selinux-refpolicy/policy/modules/system/xdg.if
Sven Vermeulen 0a4d55da7a freedesktop location support
Introduce various freedesktop locations, based on the base directory
specification [1]. The new locations are introduced as a separate module
to keep the rules related to these specifications isolated from the main
user domain (which is already one of the biggest modules code-wise).

Right now, two distinct location groups are provided, one being the set
of locations that will have domain-specific types, and one that remains
generic for end users.

The first set of types are:
- XDG Cache location, meant for non-essential cached data. The base type
  here is xdg_cache_t, which is generally at $HOME/.cache
- XDG Data location, for user-specific data. The base type here is
  xdg_data_t, which is generally at $HOME/.local
- XDG Config location, for user-specific configuration files. The base
  type here is xdg_config_t, which is generally at $HOME/.config

The idea here is to provide support for domain-specific files as well.
For instance, Chromium has its user-specific configuration files in
~/.config/chromium, which is then marked as chromium_xdg_config_t.

This allows for isolation of potentially sensitive information from
regular user application domains. Firefox for instance should not be
able to read user configuration data from unrelated applications.

The second set of types are:
- User documents, with xdg_documents_t as the type. This is
  generally for the ~/Documents location.
- User downloads, with xdg_downloads_t as the type. This is
  generally for the ~/Downloads location.
- User music, with xdg_music_t as the type. This is generally for
  the ~/Music location.
- User pictures, with xdg_pictures_t as the type. This is generally
  for the ~/Pictures location.
- User videos, with xdg_videos_t as the type. This is generally for
  the ~/Videos location.

Alongside the type definitions, a number of access interfaces are
defined to support the use of these types, and for the first set to
enable the necessary file transitions.

[1] https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2018-06-10 13:23:01 -04:00

