selinux-policy/policy/modules/apps/xscreensaver.if

## <summary>xscreensaver policy interface</summary>

########################################
## <summary>
##	Role access for xscreensaver
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`xscreensaver_role',`
	gen_require(`
		type xscreensaver_t, xscreensaver_exec_t;
	')

	role $1 types xscreensaver_t;

	domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t)

	allow xscreensaver_t $2:fd use;

	# Allow the user domain to signal/ps.
	ps_process_pattern($2, xscreensaver_t)
	allow $2 xscreensaver_t:process signal_perms;
	allow xscreensaver_t $2:process sigchld;

')
SELinux xscreensaver policy support Hello This a patch for adding xscreensaver policy. I think it need a specific policy because of the auth_domtrans_chk_passwd. cordially Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr> 2009-09-11 12:21:59 +00:00			`## <summary>xscreensaver policy interface</summary>`

			`########################################`
			`## <summary>`
			`## Role access for xscreensaver`
			`## </summary>`
			`## <param name="role">`
			`## <summary>`
			`## Role allowed access`
			`## </summary>`
			`## </param>`
			`## <param name="domain">`
			`## <summary>`
			`## User domain for the role`
			`## </summary>`
			`## </param>`
			`#`
			interface(`xscreensaver_role',`
			gen_require(`
			`type xscreensaver_t, xscreensaver_exec_t;`
			`')`

			`role $1 types xscreensaver_t;`

			`domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t)`

			`allow xscreensaver_t $2:fd use;`

			`# Allow the user domain to signal/ps.`
			`ps_process_pattern($2, xscreensaver_t)`
			`allow $2 xscreensaver_t:process signal_perms;`
			`allow xscreensaver_t $2:process sigchld;`

			`')`