]>
Commit | Line | Data |
---|---|---|
1ae2c313 | 1 | |
17ec8c1f | 2 | policy_module(lockdev, 1.3.0) |
1ae2c313 CP |
3 | |
4 | ######################################## | |
5 | # | |
6 | # Declarations | |
7 | # | |
8 | ||
296273a7 | 9 | type lockdev_t; |
1ae2c313 | 10 | type lockdev_exec_t; |
296273a7 CP |
11 | typealias lockdev_t alias { user_lockdev_t staff_lockdev_t sysadm_lockdev_t }; |
12 | typealias lockdev_t alias { auditadm_lockdev_t secadm_lockdev_t }; | |
13 | application_domain(lockdev_t, lockdev_exec_t) | |
14 | ubac_constrained(lockdev_t) | |
15 | ||
16 | type lockdev_lock_t; | |
17 | typealias lockdev_lock_t alias { user_lockdev_lock_t staff_lockdev_lock_t sysadm_lockdev_lock_t }; | |
18 | typealias lockdev_lock_t alias { auditadm_lockdev_lock_t secadm_lockdev_lock_t }; | |
19 | files_lock_file(lockdev_lock_t) | |
20 | ubac_constrained(lockdev_lock_t) | |
21 | ||
22 | ######################################## | |
23 | # | |
24 | # Local policy | |
25 | # | |
26 | ||
27 | # Use capabilities. | |
28 | allow lockdev_t self:capability setgid; | |
29 | ||
30 | allow lockdev_t lockdev_lock_t:file manage_file_perms; | |
31 | files_lock_filetrans(lockdev_t, lockdev_lock_t, file) | |
32 | ||
33 | files_read_all_locks(lockdev_t) | |
34 | ||
35 | fs_getattr_xattr_fs(lockdev_t) | |
36 | ||
37 | logging_send_syslog_msg(lockdev_t) | |
38 | ||
39 | userdom_use_user_terminals(lockdev_t) | |
40 |