1232 lines
26 KiB
Plaintext

## <summary>
## Freedesktop standard locations (formerly known as X Desktop Group)
## </summary>
########################################
## <summary>
## Mark the selected type as an xdg_cache_type
## </summary>
## <param name="type">
## <summary>
## Type to give the xdg_cache_type attribute to
## </summary>
## </param>
#
interface(`xdg_cache_content',`
gen_require(`
attribute xdg_cache_type;
')
typeattribute $1 xdg_cache_type;
userdom_user_home_content($1)
')
########################################
## <summary>
## Mark the selected type as an xdg_config_type
## </summary>
## <param name="type">
## <summary>
## Type to give the xdg_config_type attribute to
## </summary>
## </param>
#
interface(`xdg_config_content',`
gen_require(`
attribute xdg_config_type;
')
typeattribute $1 xdg_config_type;
userdom_user_home_content($1)
')
########################################
## <summary>
## Mark the selected type as an xdg_data_type
## </summary>
## <param name="type">
## <summary>
## Type to give the xdg_data_type attribute to
## </summary>
## </param>
#
interface(`xdg_data_content',`
gen_require(`
attribute xdg_data_type;
')
typeattribute $1 xdg_data_type;
userdom_user_home_content($1)
')
########################################
## <summary>
## Read the xdg cache home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_read_cache_files',`
gen_require(`
type xdg_cache_t;
')
read_files_pattern($1, xdg_cache_t, xdg_cache_t)
list_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Read all xdg_cache_type files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_read_all_cache_files',`
gen_require(`
attribute xdg_cache_type;
')
read_files_pattern($1, xdg_cache_type, xdg_cache_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in an xdg_cache directory
## with an automatic type transition to
## a specified private type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="private_type">
## <summary>
## The type of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the file or directory created
## </summary>
## </param>
#
interface(`xdg_cache_filetrans',`
gen_require(`
type xdg_cache_t;
')
userdom_search_user_home_dirs($1)
filetrans_pattern($1, xdg_cache_t, $2, $3, $4)
xdg_create_cache_dirs($1)
xdg_generic_user_home_dir_filetrans_cache($1, dir, ".cache")
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_cache_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_cache',`
gen_require(`
type xdg_cache_t;
')
userdom_user_home_dir_filetrans($1, xdg_cache_t, $2, $3)
')
########################################
## <summary>
## Create xdg cache home directories
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_create_cache_dirs',`
gen_require(`
type xdg_cache_t;
')
allow $1 xdg_cache_t:dir create_dir_perms;
')
########################################
## <summary>
## Manage the xdg cache home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_manage_cache',`
gen_require(`
type xdg_cache_t;
')
manage_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
manage_files_pattern($1, xdg_cache_t, xdg_cache_t)
manage_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
manage_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
manage_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Manage all the xdg cache home files regardless of their specific type
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_manage_all_cache',`
gen_require(`
attribute xdg_cache_type;
')
manage_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
manage_files_pattern($1, xdg_cache_type, xdg_cache_type)
manage_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
manage_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
manage_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Allow relabeling the xdg cache home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_cache',`
gen_require(`
type xdg_cache_t;
')
relabel_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_files_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
relabel_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Allow relabeling the xdg cache home files, regardless of their specific type
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_all_cache',`
gen_require(`
attribute xdg_cache_type;
')
relabel_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_files_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
relabel_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Search through the xdg config home directories
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_search_config_dirs',`
gen_require(`
type xdg_config_t;
')
search_dirs_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Read the xdg config home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_read_config_files',`
gen_require(`
type xdg_config_t;
')
read_files_pattern($1, xdg_config_t, xdg_config_t)
list_dirs_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Read all xdg_config_type files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_read_all_config_files',`
gen_require(`
attribute xdg_config_type;
')
read_files_pattern($1, xdg_config_type, xdg_config_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in an xdg_config directory
## with an automatic type transition to
## a specified private type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="private_type">
## <summary>
## The type of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the file or directory created
## </summary>
## </param>
#
interface(`xdg_config_filetrans',`
gen_require(`
type xdg_config_t;
')
userdom_search_user_home_dirs($1)
filetrans_pattern($1, xdg_config_t, $2, $3, $4)
xdg_create_config_dirs($1)
xdg_generic_user_home_dir_filetrans_config($1, dir, ".config")
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_config_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_config',`
gen_require(`
type xdg_config_t;
')
userdom_user_home_dir_filetrans($1, xdg_config_t, $2, $3)
')
########################################
## <summary>
## Create xdg config home directories
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_create_config_dirs',`
gen_require(`
type xdg_config_t;
')
allow $1 xdg_config_t:dir create_dir_perms;
')
########################################
## <summary>
## Manage the xdg config home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_manage_config',`
gen_require(`
type xdg_config_t;
')
manage_dirs_pattern($1, xdg_config_t, xdg_config_t)
manage_files_pattern($1, xdg_config_t, xdg_config_t)
manage_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
manage_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
manage_sock_files_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Manage all the xdg config home files regardless of their specific type
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_manage_all_config',`
gen_require(`
attribute xdg_config_type;
')
manage_dirs_pattern($1, xdg_config_type, xdg_config_type)
manage_files_pattern($1, xdg_config_type, xdg_config_type)
manage_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
manage_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
manage_sock_files_pattern($1, xdg_config_type, xdg_config_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Allow relabeling the xdg config home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_config',`
gen_require(`
type xdg_config_t;
')
relabel_dirs_pattern($1, xdg_config_t, xdg_config_t)
relabel_files_pattern($1, xdg_config_t, xdg_config_t)
relabel_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
relabel_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
relabel_sock_files_pattern($1, xdg_config_t, xdg_config_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Allow relabeling the xdg config home files, regardless of their specific type
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_all_config',`
gen_require(`
attribute xdg_config_type;
')
relabel_dirs_pattern($1, xdg_config_type, xdg_config_type)
relabel_files_pattern($1, xdg_config_type, xdg_config_type)
relabel_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
relabel_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
relabel_sock_files_pattern($1, xdg_config_type, xdg_config_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Read the xdg data home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_read_data_files',`
gen_require(`
type xdg_data_t;
')
read_files_pattern($1, xdg_data_t, xdg_data_t)
list_dirs_pattern($1, xdg_data_t, xdg_data_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Read all xdg_data_type files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_read_all_data_files',`
gen_require(`
attribute xdg_data_type;
')
read_files_pattern($1, xdg_data_type, xdg_data_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in an xdg_data directory
## with an automatic type transition to
## a specified private type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="private_type">
## <summary>
## The type of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Optional name of the file or directory created
## </summary>
## </param>
#
interface(`xdg_data_filetrans',`
gen_require(`
type xdg_data_t;
')
userdom_search_user_home_dirs($1)
