Gecko [ 122.154.134.11 ]

Name	Size	Permission
accountsd.if	3.24 KB	-rw-r--r--
acct.if	1.62 KB	-rw-r--r--
alsa.if	2.2 KB	-rw-r--r--
amanda.if	3.45 KB	-rw-r--r--
amtu.if	849 B	-rw-r--r--
anaconda.if	1.73 KB	-rw-r--r--
apt.if	4.57 KB	-rw-r--r--
backup.if	886 B	-rw-r--r--
bootloader.if	3.4 KB	-rw-r--r--
brctl.if	1.2 KB	-rw-r--r--
certwatch.if	1.75 KB	-rw-r--r--
consoletype.if	1.5 KB	-rw-r--r--
ddcprobe.if	978 B	-rw-r--r--
dmesg.if	775 B	-rw-r--r--
dmidecode.if	1.42 KB	-rw-r--r--
dpkg.if	4.66 KB	-rw-r--r--
firstboot.if	3.55 KB	-rw-r--r--
kismet.if	4.85 KB	-rw-r--r--
kudzu.if	1.26 KB	-rw-r--r--
logrotate.if	2.29 KB	-rw-r--r--
logwatch.if	737 B	-rw-r--r--
mcelog.if	768 B	-rw-r--r--
mrtg.if	420 B	-rw-r--r--
ncftool.if	1.37 KB	-rw-r--r--
netutils.if	5.75 KB	-rw-r--r--
permissivedomains.if	36 B	-rw-r--r--
portage.if	7.39 KB	-rw-r--r--
prelink.if	5.35 KB	-rw-r--r--
quota.if	1.96 KB	-rw-r--r--
readahead.if	85 B	-rw-r--r--
rpm.if	15.31 KB	-rw-r--r--
sectoolm.if	51 B	-rw-r--r--
shorewall.if	3.64 KB	-rw-r--r--
shutdown.if	2.51 KB	-rw-r--r--
smoltclient.if	58 B	-rw-r--r--
su.if	8.08 KB	-rw-r--r--
sudo.if	5.69 KB	-rw-r--r--
sxid.if	421 B	-rw-r--r--
tmpreaper.if	453 B	-rw-r--r--
tripwire.if	3.9 KB	-rw-r--r--
tzdata.if	826 B	-rw-r--r--
updfstab.if	478 B	-rw-r--r--
usbmodules.if	993 B	-rw-r--r--
usermanage.if	7.61 KB	-rw-r--r--
vbetool.if	930 B	-rw-r--r--
vpn.if	2.39 KB	-rw-r--r--

Code Editor : accountsd.if

## <summary>policy for accountsd</summary>

########################################
## <summary>
##	Execute a domain transition to run accountsd.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`accountsd_domtrans',`
	gen_require(`
		type accountsd_t, accountsd_exec_t;
	')

domtrans_pattern($1, accountsd_exec_t, accountsd_t)
')

########################################
## <summary>
##	Search accountsd lib directories.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`accountsd_search_lib',`
	gen_require(`
		type accountsd_var_lib_t;
	')

allow $1 accountsd_var_lib_t:dir search_dir_perms;
	files_search_var_lib($1)
')

########################################
## <summary>
##	Read accountsd lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`accountsd_read_lib_files',`
	gen_require(`
		type accountsd_var_lib_t;
	')

files_search_var_lib($1)
        read_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
')

########################################
## <summary>
##	Create, read, write, and delete
##	accountsd lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`accountsd_manage_lib_files',`
	gen_require(`
		type accountsd_var_lib_t;
	')

files_search_var_lib($1)
        manage_files_pattern($1, accountsd_var_lib_t,  accountsd_var_lib_t)
')

########################################
## <summary>
##	Manage accountsd var_lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`accountsd_manage_var_lib',`
	gen_require(`
		type accountsd_var_lib_t;
	')

manage_dirs_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
         manage_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
         manage_lnk_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
')

########################################
## <summary>
##	Send and receive messages from
##	accountsd over dbus.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`accountsd_dbus_chat',`
	gen_require(`
		type accountsd_t;
		class dbus send_msg;
	')

allow $1 accountsd_t:dbus send_msg;
	allow accountsd_t $1:dbus send_msg;
')

########################################
## <summary>
##	Do not audit attempts to read and write Accounts Daemon
##	fifo file.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`accountsd_dontaudit_rw_fifo_file',`
	gen_require(`
		type accountsd_t;
	')

dontaudit $1 accountsd_t:fifo_file rw_inherited_fifo_file_perms;
')

########################################
## <summary>
##	All of the rules required to administrate 
##	an accountsd environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`accountsd_admin',`
	gen_require(`
		type accountsd_t;
	')
	allow $1 accountsd_t:process { ptrace signal_perms getattr };
	read_files_pattern($1, accountsd_t, accountsd_t)

accountsd_manage_var_lib($1)
')

${this.title}

Code Editor : accountsd.if