43 lines
1.1 KiB
Plaintext
43 lines
1.1 KiB
Plaintext
## <summary>giFT peer to peer file sharing tool</summary>
|
|
|
|
############################################################
|
|
## <summary>
|
|
## Role access for gift
|
|
## </summary>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## User domain for the role
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`gift_role',`
|
|
gen_require(`
|
|
type gift_t, gift_exec_t;
|
|
type giftd_t, giftd_exec_t;
|
|
type gift_home_t;
|
|
')
|
|
|
|
role $1 types { gift_t giftd_t };
|
|
|
|
# transition from user domain
|
|
domtrans_pattern($2, gift_exec_t, gift_t)
|
|
domtrans_pattern($2, giftd_exec_t, giftd_t)
|
|
|
|
# user managed content
|
|
manage_dirs_pattern($2, gift_home_t, gift_home_t)
|
|
manage_files_pattern($2, gift_home_t, gift_home_t)
|
|
manage_lnk_files_pattern($2, gift_home_t, gift_home_t)
|
|
relabel_dirs_pattern($2, gift_home_t, gift_home_t)
|
|
relabel_files_pattern($2, gift_home_t, gift_home_t)
|
|
relabel_lnk_files_pattern($2, gift_home_t, gift_home_t)
|
|
|
|
# Allow the user domain to signal/ps.
|
|
ps_process_pattern($2, { gift_t giftd_t })
|
|
allow $2 { gift_t giftd_t }:process signal_perms;
|
|
')
|