selinux-refpolicy/policy/modules/apps/libmtp.te

61 lines
1.3 KiB
Plaintext
Raw Normal View History

policy_module(libmtp, 1.1.1)
##############################
#
# Declarations
#
## <desc>
## <p>
## Determine whether libmtp can read
## and manage the user home directories
## and files.
## </p>
## </desc>
gen_tunable(libmtp_enable_home_dirs, false)
attribute_role libmtp_roles;
type libmtp_t;
type libmtp_exec_t;
userdom_user_application_domain(libmtp_t, libmtp_exec_t)
role libmtp_roles types libmtp_t;
type libmtp_home_t;
userdom_user_home_content(libmtp_home_t)
##############################
#
# libmtp local policy
#
allow libmtp_t self:capability sys_tty_config;
allow libmtp_t self:netlink_kobject_uevent_socket create_socket_perms;
allow libmtp_t self:fifo_file rw_fifo_file_perms;
allow libmtp_t libmtp_home_t:file manage_file_perms;
userdom_user_home_dir_filetrans(libmtp_t, libmtp_home_t, file, ".mtpz-data")
dev_read_sysfs(libmtp_t)
dev_rw_generic_usb_dev(libmtp_t)
domain_use_interactive_fds(libmtp_t)
files_read_etc_files(libmtp_t)
term_use_unallocated_ttys(libmtp_t)
miscfiles_read_localization(libmtp_t)
userdom_use_inherited_user_terminals(libmtp_t)
optional_policy(`
udev_read_runtime_files(libmtp_t)
')
tunable_policy(`libmtp_enable_home_dirs',`
userdom_manage_user_home_content_files(libmtp_t)
userdom_read_user_home_content_symlinks(libmtp_t)
userdom_user_home_dir_filetrans_user_home_content(libmtp_t, file )
')