#

# GConfd daemon  

#

# Author: Ivan Gyurdiev <ivg2@cornell.edu>

#

#######################################

# gconfd_domain(role_prefix)

#

define(`gconfd_domain', `

# Type for daemon

type $1_gconfd_t, domain, nscd_client_domain, privlog;

gnome_application($1_gconfd, $1)

# Transition from user type

domain_auto_trans($1_t, gconfd_exec_t, $1_gconfd_t)

role $1_r types $1_gconfd_t;

allow $1_gconfd_t self:process { signal getsched };

# Access .gconfd and .gconf

home_domain($1, gconfd)

file_type_auto_trans($1_gconfd_t, $1_home_dir_t, $1_gconfd_home_t, dir)

# Access /etc/gconf

r_dir_file($1_gconfd_t, gconf_etc_t)

# /tmp/gconfd-USER

tmp_domain($1_gconfd)

ifdef(`xdm.te', `

can_pipe_xdm($1_gconfd_t)

allow xdm_t $1_gconfd_t:process signal;

')

') dnl gconf_domain

#####################################

# gconf_client(prefix, role_prefix)

#

define(`gconf_client', `

# Launch the daemon if necessary

domain_auto_trans($1_t, gconfd_exec_t, $2_gconfd_t)

# Connect over bonobo

bonobo_connect($1, $2_gconfd)

# Read lock/ior

allow $1_t $2_gconfd_tmp_t:dir { getattr search };

allow $1_t $2_gconfd_tmp_t:file { getattr read }; 

') dnl gconf_client