rpms / selinux-policy

Clone
Source Code
GIT

Blame mls/macros/program/games_domain.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   6bc40ea30ee6966134040f41df982594900da653
  2.   mls
  3.   macros
  4.   program
  5.   games_domain.te
Blob History Raw
Chris PeBenito 31b7c0 
#DESC games
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Macros for games
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# Authors:  Dan Walsh <dwalsh@redhat.com>
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
# games_domain(domain_prefix)
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
#
Chris PeBenito 31b7c0 
define(`games_domain', `
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
type $1_games_t, domain, nscd_client_domain;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Type transition
Chris PeBenito 31b7c0 
if (! disable_games_trans) {
Chris PeBenito 31b7c0 
domain_auto_trans($1_t, games_exec_t, $1_games_t)
Chris PeBenito 31b7c0 
}
Chris PeBenito 31b7c0 
can_exec($1_games_t, games_exec_t)
Chris PeBenito 31b7c0 
role $1_r types $1_games_t;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
can_create_pty($1_games)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# X access, GNOME, /tmp files
Chris PeBenito 31b7c0 
x_client_domain($1_games, $1)
Chris PeBenito 31b7c0 
tmp_domain($1_games, `', { dir notdevfile_class_set })
Chris PeBenito 31b7c0 
gnome_application($1_games, $1)
Chris PeBenito 31b7c0 
gnome_file_dialog($1_games, $1)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Games seem to need this
Chris PeBenito 31b7c0 
if (allow_execmem) {
Chris PeBenito 31b7c0 
allow $1_games_t self:process execmem;
Chris PeBenito 31b7c0 
}
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow $1_games_t texrel_shlib_t:file execmod;
Chris PeBenito 31b7c0 
allow $1_games_t var_t:dir { search getattr };
Chris PeBenito 31b7c0 
rw_dir_create_file($1_games_t, games_data_t)
Chris PeBenito 31b7c0 
allow $1_games_t sound_device_t:chr_file rw_file_perms;
Chris PeBenito 31b7c0 
can_udp_send($1_games_t, $1_games_t)
Chris PeBenito 31b7c0 
can_tcp_connect($1_games_t, $1_games_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Access /home/user/.gnome2
Chris PeBenito 31b7c0 
# FIXME: Change to use per app types
Chris PeBenito 31b7c0 
create_dir_file($1_games_t, $1_gnome_settings_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# FIXME: why is this necessary - ORBit?
Chris PeBenito 31b7c0 
# ORBit works differently now
Chris PeBenito 31b7c0 
create_dir_file($1_games_t, $1_tmp_t)
Chris PeBenito 31b7c0 
allow $1_games_t $1_tmp_t:sock_file create_file_perms;
Chris PeBenito 31b7c0 
can_unix_connect($1_t, $1_games_t)
Chris PeBenito 31b7c0 
can_unix_connect($1_games_t, $1_t)
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
ifdef(`xdm.te', `
Chris PeBenito 31b7c0 
allow $1_games_t xdm_tmp_t:dir rw_dir_perms;
Chris PeBenito 31b7c0 
allow $1_games_t xdm_tmp_t:sock_file create_file_perms;
Chris PeBenito 31b7c0 
allow $1_games_t xdm_var_lib_t:file { getattr read };
Chris PeBenito 31b7c0 
')dnl end if xdm.te
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow $1_games_t var_lib_t:dir search;
Chris PeBenito 31b7c0 
r_dir_file($1_games_t, man_t)
Chris PeBenito 31b7c0 
allow $1_games_t { proc_t self }:dir search;
Chris PeBenito 31b7c0 
allow $1_games_t { proc_t self }:{ file lnk_file } { read getattr };
Chris PeBenito 31b7c0 
ifdef(`mozilla.te', `
Chris PeBenito 31b7c0 
dontaudit $1_games_t $1_mozilla_t:unix_stream_socket connectto;
Chris PeBenito 31b7c0 
')
Chris PeBenito 31b7c0 
allow $1_games_t event_device_t:chr_file getattr;
Chris PeBenito 31b7c0 
allow $1_games_t mouse_device_t:chr_file getattr;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow $1_games_t self:file { getattr read };
Chris PeBenito 31b7c0 
allow $1_games_t self:sem create_sem_perms;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
allow $1_games_t { bin_t sbin_t }:dir { getattr search };
Chris PeBenito 31b7c0 
can_exec($1_games_t, { shell_exec_t bin_t utempter_exec_t })
Chris PeBenito 31b7c0 
allow $1_games_t bin_t:lnk_file read;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
dontaudit $1_games_t var_run_t:dir search;
Chris PeBenito 31b7c0 
dontaudit $1_games_t initrc_var_run_t:file { read write };
Chris PeBenito 31b7c0 
dontaudit $1_games_t var_log_t:dir search;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
can_network($1_games_t)
Chris PeBenito 31b7c0 
allow $1_games_t port_t:tcp_socket name_bind;
Chris PeBenito 31b7c0 
allow $1_games_t port_t:tcp_socket name_connect;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
# Suppress .icons denial until properly implemented
Chris PeBenito 31b7c0 
dontaudit $1_games_t $1_home_t:dir read;
Chris PeBenito 31b7c0
Chris PeBenito 31b7c0 
')dnl end macro definition
Chris PeBenito 31b7c0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation