selinux-policy/policy/modules/apps/gift.if
2008-11-05 16:10:46 +00:00

43 lines
1.1 KiB
Plaintext

## <summary>giFT peer to peer file sharing tool</summary>
############################################################
## <summary>
## Role access for gift
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`gift_role',`
gen_require(`
type gift_t, gift_exec_t;
type giftd_t, giftd_exec_t;
type gift_home_t;
')
role $1 types { gift_t giftd_t };
# transition from user domain
domtrans_pattern($2, gift_exec_t, gift_t)
domtrans_pattern($2, giftd_exec_t, giftd_t)
# user managed content
manage_dirs_pattern($2, gift_home_t, gift_home_t)
manage_files_pattern($2, gift_home_t, gift_home_t)
manage_lnk_files_pattern($2, gift_home_t, gift_home_t)
relabel_dirs_pattern($2, gift_home_t, gift_home_t)
relabel_files_pattern($2, gift_home_t, gift_home_t)
relabel_lnk_files_pattern($2, gift_home_t, gift_home_t)
# Allow the user domain to signal/ps.
ps_process_pattern($2, { gift_t giftd_t })
allow $2 { gift_t giftd_t }:process signal_perms;
')