Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/system/userdomain.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/system/userdomain.if')
-rw-r--r--policy/modules/system/userdomain.if76
1 files changed, 76 insertions, 0 deletions
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 9c527285..61065118 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -2849,6 +2849,45 @@ interface(`userdom_tmp_filetrans_user_tmp',`
########################################
## <summary>
+## relabel to/from user tmpfs dirs
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_relabel_user_tmpfs_dirs',`
+ gen_require(`
+ type user_tmpfs_t;
+ ')
+
+ allow $1 user_tmpfs_t:dir { list_dir_perms relabelto relabelfrom };
+ fs_search_tmpfs($1)
+')
+
+########################################
+## <summary>
+## relabel to/from user tmpfs files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_relabel_user_tmpfs_files',`
+ gen_require(`
+ type user_tmpfs_t;
+ ')
+
+ allow $1 user_tmpfs_t:dir list_dir_perms;
+ allow $1 user_tmpfs_t:file { relabelto relabelfrom };
+ fs_search_tmpfs($1)
+')
+
+########################################
+## <summary>
## Search users runtime directories.
## </summary>
## <param name="domain">
@@ -2964,6 +3003,43 @@ interface(`userdom_relabelto_user_runtime_dirs',`
########################################
## <summary>
+## Relabel from user runtime directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_relabelfrom_user_runtime_dirs',`
+ gen_require(`
+ type user_runtime_t;
+ ')
+
+ allow $1 user_runtime_t:dir relabelfrom;
+')
+
+########################################
+## <summary>
+## delete user runtime files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_delete_user_runtime_files',`
+ gen_require(`
+ type user_runtime_t;
+ ')
+
+ allow $1 user_runtime_t:dir list_dir_perms;
+ allow $1 user_runtime_t:file unlink;
+')
+
+########################################
+## <summary>
## Create objects in the pid directory
## with an automatic type transition to
## the user runtime root type.