aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/apps/firewallgui.if')
-rw-r--r--policy/modules/apps/firewallgui.if41
1 files changed, 41 insertions, 0 deletions
diff --git a/policy/modules/apps/firewallgui.if b/policy/modules/apps/firewallgui.if
new file mode 100644
index 00000000..e6866d1f
--- /dev/null
+++ b/policy/modules/apps/firewallgui.if
@@ -0,0 +1,41 @@
+## <summary>system-config-firewall dbus system service.</summary>
+
+########################################
+## <summary>
+## Send and receive messages from
+## firewallgui over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`firewallgui_dbus_chat',`
+ gen_require(`
+ type firewallgui_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 firewallgui_t:dbus send_msg;
+ allow firewallgui_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
+## Do not audit attempts to read and
+## write firewallgui unnamed pipes.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`firewallgui_dontaudit_rw_pipes',`
+ gen_require(`
+ type firewallgui_t;
+ ')
+
+ dontaudit $1 firewallgui_t:fifo_file rw_fifo_file_perms;
+')