#DESC games

#

# Macros for games

#

#

# Authors:  Dan Walsh <dwalsh@redhat.com> 

#

#

# games_domain(domain_prefix)

#

#

define(`games_domain', `

x_client_domain($1, `games', `, transitionbool')

allow $1_games_t var_t:dir { search getattr };

rw_dir_create_file($1_games_t, games_data_t)

allow $1_games_t sound_device_t:chr_file rw_file_perms;

r_dir_file($1_games_t, usr_t)

can_udp_send($1_games_t, $1_games_t)

can_tcp_connect($1_games_t, $1_games_t)

# Access /home/user/.gnome2

create_dir_file($1_games_t, $1_home_t)

allow $1_games_t $1_home_dir_t:dir search;

allow $1_games_t $1_home_t:dir { read getattr };

create_dir_file($1_games_t, $1_tmp_t)

allow $1_games_t $1_tmp_t:sock_file create_file_perms;

dontaudit $1_games_t sysctl_t:dir search;

tmp_domain($1_games)

allow $1_games_t urandom_device_t:chr_file { getattr ioctl read };

ifdef(`xdm.te', `

allow $1_games_t xdm_tmp_t:dir rw_dir_perms;

allow $1_games_t xdm_tmp_t:sock_file create_file_perms;

allow $1_games_t xdm_var_lib_t:file { getattr read };

')dnl end if xdm.te

can_unix_connect($1_t, $1_games_t)

can_unix_connect($1_games_t, $1_t)

allow $1_games_t var_lib_t:dir search;

r_dir_file($1_games_t, man_t)

allow $1_games_t proc_t:file { read getattr };

ifdef(`mozilla.te', ` 

dontaudit $1_games_t $1_mozilla_t:unix_stream_socket connectto;

')

allow $1_games_t event_device_t:chr_file getattr;

allow $1_games_t mouse_device_t:chr_file getattr;

allow $1_games_t self:file { getattr read };

# kpat spews errors

dontaudit $1_games_t bin_t:dir getattr;

dontaudit $1_games_t var_run_t:dir search;

')dnl end macro definition