Created
January 4, 2014 13:57
-
-
Save arcadoss/8255583 to your computer and use it in GitHub Desktop.
Enhanced tomoyo rules for skype x64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <kernel> | |
| use_profile 0 | |
| use_group 0 | |
| <kernel> /usr/bin/skype | |
| use_profile 3 | |
| use_group 0 | |
| misc env \* | |
| file read /bin/bash | |
| file read /usr/bin/bash | |
| file read/write /dev/tty | |
| file read /usr/lib/locale/locale-archive | |
| file read /usr/lib/gconv/gconv-modules | |
| file read /usr/bin/skype | |
| file read /usr/lib32/skype/skype | |
| file execute /usr/lib32/skype/skype exec.realpath="/usr/lib32/skype/skype" exec.argv[0]="/usr/lib32/skype/skype" | |
| <kernel> /usr/lib32/skype/skype | |
| use_profile 3 | |
| use_group 0 | |
| file read /usr/share/locale/ru/LC_MESSAGES/libc.mo | |
| file read /usr/share/locale/ru/LC_MESSAGES/pulseaudio.mo | |
| file read /home/\*/.config/font-manager/local.conf | |
| file read /var/cache/fontconfig/\* | |
| file read /dev/null | |
| file write /dev/null | |
| file read /usr/lib32/libv4l/plugins/libv4l-mplane.so | |
| file read /usr/share/alsa/alsa.conf.d/50-pulseaudio.conf | |
| file create /dev/shm/pulse-shm\* 0700 | |
| file read /dev/shm/pulse-shm\* | |
| file write /dev/shm/pulse-shm\* | |
| file execute /usr/bin/pulseaudio | |
| file read /etc/asound.conf | |
| file chown /run/user/1000/pulse/ 1000 | |
| file rmdir /run/user/1000/pulse/ | |
| file mkdir /run/user/1000/pulse/ | |
| file append /dev/snd/pcm\* | |
| file chmod /home/\*/.Skype/ 0700 | |
| file create /home/\*/.cache/fontconfig/\* 0600-0666 | |
| file create /tmp/qtsingleapp-\*-lockfile 0600-0666 | |
| file create @SKYPE_FILES 0600-0666 | |
| file execute /usr/bin/firefox | |
| file execute /usr/bin/gnome-open | |
| file execute /usr/bin/notify-send | |
| file execute /usr/bin/opera | |
| file execute /usr/bin/xdg-open | |
| file ioctl /dev/snd/\* 0-0xFFFFFFFFFFFFFFFF | |
| file ioctl /dev/video0 0-0xFFFFFFFFFFFFFFFF | |
| file ioctl anon_inode:inotify 0x541B | |
| file ioctl socket:[family=1:type=2:protocol=0] 0x8910 | |
| file ioctl socket:[family=1:type=2:protocol=0] 0x8933 | |
| file ioctl socket:[family=2:type=1:protocol=6] 0x541B | |
| file ioctl socket:[family=2:type=2:protocol=17] 0x541B | |
| file ioctl socket:[family=2:type=2:protocol=17] 0x8912 | |
| file ioctl socket:[family=2:type=2:protocol=17] 0x8927 | |
| file ioctl socket:[family=2:type=2:protocol=17] 0x8B01 | |
| file link/rename /home/\*/.cache/fontconfig/\* /home/\*/.cache/fontconfig/\* | |
| file mkdir /home/\*/.cache/fontconfig/\* 0600 | |
| file mkdir @SKYPE_DIRS 0700-0777 | |
| file mksock /tmp/qtsingleapp-\* 0755 | |
| file read /dev/urandom | |
| file read /etc/fonts/conf.avail/\*.conf | |
| file read /etc/fonts/conf.d/\*.conf | |
| file read /etc/fonts/fonts.conf | |
| file read /etc/group | |
| file read /etc/host.conf | |
| file read /etc/hosts | |
| file read /etc/machine-id | |
| file read /etc/nsswitch.conf | |
| file read /etc/passwd | |
| file read /etc/resolv.conf | |
| file read /etc/pulse/client.conf | |
| file read /home/\*/.ICEauthority | |
| file read /home/\*/.XCompose | |
| file read /home/\*/.Xauthority | |
| file read /home/\*/.Xdefaults | |
| file read /home/\*/.fontconfig/\* | |
| file read /home/\*/.config/fontconfig/\* | |
| file read /home/\*/.config/pulse/cookie | |
| file read /home/\*/.pulse-cookie | |
| file read /usr/lib/locale/locale-archive | |
| file read /usr/lib32/gconv/UTF-16.so | |
| file read /usr/lib32/gconv/gconv-modules | |
| file read /usr/lib32/libv4l/v4l2convert.so | |
| file read /usr/lib32/qt/plugins/bearer/libq\*bearer.so | |
| file read /usr/lib32/qt/plugins/iconengines/libqsvgicon.so | |
| file read /usr/lib32/qt/plugins/imageformats/libq\*.so | |
| file read /usr/lib32/qt/plugins/inputmethods/libqimsw-multi.so | |
| file read /usr/lib32/pulseaudio/libpulsecommon-4.0.so | |
| file read /usr/lib32/skype/skype | |
| file read /usr/share/X11/locale/\*/Compose | |
