diff options
Diffstat (limited to 'policy/modules/contrib/xguest.te')
-rw-r--r-- | policy/modules/contrib/xguest.te | 171 |
1 files changed, 0 insertions, 171 deletions
diff --git a/policy/modules/contrib/xguest.te b/policy/modules/contrib/xguest.te deleted file mode 100644 index 2882821a8..000000000 --- a/policy/modules/contrib/xguest.te +++ /dev/null @@ -1,171 +0,0 @@ -policy_module(xguest, 1.1.2) - -######################################## -# -# Declarations -# - -## <desc> -## <p> -## Determine whether xguest can -## mount removable media. -## </p> -## </desc> -gen_tunable(xguest_mount_media, false) - -## <desc> -## <p> -## Determine whether xguest can -## configure network manager. -## </p> -## </desc> -gen_tunable(xguest_connect_network, false) - -## <desc> -## <p> -## Determine whether xguest can -## use blue tooth devices. -## </p> -## </desc> -gen_tunable(xguest_use_bluetooth, false) - -role xguest_r; - -userdom_restricted_xwindows_user_template(xguest) - -######################################## -# -# Local policy -# - -kernel_dontaudit_request_load_module(xguest_t) - -ifndef(`enable_mls',` - fs_exec_noxattr(xguest_t) - - tunable_policy(`user_rw_noexattrfile',` - fs_manage_noxattr_fs_files(xguest_t) - fs_manage_noxattr_fs_dirs(xguest_t) - storage_raw_read_removable_device(xguest_t) - storage_raw_write_removable_device(xguest_t) - ',` - storage_raw_read_removable_device(xguest_t) - ') -') - -optional_policy(` - tunable_policy(`xguest_mount_media',` - kernel_read_fs_sysctls(xguest_t) - - files_dontaudit_getattr_boot_dirs(xguest_t) - files_search_mnt(xguest_t) - - fs_manage_noxattr_fs_files(xguest_t) - fs_manage_noxattr_fs_dirs(xguest_t) - fs_manage_noxattr_fs_dirs(xguest_t) - fs_getattr_noxattr_fs(xguest_t) - fs_read_noxattr_fs_symlinks(xguest_t) - - auth_list_pam_console_data(xguest_t) - - init_read_utmp(xguest_t) - ') -') - -optional_policy(` - tunable_policy(`xguest_use_bluetooth',` - bluetooth_dbus_chat(xguest_t) - ') -') - -optional_policy(` - tunable_policy(`xguest_use_bluetooth',` - blueman_dbus_chat(xguest_t) - ') -') - -optional_policy(` - apache_role(xguest_r, xguest_t) -') - -optional_policy(` - gnomeclock_dontaudit_dbus_chat(xguest_t) -') - -optional_policy(` - hal_dbus_chat(xguest_t) -') - -optional_policy(` - java_role(xguest_r, xguest_t) -') - -optional_policy(` - mozilla_role(xguest_r, xguest_t) -') - -optional_policy(` - tunable_policy(`xguest_connect_network',` - kernel_read_network_state(xguest_t) - - networkmanager_dbus_chat(xguest_t) - networkmanager_read_lib_files(xguest_t) - - corenet_all_recvfrom_unlabeled(xguest_t) - corenet_all_recvfrom_netlabel(xguest_t) - corenet_tcp_sendrecv_generic_if(xguest_t) - corenet_raw_sendrecv_generic_if(xguest_t) - corenet_tcp_sendrecv_generic_node(xguest_t) - corenet_raw_sendrecv_generic_node(xguest_t) - - corenet_sendrecv_pulseaudio_client_packets(xguest_t) - corenet_tcp_connect_pulseaudio_port(xguest_t) - corenet_tcp_sendrecv_pulseaudio_port(xguest_t) - - corenet_sendrecv_http_client_packets(xguest_t) - corenet_tcp_connect_http_port(xguest_t) - corenet_tcp_sendrecv_http_port(xguest_t) - - corenet_sendrecv_http_cache_client_packets(xguest_t) - corenet_tcp_connect_http_cache_port(xguest_t) - corenet_tcp_sendrecv_http_cache_port(xguest_t) - - corenet_sendrecv_squid_client_packets(xguest_t) - corenet_tcp_connect_squid_port(xguest_t) - corenet_tcp_sendrecv_squid_port(xguest_t) - - corenet_sendrecv_ftp_client_packets(xguest_t) - corenet_tcp_connect_ftp_port(xguest_t) - corenet_tcp_sendrecv_ftp_port(xguest_t) - - corenet_sendrecv_ipp_client_packets(xguest_t) - corenet_tcp_connect_ipp_port(xguest_t) - corenet_tcp_sendrecv_ipp_port(xguest_t) - - corenet_sendrecv_generic_client_packets(xguest_t) - corenet_tcp_connect_generic_port(xguest_t) - corenet_tcp_sendrecv_generic_port(xguest_t) - - corenet_sendrecv_soundd_client_packets(xguest_t) - corenet_tcp_connect_soundd_port(xguest_t) - corenet_tcp_sendrecv_soundd_port(xguest_t) - - corenet_sendrecv_speech_client_packets(xguest_t) - corenet_tcp_connect_speech_port(xguest_t) - corenet_tcp_sendrecv_speech_port(xguest_t) - - corenet_sendrecv_transproxy_client_packets(xguest_t) - corenet_tcp_connect_transproxy_port(xguest_t) - corenet_tcp_sendrecv_transproxy_port(xguest_t) - - corenet_dontaudit_tcp_sendrecv_generic_port(xguest_t) - corenet_dontaudit_tcp_bind_generic_port(xguest_t) - ') -') - -optional_policy(` - pcscd_read_pid_files(xguest_t) - pcscd_stream_connect(xguest_t) -') - -#gen_user(xguest_u,, xguest_r, s0, s0) |