/usr/share/selinux/ubuntu/include/apps/evolution.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 | ## <summary>Evolution email client</summary>
########################################
## <summary>
## Role access for evolution
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`evolution_role',`
gen_require(`
type evolution_t, evolution_exec_t, evolution_home_t;
type evolution_alarm_t, evolution_alarm_exec_t;
type evolution_exchange_t, evolution_exchange_exec_t;
type evolution_exchange_orbit_tmp_t;
type evolution_server_t, evolution_server_exec_t;
type evolution_webcal_t, evolution_webcal_exec_t;
')
role $1 types { evolution_t evolution_alarm_t evolution_exchange_t };
role $1 types { evolution_server_t evolution_webcal_t };
domtrans_pattern($2, evolution_exec_t, evolution_t)
domtrans_pattern($2, evolution_alarm_exec_t, evolution_alarm_t)
domtrans_pattern($2, evolution_exchange_exec_t, evolution_exchange_t)
domtrans_pattern($2, evolution_server_exec_t, evolution_server_t)
domtrans_pattern($2, evolution_webcal_exec_t, evolution_webcal_t)
ps_process_pattern($2, evolution_t)
ps_process_pattern($2, evolution_alarm_t)
ps_process_pattern($2, evolution_exchange_t)
ps_process_pattern($2, evolution_server_t)
ps_process_pattern($2, evolution_webcal_t)
allow evolution_t $2:dir search;
allow evolution_t $2:file read;
allow evolution_t $2:lnk_file read;
allow evolution_t $2:unix_stream_socket connectto;
allow $2 evolution_t:unix_stream_socket connectto;
allow $2 evolution_t:process noatsecure;
allow $2 evolution_t:process signal_perms;
# Access .evolution
allow $2 evolution_home_t:dir manage_dir_perms;
allow $2 evolution_home_t:file manage_file_perms;
allow $2 evolution_home_t:lnk_file manage_lnk_file_perms;
allow $2 evolution_home_t:{ dir file lnk_file } { relabelfrom relabelto };
allow evolution_exchange_t $2:unix_stream_socket connectto;
# Clock applet talks to exchange (FIXME: Needs policy)
allow $2 evolution_exchange_t:unix_stream_socket connectto;
allow $2 evolution_exchange_orbit_tmp_t:sock_file write;
')
########################################
## <summary>
## Create objects in users evolution home folders.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="file_type">
## <summary>
## Private file type.
## </summary>
## </param>
## <param name="class">
## <summary>
## The object class of the object being created.
## </summary>
## </param>
#
interface(`evolution_home_filetrans',`
gen_require(`
type evolution_home_t;
')
allow $1 evolution_home_t:dir rw_dir_perms;
type_transition $1 evolution_home_t:$3 $2;
')
########################################
## <summary>
## Connect to evolution unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`evolution_stream_connect',`
gen_require(`
type evolution_t, evolution_home_t;
')
allow $1 evolution_t:unix_stream_socket connectto;
allow $1 evolution_home_t:dir search;
')
########################################
## <summary>
## Send and receive messages from
## evolution over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`evolution_dbus_chat',`
gen_require(`
type evolution_t;
class dbus send_msg;
')
allow $1 evolution_t:dbus send_msg;
allow evolution_t $1:dbus send_msg;
')
########################################
## <summary>
## Send and receive messages from
## evolution_alarm over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`evolution_alarm_dbus_chat',`
gen_require(`
type evolution_alarm_t;
class dbus send_msg;
')
allow $1 evolution_alarm_t:dbus send_msg;
allow evolution_alarm_t $1:dbus send_msg;
')
|