| file read /usr/share/X11/locale/\*/XLC_LOCALE | |
| file read /usr/share/X11/locale/compose.dir | |
| file read /usr/share/X11/locale/locale.alias | |
| file read /usr/share/X11/locale/locale.dir | |
| file read /usr/share/alsa/alsa.conf | |
| file read /usr/share/alsa/cards/\*.conf | |
| file read /usr/share/alsa/pcm/\*.conf | |
| file read /usr/share/fonts/\*/\*/\* | |
| file read /usr/share/fonts/\* | |
| file read @ICONS_FILES | |
| file read proc:/cpuinfo | |
| file read proc:/stat | |
| file read proc:/sys/kernel/osrelease | |
| file read proc:/sys/kernel/ostype | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/\*/modalias | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/\*/\*/modalias | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/\*/video4linux/video0/dev | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/\*/\*/video4linux/video0/dev | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/idProduct | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/\*/idProduct | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/idVendor | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/\*/idVendor | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/speed | |
| file read sysfs:/devices/\*/\*/\*/\*/\*/\*/speed | |
| file read sysfs:/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq | |
| file read sysfs:/devices/system/cpu/cpu0/cpufreq/scaling_max_freq | |
| file read sysfs:/devices/system/cpu/online | |
| file read/write /dev/snd/\* | |
| file read/write /dev/video0 | |
| file read/write/truncate /home/\*/.config/Trolltech.conf | |
| file read/write/unlink /home/\*/.cache/fontconfig/\* | |
| file read/write/unlink /tmp/qtsingleapp-\* | |
| file read/write/unlink/truncate @SKYPE_FILES | |
| file rename @SKYPE_DIRS @SKYPE_DIRS | |
| file rename @SKYPE_FILES @SKYPE_FILES | |
| file rmdir @SKYPE_DIRS | |
| misc env \* | |
| network inet dgram bind 0.0.0.0 0-65535 | |
| network inet dgram bind 127.0.0.1 0 | |
| network inet dgram bind/send 0.0.0.0-255.255.255.255 0-65535 | |
| network inet stream bind/listen 0.0.0.0 0-65535 | |
| network inet stream connect 0.0.0.0-255.255.255.255 0-65535 | |
| network unix stream bind/listen/connect /tmp/qtsingleapp-\* | |
| network unix stream connect /tmp/.ICE-unix/\* | |
| network unix stream connect /var/run/dbus/system_bus_socket | |
| network unix stream connect /var/run/nscd/socket | |
| network unix stream connect /var/run/pulse/native | |
| network unix stream connect \000/tmp/.ICE-unix/\* | |
| network unix stream connect \000/tmp/.X11-unix/X0 | |
| network unix stream connect \000/tmp/dbus-\* | |
| <kernel> /usr/lib32/skype/skype /usr/bin/xdg-open | |
| use_profile 0 | |
| use_group 0 | |
| <kernel> /usr/lib32/skype/skype /usr/bin/gnome-open | |
| use_profile 0 | |
| use_group 0 | |
| <kernel> /usr/lib32/skype/skype /usr/bin/notify-send | |
| use_profile 0 | |
| use_group 0 | |
| <kernel> /usr/lib32/skype/skype /usr/bin/pulseaudio | |
| use_profile 0 | |
| use_group 0 | |
| misc env PULSE_LATENCY_MSEC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aggregator proc:/self/exe /proc/self/exe | |
| initialize_domain /usr/bin/kmod from any | |
| initialize_domain /etc/init.d/xrdp from any | |
| initialize_domain /usr/bin/rpc.statd from any | |
| initialize_domain /usr/bin/dbus-daemon from any | |
| initialize_domain /usr/bin/acpid from any | |
| initialize_domain /usr/bin/anacron from any | |
| initialize_domain /usr/bin/crond from any | |
| initialize_domain /usr/bin/cupsd from any | |
| initialize_domain /usr/bin/gpm from any | |
| initialize_domain /usr/bin/httpd from any | |
| initialize_domain /usr/bin/logrotate from any | |
| initialize_domain /usr/bin/nmbd from any | |
| initialize_domain /usr/bin/rpc.idmapd from any | |
| initialize_domain /usr/bin/rpc.mountd from any | |
| initialize_domain /usr/bin/rpc.rquotad from any | |
| initialize_domain /usr/bin/smbd from any | |
| initialize_domain /usr/bin/sshd from any | |
