Tree - rpms/selinux-policy - src.fedoraproject.org

psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Files

Blob Blame History Raw

## <summary>policy for thumb</summary>

########################################
## <summary>
##	Transition to thumb.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`thumb_domtrans',`
	gen_require(`
		type thumb_t, thumb_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, thumb_exec_t, thumb_t)
')


########################################
## <summary>
##	Execute thumb in the thumb domain, and
##	allow the specified role the thumb domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the thumb domain.
##	</summary>
## </param>
#
interface(`thumb_run',`
	gen_require(`
		type thumb_t;
	')

	thumb_domtrans($1)
	role $2 types thumb_t;

	allow $1 thumb_t:process signal_perms;

	dontaudit thumb_t $1:dir list_dir_perms;
	dontaudit thumb_t $1:file read_file_perms;
')

########################################
## <summary>
##	Role access for thumb
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`thumb_role',`
	gen_require(`
		type thumb_t;
		class dbus send_msg;
	')

	role $1 types thumb_t;

	thumb_domtrans($2)

	ps_process_pattern($2, thumb_t)
	allow $2 thumb_t:process signal;
	allow thumb_t $2:unix_stream_socket connectto;

	allow $2 thumb_t:dbus send_msg;
	allow thumb_t $2:dbus send_msg;
	thumb_filetrans_home_content($2)
')

########################################
## <summary>
##      Send and receive messages from
##      thumb over dbus.
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
#
interface(`thumb_dbus_chat',`
        gen_require(`
                type thumb_t;
                class dbus send_msg;
        ')

        allow $1 thumb_t:dbus send_msg;
        allow thumb_t $1:dbus send_msg;
')

########################################
## <summary>
##	Create thumb content in the user home directory
##	with an correct label.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`thumb_filetrans_home_content',`

	gen_require(`
		type thumb_home_t;
	')

	userdom_user_home_dir_filetrans($1, thumb_home_t, dir, ".thumbnails")
	userdom_user_home_dir_filetrans($1, thumb_home_t, file, "missfont.log")
')
psss / rpms / selinux-policy

Source Code

Files
