selinux-policy/policy/modules/apps/wine.te

61 lines
1.1 KiB
Plaintext

policy_module(wine, 1.7.2)
########################################
#
# Declarations
#
## <desc>
## <p>
## Ignore wine mmap_zero errors.
## </p>
## </desc>
gen_tunable(wine_mmap_zero_ignore, false)
type wine_t;
type wine_exec_t;
application_domain(wine_t, wine_exec_t)
ubac_constrained(wine_t)
role system_r types wine_t;
type wine_tmp_t;
files_tmp_file(wine_tmp_t)
ubac_constrained(wine_tmp_t)
########################################
#
# Local policy
#
allow wine_t self:process { execstack execmem execheap };
allow wine_t self:fifo_file manage_fifo_file_perms;
can_exec(wine_t, wine_exec_t)
manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
domain_mmap_low(wine_t)
files_execmod_all_files(wine_t)
userdom_use_user_terminals(wine_t)
tunable_policy(`wine_mmap_zero_ignore',`
dontaudit wine_t self:memprotect mmap_zero;
')
optional_policy(`
hal_dbus_chat(wine_t)
')
optional_policy(`
unconfined_domain_noaudit(wine_t)
')
optional_policy(`
xserver_read_xdm_pid(wine_t)
xserver_rw_shm(wine_t)
')