policy_module(devicekit, 1.0.0)

########################################

#

# Declarations

#

type devicekit_t;

type devicekit_exec_t;

dbus_system_domain(devicekit_t, devicekit_exec_t)

type devicekit_power_t;

type devicekit_power_exec_t;

dbus_system_domain(devicekit_power_t, devicekit_power_exec_t)

type devicekit_disk_t;

type devicekit_disk_exec_t;

dbus_system_domain(devicekit_disk_t, devicekit_disk_exec_t)

type devicekit_tmp_t;

files_tmp_file(devicekit_tmp_t)

type devicekit_var_run_t;

files_pid_file(devicekit_var_run_t)

type devicekit_var_lib_t;

files_type(devicekit_var_lib_t)

########################################

#

# DeviceKit local policy

#

allow devicekit_t self:unix_dgram_socket create_socket_perms;

manage_dirs_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)

manage_files_pattern(devicekit_t, devicekit_var_run_t, devicekit_var_run_t)

files_pid_filetrans(devicekit_t, devicekit_var_run_t, { file dir })

dev_read_sysfs(devicekit_t)

dev_read_urand(devicekit_t)

files_read_etc_files(devicekit_t)

miscfiles_read_localization(devicekit_t)

optional_policy(`

	dbus_system_bus_client(devicekit_t)

	allow devicekit_t devicekit_disk_t:dbus send_msg;

	allow devicekit_t devicekit_power_t:dbus send_msg;

')

optional_policy(`

	udev_read_db(devicekit_t)

')

########################################

#

# DeviceKit disk local policy

#

allow devicekit_disk_t self:capability { chown dac_override fowner fsetid sys_nice sys_ptrace sys_rawio };

allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;

manage_dirs_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)

manage_files_pattern(devicekit_disk_t, devicekit_tmp_t, devicekit_tmp_t)

files_tmp_filetrans(devicekit_disk_t, devicekit_tmp_t, { file dir })

manage_dirs_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)

manage_files_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)

files_var_lib_filetrans(devicekit_disk_t, devicekit_var_lib_t, dir)

kernel_read_software_raid_state(devicekit_disk_t)

kernel_setsched(devicekit_disk_t)

corecmd_exec_bin(devicekit_disk_t)

dev_rw_sysfs(devicekit_disk_t)

dev_read_urand(devicekit_disk_t)

dev_getattr_usbfs_dirs(devicekit_disk_t)

files_manage_mnt_dirs(devicekit_disk_t)

files_read_etc_files(devicekit_disk_t)

files_read_etc_runtime_files(devicekit_disk_t)

files_read_usr_files(devicekit_disk_t)

fs_mount_all_fs(devicekit_disk_t)

fs_unmount_all_fs(devicekit_disk_t)

fs_manage_fusefs_dirs(devicekit_disk_t)

storage_raw_read_fixed_disk(devicekit_disk_t)

storage_raw_write_fixed_disk(devicekit_disk_t)

storage_raw_read_removable_device(devicekit_disk_t)

storage_raw_write_removable_device(devicekit_disk_t)

auth_use_nsswitch(devicekit_disk_t)

miscfiles_read_localization(devicekit_disk_t)

userdom_read_all_users_state(devicekit_disk_t)

userdom_search_user_home_dirs(devicekit_disk_t)

optional_policy(`

	fstools_domtrans(devicekit_disk_t)

')

optional_policy(`

	lvm_domtrans(devicekit_disk_t)

')

optional_policy(`

	policykit_domtrans_auth(devicekit_disk_t)

	policykit_read_lib(devicekit_disk_t)

	policykit_read_reload(devicekit_disk_t)

')

optional_policy(`

	mount_domtrans(devicekit_disk_t)

')

optional_policy(`

	dbus_system_bus_client(devicekit_disk_t)

	allow devicekit_disk_t devicekit_t:dbus send_msg;

	optional_policy(`

		consolekit_dbus_chat(devicekit_disk_t)

	')

')

optional_policy(`

	udev_domtrans(devicekit_disk_t)

	udev_read_db(devicekit_disk_t)

')

########################################

#

# DeviceKit-Power local policy

#

allow devicekit_power_t self:capability { dac_override sys_tty_config sys_nice sys_ptrace };

allow devicekit_power_t self:fifo_file rw_fifo_file_perms;

allow devicekit_power_t self:unix_dgram_socket create_socket_perms;

manage_dirs_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)

manage_files_pattern(devicekit_power_t, devicekit_var_lib_t, devicekit_var_lib_t)

files_var_lib_filetrans(devicekit_power_t, devicekit_var_lib_t, dir)

kernel_read_network_state(devicekit_power_t)

kernel_read_system_state(devicekit_power_t)

kernel_rw_hotplug_sysctls(devicekit_power_t)

kernel_rw_kernel_sysctl(devicekit_power_t)

corecmd_exec_bin(devicekit_power_t)

corecmd_exec_shell(devicekit_power_t)

consoletype_exec(devicekit_power_t)

domain_read_all_domains_state(devicekit_power_t)

dev_rw_generic_usb_dev(devicekit_power_t)

dev_rw_netcontrol(devicekit_power_t)

dev_rw_sysfs(devicekit_power_t)

files_read_kernel_img(devicekit_power_t)

files_read_etc_files(devicekit_power_t)

files_read_usr_files(devicekit_power_t)

term_use_all_terms(devicekit_power_t)

auth_use_nsswitch(devicekit_power_t)

miscfiles_read_localization(devicekit_power_t)

userdom_read_all_users_state(devicekit_power_t)

optional_policy(`

	bootloader_domtrans(devicekit_power_t)

')

optional_policy(`

	dbus_system_bus_client(devicekit_power_t)

	allow devicekit_power_t devicekit_t:dbus send_msg;

	optional_policy(`

		consolekit_dbus_chat(devicekit_power_t)

	')

	optional_policy(`

		networkmanager_dbus_chat(devicekit_power_t)

	')

	optional_policy(`

		rpm_dbus_chat(devicekit_power_t)

	')

')

optional_policy(`

	fstools_domtrans(devicekit_power_t)

')

optional_policy(`

	hal_domtrans_mac(devicekit_power_t)

	hal_manage_pid_dirs(devicekit_power_t)

	hal_manage_pid_files(devicekit_power_t)

	hal_dbus_chat(devicekit_power_t)

')

optional_policy(`

	policykit_domtrans_auth(devicekit_power_t)

	policykit_read_lib(devicekit_power_t)

	policykit_read_reload(devicekit_power_t)

')

optional_policy(`

	vbetool_domtrans(devicekit_power_t)

')