diff options
Diffstat (limited to 'policy/modules/contrib/consolekit.if')
-rw-r--r-- | policy/modules/contrib/consolekit.if | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/policy/modules/contrib/consolekit.if b/policy/modules/contrib/consolekit.if new file mode 100644 index 000000000..fd15dfe1e --- /dev/null +++ b/policy/modules/contrib/consolekit.if @@ -0,0 +1,98 @@ +## <summary>Framework for facilitating multiple user sessions on desktops.</summary> + +######################################## +## <summary> +## Execute a domain transition to run consolekit. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`consolekit_domtrans',` + gen_require(` + type consolekit_t, consolekit_exec_t; + ') + + domtrans_pattern($1, consolekit_exec_t, consolekit_t) +') + +######################################## +## <summary> +## Send and receive messages from +## consolekit over dbus. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`consolekit_dbus_chat',` + gen_require(` + type consolekit_t; + class dbus send_msg; + ') + + allow $1 consolekit_t:dbus send_msg; + allow consolekit_t $1:dbus send_msg; +') + +######################################## +## <summary> +## Read consolekit log files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`consolekit_read_log',` + gen_require(` + type consolekit_log_t; + ') + + read_files_pattern($1, consolekit_log_t, consolekit_log_t) + logging_search_logs($1) +') + +######################################## +## <summary> +## Manage consolekit log files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`consolekit_manage_log',` + gen_require(` + type consolekit_log_t; + ') + + manage_files_pattern($1, consolekit_log_t, consolekit_log_t) + files_search_pids($1) +') + +######################################## +## <summary> +## Read consolekit PID files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`consolekit_read_pid_files',` + gen_require(` + type consolekit_var_run_t; + ') + + files_search_pids($1) + allow $1 consolekit_var_run_t:dir list_dir_perms; + read_files_pattern($1, consolekit_var_run_t, consolekit_var_run_t) +') |