selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2 / usr / share / selinux / ubuntu / include / apps / evolution.if

This file is indexed.

/usr/share/selinux/ubuntu/include/apps/evolution.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
## <summary>Evolution email client</summary>

########################################
## <summary>
##	Role access for evolution
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`evolution_role',`
	gen_require(`
		type evolution_t, evolution_exec_t, evolution_home_t;
		type evolution_alarm_t, evolution_alarm_exec_t;
		type evolution_exchange_t, evolution_exchange_exec_t;
		type evolution_exchange_orbit_tmp_t;
		type evolution_server_t, evolution_server_exec_t;
		type evolution_webcal_t, evolution_webcal_exec_t;
	')

	role $1 types { evolution_t evolution_alarm_t evolution_exchange_t };
	role $1 types { evolution_server_t evolution_webcal_t };

	domtrans_pattern($2, evolution_exec_t, evolution_t)
	domtrans_pattern($2, evolution_alarm_exec_t, evolution_alarm_t)
	domtrans_pattern($2, evolution_exchange_exec_t, evolution_exchange_t)
	domtrans_pattern($2, evolution_server_exec_t, evolution_server_t)
	domtrans_pattern($2, evolution_webcal_exec_t, evolution_webcal_t)

	ps_process_pattern($2, evolution_t)
	ps_process_pattern($2, evolution_alarm_t)
	ps_process_pattern($2, evolution_exchange_t)
	ps_process_pattern($2, evolution_server_t)
	ps_process_pattern($2, evolution_webcal_t)

	allow evolution_t $2:dir search;
	allow evolution_t $2:file read;
	allow evolution_t $2:lnk_file read;
	allow evolution_t $2:unix_stream_socket connectto;

	allow $2 evolution_t:unix_stream_socket connectto;
	allow $2 evolution_t:process noatsecure;
	allow $2 evolution_t:process signal_perms;

	# Access .evolution
	allow $2 evolution_home_t:dir manage_dir_perms;
	allow $2 evolution_home_t:file manage_file_perms;
	allow $2 evolution_home_t:lnk_file manage_lnk_file_perms;
	allow $2 evolution_home_t:{ dir file lnk_file } { relabelfrom relabelto };

	allow evolution_exchange_t $2:unix_stream_socket connectto;

	# Clock applet talks to exchange (FIXME: Needs policy)
	allow $2 evolution_exchange_t:unix_stream_socket connectto;
	allow $2 evolution_exchange_orbit_tmp_t:sock_file write;
')

########################################
## <summary>
##	Create objects in users evolution home folders.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="file_type">
##	<summary>
##	Private file type.
##	</summary>
## </param>
## <param name="class">
##	<summary>
##	The object class of the object being created.
##	</summary>
## </param>
#
interface(`evolution_home_filetrans',`
	gen_require(`
		type evolution_home_t;
	')

	allow $1 evolution_home_t:dir rw_dir_perms;
	type_transition $1 evolution_home_t:$3 $2;
')

########################################
## <summary>
##	Connect to evolution unix stream socket.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`evolution_stream_connect',`
	gen_require(`
		type evolution_t, evolution_home_t;
	')

	allow $1 evolution_t:unix_stream_socket connectto;
	allow $1 evolution_home_t:dir search;
')

########################################
## <summary>
##	Send and receive messages from
##	evolution over dbus.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`evolution_dbus_chat',`
	gen_require(`
		type evolution_t;
		class dbus send_msg;
	')

	allow $1 evolution_t:dbus send_msg;
	allow evolution_t $1:dbus send_msg;
')

########################################
## <summary>
##	Send and receive messages from
##	evolution_alarm over dbus.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`evolution_alarm_dbus_chat',`
	gen_require(`
		type evolution_alarm_t;
		class dbus send_msg;
	')

	allow $1 evolution_alarm_t:dbus send_msg;
	allow evolution_alarm_t $1:dbus send_msg;
')

APT Browse - Built by Thomas Orozco.