blob: 7eb27c400e3dca8bd2b80a4d53e41e6122902ab0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
policy_module(libmtp, 1.1.0)
##############################
#
# Declarations
#
## <desc>
## <p>
## Determine whether libmtp can read
## and manage the user home directories
## and files.
## </p>
## </desc>
gen_tunable(libmtp_enable_home_dirs, false)
attribute_role libmtp_roles;
type libmtp_t;
type libmtp_exec_t;
userdom_user_application_domain(libmtp_t, libmtp_exec_t)
role libmtp_roles types libmtp_t;
type libmtp_home_t;
userdom_user_home_content(libmtp_home_t)
##############################
#
# libmtp local policy
#
allow libmtp_t self:capability sys_tty_config;
allow libmtp_t self:netlink_kobject_uevent_socket create_socket_perms;
allow libmtp_t self:fifo_file rw_fifo_file_perms;
allow libmtp_t libmtp_home_t:file manage_file_perms;
userdom_user_home_dir_filetrans(libmtp_t, libmtp_home_t, file, ".mtpz-data")
dev_read_sysfs(libmtp_t)
dev_rw_generic_usb_dev(libmtp_t)
domain_use_interactive_fds(libmtp_t)
files_read_etc_files(libmtp_t)
term_use_unallocated_ttys(libmtp_t)
miscfiles_read_localization(libmtp_t)
userdom_use_inherited_user_terminals(libmtp_t)
optional_policy(`
udev_read_pid_files(libmtp_t)
')
tunable_policy(`libmtp_enable_home_dirs',`
userdom_manage_user_home_content_files(libmtp_t)
userdom_read_user_home_content_symlinks(libmtp_t)
userdom_user_home_dir_filetrans_user_home_content(libmtp_t, file )
')
|
GitWeb
