policy/modules/services/avahi.te

   1
   2 policy_module(avahi, 1.9.0)
   3
   4 ########################################
   5 #
   6 # Declarations
   7 #
   8
   9 type avahi_t;
  10 type avahi_exec_t;
  11 init_daemon_domain(avahi_t, avahi_exec_t)
  12
  13 type avahi_var_run_t;
  14 files_pid_file(avahi_var_run_t)
  15
  16 ########################################
  17 #
  18 # Local policy
  19 #
  20
  21 allow avahi_t self:capability { dac_override setgid chown fowner kill setuid sys_chroot };
  22 dontaudit avahi_t self:capability sys_tty_config;
  23 allow avahi_t self:process { setrlimit signal_perms setcap };
  24 allow avahi_t self:fifo_file rw_fifo_file_perms;
  25 allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
  26 allow avahi_t self:unix_dgram_socket create_socket_perms;
  27 allow avahi_t self:tcp_socket create_stream_socket_perms;
  28 allow avahi_t self:udp_socket create_socket_perms;
  29
  30 manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
  31 manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
  32 allow avahi_t avahi_var_run_t:dir setattr;
  33 files_pid_filetrans(avahi_t,avahi_var_run_t,file)
  34
  35 kernel_read_kernel_sysctls(avahi_t)
  36 kernel_list_proc(avahi_t)
  37 kernel_read_proc_symlinks(avahi_t)
  38 kernel_read_network_state(avahi_t)
  39
  40 corenet_all_recvfrom_unlabeled(avahi_t)
  41 corenet_all_recvfrom_netlabel(avahi_t)
  42 corenet_tcp_sendrecv_all_if(avahi_t)
  43 corenet_udp_sendrecv_all_if(avahi_t)
  44 corenet_tcp_sendrecv_all_nodes(avahi_t)
  45 corenet_udp_sendrecv_all_nodes(avahi_t)
  46 corenet_tcp_sendrecv_all_ports(avahi_t)
  47 corenet_udp_sendrecv_all_ports(avahi_t)
  48 corenet_tcp_bind_all_nodes(avahi_t)
  49 corenet_udp_bind_all_nodes(avahi_t)
  50 corenet_tcp_bind_howl_port(avahi_t)
  51 corenet_udp_bind_howl_port(avahi_t)
  52 corenet_send_howl_client_packets(avahi_t)
  53 corenet_receive_howl_server_packets(avahi_t)
  54
  55 dev_read_sysfs(avahi_t)
  56 dev_read_urand(avahi_t)
  57
  58 fs_getattr_all_fs(avahi_t)
  59 fs_search_auto_mountpoints(avahi_t)
  60 fs_list_inotifyfs(avahi_t)
  61
  62 domain_use_interactive_fds(avahi_t)
  63
  64 files_read_etc_files(avahi_t)
  65 files_read_etc_runtime_files(avahi_t)
  66 files_read_usr_files(avahi_t)
  67
  68 auth_use_nsswitch(avahi_t)
  69
  70 init_signal_script(avahi_t)
  71 init_signull_script(avahi_t)
  72
  73 libs_use_ld_so(avahi_t)
  74 libs_use_shared_libs(avahi_t)
  75
  76 logging_send_syslog_msg(avahi_t)
  77
  78 miscfiles_read_localization(avahi_t)
  79
  80 userdom_dontaudit_use_unpriv_user_fds(avahi_t)
  81
  82 sysadm_dontaudit_search_home_dirs(avahi_t)
  83
  84 optional_policy(`
  85         dbus_system_bus_client_template(avahi,avahi_t)
  86         dbus_connect_system_bus(avahi_t)
  87
  88         init_dbus_chat_script(avahi_t)
  89 ')
  90
  91 optional_policy(`
  92         seutil_sigchld_newrole(avahi_t)
  93 ')
  94
  95 optional_policy(`
  96         udev_read_db(avahi_t)
  97 ')