policy_module(libmtp, 1.1.0) ############################## # # Declarations # ## ##

## Determine whether libmtp can read ## and manage the user home directories ## and files. ##

##
gen_tunable(libmtp_enable_home_dirs, false) attribute_role libmtp_roles; type libmtp_t; type libmtp_exec_t; userdom_user_application_domain(libmtp_t, libmtp_exec_t) role libmtp_roles types libmtp_t; type libmtp_home_t; userdom_user_home_content(libmtp_home_t) ############################## # # libmtp local policy # allow libmtp_t self:capability sys_tty_config; allow libmtp_t self:netlink_kobject_uevent_socket create_socket_perms; allow libmtp_t self:fifo_file rw_fifo_file_perms; allow libmtp_t libmtp_home_t:file manage_file_perms; userdom_user_home_dir_filetrans(libmtp_t, libmtp_home_t, file, ".mtpz-data") dev_read_sysfs(libmtp_t) dev_rw_generic_usb_dev(libmtp_t) domain_use_interactive_fds(libmtp_t) files_read_etc_files(libmtp_t) term_use_unallocated_ttys(libmtp_t) miscfiles_read_localization(libmtp_t) userdom_use_inherited_user_terminals(libmtp_t) optional_policy(` udev_read_runtime_files(libmtp_t) ') tunable_policy(`libmtp_enable_home_dirs',` userdom_manage_user_home_content_files(libmtp_t) userdom_read_user_home_content_symlinks(libmtp_t) userdom_user_home_dir_filetrans_user_home_content(libmtp_t, file ) ')