1 files changed, 66 insertions, 0 deletions

diff --git a/policy/modules/apps/sambagui.te b/policy/modules/apps/sambagui.te
new file mode 100644
index 00000000..e18b0a28
--- /dev/null
+++ b/policy/modules/apps/sambagui.te
@@ -0,0 +1,66 @@
+policy_module(sambagui, 1.2.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute_role sambagui_roles;
+roleattribute system_r sambagui_roles;
+
+type sambagui_t;
+type sambagui_exec_t;
+application_domain(sambagui_t, sambagui_exec_t)
+role sambagui_roles types sambagui_t;
+
+########################################
+#
+# Local policy
+#
+
+allow sambagui_t self:capability dac_override;
+allow sambagui_t self:fifo_file rw_fifo_file_perms;
+
+kernel_read_system_state(sambagui_t)
+
+corecmd_exec_bin(sambagui_t)
+corecmd_exec_shell(sambagui_t)
+
+dev_dontaudit_read_urand(sambagui_t)
+
+files_read_usr_files(sambagui_t)
+
+auth_use_nsswitch(sambagui_t)
+auth_dontaudit_read_shadow(sambagui_t)
+
+logging_send_syslog_msg(sambagui_t)
+
+miscfiles_read_localization(sambagui_t)
+
+sysnet_use_ldap(sambagui_t)
+
+optional_policy(`
+	consoletype_exec(sambagui_t)
+')
+
+optional_policy(`
+	nscd_dontaudit_search_pid(sambagui_t)
+')
+
+optional_policy(`
+	dbus_system_domain(sambagui_t, sambagui_exec_t)
+
+	optional_policy(`
+		policykit_dbus_chat(sambagui_t)
+	')
+')
+
+optional_policy(`
+	samba_append_log(sambagui_t)
+	samba_manage_config(sambagui_t)
+	samba_manage_var_files(sambagui_t)
+	samba_read_secrets(sambagui_t)
+	samba_initrc_domtrans(sambagui_t)
+	samba_domtrans_smbd(sambagui_t)
+	samba_domtrans_nmbd(sambagui_t)
+')