Our application policy is almost ready for deployment. However, it currently is mainly end user focused, and there are no ways of interacting with the skype_t
domain (or other resources managed by the skype
module) except through the skype_role
interface.
In this recipe, we'll add an interface for reading skype_home_t
.
Alongside the skype_role
interface that we created in the Defining application role interfaces recipe, we need to create additional resource interfaces so that other domains can easily interact with the newly created policy:
Open the
myskype.if
file and add in the following content:interface(`skype_read_home',` gen_require(` type skype_home_t; ') userdom_search_user_home_dirs($1) allow $1 skype_home_t:dir list_dir_perms; allow $1 skype_home_t:file read_file_perms; allow $1 skype_home_t:lnk_file read_lnk_file_perms; ')