## DBus fingerprint reader service.
########################################
##
## Execute a domain transition to run fprintd.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`fprintd_domtrans',`
gen_require(`
type fprintd_t, fprintd_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, fprintd_exec_t, fprintd_t)
')
######################################
##
## Execute fprintd in the caller domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`fprintd_exec',`
gen_require(`
type fprintd_exec_t;
')
corecmd_search_bin($1)
can_exec($1, fprintd_exec_t)
')
########################################
##
## Send and receive messages from
## fprintd over dbus.
##
##
##
## Domain allowed access.
##
##
#
interface(`fprintd_dbus_chat',`
gen_require(`
type fprintd_t;
class dbus send_msg;
')
allow $1 fprintd_t:dbus send_msg;
allow fprintd_t $1:dbus send_msg;
')
########################################
##
## Mounton fprintd lib directory.
##
##
##
## Domain allowed access.
##
##
#
interface(`fprintd_mounton_var_lib',`
gen_require(`
type fprintd_var_lib_t;
')
allow $1 fprintd_var_lib_t:dir mounton;
')
########################################
##
## Read fprintd lib directory.
##
##
##
## Domain allowed access.
##
##
#
interface(`fprintd_read_var_lib_dir',`
gen_require(`
type fprintd_var_lib_t;
')
allow $1 fprintd_var_lib_t:dir { list_dir_perms };
')
########################################
##
## Setattr fprintd lib directory.
##
##
##
## Domain allowed access.
##
##
#
interface(`fprintd_setattr_var_lib_dir',`
gen_require(`
type fprintd_var_lib_t;
')
allow $1 fprintd_var_lib_t:dir { setattr_dir_perms };
')