Vino. The Remote Desktop Project. Take 2.

## ##

## The primary goal of Vino was originally to provide a ## mechanism by which system administrators could remotely ## connect to a desktop machine and resolve basic problems ## for users. ##

## ######################################## ##

## Role access for Vino. ##

## ##

## The prefix of the user role (e.g., user ## is the prefix for user_r). ##

## ## ##

## Role allowed access. ##

## ## ##

## User domain for the role. ##

## # interface(`vino_role', ` gen_require(` type vino_server_t, vino_server_exec_t; ') ######################################## # # Vino server shared declarations. # dbus_session_domain($1, vino_server_t, vino_server_exec_t) role $2 types vino_server_t; ######################################## # # Vino server shared policy. # domtrans_pattern($3, vino_server_exec_t, vino_server_t) allow $3 vino_server_t:process { ptrace signal_perms }; ps_process_pattern($3, vino_server_t) vino_server_dbus_chat($3) vino_server_read_tmpfs_files($3) vino_server_stream_connect($3) ') ######################################## ##

## Send DBus messages to and from ## Vino server. ##

## ##

## Domain allowed access. ##

## # interface(`vino_server_dbus_chat', ` gen_require(` type vino_server_t; class dbus send_msg; ') allow $1 vino_server_t:dbus send_msg; allow vino_server_t $1:dbus send_msg; ') ######################################## ##

## Stream connect to Vino server. ##

## ##

## Domain allowed access. ##

## # interface(`vino_server_stream_connect', ` gen_require(` type vino_server_t, vino_server_tmp_t; ') stream_connect_pattern($1, vino_server_tmp_t, vino_server_tmp_t, vino_server_t) ') ######################################## ##

## Stream connect to Vino server. ##

## ##

## Domain allowed access. ##

## # interface(`vino_server_read_tmpfs_files', ` gen_require(` type vino_server_tmpfs_t; ') allow $1 vino_server_tmpfs_t:file { read_file_perms unlink }; ')