51 lines
923 B
Plaintext
51 lines
923 B
Plaintext
|
|
policy_module(wine, 1.6.1)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type wine_t;
|
|
type wine_exec_t;
|
|
application_domain(wine_t, wine_exec_t)
|
|
ubac_constrained(wine_t)
|
|
role system_r types wine_t;
|
|
|
|
type wine_tmp_t;
|
|
files_tmp_file(wine_tmp_t)
|
|
ubac_constrained(wine_tmp_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow wine_t self:process { execstack execmem execheap };
|
|
allow wine_t self:fifo_file manage_fifo_file_perms;
|
|
|
|
can_exec(wine_t, wine_exec_t)
|
|
|
|
manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
|
|
manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
|
|
files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
|
|
|
|
domain_mmap_low(wine_t)
|
|
|
|
files_execmod_all_files(wine_t)
|
|
|
|
userdom_use_user_terminals(wine_t)
|
|
|
|
optional_policy(`
|
|
hal_dbus_chat(wine_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
unconfined_domain_noaudit(wine_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
xserver_read_xdm_pid(wine_t)
|
|
xserver_rw_shm(wine_t)
|
|
')
|