filetrans_pattern($1, xdg_data_t, $2, $3, $4)
xdg_create_data_dirs($1)
xdg_generic_user_home_dir_filetrans_data($1, dir, ".local")
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_data_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_data',`
gen_require(`
type xdg_data_t;
')
userdom_user_home_dir_filetrans($1, xdg_data_t, $2, $3)
')
########################################
## <summary>
## Create xdg data home directories
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_create_data_dirs',`
gen_require(`
type xdg_data_t;
')
allow $1 xdg_data_t:dir create_dir_perms;
')
########################################
## <summary>
## Manage the xdg data home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_manage_data',`
gen_require(`
type xdg_data_t;
')
manage_dirs_pattern($1, xdg_data_t, xdg_data_t)
manage_files_pattern($1, xdg_data_t, xdg_data_t)
manage_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
manage_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
manage_sock_files_pattern($1, xdg_data_t, xdg_data_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Manage all the xdg data home files, regardless of their specific type
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_manage_all_data',`
gen_require(`
attribute xdg_data_type;
')
manage_dirs_pattern($1, xdg_data_type, xdg_data_type)
manage_files_pattern($1, xdg_data_type, xdg_data_type)
manage_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
manage_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
manage_sock_files_pattern($1, xdg_data_type, xdg_data_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Allow relabeling the xdg data home files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_data',`
gen_require(`
type xdg_data_t;
')
relabel_dirs_pattern($1, xdg_data_t, xdg_data_t)
relabel_files_pattern($1, xdg_data_t, xdg_data_t)
relabel_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
relabel_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
relabel_sock_files_pattern($1, xdg_data_t, xdg_data_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Allow relabeling the xdg data home files, regardless of their type
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_all_data',`
gen_require(`
attribute xdg_data_type;
')
relabel_dirs_pattern($1, xdg_data_type, xdg_data_type)
relabel_files_pattern($1, xdg_data_type, xdg_data_type)
relabel_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
relabel_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
relabel_sock_files_pattern($1, xdg_data_type, xdg_data_type)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_documents_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_documents',`
gen_require(`
type xdg_documents_t;
')
userdom_user_home_dir_filetrans($1, xdg_documents_t, $2, $3)
')
#########################################
## <summary>
## Manage documents content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_manage_documents',`
gen_require(`
type xdg_documents_t;
')
manage_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
manage_files_pattern($1, xdg_documents_t, xdg_documents_t)
')
########################################
## <summary>
## Allow relabeling the documents resources
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_documents',`
gen_require(`
type xdg_documents_t;
')
relabel_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
relabel_files_pattern($1, xdg_documents_t, xdg_documents_t)
relabel_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
userdom_search_user_home_dirs($1)
')
#########################################
## <summary>
## Read downloaded content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_read_downloads',`
gen_require(`
type xdg_downloads_t;
')
read_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
#########################################
## <summary>
## Create downloaded content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_create_downloads',`
gen_require(`
type xdg_downloads_t;
')
create_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
#########################################
## <summary>
## Write downloaded content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_write_downloads',`
gen_require(`
type xdg_downloads_t;
')
write_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_downloads_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_downloads',`
gen_require(`
type xdg_downloads_t;
')
userdom_user_home_dir_filetrans($1, xdg_downloads_t, $2, $3)
')
#########################################
## <summary>
## Manage downloaded content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_manage_downloads',`
gen_require(`
type xdg_downloads_t;
')
manage_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
manage_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
')
########################################
## <summary>
## Allow relabeling the downloads resources
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_downloads',`
gen_require(`
type xdg_downloads_t;
')
relabel_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
relabel_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
relabel_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
userdom_search_user_home_dirs($1)
')
#########################################
## <summary>
## Read user pictures content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_read_pictures',`
gen_require(`
type xdg_pictures_t;
')
read_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
list_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_pictures_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_pictures',`
gen_require(`
type xdg_pictures_t;
')
userdom_user_home_dir_filetrans($1, xdg_pictures_t, $2, $3)
')
#########################################
## <summary>
## Manage pictures content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_manage_pictures',`
gen_require(`
type xdg_pictures_t;
')
manage_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
manage_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
')
########################################
## <summary>
## Allow relabeling the pictures resources
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_pictures',`
gen_require(`
type xdg_pictures_t;
')
relabel_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
relabel_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
relabel_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
userdom_search_user_home_dirs($1)
')
#########################################
## <summary>
## Read user music content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_read_music',`
gen_require(`
type xdg_music_t;
')
read_files_pattern($1, xdg_music_t, xdg_music_t)
list_dirs_pattern($1, xdg_music_t, xdg_music_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_pictures_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_music',`
gen_require(`
type xdg_music_t;
')
userdom_user_home_dir_filetrans($1, xdg_music_t, $2, $3)
')
#########################################
## <summary>
## Manage music content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_manage_music',`
gen_require(`
type xdg_music_t;
')
manage_dirs_pattern($1, xdg_music_t, xdg_music_t)
manage_files_pattern($1, xdg_music_t, xdg_music_t)
')
########################################
## <summary>
## Allow relabeling the music resources
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_music',`
gen_require(`
type xdg_music_t;
')
relabel_dirs_pattern($1, xdg_music_t, xdg_music_t)
relabel_files_pattern($1, xdg_music_t, xdg_music_t)
relabel_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
userdom_search_user_home_dirs($1)
')
#########################################
## <summary>
## Read user video content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_read_videos',`
gen_require(`
type xdg_videos_t;
')
read_files_pattern($1, xdg_videos_t, xdg_videos_t)
list_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
userdom_search_user_home_dirs($1)
')
########################################
## <summary>
## Create objects in the user home dir with an automatic type transition to
## the xdg_videos_t type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="filename" optional="true">
## <summary>
## Name of the directory created
## </summary>
## </param>
#
interface(`xdg_generic_user_home_dir_filetrans_videos',`
gen_require(`
type xdg_videos_t;
')
userdom_user_home_dir_filetrans($1, xdg_videos_t, $2, $3)
')
#########################################
## <summary>
## Manage video content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`xdg_manage_videos',`
gen_require(`
type xdg_videos_t;
')
manage_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
manage_files_pattern($1, xdg_videos_t, xdg_videos_t)
')
########################################
## <summary>
## Allow relabeling the videos resources
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xdg_relabel_videos',`
gen_require(`
type xdg_videos_t;
')
relabel_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
relabel_files_pattern($1, xdg_videos_t, xdg_videos_t)
relabel_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
userdom_search_user_home_dirs($1)
')