diff options
Diffstat (limited to 'redhat/core/tdebase/tdm.fc39.te')
| -rw-r--r-- | redhat/core/tdebase/tdm.fc39.te | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/redhat/core/tdebase/tdm.fc39.te b/redhat/core/tdebase/tdm.fc39.te new file mode 100644 index 000000000..f3bcb40d4 --- /dev/null +++ b/redhat/core/tdebase/tdm.fc39.te @@ -0,0 +1,30 @@ + +module tdm 1.0; + +require { + type etc_t; + type fprintd_t; + type init_t; + type tmp_t; + type unconfined_service_t; + type unconfined_t; + type var_lib_t; + type var_run_t; + type xdm_t; + class capability2 mac_admin; + class dbus send_msg; + class fifo_file { getattr open read setattr unlink }; + class file { create entrypoint getattr lock map open read rename unlink write }; + class lnk_file unlink; + class process transition; +} + +allow fprintd_t init_t:dbus send_msg; +allow unconfined_service_t unconfined_t:process transition; +allow unconfined_t self:capability2 mac_admin; +allow xdm_t etc_t:file { create rename unlink write }; +allow xdm_t tmp_t:fifo_file { getattr open read setattr unlink }; +allow xdm_t tmp_t:file { map open unlink }; +allow xdm_t tmp_t:lnk_file unlink; +allow xdm_t var_lib_t:file { unlink }; +allow xdm_t var_run_t:file { getattr lock open read write }; |