#DESC X print server

#

# Author:  Russell Coker <russell@coker.com.au>

# X-Debian-Packages: xprt-xprintorg

#

#################################

#

# Rules for the xprint_t domain.

#

# xprint_exec_t is the type of the xprint executable.

#

daemon_domain(xprint)

allow initrc_t readable_t:dir r_dir_perms;

allow initrc_t fonts_t:dir r_dir_perms;

allow xprint_t var_lib_t:dir search;

allow xprint_t fonts_t:dir r_dir_perms;

allow xprint_t fonts_t:file { getattr read };

allow xprint_t { bin_t sbin_t }:dir search;

can_exec(xprint_t, { bin_t sbin_t ls_exec_t shell_exec_t })

allow xprint_t bin_t:lnk_file { getattr read };

allow xprint_t tmp_t:dir { getattr search };

ifdef(`xdm.te', `

allow xprint_t xdm_xserver_tmp_t:dir rw_dir_perms;

allow xprint_t xdm_xserver_tmp_t:sock_file create_file_perms;

')

# Use the network.

can_network_server(xprint_t)

can_ypbind(xprint_t)

allow xprint_t self:fifo_file rw_file_perms;

allow xprint_t self:unix_stream_socket create_stream_socket_perms;

allow xprint_t proc_t:file { getattr read };

allow xprint_t self:file { getattr read };

# read config files

allow xprint_t { etc_t etc_runtime_t }:file { getattr read };

ifdef(`cups.te', `

allow xprint_t cupsd_etc_t:dir search;

allow xprint_t cupsd_etc_t:file { getattr read };

')

r_dir_file(xprint_t, usr_t)

allow xprint_t urandom_device_t:chr_file { getattr read };