|
Chris PeBenito |
785ee7 |
policy_module(wine, 1.7.2)
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
17de1b |
########################################
|
|
Chris PeBenito |
17de1b |
#
|
|
Chris PeBenito |
17de1b |
# Declarations
|
|
Chris PeBenito |
17de1b |
#
|
|
Chris PeBenito |
17de1b |
|
|
Dominick Grift |
623e4f |
## <desc>
|
|
Dominick Grift |
623e4f |
##
|
|
Dominick Grift |
623e4f |
## Ignore wine mmap_zero errors.
|
|
Dominick Grift |
623e4f |
##
|
|
Dominick Grift |
623e4f |
## </desc>
|
|
Dominick Grift |
623e4f |
gen_tunable(wine_mmap_zero_ignore, false)
|
|
Dominick Grift |
623e4f |
|
|
Chris PeBenito |
17de1b |
type wine_t;
|
|
Chris PeBenito |
17de1b |
type wine_exec_t;
|
|
Chris PeBenito |
0bfccd |
application_domain(wine_t, wine_exec_t)
|
|
Chris PeBenito |
4796d0 |
ubac_constrained(wine_t)
|
|
Chris PeBenito |
4796d0 |
role system_r types wine_t;
|
|
Chris PeBenito |
4796d0 |
|
|
Chris PeBenito |
4796d0 |
type wine_tmp_t;
|
|
Chris PeBenito |
4796d0 |
files_tmp_file(wine_tmp_t)
|
|
Chris PeBenito |
4796d0 |
ubac_constrained(wine_tmp_t)
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
17de1b |
########################################
|
|
Chris PeBenito |
17de1b |
#
|
|
Chris PeBenito |
17de1b |
# Local policy
|
|
Chris PeBenito |
17de1b |
#
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
4796d0 |
allow wine_t self:process { execstack execmem execheap };
|
|
Chris PeBenito |
4796d0 |
allow wine_t self:fifo_file manage_fifo_file_perms;
|
|
Chris PeBenito |
4796d0 |
|
|
Chris PeBenito |
4796d0 |
can_exec(wine_t, wine_exec_t)
|
|
Chris PeBenito |
4796d0 |
|
|
Chris PeBenito |
4796d0 |
manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
|
|
Chris PeBenito |
4796d0 |
manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
|
|
Chris PeBenito |
4796d0 |
files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
|
|
Chris PeBenito |
4796d0 |
|
|
Dan Walsh |
3a2e88 |
domain_mmap_low(wine_t)
|
|
Chris PeBenito |
4796d0 |
|
|
Chris PeBenito |
4796d0 |
files_execmod_all_files(wine_t)
|
|
Chris PeBenito |
4796d0 |
|
|
Chris PeBenito |
296273 |
userdom_use_user_terminals(wine_t)
|
|
Chris PeBenito |
296273 |
|
|
Dominick Grift |
623e4f |
tunable_policy(`wine_mmap_zero_ignore',`
|
|
Dominick Grift |
623e4f |
dontaudit wine_t self:memprotect mmap_zero;
|
|
Dominick Grift |
623e4f |
')
|
|
Dominick Grift |
623e4f |
|
|
Chris PeBenito |
350b6a |
optional_policy(`
|
|
Chris PeBenito |
4796d0 |
hal_dbus_chat(wine_t)
|
|
Chris PeBenito |
4796d0 |
')
|
|
Chris PeBenito |
4796d0 |
|
|
Chris PeBenito |
4796d0 |
optional_policy(`
|
|
Dan Walsh |
3eaa99 |
policykit_dbus_chat(wine_t)
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
optional_policy(`
|
|
Dan Walsh |
3eaa99 |
unconfined_domain(wine_t)
|
|
Chris PeBenito |
4796d0 |
')
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
4796d0 |
optional_policy(`
|
|
Chris PeBenito |
4796d0 |
xserver_read_xdm_pid(wine_t)
|
|
Chris PeBenito |
4796d0 |
xserver_rw_shm(wine_t)
|
|
Chris PeBenito |
17de1b |
')
|