##
## Freedesktop standard locations (formerly known as X Desktop Group)
##
########################################
##
## Mark the selected type as an xdg_cache_type
##
##
##
## Type to give the xdg_cache_type attribute to
##
##
#
interface(`xdg_cache_content',`
gen_require(`
attribute xdg_cache_type;
')
typeattribute $1 xdg_cache_type;
userdom_user_home_content($1)
')
########################################
##
## Mark the selected type as an xdg_config_type
##
##
##
## Type to give the xdg_config_type attribute to
##
##
#
interface(`xdg_config_content',`
gen_require(`
attribute xdg_config_type;
')
typeattribute $1 xdg_config_type;
userdom_user_home_content($1)
')
########################################
##
## Mark the selected type as an xdg_data_type
##
##
##
## Type to give the xdg_data_type attribute to
##
##
#
interface(`xdg_data_content',`
gen_require(`
attribute xdg_data_type;
')
typeattribute $1 xdg_data_type;
userdom_user_home_content($1)
')
########################################
##
## Search through the xdg cache home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_search_cache_dirs',`
gen_require(`
type xdg_cache_t;
')
search_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg cache home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_cache_dirs',`
gen_require(`
type xdg_cache_t;
')
allow $1 xdg_cache_t:dir watch;
')
########################################
##
## Watch all the xdg cache home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_all_cache_dirs',`
gen_require(`
attribute xdg_cache_type;
')
allow $1 xdg_cache_type:dir watch;
')
########################################
##
## Read the xdg cache home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_read_cache_files',`
gen_require(`
type xdg_cache_t;
')
read_files_pattern($1, xdg_cache_t, xdg_cache_t)
allow $1 xdg_cache_t:file map;
list_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
read_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Read all xdg_cache_type files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_read_all_cache_files',`
gen_require(`
attribute xdg_cache_type;
')
read_files_pattern($1, xdg_cache_type, xdg_cache_type)
allow $1 xdg_cache_type:file map;
list_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
read_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Create objects in an xdg_cache directory
## with an automatic type transition to
## a specified private type.
##
##
##
## Domain allowed access.
##
##
##
##
## The type of the object to create.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the file or directory created
##
##
#
interface(`xdg_cache_filetrans',`
gen_require(`
type xdg_cache_t;
')
userdom_search_user_home_dirs($1)
filetrans_pattern($1, xdg_cache_t, $2, $3, $4)
xdg_create_cache_dirs($1)
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_cache_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_cache',`
gen_require(`
type xdg_cache_t;
')
userdom_user_home_dir_filetrans($1, xdg_cache_t, $2, $3)
')
########################################
##
## Create xdg cache home directories
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_create_cache_dirs',`
gen_require(`
type xdg_cache_t;
')
allow $1 xdg_cache_t:dir create_dir_perms;
')
########################################
##
## Manage the xdg cache home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_manage_cache',`
gen_require(`
type xdg_cache_t;
')
manage_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
manage_files_pattern($1, xdg_cache_t, xdg_cache_t)
allow $1 xdg_cache_t:file map;
manage_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
manage_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
manage_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Manage all the xdg cache home files regardless of their specific type
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_manage_all_cache',`
gen_require(`
attribute xdg_cache_type;
')
manage_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
manage_files_pattern($1, xdg_cache_type, xdg_cache_type)
allow $1 xdg_cache_type:file map;
manage_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
manage_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
manage_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Allow relabeling the xdg cache home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_cache',`
gen_require(`
type xdg_cache_t;
')
relabel_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_files_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Allow relabeling the xdg cache home files, regardless of their specific type
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_all_cache',`
gen_require(`
attribute xdg_cache_type;
')
relabel_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_files_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Search through the xdg config home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_search_config_dirs',`
gen_require(`
type xdg_config_t;
')
search_dirs_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg config home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_config_dirs',`
gen_require(`
type xdg_config_t;
')
allow $1 xdg_config_t:dir watch;
')
########################################
##
## Watch all the xdg config home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_all_config_dirs',`
gen_require(`
attribute xdg_config_type;
')
allow $1 xdg_config_type:dir watch;
')
########################################
##
## Read the xdg config home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_read_config_files',`
gen_require(`
type xdg_config_t;
')
read_files_pattern($1, xdg_config_t, xdg_config_t)
allow $1 xdg_config_t:file map;
list_dirs_pattern($1, xdg_config_t, xdg_config_t)
read_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Read all xdg_config_type files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_read_all_config_files',`
gen_require(`
attribute xdg_config_type;
')
read_files_pattern($1, xdg_config_type, xdg_config_type)
allow $1 xdg_config_type:file map;
list_dirs_pattern($1, xdg_config_type, xdg_config_type)
read_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Create objects in an xdg_config directory
