diff options
Diffstat (limited to 'policy/modules/contrib/googletalk.if')
-rw-r--r-- | policy/modules/contrib/googletalk.if | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/policy/modules/contrib/googletalk.if b/policy/modules/contrib/googletalk.if index 356f59249..a88dcccc2 100644 --- a/policy/modules/contrib/googletalk.if +++ b/policy/modules/contrib/googletalk.if @@ -2,6 +2,42 @@ ## Google Talk ## </summary> +########################################## +## <summary> +## Grant the plugin domain the needed privileges to launch and +## interact with the GoogleTalk application. Used for web browser +## plugin domains. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access +## </summary> +## </param> +# +interface(`googletalk_plugin_domain',` + gen_require(` + type googletalk_plugin_t; + type googletalk_plugin_xdg_config_t; + ') + + allow $1 googletalk_plugin_t:fd use; + allow $1 googletalk_plugin_t:unix_stream_socket { read write }; + + allow googletalk_plugin_t $1:unix_dgram_socket sendto; + + # GoogleTalk process binds on an unreserved port, the client (plugin) + # then connects to this port + corenet_tcp_connect_all_unreserved_ports($1) + + googletalk_domtrans_plugin($1) + + # Create .config/google-googletalkplugin with correct type + manage_dirs_pattern($1, googletalk_plugin_xdg_config_t, googletalk_plugin_xdg_config_t) + manage_files_pattern($1, googletalk_plugin_xdg_config_t, googletalk_plugin_xdg_config_t) + xdg_config_home_filetrans($1, googletalk_plugin_xdg_config_t, dir, "google-googletalkplugin") + xdg_search_config_home_dirs($1) +') + ####################################### ## <summary> ## Execute Google talk plugin in the Google talk plugin domain |