diff options
Diffstat (limited to 'policy/modules/contrib')
-rw-r--r-- | policy/modules/contrib/xdg.fc | 3 | ||||
-rw-r--r-- | policy/modules/contrib/xdg.if | 1008 | ||||
-rw-r--r-- | policy/modules/contrib/xdg.te | 44 |
3 files changed, 0 insertions, 1055 deletions
diff --git a/policy/modules/contrib/xdg.fc b/policy/modules/contrib/xdg.fc deleted file mode 100644 index 2290ea552..000000000 --- a/policy/modules/contrib/xdg.fc +++ /dev/null @@ -1,3 +0,0 @@ -HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:xdg_cache_home_t,s0) -HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:xdg_config_home_t,s0) -HOME_DIR/\.local(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0) diff --git a/policy/modules/contrib/xdg.if b/policy/modules/contrib/xdg.if deleted file mode 100644 index b48016a0d..000000000 --- a/policy/modules/contrib/xdg.if +++ /dev/null @@ -1,1008 +0,0 @@ -## <summary> -## XDG Desktop Standard locations -## </summary> - - -######################################## -## <summary> -## Mark the selected type as an xdg_cache_home_type -## </summary> -## <param name="type"> -## <summary> -## Type to give the xdg_cache_home_type attribute to -## </summary> -## </param> -# -interface(`xdg_cache_home_content',` - gen_require(` - attribute xdg_cache_home_type; - ') - - typeattribute $1 xdg_cache_home_type; - - userdom_user_home_content($1) -') - -######################################## -## <summary> -## Mark the selected type as an xdg_config_home_type -## </summary> -## <param name="type"> -## <summary> -## Type to give the xdg_config_home_type attribute to -## </summary> -## </param> -# -interface(`xdg_config_home_content',` - gen_require(` - attribute xdg_config_home_type; - ') - - typeattribute $1 xdg_config_home_type; - - userdom_user_home_content($1) -') - -######################################## -## <summary> -## Mark the selected type as an xdg_data_home_type -## </summary> -## <param name="type"> -## <summary> -## Type to give the xdg_data_home_type attribute to -## </summary> -## </param> -# -interface(`xdg_data_home_content',` - gen_require(` - attribute xdg_data_home_type; - ') - - typeattribute $1 xdg_data_home_type; - - userdom_user_home_content($1) -') - -######################################## -## <summary> -## Read the xdg cache home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_read_cache_home_files',` - gen_require(` - type xdg_cache_home_t; - ') - - read_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - allow $1 xdg_cache_home_t:file map; - list_dirs_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Read all xdg_cache_home_type files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_read_all_cache_home_files',` - gen_require(` - attribute xdg_cache_home_type; - ') - - read_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - allow $1 xdg_cache_home_type:file map; - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Create objects in an xdg_cache_home directory -## with an automatic type transition to -## a specified private type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="private_type"> -## <summary> -## The type of the object to create. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## The class of the object to be created. -## </summary> -## </param> -## <param name="filename" optional="true"> -## <summary> -## Name of the file or directory created -## </summary> -## </param> -# -interface(`xdg_cache_home_filetrans',` - gen_require(` - type xdg_cache_home_t; - ') - - userdom_search_user_home_dirs($1) - - filetrans_pattern($1, xdg_cache_home_t, $2, $3, $4) - - xdg_create_cache_home_dirs($1) - xdg_generic_user_home_dir_filetrans_cache_home($1, dir, ".cache") -') - -######################################## -## <summary> -## Create objects in the user home dir with an automatic type transition to -## the xdg_cache_home_t type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## The class of the object to be created. -## </summary> -## </param> -## <param name="filename" optional="true"> -## <summary> -## Name of the directory created -## </summary> -## </param> -# -interface(`xdg_generic_user_home_dir_filetrans_cache_home',` - gen_require(` - type xdg_cache_home_t; - ') - - userdom_user_home_dir_filetrans($1, xdg_cache_home_t, $2, $3) -') - -######################################## -## <summary> -## Create xdg cache home directories -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_create_cache_home_dirs',` - gen_require(` - type xdg_cache_home_t; - ') - - allow $1 xdg_cache_home_t:dir create_dir_perms; -') - -######################################## -## <summary> -## Manage the xdg cache home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_manage_cache_home',` - gen_require(` - type xdg_cache_home_t; - ') - - manage_dirs_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - manage_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - allow $1 xdg_cache_home_t:file map; - manage_lnk_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - manage_fifo_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - manage_sock_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Manage all the xdg cache home files regardless of their specific type -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_manage_all_cache_home',` - gen_require(` - attribute xdg_cache_home_type; - ') - - manage_dirs_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - manage_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - allow $1 xdg_cache_home_type:file map; - manage_lnk_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - manage_fifo_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - manage_sock_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Allow