613708cad6
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
61 lines
1.3 KiB
Plaintext
61 lines
1.3 KiB
Plaintext
policy_module(libmtp, 1.1.1)
|
|
|
|
##############################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Determine whether libmtp can read
|
|
## and manage the user home directories
|
|
## and files.
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(libmtp_enable_home_dirs, false)
|
|
|
|
attribute_role libmtp_roles;
|
|
|
|
type libmtp_t;
|
|
type libmtp_exec_t;
|
|
userdom_user_application_domain(libmtp_t, libmtp_exec_t)
|
|
role libmtp_roles types libmtp_t;
|
|
|
|
type libmtp_home_t;
|
|
userdom_user_home_content(libmtp_home_t)
|
|
|
|
##############################
|
|
#
|
|
# libmtp local policy
|
|
#
|
|
|
|
allow libmtp_t self:capability sys_tty_config;
|
|
allow libmtp_t self:netlink_kobject_uevent_socket create_socket_perms;
|
|
allow libmtp_t self:fifo_file rw_fifo_file_perms;
|
|
|
|
allow libmtp_t libmtp_home_t:file manage_file_perms;
|
|
userdom_user_home_dir_filetrans(libmtp_t, libmtp_home_t, file, ".mtpz-data")
|
|
|
|
dev_read_sysfs(libmtp_t)
|
|
dev_rw_generic_usb_dev(libmtp_t)
|
|
|
|
domain_use_interactive_fds(libmtp_t)
|
|
|
|
files_read_etc_files(libmtp_t)
|
|
|
|
term_use_unallocated_ttys(libmtp_t)
|
|
|
|
miscfiles_read_localization(libmtp_t)
|
|
|
|
userdom_use_inherited_user_terminals(libmtp_t)
|
|
|
|
optional_policy(`
|
|
udev_read_runtime_files(libmtp_t)
|
|
')
|
|
|
|
tunable_policy(`libmtp_enable_home_dirs',`
|
|
userdom_manage_user_home_content_files(libmtp_t)
|
|
userdom_read_user_home_content_symlinks(libmtp_t)
|
|
userdom_user_home_dir_filetrans_user_home_content(libmtp_t, file )
|
|
')
|