1
## <summary>Devicekit modular hardware abstraction layer</summary>
3
########################################
5
## Execute a domain transition to run devicekit.
7
## <param name="domain">
9
## Domain allowed to transition.
13
interface(`devicekit_domtrans',`
15
type devicekit_t, devicekit_exec_t;
18
domtrans_pattern($1, devicekit_exec_t, devicekit_t)
21
########################################
23
## Send to devicekit over a unix domain
26
## <param name="domain">
28
## Domain allowed access.
32
interface(`devicekit_dgram_send',`
37
allow $1 devicekit_t:unix_dgram_socket sendto;
40
########################################
42
## Send and receive messages from
43
## devicekit over dbus.
45
## <param name="domain">
47
## Domain allowed access.
51
interface(`devicekit_dbus_chat',`
57
allow $1 devicekit_t:dbus send_msg;
58
allow devicekit_t $1:dbus send_msg;
61
########################################
63
## Send and receive messages from
64
## devicekit disk over dbus.
66
## <param name="domain">
68
## Domain allowed access.
72
interface(`devicekit_dbus_chat_disk',`
74
type devicekit_disk_t;
78
allow $1 devicekit_disk_t:dbus send_msg;
79
allow devicekit_disk_t $1:dbus send_msg;
82
########################################
84
## Send signal devicekit power
86
## <param name="domain">
88
## Domain allowed access.
92
interface(`devicekit_signal_power',`
94
type devicekit_power_t;
97
allow $1 devicekit_power_t:process signal;
100
########################################
102
## Send and receive messages from
103
## devicekit power over dbus.
105
## <param name="domain">
107
## Domain allowed access.
111
interface(`devicekit_dbus_chat_power',`
113
type devicekit_power_t;
117
allow $1 devicekit_power_t:dbus send_msg;
118
allow devicekit_power_t $1:dbus send_msg;
121
########################################
123
## Read devicekit PID files.
125
## <param name="domain">
127
## Domain allowed access.
131
interface(`devicekit_read_pid_files',`
133
type devicekit_var_run_t;
136
files_search_pids($1)
137
read_files_pattern($1, devicekit_var_run_t, devicekit_var_run_t)
140
########################################
142
## All of the rules required to administrate
143
## an devicekit environment
145
## <param name="domain">
147
## Domain allowed access.
150
## <param name="role">
152
## The role to be allowed to manage the devicekit domain.
155
## <param name="terminal">
157
## The type of the user terminal.
162
interface(`devicekit_admin',`
164
type devicekit_t, devicekit_disk_t, devicekit_power_t;
165
type devicekit_var_run_t;
168
allow $1 devicekit_t:process { ptrace signal_perms getattr };
169
ps_process_pattern($1, devicekit_t)
171
allow $1 devicekit_disk_t:process { ptrace signal_perms getattr };
172
ps_process_pattern($1, devicekit_disk_t)
174
allow $1 devicekit_power_t:process { ptrace signal_perms getattr };
175
ps_process_pattern($1, devicekit_power_t)
177
admin_pattern($1, devicekit_tmp_t)
180
admin_pattern($1, devicekit_var_lib_t)
181
files_search_var_lib($1)
183
admin_pattern($1, devicekit_var_run_t)
184
files_search_pids($1)