90 lines
2 KiB
Text
90 lines
2 KiB
Text
policy_module(geoclue, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type geoclue_t;
|
|
type geoclue_exec_t;
|
|
application_domain(geoclue_t, geoclue_exec_t)
|
|
init_daemon_domain(geoclue_t, geoclue_exec_t)
|
|
init_nnp_daemon_domain(geoclue_t)
|
|
role system_r types geoclue_t;
|
|
|
|
type geoclue_var_lib_t;
|
|
files_type(geoclue_var_lib_t)
|
|
|
|
type geoclue_tmp_t;
|
|
files_tmp_file(geoclue_tmp_t)
|
|
|
|
########################################
|
|
#
|
|
# geoclue local policy
|
|
#
|
|
allow geoclue_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
manage_dirs_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
|
|
manage_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
|
|
manage_lnk_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
|
|
files_var_lib_filetrans(geoclue_t, geoclue_var_lib_t, { dir })
|
|
allow geoclue_t geoclue_var_lib_t:file { execute map };
|
|
|
|
manage_files_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t)
|
|
manage_dirs_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t)
|
|
files_tmp_filetrans(geoclue_t, geoclue_tmp_t, { dir file })
|
|
allow geoclue_t geoclue_tmp_t:file { execute map };
|
|
|
|
kernel_read_system_state(geoclue_t)
|
|
kernel_read_network_state(geoclue_t)
|
|
kernel_read_net_sysctls(geoclue_t)
|
|
|
|
auth_read_passwd(geoclue_t)
|
|
|
|
corenet_tcp_connect_http_port(geoclue_t)
|
|
corenet_tcp_connect_http_cache_port(geoclue_t)
|
|
corenet_tcp_connect_nmea_port(geoclue_t)
|
|
|
|
corecmd_exec_bin(geoclue_t)
|
|
|
|
dev_read_urand(geoclue_t)
|
|
|
|
files_watch_etc_dirs(geoclue_t)
|
|
|
|
fs_getattr_cgroup(geoclue_t)
|
|
fs_getattr_xattr_fs(geoclue_t)
|
|
|
|
init_dbus_chat(geoclue_t)
|
|
|
|
logging_send_syslog_msg(geoclue_t)
|
|
|
|
miscfiles_read_certs(geoclue_t)
|
|
miscfiles_map_generic_certs(geoclue_t)
|
|
|
|
sysnet_dns_name_resolve(geoclue_t)
|
|
|
|
optional_policy(`
|
|
kerberos_use(geoclue_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dbus_system_domain(geoclue_t, geoclue_exec_t)
|
|
|
|
optional_policy(`
|
|
avahi_dbus_chat(geoclue_t)
|
|
')
|
|
optional_policy(`
|
|
modemmanager_dbus_chat(geoclue_t)
|
|
')
|
|
optional_policy(`
|
|
networkmanager_dbus_chat(geoclue_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
gnome_initial_setup_read_state(geoclue_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
pcscd_stream_connect(geoclue_t)
|
|
')
|