relabeling the xdg cache home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_relabel_cache_home',` - gen_require(` - type xdg_cache_home_t; - ') - - relabel_dirs_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - relabel_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - relabel_lnk_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - relabel_fifo_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - relabel_sock_files_pattern($1, xdg_cache_home_t, xdg_cache_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Allow relabeling the xdg cache home files, regardless of their specific type -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_relabel_all_cache_home',` - gen_require(` - attribute xdg_cache_home_type; - ') - - relabel_dirs_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - relabel_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - relabel_lnk_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - relabel_fifo_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - relabel_sock_files_pattern($1, xdg_cache_home_type, xdg_cache_home_type) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Search through the xdg config home directories -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_search_config_home_dirs',` - gen_require(` - type xdg_config_home_t; - ') - - search_dirs_pattern($1, xdg_config_home_t, xdg_config_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Read the xdg config home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_read_config_home_files',` - gen_require(` - type xdg_config_home_t; - ') - - read_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - allow $1 xdg_config_home_t:file map; - list_dirs_pattern($1, xdg_config_home_t, xdg_config_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Read all xdg_config_home_type files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_read_all_config_home_files',` - gen_require(` - attribute xdg_config_home_type; - ') - - read_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - allow $1 xdg_config_home_type:file map; - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Create objects in an xdg_config_home directory -## with an automatic type transition to -## a specified private type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="private_type"> -## <summary> -## The type of the object to create. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## The class of the object to be created. -## </summary> -## </param> -## <param name="filename" optional="true"> -## <summary> -## Name of the file or directory created -## </summary> -## </param> -# -interface(`xdg_config_home_filetrans',` - gen_require(` - type xdg_config_home_t; - ') - - userdom_search_user_home_dirs($1) - - filetrans_pattern($1, xdg_config_home_t, $2, $3, $4) - - xdg_create_config_home_dirs($1) - xdg_generic_user_home_dir_filetrans_config_home($1, dir, ".config") - -') - -######################################## -## <summary> -## Create objects in the user home dir with an automatic type transition to -## the xdg_config_home_t type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## The class of the object to be created. -## </summary> -## </param> -## <param name="filename" optional="true"> -## <summary> -## Name of the directory created -## </summary> -## </param> -# -interface(`xdg_generic_user_home_dir_filetrans_config_home',` - gen_require(` - type xdg_config_home_t; - ') - - userdom_user_home_dir_filetrans($1, xdg_config_home_t, $2, $3) -') - -######################################## -## <summary> -## Create xdg config home directories -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_create_config_home_dirs',` - gen_require(` - type xdg_config_home_t; - ') - - allow $1 xdg_config_home_t:dir create_dir_perms; -') - -######################################## -## <summary> -## Manage the xdg config home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_manage_config_home',` - gen_require(` - type xdg_config_home_t; - ') - - manage_dirs_pattern($1, xdg_config_home_t, xdg_config_home_t) - manage_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - allow $1 xdg_config_home_t:file map; - manage_lnk_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - manage_fifo_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - manage_sock_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Manage all the xdg config home files regardless of their specific type -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_manage_all_config_home',` - gen_require(` - attribute xdg_config_home_type; - ') - - manage_dirs_pattern($1, xdg_config_home_type, xdg_config_home_type) - manage_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - allow $1 xdg_config_home_type:file map; - manage_lnk_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - manage_fifo_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - manage_sock_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Allow relabeling the xdg config home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_relabel_config_home',` - gen_require(` - type xdg_config_home_t; - ') - - relabel_dirs_pattern($1, xdg_config_home_t, xdg_config_home_t) - relabel_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - relabel_lnk_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - relabel_fifo_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - relabel_sock_files_pattern($1, xdg_config_home_t, xdg_config_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Allow relabeling the xdg config home files, regardless of their specific type -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_relabel_all_config_home',` - gen_require(` - attribute