2010-07-14 18:45:39 +00:00
|
|
|
## <summary>AccountsService and daemon for manipulating user account information via D-Bus</summary>
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute a domain transition to run accountsd.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-17 06:54:12 +00:00
|
|
|
## <summary>
|
2010-07-14 18:45:39 +00:00
|
|
|
## Domain allowed access.
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-17 06:54:12 +00:00
|
|
|
## </summary>
|
2010-07-14 18:45:39 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`accountsd_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type accountsd_t, accountsd_exec_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
domtrans_pattern($1, accountsd_exec_t, accountsd_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
2010-08-03 13:50:40 +00:00
|
|
|
## Do not audit attempts to read and write Accounts Daemon
|
|
|
|
## fifo file.
|
2010-07-14 18:45:39 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
2010-10-01 15:58:15 +00:00
|
|
|
## Domain to not audit.
|
2010-07-14 18:45:39 +00:00
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2010-08-03 13:50:40 +00:00
|
|
|
interface(`accountsd_dontaudit_rw_fifo_file',`
|
2010-07-14 18:45:39 +00:00
|
|
|
gen_require(`
|
2010-08-03 13:50:40 +00:00
|
|
|
type accountsd_t;
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
2010-08-03 13:50:40 +00:00
|
|
|
dontaudit $1 accountsd_t:fifo_file rw_fifo_file_perms;
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
2010-08-03 13:50:40 +00:00
|
|
|
## Send and receive messages from
|
|
|
|
## accountsd over dbus.
|
2010-07-14 18:45:39 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2010-08-03 13:50:40 +00:00
|
|
|
interface(`accountsd_dbus_chat',`
|
2010-07-14 18:45:39 +00:00
|
|
|
gen_require(`
|
2010-08-03 13:50:40 +00:00
|
|
|
type accountsd_t;
|
|
|
|
class dbus send_msg;
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
2010-08-03 13:50:40 +00:00
|
|
|
allow $1 accountsd_t:dbus send_msg;
|
|
|
|
allow accountsd_t $1:dbus send_msg;
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
2010-08-03 13:50:40 +00:00
|
|
|
## Search accountsd lib directories.
|
2010-07-14 18:45:39 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2010-08-03 13:50:40 +00:00
|
|
|
interface(`accountsd_search_lib',`
|
2010-07-14 18:45:39 +00:00
|
|
|
gen_require(`
|
|
|
|
type accountsd_var_lib_t;
|
|
|
|
')
|
|
|
|
|
2010-08-03 13:50:40 +00:00
|
|
|
allow $1 accountsd_var_lib_t:dir search_dir_perms;
|
2010-07-14 18:45:39 +00:00
|
|
|
files_search_var_lib($1)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
2010-08-03 13:50:40 +00:00
|
|
|
## Read accountsd lib files.
|
2010-07-14 18:45:39 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2010-08-03 13:50:40 +00:00
|
|
|
interface(`accountsd_read_lib_files',`
|
2010-07-14 18:45:39 +00:00
|
|
|
gen_require(`
|
2010-08-03 13:50:40 +00:00
|
|
|
type accountsd_var_lib_t;
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
2010-08-03 13:50:40 +00:00
|
|
|
files_search_var_lib($1)
|
|
|
|
read_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
2010-08-03 13:50:40 +00:00
|
|
|
## Create, read, write, and delete
|
|
|
|
## accountsd lib files.
|
2010-07-14 18:45:39 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2010-08-03 13:50:40 +00:00
|
|
|
interface(`accountsd_manage_lib_files',`
|
2010-07-14 18:45:39 +00:00
|
|
|
gen_require(`
|
2010-08-03 13:50:40 +00:00
|
|
|
type accountsd_var_lib_t;
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
2010-08-03 13:50:40 +00:00
|
|
|
files_search_var_lib($1)
|
|
|
|
manage_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
|
2010-07-14 18:45:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## All of the rules required to administrate
|
|
|
|
## an accountsd environment
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## Role allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`accountsd_admin',`
|
|
|
|
gen_require(`
|
|
|
|
type accountsd_t;
|
|
|
|
')
|
2010-08-03 13:50:40 +00:00
|
|
|
|
2010-09-15 08:23:24 +00:00
|
|
|
allow $1 accountsd_t:process { ptrace signal_perms };
|
2010-08-03 13:50:40 +00:00
|
|
|
ps_process_pattern($1, accountsd_t)
|
2010-07-14 18:45:39 +00:00
|
|
|
|
|
|
|
accountsd_manage_lib_files($1)
|
|
|
|
')
|