# # Bonobo # # Author: Ivan Gyurdiev # # bonobo_domain(role_prefix) - invoke per role # bonobo_client(app_prefix, role_prefix) - invoke per client app # bonobo_connect(type1_prefix, type2_prefix) - # connect two bonobo clients, the channel is bidirectional ###################### define(`bonobo_domain', ` # Protect against double inclusion for faster compile ifdef(`bonobo_domain_$1', `', ` define(`bonobo_domain_$1') # Type for daemon type $1_bonobo_t, domain, nscd_client_domain; # Transition from caller domain_auto_trans($1_t, bonobo_exec_t, $1_bonobo_t) role $1_r types $1_bonobo_t; # Shared libraries, gconv-modules uses_shlib($1_bonobo_t) allow $1_bonobo_t lib_t:file r_file_perms; read_locale($1_bonobo_t) read_sysctl($1_bonobo_t) # Session management # FIXME: More specific context is needed for gnome-session ice_connect($1_bonobo, $1) # nsswitch.conf allow $1_bonobo_t etc_t:file { read getattr }; # Fork to start apps allow $1_bonobo_t self:process { fork sigchld setpgid getsched signal }; allow $1_bonobo_t self:fifo_file rw_file_perms; # ??? allow $1_bonobo_t root_t:dir search; allow $1_bonobo_t home_root_t:dir search; allow $1_bonobo_t $1_home_dir_t:dir search; # libexec ??? allow $1_bonobo_t bin_t:dir search; # ORBit sockets for bonobo orbit_domain($1_bonobo, $1) # Bonobo can launch evolution ifdef(`evolution.te', ` domain_auto_trans($1_bonobo_t, evolution_exec_t, $1_evolution_t) domain_auto_trans($1_bonobo_t, evolution_alarm_exec_t, $1_evolution_alarm_t) domain_auto_trans($1_bonobo_t, evolution_webcal_exec_t, $1_evolution_webcal_t) domain_auto_trans($1_bonobo_t, evolution_server_exec_t, $1_evolution_server_t) domain_auto_trans($1_bonobo_t, evolution_exchange_exec_t, $1_evolution_exchange_t) ') # Bonobo can launch GNOME vfs daemon ifdef(`gnome_vfs.te', ` domain_auto_trans($1_bonobo_t, gnome_vfs_exec_t, $1_gnome_vfs_t) ') # Transition to ROLE_t on bin_t apps # FIXME: The goal is to get rid of this rule, as it # defeats the purpose of a separate domain. It is only # here temporarily, since bonobo runs as ROLE_t by default anyway domain_auto_trans($1_bonobo_t, bin_t, $1_t) can_pipe_xdm($1_bonobo_t) ') dnl ifdef bonobo_domain_args ') dnl bonobo_domain ##################### define(`bonobo_client', ` # Protect against double inclusion for faster compile ifdef(`bonobo_client_$1_$2', `', ` define(`bonobo_client_$1_$2') # Connect over bonobo bonobo_connect($1, $2_gconfd, $1) # Create ORBit sockets orbit_domain($1, $2) # Connect to bonobo orbit_connect($1, $2_bonobo) orbit_connect($2_bonobo, $1) # Lock /tmp/bonobo-activation-register.lock # Stat /tmp/bonobo-activation-server.ior # FIXME: this should probably be of type $2_bonobo.. # Note that this is file, not sock_file allow $1_t $2_orbit_tmp_t:file { getattr read write lock }; domain_auto_trans($1_t, bonobo_exec_t, $2_bonobo_t) ') dnl ifdef bonobo_client_args ') dnl bonobo_client ##################### define(`bonobo_connect', ` # FIXME: Should there be a macro for unidirectional conn. ? orbit_connect($1, $2) orbit_connect($2, $1) ') dnl bonobo_connect