`thumb_role',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type thumb_t;
|
|
|
1ec3d1a |
class dbus send_msg;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
role $1 types thumb_t;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
thumb_domtrans($2)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
ps_process_pattern($2, thumb_t)
|
|
|
1ec3d1a |
allow $2 thumb_t:process signal;
|
|
|
1ec3d1a |
allow thumb_t $2:unix_stream_socket connectto;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $2 thumb_t:dbus send_msg;
|
|
|
1ec3d1a |
allow thumb_t $2:dbus send_msg;
|
|
|
1ec3d1a |
thumb_filetrans_home_content($2)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Send and receive messages from
|
|
|
1ec3d1a |
## thumb over dbus.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`thumb_dbus_chat',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type thumb_t;
|
|
|
1ec3d1a |
class dbus send_msg;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 thumb_t:dbus send_msg;
|
|
|
1ec3d1a |
allow thumb_t $1:dbus send_msg;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Create thumb content in the user home directory
|
|
|
1ec3d1a |
## with an correct label.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`thumb_filetrans_home_content',`
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type thumb_home_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, thumb_home_t, dir, ".thumbnails")
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans($1, thumb_home_t, file, "missfont.log")
|
|
|
1ec3d1a |
')
|