|
Jeremy Solt |
c4834a |
## <summary>AccountsService and daemon for manipulating user account information via D-Bus</summary>
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
########################################
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Execute a domain transition to run accountsd.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## <param name="domain">
|
|
Dominick Grift |
c5eae5 |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Domain allowed access.
|
|
Dominick Grift |
c5eae5 |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
#
|
|
Jeremy Solt |
c4834a |
interface(`accountsd_domtrans',`
|
|
Jeremy Solt |
c4834a |
gen_require(`
|
|
Jeremy Solt |
c4834a |
type accountsd_t, accountsd_exec_t;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
domtrans_pattern($1, accountsd_exec_t, accountsd_t)
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
########################################
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Chris PeBenito |
8da889 |
## Do not audit attempts to read and write Accounts Daemon
|
|
Chris PeBenito |
8da889 |
## fifo file.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## <param name="domain">
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Dan Walsh |
b45aaa |
## Domain to not audit.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
#
|
|
Chris PeBenito |
8da889 |
interface(`accountsd_dontaudit_rw_fifo_file',`
|
|
Jeremy Solt |
c4834a |
gen_require(`
|
|
Chris PeBenito |
8da889 |
type accountsd_t;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Chris PeBenito |
8da889 |
dontaudit $1 accountsd_t:fifo_file rw_fifo_file_perms;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
########################################
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Chris PeBenito |
8da889 |
## Send and receive messages from
|
|
Chris PeBenito |
8da889 |
## accountsd over dbus.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## <param name="domain">
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Domain allowed access.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
#
|
|
Chris PeBenito |
8da889 |
interface(`accountsd_dbus_chat',`
|
|
Jeremy Solt |
c4834a |
gen_require(`
|
|
Chris PeBenito |
8da889 |
type accountsd_t;
|
|
Chris PeBenito |
8da889 |
class dbus send_msg;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Chris PeBenito |
8da889 |
allow $1 accountsd_t:dbus send_msg;
|
|
Chris PeBenito |
8da889 |
allow accountsd_t $1:dbus send_msg;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
########################################
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Chris PeBenito |
8da889 |
## Search accountsd lib directories.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## <param name="domain">
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Domain allowed access.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
#
|
|
Chris PeBenito |
8da889 |
interface(`accountsd_search_lib',`
|
|
Jeremy Solt |
c4834a |
gen_require(`
|
|
Jeremy Solt |
c4834a |
type accountsd_var_lib_t;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Chris PeBenito |
8da889 |
allow $1 accountsd_var_lib_t:dir search_dir_perms;
|
|
Jeremy Solt |
c4834a |
files_search_var_lib($1)
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
########################################
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Chris PeBenito |
8da889 |
## Read accountsd lib files.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## <param name="domain">
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Domain allowed access.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
#
|
|
Chris PeBenito |
8da889 |
interface(`accountsd_read_lib_files',`
|
|
Jeremy Solt |
c4834a |
gen_require(`
|
|
Chris PeBenito |
8da889 |
type accountsd_var_lib_t;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Chris PeBenito |
8da889 |
files_search_var_lib($1)
|
|
Chris PeBenito |
8da889 |
read_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
########################################
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Chris PeBenito |
8da889 |
## Create, read, write, and delete
|
|
Chris PeBenito |
8da889 |
## accountsd lib files.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## <param name="domain">
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Domain allowed access.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
#
|
|
Chris PeBenito |
8da889 |
interface(`accountsd_manage_lib_files',`
|
|
Jeremy Solt |
c4834a |
gen_require(`
|
|
Chris PeBenito |
8da889 |
type accountsd_var_lib_t;
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Chris PeBenito |
8da889 |
files_search_var_lib($1)
|
|
Chris PeBenito |
8da889 |
manage_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
|
|
Jeremy Solt |
c4834a |
')
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
########################################
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## All of the rules required to administrate
|
|
Jeremy Solt |
c4834a |
## an accountsd environment
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## <param name="domain">
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Domain allowed access.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
## <param name="role">
|
|
Jeremy Solt |
c4834a |
## <summary>
|
|
Jeremy Solt |
c4834a |
## Role allowed access.
|
|
Jeremy Solt |
c4834a |
## </summary>
|
|
Jeremy Solt |
c4834a |
## </param>
|
|
Jeremy Solt |
c4834a |
## <rolecap/>
|
|
Jeremy Solt |
c4834a |
#
|
|
Jeremy Solt |
c4834a |
interface(`accountsd_admin',`
|
|
Jeremy Solt |
c4834a |
gen_require(`
|
|
Jeremy Solt |
c4834a |
type accountsd_t;
|
|
Jeremy Solt |
c4834a |
')
|
|
Chris PeBenito |
8da889 |
|
|
Dominick Grift |
dcbbee |
allow $1 accountsd_t:process { ptrace signal_perms };
|
|
Chris PeBenito |
8da889 |
ps_process_pattern($1, accountsd_t)
|
|
Jeremy Solt |
c4834a |
|
|
Jeremy Solt |
c4834a |
accountsd_manage_lib_files($1)
|
|
Jeremy Solt |
c4834a |
')
|