[people/stevee/selinux-policy.git] / policy / modules / admin / tmpreaper.te


policy_module(tmpreaper, 1.5.0)

########################################
#
# Declarations
#

type tmpreaper_t;
type tmpreaper_exec_t;
application_domain(tmpreaper_t, tmpreaper_exec_t)
role system_r types tmpreaper_t;

########################################
#
# Local Policy
#

allow tmpreaper_t self:process { fork sigchld };
allow tmpreaper_t self:capability { dac_override dac_read_search fowner };

dev_read_urand(tmpreaper_t)

fs_getattr_xattr_fs(tmpreaper_t)

files_read_etc_files(tmpreaper_t)
files_read_var_lib_files(tmpreaper_t)
files_purge_tmp(tmpreaper_t)
# why does it need setattr?
files_setattr_all_tmp_dirs(tmpreaper_t)
files_getattr_all_dirs(tmpreaper_t)
files_getattr_all_files(tmpreaper_t)

mls_file_read_all_levels(tmpreaper_t)
mls_file_write_all_levels(tmpreaper_t)

logging_send_syslog_msg(tmpreaper_t)

miscfiles_read_localization(tmpreaper_t)
miscfiles_delete_man_pages(tmpreaper_t)

cron_system_entry(tmpreaper_t, tmpreaper_exec_t)

ifdef(`distro_redhat',`
	userdom_list_user_home_content(tmpreaper_t)
	userdom_delete_user_home_content_dirs(tmpreaper_t)
	userdom_delete_user_home_content_files(tmpreaper_t)
	userdom_delete_user_home_content_symlinks(tmpreaper_t)
')

optional_policy(`
	amavis_manage_spool_files(tmpreaper_t)
')

optional_policy(`
	apache_list_cache(tmpreaper_t)
	apache_delete_cache_files(tmpreaper_t)
	apache_setattr_cache_dirs(tmpreaper_t)
')

optional_policy(`
	kismet_manage_log(tmpreaper_t)
')

optional_policy(`
	lpd_manage_spool(tmpreaper_t)
')

optional_policy(`
	rpm_manage_cache(tmpreaper_t)
')

optional_policy(`
	unconfined_domain(tmpreaper_t)
')
Commit	Line	Data
ed78ea00	1
29af4c13	2	policy_module(tmpreaper, 1.5.0)
ed78ea00 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	type tmpreaper_t;
ed78ea00	10	type tmpreaper_exec_t;
0bfccda4	11	application_domain(tmpreaper_t, tmpreaper_exec_t)
d46cfe45	12	role system_r types tmpreaper_t;
ed78ea00 CP	13
	14	########################################
	15	#
	16	# Local Policy
	17	#
	18
	19	allow tmpreaper_t self:process { fork sigchld };
	20	allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
	21
	22	dev_read_urand(tmpreaper_t)
	23
	24	fs_getattr_xattr_fs(tmpreaper_t)
	25
	26	files_read_etc_files(tmpreaper_t)
	27	files_read_var_lib_files(tmpreaper_t)
	28	files_purge_tmp(tmpreaper_t)
	29	# why does it need setattr?
	30	files_setattr_all_tmp_dirs(tmpreaper_t)
5be35f2a CP	31	files_getattr_all_dirs(tmpreaper_t)
5be35f2a CP	32	files_getattr_all_files(tmpreaper_t)
ed78ea00	33
f8233ab7 CP	34	mls_file_read_all_levels(tmpreaper_t)
f8233ab7 CP	35	mls_file_write_all_levels(tmpreaper_t)
bf080a46	36
ed78ea00 CP	37	logging_send_syslog_msg(tmpreaper_t)
	38
	39	miscfiles_read_localization(tmpreaper_t)
cf6a7d89	40	miscfiles_delete_man_pages(tmpreaper_t)
ed78ea00	41
0bfccda4	42	cron_system_entry(tmpreaper_t, tmpreaper_exec_t)
ed78ea00	43
5be35f2a	44	ifdef(`distro_redhat',`
8daddcf3	45	userdom_list_user_home_content(tmpreaper_t)
5be35f2a CP	46	userdom_delete_user_home_content_dirs(tmpreaper_t)
	47	userdom_delete_user_home_content_files(tmpreaper_t)
	48	userdom_delete_user_home_content_symlinks(tmpreaper_t)
	49	')
	50
	51	optional_policy(`
	52	amavis_manage_spool_files(tmpreaper_t)
	53	')
	54
8daddcf3 JS	55	optional_policy(`
8daddcf3 JS	56	apache_list_cache(tmpreaper_t)
2483d7ae	57	apache_delete_cache_files(tmpreaper_t)
8daddcf3 JS	58	apache_setattr_cache_dirs(tmpreaper_t)
	59	')
	60
5be35f2a CP	61	optional_policy(`
	62	kismet_manage_log(tmpreaper_t)
	63	')
	64
bb7170f6	65	optional_policy(`
a524921a CP	66	lpd_manage_spool(tmpreaper_t)
a524921a CP	67	')
5be35f2a	68
8daddcf3 JS	69	optional_policy(`
	70	rpm_manage_cache(tmpreaper_t)
	71	')
	72
5be35f2a CP	73	optional_policy(`
	74	unconfined_domain(tmpreaper_t)
	75	')