xdg_config_home_type; - ') - - relabel_dirs_pattern($1, xdg_config_home_type, xdg_config_home_type) - relabel_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - relabel_lnk_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - relabel_fifo_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - relabel_sock_files_pattern($1, xdg_config_home_type, xdg_config_home_type) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Read the xdg data home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_read_data_home_files',` - gen_require(` - type xdg_data_home_t; - ') - - read_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - allow $1 xdg_data_home_t:file map; - list_dirs_pattern($1, xdg_data_home_t, xdg_data_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Read all xdg_data_home_type files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_read_all_data_home_files',` - gen_require(` - attribute xdg_data_home_type; - ') - - read_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - allow $1 xdg_data_home_type:file map; - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Create objects in an xdg_data_home directory -## with an automatic type transition to -## a specified private type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="private_type"> -## <summary> -## The type of the object to create. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## The class of the object to be created. -## </summary> -## </param> -## <param name="filename" optional="true"> -## <summary> -## Optional name of the file or directory created -## </summary> -## </param> -# -interface(`xdg_data_home_filetrans',` - gen_require(` - type xdg_data_home_t; - ') - - userdom_search_user_home_dirs($1) - - filetrans_pattern($1, xdg_data_home_t, $2, $3, $4) - - xdg_create_data_home_dirs($1) - xdg_generic_user_home_dir_filetrans_data_home($1, dir, ".local") -') - -######################################## -## <summary> -## Create objects in the user home dir with an automatic type transition to -## the xdg_data_home_t type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## The class of the object to be created. -## </summary> -## </param> -## <param name="filename" optional="true"> -## <summary> -## Name of the directory created -## </summary> -## </param> -# -interface(`xdg_generic_user_home_dir_filetrans_data_home',` - gen_require(` - type xdg_data_home_t; - ') - - userdom_user_home_dir_filetrans($1, xdg_data_home_t, $2, $3) -') - -######################################## -## <summary> -## Create xdg data home directories -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_create_data_home_dirs',` - gen_require(` - type xdg_data_home_t; - ') - - allow $1 xdg_data_home_t:dir create_dir_perms; -') - -######################################## -## <summary> -## Manage the xdg data home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_manage_data_home',` - gen_require(` - type xdg_data_home_t; - ') - - manage_dirs_pattern($1, xdg_data_home_t, xdg_data_home_t) - manage_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - allow $1 xdg_data_home_t:file map; - manage_lnk_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - manage_fifo_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - manage_sock_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Manage all the xdg data home files, regardless of their specific type -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_manage_all_data_home',` - gen_require(` - attribute xdg_data_home_type; - ') - - manage_dirs_pattern($1, xdg_data_home_type, xdg_data_home_type) - manage_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - allow $1 xdg_data_home_type:file map; - manage_lnk_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - manage_fifo_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - manage_sock_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Allow relabeling the xdg data home files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_relabel_data_home',` - gen_require(` - type xdg_data_home_t; - ') - - relabel_dirs_pattern($1, xdg_data_home_t, xdg_data_home_t) - relabel_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - relabel_lnk_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - relabel_fifo_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - relabel_sock_files_pattern($1, xdg_data_home_t, xdg_data_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################## -## <summary> -## Allow relabeling the xdg data home files, regardless of their type -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`xdg_relabel_all_data_home',` - gen_require(` - attribute xdg_data_home_type; - ') - - relabel_dirs_pattern($1, xdg_data_home_type, xdg_data_home_type) - relabel_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - relabel_lnk_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - relabel_fifo_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - relabel_sock_files_pattern($1, xdg_data_home_type, xdg_data_home_type) - - userdom_search_user_home_dirs($1) -') - -######################################### -## <summary> -## Read downloaded content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_read_downloads_home',` - gen_require(` - type xdg_downloads_home_t; - ') - - read_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - allow $1 xdg_downloads_home_t:file map; - list_dirs_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - read_lnk_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################### -## <summary> -## Read user video content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_read_videos_home',` - gen_require(` - type xdg_videos_home_t; - ') - - read_files_pattern($1, xdg_videos_home_t, xdg_videos_home_t) - allow $1 xdg_videos_home_t:file map; - list_dirs_pattern($1, xdg_videos_home_t, xdg_videos_home_t) - read_lnk_files_pattern($1, xdg_videos_home_t, xdg_videos_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################### -## <summary> -## Read user pictures content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_read_pictures_home',` - gen_require(` - type xdg_pictures_home_t; - ') - - read_files_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) - allow $1 xdg_pictures_home_t:file map; - list_dirs_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) - read_lnk_files_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################### -## <summary> -## Read user music content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_read_music_home',` - gen_require(` - type xdg_music_home_t; - ') - - read_files_pattern($1, xdg_music_home_t, xdg_music_home_t) - allow $1 xdg_music_home_t:file map; - list_dirs_pattern($1, xdg_music_home_t, xdg_music_home_t) - read_lnk_files_pattern($1, xdg_music_home_t, xdg_music_home_t) - - userdom_search_user_home_dirs($1) -') - -######################################### -## <summary> -## Create downloaded content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_create_downloads_home',` - gen_require(` - type xdg_downloads_home_t; - ') - - create_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - allow $1 xdg_downloads_home_t:file map; - - userdom_search_user_home_dirs($1) -') - -######################################### -## <summary> -## Write downloaded content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_write_downloads_home',` - gen_require(` - type xdg_downloads_home_t; - ') - - write_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - allow $1 xdg_downloads_home_t:file map; - - userdom_search_user_home_dirs($1) -') - -######################################### -## <summary> -## Manage downloaded content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_manage_downloads_home',` - gen_require(` - type xdg_downloads_home_t; - ') - - manage_dirs_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - manage_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - manage_lnk_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t) - allow $1 xdg_downloads_home_t:file map; -') - -######################################### -## <summary> -## Manage documents content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_manage_documents_home',` - gen_require(` - type xdg_documents_home_t; - ') - - manage_dirs_pattern($1, xdg_documents_home_t, xdg_documents_home_t) - manage_files_pattern($1, xdg_documents_home_t, xdg_documents_home_t) - manage_lnk_files_pattern($1, xdg_documents_home_t, xdg_documents_home_t) - allow $1 xdg_documents_home_t:file map; -') - -######################################### -## <summary> -## Manage music content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_manage_music_home',` - gen_require(` - type xdg_music_home_t; - ') - - manage_dirs_pattern($1, xdg_music_home_t, xdg_music_home_t) - manage_files_pattern($1, xdg_music_home_t, xdg_music_home_t) - manage_lnk_files_pattern($1, xdg_music_home_t, xdg_music_home_t) - allow $1 xdg_music_home_t:file map; -') - -######################################### -## <summary> -## Manage pictures content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_manage_pictures_home',` - gen_require(` - type xdg_pictures_home_t; - ') - - manage_dirs_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) - manage_files_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) - manage_lnk_files_pattern($1, xdg_pictures_home_t, xdg_pictures_home_t) - allow $1 xdg_pictures_home_t:file map; -') - -######################################### -## <summary> -## Manage video content -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access -## </summary> -## </param> -# -interface(`xdg_manage_videos_home',` - gen_require(` - type xdg_videos_home_t; - ') - - manage_dirs_pattern($1, xdg_videos_home_t, xdg_videos_home_t) - manage_files_pattern($1, xdg_videos_home_t, xdg_videos_home_t) - manage_lnk_files_pattern($1, xdg_videos_home_t, xdg_videos_home_t) - allow $1 xdg_videos_home_t:file map; -') diff --git a/policy/modules/contrib/xdg.te b/policy/modules/contrib/xdg.te deleted file mode 100644 index 5ec1a128d..000000000 --- a/policy/modules/contrib/xdg.te +++ /dev/null @@ -1,44 +0,0 @@ -policy_module(xdg, 1.0.0) - -######################################## -# -# Declarations -# - -attribute xdg_data_home_type; - -attribute xdg_config_home_type; - -attribute xdg_cache_home_type; - -# Not used but keep this at least two releases -# We have noticed that the userdom_manage_home_role call to the xdg functions -# seems to fail due to this attribute type not existing anymore while the -# build seems to still require it. By waiting a couple of releases we can be more -# confident that no calls to xdg_runtime_* are used anymore. -attribute xdg_runtime_home_type; - -type xdg_data_home_t; -xdg_data_home_content(xdg_data_home_t) - -type xdg_config_home_t; -xdg_config_home_content(xdg_config_home_t) - -type xdg_cache_home_t; -xdg_cache_home_content(xdg_cache_home_t) - -# Various user location types (see ~/.config/user-dirs.dirs) -type xdg_downloads_home_t; # customizable -userdom_user_home_content(xdg_downloads_home_t) - -type xdg_documents_home_t; # customizable -userdom_user_home_content(xdg_documents_home_t) - -type xdg_music_home_t; # customizable -userdom_user_home_content(xdg_music_home_t) - -type xdg_pictures_home_t; # customizable -userdom_user_home_content(xdg_pictures_home_t) - -type xdg_videos_home_t; # customizable -userdom_user_home_content(xdg_videos_home_t) |