## with an automatic type transition to
## a specified private type.
##
##
##
## Domain allowed access.
##
##
##
##
## The type of the object to create.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the file or directory created
##
##
#
interface(`xdg_config_filetrans',`
gen_require(`
type xdg_config_t;
')
userdom_search_user_home_dirs($1)
filetrans_pattern($1, xdg_config_t, $2, $3, $4)
xdg_create_config_dirs($1)
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_config_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_config',`
gen_require(`
type xdg_config_t;
')
userdom_user_home_dir_filetrans($1, xdg_config_t, $2, $3)
')
########################################
##
## Create xdg config home directories
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_create_config_dirs',`
gen_require(`
type xdg_config_t;
')
allow $1 xdg_config_t:dir create_dir_perms;
')
########################################
##
## Manage the xdg config home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_manage_config',`
gen_require(`
type xdg_config_t;
')
manage_dirs_pattern($1, xdg_config_t, xdg_config_t)
manage_files_pattern($1, xdg_config_t, xdg_config_t)
allow $1 xdg_config_t:file map;
manage_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
manage_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
manage_sock_files_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Manage all the xdg config home files regardless of their specific type
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_manage_all_config',`
gen_require(`
attribute xdg_config_type;
')
manage_dirs_pattern($1, xdg_config_type, xdg_config_type)
manage_files_pattern($1, xdg_config_type, xdg_config_type)
allow $1 xdg_config_type:file map;
manage_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
manage_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
manage_sock_files_pattern($1, xdg_config_type, xdg_config_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Allow relabeling the xdg config home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_config',`
gen_require(`
type xdg_config_t;
')
relabel_dirs_pattern($1, xdg_config_t, xdg_config_t)
relabel_files_pattern($1, xdg_config_t, xdg_config_t)
relabel_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
relabel_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
relabel_sock_files_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Allow relabeling the xdg config home files, regardless of their specific type
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_all_config',`
gen_require(`
attribute xdg_config_type;
')
relabel_dirs_pattern($1, xdg_config_type, xdg_config_type)
relabel_files_pattern($1, xdg_config_type, xdg_config_type)
relabel_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
relabel_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
relabel_sock_files_pattern($1, xdg_config_type, xdg_config_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg data home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_data_dirs',`
gen_require(`
type xdg_data_t;
')
allow $1 xdg_data_t:dir watch;
')
########################################
##
## Watch all the xdg data home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_all_data_dirs',`
gen_require(`
attribute xdg_data_type;
')
allow $1 xdg_data_type:dir watch;
')
########################################
##
## Read the xdg data home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_read_data_files',`
gen_require(`
type xdg_data_t;
')
read_files_pattern($1, xdg_data_t, xdg_data_t)
allow $1 xdg_data_t:file map;
list_dirs_pattern($1, xdg_data_t, xdg_data_t)
read_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Read all xdg_data_type files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_read_all_data_files',`
gen_require(`
attribute xdg_data_type;
')
read_files_pattern($1, xdg_data_type, xdg_data_type)
allow $1 xdg_data_type:file map;
list_dirs_pattern($1, xdg_data_type, xdg_data_type)
read_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Create objects in an xdg_data directory
