selinux-policy/policy/modules/services/devicekit.te
Dominick Grift 68ac47d8c5 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-22 15:41:42 +02:00

312 lines
8.4 KiB
Plaintext

policy_module(devicekit, 1.1.0)
########################################
#
# Declarations
#
type devicekit_t;
type devicekit_exec_t;
dbus_system_domain(devicekit_t, devicekit_exec_t)
type devicekit_power_t;
type devicekit_power_exec_t;
dbus_system_domain(devicekit_power_t, devicekit_power_exec_t)
type devicekit_disk_t;
type devicekit_disk_exec_t;
dbus_system_domain(devicekit_disk_t, devicekit_disk_exec_t)
type devicekit_tmp_t;
files_tmp_file(devicekit_tmp_t)
type devicekit_var_run_t;
files_pid_file(devicekit_var_run_t)
type devicekit_var_lib_t;
files_type(devicekit_var_lib_t)
########################################
#
# DeviceKit local policy
#
allow devicekit_t self:unix_dgram_socket create_socket_perms;
manage_dirs_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
manage_files_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)
files_pid_filetrans(devicekit_t, devicekit_var_run_t, { file dir })
kernel_read_system_state(devicekit_t)
dev_read_sysfs(devicekit_t)
dev_read_urand(devicekit_t)
files_read_etc_files(devicekit_t)
miscfiles_read_localization(devicekit_t)
optional_policy(`
dbus_system_bus_client(devicekit_t)
allow devicekit_t devicekit_disk_t:dbus send_msg;
allow devicekit_t devicekit_power_t:dbus send_msg;
')
optional_policy(`
udev_read_db(devicekit_t)
')
########################################
#
# DeviceKit disk local policy
#
allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_admin sys_nice sys_ptrace sys_rawio };
allow devicekit_disk_t self:process { getsched signal_perms };
allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
manage_dirs_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)
manage_files_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)
files_tmp_filetrans(devicekit_disk_t, devicekit_tmp_t, { file dir })
manage_dirs_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
manage_files_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
files_var_lib_filetrans(devicekit_disk_t, devicekit_var_lib_t, dir)
allow devicekit_disk_t devicekit_var_run_t:dir mounton;
manage_dirs_pattern(devicekit_disk_t, devicekit_var_run_t, devicekit_var_run_t)
manage_files_pattern(devicekit_disk_t, devicekit_var_run_t, devicekit_var_run_t)
files_pid_filetrans(devicekit_disk_t, devicekit_var_run_t, { file dir })
kernel_list_unlabeled(devicekit_disk_t)
kernel_getattr_message_if(devicekit_disk_t)
kernel_read_fs_sysctls(devicekit_disk_t)
kernel_read_network_state(devicekit_disk_t)
kernel_read_software_raid_state(devicekit_disk_t)
kernel_read_system_state(devicekit_disk_t)
kernel_request_load_module(devicekit_disk_t)
kernel_setsched(devicekit_disk_t)
corecmd_exec_bin(devicekit_disk_t)
corecmd_exec_shell(devicekit_disk_t)
corecmd_getattr_all_executables(devicekit_disk_t)
dev_rw_sysfs(devicekit_disk_t)
dev_read_urand(devicekit_disk_t)
dev_getattr_usbfs_dirs(devicekit_disk_t)
dev_manage_generic_files(devicekit_disk_t)
dev_getattr_all_chr_files(devicekit_disk_t)
dev_getattr_mtrr_dev(devicekit_disk_t)
domain_getattr_all_pipes(devicekit_disk_t)
domain_getattr_all_sockets(devicekit_disk_t)
domain_getattr_all_stream_sockets(devicekit_disk_t)
domain_read_all_domains_state(devicekit_disk_t)
files_dontaudit_read_all_symlinks(devicekit_disk_t)
files_getattr_all_sockets(devicekit_disk_t)
files_getattr_all_dirs(devicekit_disk_t)
files_getattr_all_files(devicekit_disk_t)
files_getattr_all_pipes(devicekit_disk_t)
files_manage_boot_dirs(devicekit_disk_t)
files_manage_isid_type_dirs(devicekit_disk_t)
files_manage_mnt_dirs(devicekit_disk_t)
files_read_etc_files(devicekit_disk_t)
files_read_etc_runtime_files(devicekit_disk_t)
files_read_usr_files(devicekit_disk_t)
fs_list_inotifyfs(devicekit_disk_t)
fs_manage_fusefs_dirs(devicekit_disk_t)
fs_mount_all_fs(devicekit_disk_t)
fs_unmount_all_fs(devicekit_disk_t)
fs_search_all(devicekit_disk_t)
mls_file_read_all_levels(devicekit_disk_t)
mls_file_write_to_clearance(devicekit_disk_t)
storage_raw_read_fixed_disk(devicekit_disk_t)
