policy_module(geoclue, 1.0.0) ######################################## # # Declarations # type geoclue_t; type geoclue_exec_t; application_domain(geoclue_t, geoclue_exec_t) init_daemon_domain(geoclue_t, geoclue_exec_t) init_nnp_daemon_domain(geoclue_t) role system_r types geoclue_t; type geoclue_var_lib_t; files_type(geoclue_var_lib_t) type geoclue_tmp_t; files_tmp_file(geoclue_tmp_t) ######################################## # # geoclue local policy # allow geoclue_t self:unix_dgram_socket create_socket_perms; manage_dirs_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t) manage_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t) manage_lnk_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t) files_var_lib_filetrans(geoclue_t, geoclue_var_lib_t, { dir }) allow geoclue_t geoclue_var_lib_t:file { execute map }; manage_files_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t) manage_dirs_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t) files_tmp_filetrans(geoclue_t, geoclue_tmp_t, { dir file }) allow geoclue_t geoclue_tmp_t:file { execute map }; kernel_read_system_state(geoclue_t) kernel_read_network_state(geoclue_t) kernel_read_net_sysctls(geoclue_t) auth_read_passwd(geoclue_t) corenet_tcp_connect_http_port(geoclue_t) corenet_tcp_connect_http_cache_port(geoclue_t) corenet_tcp_connect_nmea_port(geoclue_t) corecmd_exec_bin(geoclue_t) dev_read_urand(geoclue_t) files_watch_etc_dirs(geoclue_t) fs_getattr_cgroup(geoclue_t) fs_getattr_xattr_fs(geoclue_t) init_dbus_chat(geoclue_t) logging_send_syslog_msg(geoclue_t) miscfiles_read_certs(geoclue_t) miscfiles_map_generic_certs(geoclue_t) sysnet_dns_name_resolve(geoclue_t) optional_policy(` kerberos_use(geoclue_t) ') optional_policy(` dbus_system_domain(geoclue_t, geoclue_exec_t) optional_policy(` avahi_dbus_chat(geoclue_t) ') optional_policy(` modemmanager_dbus_chat(geoclue_t) ') optional_policy(` networkmanager_dbus_chat(geoclue_t) ') ') optional_policy(` gnome_initial_setup_read_state(geoclue_t) ') optional_policy(` pcscd_stream_connect(geoclue_t) ')