diff options
Diffstat (limited to 'policy/modules/apps/xscreensaver.te')
-rw-r--r-- | policy/modules/apps/xscreensaver.te | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/policy/modules/apps/xscreensaver.te b/policy/modules/apps/xscreensaver.te new file mode 100644 index 00000000..f4f8b005 --- /dev/null +++ b/policy/modules/apps/xscreensaver.te @@ -0,0 +1,52 @@ +policy_module(xscreensaver, 1.0.0) + +######################################## +# +# Declarations +# + +type xscreensaver_t; +type xscreensaver_exec_t; +application_domain(xscreensaver_t, xscreensaver_exec_t) + +type xscreensaver_tmpfs_t; +files_tmpfs_file(xscreensaver_tmpfs_t) +ubac_constrained(xscreensaver_tmpfs_t) + +######################################## +# +# Local policy +# +auth_use_nsswitch(xscreensaver_t) + +logging_send_audit_msgs(xscreensaver_t) +logging_send_syslog_msg(xscreensaver_t) +miscfiles_read_localization(xscreensaver_t) + +allow xscreensaver_t self:fifo_file rw_fifo_file_perms; +allow xscreensaver_t self:process signal; + +#access to .icons and ~/.xscreensaver +userdom_read_user_home_content_files(xscreensaver_t) + +userdom_use_user_ptys(xscreensaver_t) + +files_read_usr_files(xscreensaver_t) + +auth_domtrans_chk_passwd(xscreensaver_t) + +#/var/run/utmp +init_read_utmp(xscreensaver_t) + +######################################## +# +# X Serveur and co +# +xserver_user_x_domain_template(xscreensaver, xscreensaver_t, xscreensaver_tmpfs_t) + +######################################## +# +# process, kernel and /proc /dev /sys +# + +kernel_read_system_state(xscreensaver_t) |