diff options
Diffstat (limited to 'policy/modules/contrib/openoffice.te')
| -rw-r--r-- | policy/modules/contrib/openoffice.te | 158 |
1 files changed, 0 insertions, 158 deletions
diff --git a/policy/modules/contrib/openoffice.te b/policy/modules/contrib/openoffice.te deleted file mode 100644 index 2cb4d6d27..000000000 --- a/policy/modules/contrib/openoffice.te +++ /dev/null @@ -1,158 +0,0 @@ -policy_module(openoffice, 1.3.1) - -############################## -# -# Declarations -# - -## <desc> -## <p> -## Determine whether openoffice can -## download software updates from the -## network (application and/or -## extensions). -## </p> -## </desc> -gen_tunable(openoffice_allow_update, true) - -## <desc> -## <p> -## Determine whether openoffice writer -## can send emails directly (print to -## email). This is different from the -## functionality of sending emails -## through external clients which is -## always enabled. -## </p> -## </desc> -gen_tunable(openoffice_allow_email, false) - -attribute_role ooffice_roles; - -type ooffice_t; -type ooffice_exec_t; -userdom_user_application_domain(ooffice_t, ooffice_exec_t) -role ooffice_roles types ooffice_t; - -optional_policy(` - wm_application_domain(ooffice_t, ooffice_exec_t) -') - -type ooffice_home_t; -userdom_user_home_content(ooffice_home_t) - -type ooffice_tmp_t; -files_tmp_file(ooffice_tmp_t) - -############################## -# -# Openoffice local policy -# - -allow ooffice_t self:process { execmem getsched signal }; -allow ooffice_t self:shm create_shm_perms; -allow ooffice_t self:fifo_file rw_fifo_file_perms; -allow ooffice_t self:unix_stream_socket connectto; - -allow ooffice_t ooffice_home_t:dir manage_dir_perms; -allow ooffice_t ooffice_home_t:file manage_file_perms; -allow ooffice_t ooffice_home_t:lnk_file manage_lnk_file_perms; -userdom_user_home_dir_filetrans(ooffice_t, ooffice_home_t, dir, ".openoffice") - -manage_dirs_pattern(ooffice_t, ooffice_tmp_t, ooffice_tmp_t) -manage_files_pattern(ooffice_t, ooffice_tmp_t, ooffice_tmp_t) -manage_sock_files_pattern(ooffice_t, ooffice_tmp_t, ooffice_tmp_t) -files_tmp_filetrans(ooffice_t, ooffice_tmp_t, { dir file sock_file }) - -can_exec(ooffice_t, ooffice_exec_t) - -kernel_dontaudit_read_system_state(ooffice_t) - -corecmd_exec_bin(ooffice_t) -corecmd_exec_shell(ooffice_t) - -dev_read_sysfs(ooffice_t) -dev_read_urand(ooffice_t) - -domain_use_interactive_fds(ooffice_t) - -files_getattr_all_dirs(ooffice_t) -files_getattr_all_files(ooffice_t) -files_getattr_all_symlinks(ooffice_t) -files_read_etc_files(ooffice_t) -files_map_usr_files(ooffice_t) -files_read_usr_files(ooffice_t) - -fs_getattr_xattr_fs(ooffice_t) - -miscfiles_read_fonts(ooffice_t) -miscfiles_read_localization(ooffice_t) - -ooffice_dontaudit_exec_tmp_files(ooffice_t) - -sysnet_dns_name_resolve(ooffice_t) - -userdom_dontaudit_exec_user_home_content_files(ooffice_t) -userdom_dontaudit_manage_user_tmp_dirs(ooffice_t) -userdom_manage_user_tmp_dirs(ooffice_t) -userdom_manage_user_tmp_sockets(ooffice_t) -userdom_use_inherited_user_terminals(ooffice_t) - -userdom_user_content_access_template(openoffice, ooffice_t) - -xdg_manage_documents(ooffice_t) - -tunable_policy(`openoffice_allow_update',` - corenet_tcp_connect_http_port(ooffice_t) -') - -tunable_policy(`openoffice_allow_email',` - corenet_tcp_connect_smtp_port(ooffice_t) - corenet_tcp_sendrecv_smtp_port(ooffice_t) - corenet_sendrecv_smtp_client_packets(ooffice_t) -') - -optional_policy(` - cups_read_config(ooffice_t) - cups_stream_connect(ooffice_t) -') - -optional_policy(` - dbus_all_session_bus_client(ooffice_t) -') - -optional_policy(` - evolution_domtrans(ooffice_t) - evolution_read_home_files(ooffice_t) -') - -optional_policy(` - gnome_dbus_chat_gconfd(ooffice_t) - gnome_stream_connect_gconf(ooffice_t) -') - -optional_policy(` - hostname_exec(ooffice_t) -') - -optional_policy(` - java_exec(ooffice_t) -') - -optional_policy(` - mozilla_domtrans(ooffice_t) - mozilla_read_tmp_files(ooffice_t) -') - -optional_policy(` - thunderbird_domtrans(ooffice_t) -') - -optional_policy(` - xserver_rw_xsession_log(ooffice_t) - xserver_read_user_iceauth(ooffice_t) - xserver_read_user_xauth(ooffice_t) - xserver_read_xdm_tmp_files(ooffice_t) - xserver_stream_connect(ooffice_t) - xserver_stream_connect_xdm(ooffice_t) -') |