91 lines
2 KiB
Text
91 lines
2 KiB
Text
|
policy_module(geoclue, 1.0.0)
|
||
|
|
||
|
########################################
|
||
|
#
|
||
|
# Declarations
|
||
|
#
|
||
|
|
||
|
type geoclue_t;
|
||
|
type geoclue_exec_t;
|
||
|
application_domain(geoclue_t, geoclue_exec_t)
|
||
|
init_daemon_domain(geoclue_t, geoclue_exec_t)
|
||
|
init_nnp_daemon_domain(geoclue_t)
|
||
|
role system_r types geoclue_t;
|
||
|
|
||
|
type geoclue_var_lib_t;
|
||
|
files_type(geoclue_var_lib_t)
|
||
|
|
||
|
type geoclue_tmp_t;
|
||
|
files_tmp_file(geoclue_tmp_t)
|
||
|
|
||
|
########################################
|
||
|
#
|
||
|
# geoclue local policy
|
||
|
#
|
||
|
allow geoclue_t self:unix_dgram_socket create_socket_perms;
|
||
|
|
||
|
manage_dirs_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
|
||
|
manage_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
|
||
|
manage_lnk_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
|
||
|
files_var_lib_filetrans(geoclue_t, geoclue_var_lib_t, { dir })
|
||
|
allow geoclue_t geoclue_var_lib_t:file { execute map };
|
||
|
|
||
|
manage_files_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t)
|
||
|
manage_dirs_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t)
|
||
|
files_tmp_filetrans(geoclue_t, geoclue_tmp_t, { dir file })
|
||
|
allow geoclue_t geoclue_tmp_t:file { execute map };
|
||
|
|
||
|
kernel_read_system_state(geoclue_t)
|
||
|
kernel_read_network_state(geoclue_t)
|
||
|
kernel_read_net_sysctls(geoclue_t)
|
||
|
|
||
|
auth_read_passwd(geoclue_t)
|
||
|
|
||
|
corenet_tcp_connect_http_port(geoclue_t)
|
||
|
corenet_tcp_connect_http_cache_port(geoclue_t)
|
||
|
corenet_tcp_connect_nmea_port(geoclue_t)
|
||
|
|
||
|
corecmd_exec_bin(geoclue_t)
|
||
|
|
||
|
dev_read_urand(geoclue_t)
|
||
|
|
||
|
files_watch_etc_dirs(geoclue_t)
|
||
|
|
||
|
fs_getattr_cgroup(geoclue_t)
|
||
|
fs_getattr_xattr_fs(geoclue_t)
|
||
|
|
||
|
init_dbus_chat(geoclue_t)
|
||
|
|
||
|
logging_send_syslog_msg(geoclue_t)
|
||
|
|
||
|
miscfiles_read_certs(geoclue_t)
|
||
|
miscfiles_map_generic_certs(geoclue_t)
|
||
|
|
||
|
sysnet_dns_name_resolve(geoclue_t)
|
||
|
|
||
|
optional_policy(`
|
||
|
kerberos_use(geoclue_t)
|
||
|
')
|
||
|
|
||
|
optional_policy(`
|
||
|
dbus_system_domain(geoclue_t, geoclue_exec_t)
|
||
|
|
||
|
optional_policy(`
|
||
|
avahi_dbus_chat(geoclue_t)
|
||
|
')
|
||
|
optional_policy(`
|
||
|
modemmanager_dbus_chat(geoclue_t)
|
||
|
')
|
||
|
optional_policy(`
|
||
|
networkmanager_dbus_chat(geoclue_t)
|
||
|
')
|
||
|
')
|
||
|
|
||
|
optional_policy(`
|
||
|
gnome_initial_setup_read_state(geoclue_t)
|
||
|
')
|
||
|
|
||
|
optional_policy(`
|
||
|
pcscd_stream_connect(geoclue_t)
|
||
|
')
|