storage_raw_write_fixed_disk(devicekit_disk_t)
storage_raw_read_removable_device(devicekit_disk_t)
storage_raw_write_removable_device(devicekit_disk_t)
term_use_all_terms(devicekit_disk_t)
auth_use_nsswitch(devicekit_disk_t)
miscfiles_read_localization(devicekit_disk_t)
userdom_read_all_users_state(devicekit_disk_t)
userdom_search_user_home_dirs(devicekit_disk_t)
optional_policy(`
dbus_system_bus_client(devicekit_disk_t)
allow devicekit_disk_t devicekit_t:dbus send_msg;
optional_policy(`
consolekit_dbus_chat(devicekit_disk_t)
')
')
optional_policy(`
fstools_domtrans(devicekit_disk_t)
')
optional_policy(`
lvm_domtrans(devicekit_disk_t)
')
optional_policy(`
mount_domtrans(devicekit_disk_t)
')
optional_policy(`
policykit_dbus_chat(devicekit_disk_t)
policykit_domtrans_auth(devicekit_disk_t)
policykit_read_lib(devicekit_disk_t)
policykit_read_reload(devicekit_disk_t)
')
optional_policy(`
raid_domtrans_mdadm(devicekit_disk_t)
')
optional_policy(`
udev_domtrans(devicekit_disk_t)
udev_read_db(devicekit_disk_t)
')
optional_policy(`
virt_manage_images(devicekit_disk_t)
')
optional_policy(`
unconfined_domain(devicekit_t)
unconfined_domain(devicekit_power_t)
unconfined_domain(devicekit_disk_t)
')
########################################
#
# DeviceKit-Power local policy
#
allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
allow devicekit_power_t self:process { getsched signal_perms };
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
manage_dirs_pattern(devicekit_power_t, devicekit_tmp_t, devicekit_tmp_t)
manage_files_pattern(devicekit_power_t, devicekit_tmp_t, devicekit_tmp_t)
files_tmp_filetrans(devicekit_power_t, devicekit_tmp_t, { file dir })
manage_dirs_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
manage_files_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)
files_var_lib_filetrans(devicekit_power_t, devicekit_var_lib_t, dir)
kernel_read_network_state(devicekit_power_t)
kernel_read_system_state(devicekit_power_t)
kernel_rw_hotplug_sysctls(devicekit_power_t)
kernel_rw_kernel_sysctl(devicekit_power_t)
kernel_search_debugfs(devicekit_power_t)
kernel_write_proc_files(devicekit_power_t)
corecmd_exec_bin(devicekit_power_t)
corecmd_exec_shell(devicekit_power_t)
consoletype_exec(devicekit_power_t)
domain_read_all_domains_state(devicekit_power_t)
dev_read_input(devicekit_power_t)
dev_rw_generic_usb_dev(devicekit_power_t)
dev_rw_generic_chr_files(devicekit_power_t)
dev_rw_netcontrol(devicekit_power_t)
dev_rw_sysfs(devicekit_power_t)
dev_read_rand(devicekit_power_t)
files_read_kernel_img(devicekit_power_t)
files_read_etc_files(devicekit_power_t)
files_read_usr_files(devicekit_power_t)
fs_list_inotifyfs(devicekit_power_t)
fs_getattr_all_fs(devicekit_power_t)
term_use_all_terms(devicekit_power_t)
auth_use_nsswitch(devicekit_power_t)
miscfiles_read_localization(devicekit_power_t)
modutils_domtrans_insmod(devicekit_power_t)
sysnet_read_config(devicekit_power_t)
sysnet_domtrans_ifconfig(devicekit_power_t)
sysnet_domtrans_dhcpc(devicekit_power_t)
userdom_read_all_users_state(devicekit_power_t)
optional_policy(`
bootloader_domtrans(devicekit_power_t)
')
optional_policy(`
cron_initrc_domtrans(devicekit_power_t)
')
optional_policy(`
dbus_system_bus_client(devicekit_power_t)
allow devicekit_power_t devicekit_t:dbus send_msg;
optional_policy(`
consolekit_dbus_chat(devicekit_power_t)
')
optional_policy(`
networkmanager_dbus_chat(devicekit_power_t)
')
optional_policy(`
rpm_dbus_chat(devicekit_power_t)
')
')
optional_policy(`
fstools_domtrans(devicekit_power_t)
')
optional_policy(`
gnome_read_home_config(devicekit_power_t)
')
optional_policy(`
hal_domtrans_mac(devicekit_power_t)
hal_manage_log(devicekit_power_t)
hal_manage_pid_dirs(devicekit_power_t)
hal_manage_pid_files(devicekit_power_t)
hal_dbus_chat(devicekit_power_t)
')
optional_policy(`
policykit_dbus_chat(devicekit_power_t)
policykit_domtrans_auth(devicekit_power_t)
policykit_read_lib(devicekit_power_t)
policykit_read_reload(devicekit_power_t)
')
optional_policy(`
udev_read_db(devicekit_power_t)
')
optional_policy(`
usbmuxd_stream_connect(devicekit_power_t)
')
optional_policy(`
vbetool_domtrans(devicekit_power_t)
')