diff options
Diffstat (limited to 'policy/modules/contrib/wm.if')
-rw-r--r-- | policy/modules/contrib/wm.if | 134 |
1 files changed, 0 insertions, 134 deletions
diff --git a/policy/modules/contrib/wm.if b/policy/modules/contrib/wm.if deleted file mode 100644 index 25b702db..00000000 --- a/policy/modules/contrib/wm.if +++ /dev/null @@ -1,134 +0,0 @@ -## <summary>X Window Managers.</summary> - -####################################### -## <summary> -## The role template for the wm module. -## </summary> -## <desc> -## <p> -## This template creates a derived domains which are used -## for window manager applications. -## </p> -## </desc> -## <param name="role_prefix"> -## <summary> -## The prefix of the user domain (e.g., user -## is the prefix for user_t). -## </summary> -## </param> -## <param name="user_role"> -## <summary> -## The role associated with the user domain. -## </summary> -## </param> -## <param name="user_domain"> -## <summary> -## The type of the user domain. -## </summary> -## </param> -# -template(`wm_role_template',` - gen_require(` - attribute wm_domain; - type wm_exec_t; - ') - - ######################################## - # - # Declarations - # - - type $1_wm_t, wm_domain; - userdom_user_application_domain($1_wm_t, wm_exec_t) - role $2 types $1_wm_t; - - ######################################## - # - # Policy - # - - allow $1_wm_t $3:unix_stream_socket connectto; - allow $3 $1_wm_t:unix_stream_socket connectto; - - allow $3 $1_wm_t:process { ptrace signal_perms }; - ps_process_pattern($3, $1_wm_t) - - allow $1_wm_t $3:process { signull sigkill }; - - domtrans_pattern($3, wm_exec_t, $1_wm_t) - - corecmd_bin_domtrans($1_wm_t, $3) - corecmd_shell_domtrans($1_wm_t, $3) - - mls_file_read_all_levels($1_wm_t) - mls_file_write_all_levels($1_wm_t) - mls_xwin_read_all_levels($1_wm_t) - mls_xwin_write_all_levels($1_wm_t) - mls_fd_use_all_levels($1_wm_t) - - auth_use_nsswitch($1_wm_t) - - optional_policy(` - dbus_spec_session_bus_client($1, $1_wm_t) - dbus_system_bus_client($1_wm_t) - - optional_policy(` - wm_dbus_chat($1, $3) - ') - ') - - optional_policy(` - pulseaudio_run($1_wm_t, $2) - ') - - optional_policy(` - xserver_role($2, $1_wm_t) - xserver_manage_core_devices($1_wm_t) - ') -') - -######################################## -## <summary> -## Execute wm in the caller domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`wm_exec',` - gen_require(` - type wm_exec_t; - ') - - corecmd_search_bin($1) - can_exec($1, wm_exec_t) -') - -######################################## -## <summary> -## Send and receive messages from -## specified wm over dbus. -## </summary> -## <param name="role_prefix"> -## <summary> -## The prefix of the user domain (e.g., user -## is the prefix for user_t). -## </summary> -## </param> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`wm_dbus_chat',` - gen_require(` - type $1_wm_t; - class dbus send_msg; - ') - - allow $2 $1_wm_t:dbus send_msg; - allow $1_wm_t $2:dbus send_msg; -') |