diff options
Diffstat (limited to 'policy/modules/system/userdomain.if')
-rw-r--r-- | policy/modules/system/userdomain.if | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 9c527285..61065118 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -2849,6 +2849,45 @@ interface(`userdom_tmp_filetrans_user_tmp',` ######################################## ## <summary> +## relabel to/from user tmpfs dirs +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`userdom_relabel_user_tmpfs_dirs',` + gen_require(` + type user_tmpfs_t; + ') + + allow $1 user_tmpfs_t:dir { list_dir_perms relabelto relabelfrom }; + fs_search_tmpfs($1) +') + +######################################## +## <summary> +## relabel to/from user tmpfs files +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`userdom_relabel_user_tmpfs_files',` + gen_require(` + type user_tmpfs_t; + ') + + allow $1 user_tmpfs_t:dir list_dir_perms; + allow $1 user_tmpfs_t:file { relabelto relabelfrom }; + fs_search_tmpfs($1) +') + +######################################## +## <summary> ## Search users runtime directories. ## </summary> ## <param name="domain"> @@ -2964,6 +3003,43 @@ interface(`userdom_relabelto_user_runtime_dirs',` ######################################## ## <summary> +## Relabel from user runtime directories. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`userdom_relabelfrom_user_runtime_dirs',` + gen_require(` + type user_runtime_t; + ') + + allow $1 user_runtime_t:dir relabelfrom; +') + +######################################## +## <summary> +## delete user runtime files +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`userdom_delete_user_runtime_files',` + gen_require(` + type user_runtime_t; + ') + + allow $1 user_runtime_t:dir list_dir_perms; + allow $1 user_runtime_t:file unlink; +') + +######################################## +## <summary> ## Create objects in the pid directory ## with an automatic type transition to ## the user runtime root type. |