| initialize_domain /usr/bin/xinetd from any | |
| initialize_domain /usr/bin/skype from any | |
| initialize_domain /usr/lib32/skype/skype from any | |
| path_group ANY_PATHNAME / | |
| path_group ANY_PATHNAME /\* | |
| path_group ANY_PATHNAME /\{\*\}/ | |
| path_group ANY_PATHNAME /\{\*\}/\* | |
| path_group ANY_PATHNAME \*:/ | |
| path_group ANY_PATHNAME \*:/\* | |
| path_group ANY_PATHNAME \*:/\{\*\}/ | |
| path_group ANY_PATHNAME \*:/\{\*\}/\* | |
| path_group ANY_PATHNAME \*:[\$] | |
| path_group ANY_PATHNAME socket:[family=\$:type=\$:protocol=\$] | |
| path_group ANY_DIRECTORY / | |
| path_group ANY_DIRECTORY /\{\*\}/ | |
| path_group ANY_DIRECTORY \*:/ | |
| path_group ANY_DIRECTORY \*:/\{\*\}/ | |
| path_group SKYPE_DIRS /home/\*/.Skype/ | |
| path_group SKYPE_DIRS /home/\*/.Skype/\{\*\}/ | |
| path_group SKYPE_DIRS /home/\*/.config/Skype/\{\*\}/ | |
| path_group SKYPE_DIRS /usr/share/skype/\{\*\}/ | |
| path_group SKYPE_DIRS /home/\*/down/skype/\{\*\}/ | |
| path_group SKYPE_FILES /home/\*/.Skype/\{\*\}/\* | |
| path_group SKYPE_FILES /home/\*/.config/Skype/\{\*\}/\* | |
| path_group SKYPE_FILES /usr/share/skype/\{\*\}/\* | |
| path_group SKYPE_FILES /home/\*/down/skype/\{\*\}/\* | |
| path_group SKYPE_FILES /home/\*/.Skype/\* | |
| path_group SKYPE_FILES /home/\*/.config/Skype/\* | |
| path_group SKYPE_FILES /usr/share/skype/\* | |
| path_group SKYPE_FILES /home/\*/down/skype/\* | |
| path_group ICONS_DIRS /usr/share/icons/\{\*\}/ | |
| path_group ICONS_FILES /usr/share/icons/\{\*\}/\* | |
| path_group ICONS_FILES /usr/share/icons/\* | |
| number_group COMMON_IOCTL_CMDS 0x5401 | |
| acl_group 0 file read /etc/ld.so.cache | |
| acl_group 0 file read proc:/meminfo | |
| acl_group 0 file read proc:/sys/kernel/version | |
| acl_group 0 file read /usr/share/zoneinfo/Europe/Moscow | |
| acl_group 0 file read /usr/share/locale/locale.alias | |
| acl_group 0 file read proc:/self/\* | |
| acl_group 0 file read proc:/self/\{\*\}/\* | |
| acl_group 0 file read /usr/lib/lib\*.so\* | |
| acl_group 0 file read /usr/lib32/lib\*.so\* | |
| acl_group 0 file read /opt/android-sdk/tools/lib/lib64OpenglRender.so | |
| acl_group 0 file read /opt/android-sdk/tools/lib/lib64GLES_V2_translator.so | |
| acl_group 0 file read /opt/android-sdk/tools/lib/lib64GLES_CM_translator.so | |
| acl_group 0 file read /opt/android-sdk/tools/lib/lib64EGL_translator.so | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libswscale.so.2.1.100 | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libswresample.so.0.6.100 | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libpostproc.so.52.0.100 | |
| acl_group 0 file read /usr/lib/device-mapper/libdevmapper-event-lvm2thin.so | |
| acl_group 0 file read /usr/lib/device-mapper/libdevmapper-event-lvm2snapshot.so | |
| acl_group 0 file read /usr/lib/device-mapper/libdevmapper-event-lvm2raid.so | |
| acl_group 0 file read /usr/lib/device-mapper/libdevmapper-event-lvm2mirror.so | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libavutil.so.51.35.100 | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libavformat.so.53.32.100 | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libavfilter.so.2.61.100 | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libavdevice.so.53.4.100 | |
| acl_group 0 file read /usr/lib/ffmpeg-compat/libavcodec.so.53.61.100 | |
| acl_group 0 file read /opt/android-sdk/tools/lib/libOpenglRender.so | |
| acl_group 0 file read /opt/android-sdk/tools/lib/libGLES_V2_translator.so | |
| acl_group 0 file read /opt/android-sdk/tools/lib/libGLES_CM_translator.so | |
| acl_group 0 file read /usr/lib/nvidia/libGL.so.331.20 | |
| acl_group 0 file read /opt/android-sdk/tools/lib/libEGL_translator.so | |
| acl_group 0 file read /usr/lib32/ld-2.\*.so | |
| acl_group 0 file read /usr/lib/ld-2.\*.so | |
| acl_group 0 file ioctl @ANY_PATHNAME @COMMON_IOCTL_CMDS | |
| acl_group 0 file read @ANY_DIRECTORY | |
| acl_group 0 file getattr @ANY_PATHNAME |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment