Tree - rpms/selinux-policy - src.fedoraproject.org

psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago

Blame thumb.if

Blob History Raw

		1ec3d1a
		1ec3d1a	`## <summary>policy for thumb</summary>`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Transition to thumb.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`thumb_domtrans',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type thumb_t, thumb_exec_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`corecmd_search_bin($1)`
		1ec3d1a	`domtrans_pattern($1, thumb_exec_t, thumb_t)`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Execute thumb in the thumb domain, and`
		1ec3d1a	`## allow the specified role the thumb domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed to transition`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <param name="role">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## The role to be allowed the thumb domain.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`thumb_run',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type thumb_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`thumb_domtrans($1)`
		1ec3d1a	`role $2 types thumb_t;`
		1ec3d1a
		1dd934d	`allow $1 thumb_t:process signal_perms;`
		1dd934d
		1dd934d	`dontaudit thumb_t $1:dir list_dir_perms;`
		1dd934d	`dontaudit thumb_t $1:file read_file_perms;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Role access for thumb`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="role">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Role allowed access`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## User domain for the role`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`thumb_role',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type thumb_t;`
		1ec3d1a	`class dbus send_msg;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`role $1 types thumb_t;`
		1ec3d1a
		1ec3d1a	`thumb_domtrans($2)`
		1ec3d1a
		1ec3d1a	`ps_process_pattern($2, thumb_t)`
		1ec3d1a	`allow $2 thumb_t:process signal;`
		1ec3d1a	`allow thumb_t $2:unix_stream_socket connectto;`
		1ec3d1a
		1ec3d1a	`allow $2 thumb_t:dbus send_msg;`
		1ec3d1a	`allow thumb_t $2:dbus send_msg;`
		1ec3d1a	`thumb_filetrans_home_content($2)`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Send and receive messages from`
		1ec3d1a	`## thumb over dbus.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed access.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`thumb_dbus_chat',`
		1ec3d1a	gen_require(`
		1ec3d1a	`type thumb_t;`
		1ec3d1a	`class dbus send_msg;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`allow $1 thumb_t:dbus send_msg;`
		1ec3d1a	`allow thumb_t $1:dbus send_msg;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`########################################`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Create thumb content in the user home directory`
		1ec3d1a	`## with an correct label.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## <param name="domain">`
		1ec3d1a	`## <summary>`
		1ec3d1a	`## Domain allowed access.`
		1ec3d1a	`## </summary>`
		1ec3d1a	`## </param>`
		1ec3d1a	`#`
		1ec3d1a	interface(`thumb_filetrans_home_content',`
		1ec3d1a
		1ec3d1a	gen_require(`
		1ec3d1a	`type thumb_home_t;`
		1ec3d1a	`')`
		1ec3d1a
		1ec3d1a	`userdom_user_home_dir_filetrans($1, thumb_home_t, dir, ".thumbnails")`
		1ec3d1a	`userdom_user_home_dir_filetrans($1, thumb_home_t, file, "missfont.log")`
		1ec3d1a	`')`

psss / rpms / selinux-policy

Source Code

Blame thumb.if