## with an automatic type transition to
## a specified private type.
##
##
##
## Domain allowed access.
##
##
##
##
## The type of the object to create.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Optional name of the file or directory created
##
##
#
interface(`xdg_data_filetrans',`
gen_require(`
type xdg_data_t;
')
userdom_search_user_home_dirs($1)
filetrans_pattern($1, xdg_data_t, $2, $3, $4)
xdg_create_data_dirs($1)
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_data_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_data',`
gen_require(`
type xdg_data_t;
')
userdom_user_home_dir_filetrans($1, xdg_data_t, $2, $3)
')
########################################
##
## Create xdg data home directories
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_create_data_dirs',`
gen_require(`
type xdg_data_t;
')
allow $1 xdg_data_t:dir create_dir_perms;
')
########################################
##
## Manage the xdg data home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_manage_data',`
gen_require(`
type xdg_data_t;
')
manage_dirs_pattern($1, xdg_data_t, xdg_data_t)
manage_files_pattern($1, xdg_data_t, xdg_data_t)
allow $1 xdg_data_t:file map;
manage_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
manage_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
manage_sock_files_pattern($1, xdg_data_t, xdg_data_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Manage all the xdg data home files, regardless of their specific type
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_manage_all_data',`
gen_require(`
attribute xdg_data_type;
')
manage_dirs_pattern($1, xdg_data_type, xdg_data_type)
manage_files_pattern($1, xdg_data_type, xdg_data_type)
allow $1 xdg_data_type:file map;
manage_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
manage_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
manage_sock_files_pattern($1, xdg_data_type, xdg_data_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Allow relabeling the xdg data home files
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_data',`
gen_require(`
type xdg_data_t;
')
relabel_dirs_pattern($1, xdg_data_t, xdg_data_t)
relabel_files_pattern($1, xdg_data_t, xdg_data_t)
relabel_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
relabel_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
relabel_sock_files_pattern($1, xdg_data_t, xdg_data_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Allow relabeling the xdg data home files, regardless of their type
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_all_data',`
gen_require(`
attribute xdg_data_type;
')
relabel_dirs_pattern($1, xdg_data_type, xdg_data_type)
relabel_files_pattern($1, xdg_data_type, xdg_data_type)
relabel_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
relabel_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
relabel_sock_files_pattern($1, xdg_data_type, xdg_data_type)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg documents home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_documents_dirs',`
gen_require(`
type xdg_documents_t;
')
allow $1 xdg_documents_t:dir watch;
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_documents_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_documents',`
gen_require(`
type xdg_documents_t;
')
userdom_user_home_dir_filetrans($1, xdg_documents_t, $2, $3)
')
#########################################
##
## Manage documents content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_manage_documents',`
gen_require(`
type xdg_documents_t;
')
manage_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
manage_files_pattern($1, xdg_documents_t, xdg_documents_t)
allow $1 xdg_documents_t:file map;
manage_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
')
########################################
##
## Allow relabeling the documents resources
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_documents',`
gen_require(`
type xdg_documents_t;
')
relabel_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
relabel_files_pattern($1, xdg_documents_t, xdg_documents_t)
relabel_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg downloads home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_downloads_dirs',`
gen_require(`
type xdg_downloads_t;
')
allow $1 xdg_downloads_t:dir watch;
')
#########################################
##
## Read downloaded content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_read_downloads',`
gen_require(`
type xdg_downloads_t;
')
read_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
allow $1 xdg_downloads_t:file map;
list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
#########################################
##
## Create downloaded content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_create_downloads',`
gen_require(`
type xdg_downloads_t;
')
create_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
allow $1 xdg_downloads_t:file map;
create_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
create_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
#########################################
##
## Write downloaded content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_write_downloads',`
gen_require(`
type xdg_downloads_t;
')
write_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
allow $1 xdg_downloads_t:file map;
list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_downloads_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_downloads',`
gen_require(`
type xdg_downloads_t;
')
userdom_user_home_dir_filetrans($1, xdg_downloads_t, $2, $3)
')
#########################################
##
## Manage downloaded content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_manage_downloads',`
gen_require(`
type xdg_downloads_t;
')
manage_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
manage_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
allow $1 xdg_downloads_t:file map;
manage_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
')
########################################
##
## Allow relabeling the downloads resources
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_downloads',`
gen_require(`
type xdg_downloads_t;
')
relabel_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
relabel_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
relabel_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg pictures home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_pictures_dirs',`
gen_require(`
type xdg_pictures_t;
')
allow $1 xdg_pictures_t:dir watch;
')
#########################################
##
## Read user pictures content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_read_pictures',`
gen_require(`
type xdg_pictures_t;
')
read_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
allow $1 xdg_pictures_t:file map;
list_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
read_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_pictures_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_pictures',`
gen_require(`
type xdg_pictures_t;
')
userdom_user_home_dir_filetrans($1, xdg_pictures_t, $2, $3)
')
#########################################
##
## Manage pictures content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_manage_pictures',`
gen_require(`
type xdg_pictures_t;
')
manage_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
manage_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
allow $1 xdg_pictures_t:file map;
manage_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
')
########################################
##
## Allow relabeling the pictures resources
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_pictures',`
gen_require(`
type xdg_pictures_t;
')
relabel_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
relabel_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
relabel_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg music home directories
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_music_dirs',`
gen_require(`
type xdg_music_t;
')
allow $1 xdg_music_t:dir watch;
')
#########################################
##
## Read user music content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_read_music',`
gen_require(`
type xdg_music_t;
')
read_files_pattern($1, xdg_music_t, xdg_music_t)
allow $1 xdg_music_t:file map;
list_dirs_pattern($1, xdg_music_t, xdg_music_t)
read_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_pictures_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_music',`
gen_require(`
type xdg_music_t;
')
userdom_user_home_dir_filetrans($1, xdg_music_t, $2, $3)
')
#########################################
##
## Manage music content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_manage_music',`
gen_require(`
type xdg_music_t;
')
manage_dirs_pattern($1, xdg_music_t, xdg_music_t)
manage_files_pattern($1, xdg_music_t, xdg_music_t)
allow $1 xdg_music_t:file map;
manage_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
')
########################################
##
## Allow relabeling the music resources
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_music',`
gen_require(`
type xdg_music_t;
')
relabel_dirs_pattern($1, xdg_music_t, xdg_music_t)
relabel_files_pattern($1, xdg_music_t, xdg_music_t)
relabel_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Watch the xdg video content
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_watch_videos_dirs',`
gen_require(`
type xdg_videos_t;
')
allow $1 xdg_videos_t:dir watch;
')
#########################################
##
## Read user video content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_read_videos',`
gen_require(`
type xdg_videos_t;
')
read_files_pattern($1, xdg_videos_t, xdg_videos_t)
allow $1 xdg_videos_t:file map;
list_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
read_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
userdom_search_user_home_dirs($1)
')
########################################
##
## Create objects in the user home dir with an automatic type transition to
## the xdg_videos_t type.
##
##
##
## Domain allowed access.
##
##
##
##
## The class of the object to be created.
##
##
##
##
## Name of the directory created
##
##
#
interface(`xdg_generic_user_home_dir_filetrans_videos',`
gen_require(`
type xdg_videos_t;
')
userdom_user_home_dir_filetrans($1, xdg_videos_t, $2, $3)
')
#########################################
##
## Manage video content
##
##
##
## Domain allowed access
##
##
#
interface(`xdg_manage_videos',`
gen_require(`
type xdg_videos_t;
')
manage_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
manage_files_pattern($1, xdg_videos_t, xdg_videos_t)
allow $1 xdg_videos_t:file map;
manage_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
')
########################################
##
## Allow relabeling the videos resources
##
##
##
## Domain allowed access.
##
##
#
interface(`xdg_relabel_videos',`
gen_require(`
type xdg_videos_t;
')
relabel_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
relabel_files_pattern($1, xdg_videos_t, xdg_videos_t)
relabel_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
userdom_search_user_home_dirs($1)
')