[people/stevee/selinux-policy.git] / policy / modules / services / aiccu.if

## <summary>Automatic IPv6 Connectivity Client Utility.</summary>

########################################
## <summary>
##	Execute a domain transition to run aiccu.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`aiccu_domtrans',`
	gen_require(`
		type aiccu_t, aiccu_exec_t;
	')

	domtrans_pattern($1, aiccu_exec_t, aiccu_t)
	corecmd_search_bin($1)
')

########################################
## <summary>
##	Execute aiccu server in the aiccu domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`aiccu_initrc_domtrans',`
	gen_require(`
		type aiccu_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, aiccu_initrc_exec_t)
')

########################################
## <summary>
##	Read aiccu PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`aiccu_read_pid_files',`
	gen_require(`
		type aiccu_var_run_t;
	')

	allow $1 aiccu_var_run_t:file read_file_perms;
	files_search_pids($1)
')

########################################
## <summary>
##	All of the rules required to administrate
##	an aiccu environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`aiccu_admin',`
	gen_require(`
		type aiccu_t, aiccu_initrc_exec_t, aiccu_etc_t;
		type aiccu_var_run_t;
	')

	allow $1 aiccu_t:process signal_perms;
	ps_process_pattern($1, aiccu_t)

	tunable_policy(`deny_ptrace',`',`
		allow $1 aiccu_t:process ptrace;
	')

	aiccu_initrc_domtrans($1)
	domain_system_change_exemption($1)
	role_transition $2 aiccu_initrc_exec_t system_r;
	allow $2 system_r;

	admin_pattern($1, aiccu_etc_t)
	files_list_etc($1)

	admin_pattern($1, aiccu_var_run_t)
	files_list_pids($1)
')
Commit	Line	Data
d90a1aab CP	1	## <summary>Automatic IPv6 Connectivity Client Utility.</summary>
	2
	3	########################################
	4	## <summary>
	5	## Execute a domain transition to run aiccu.
	6	## </summary>
	7	## <param name="domain">
	8	## <summary>
	9	## Domain allowed to transition.
	10	## </summary>
	11	## </param>
	12	#
	13	interface(`aiccu_domtrans',`
	14	gen_require(`
	15	type aiccu_t, aiccu_exec_t;
	16	')
	17
	18	domtrans_pattern($1, aiccu_exec_t, aiccu_t)
	19	corecmd_search_bin($1)
	20	')
	21
	22	########################################
	23	## <summary>
	24	## Execute aiccu server in the aiccu domain.
	25	## </summary>
	26	## <param name="domain">
	27	## <summary>
	28	## Domain allowed to transition.
	29	## </summary>
	30	## </param>
	31	#
	32	interface(`aiccu_initrc_domtrans',`
	33	gen_require(`
	34	type aiccu_initrc_exec_t;
	35	')
	36
	37	init_labeled_script_domtrans($1, aiccu_initrc_exec_t)
	38	')
	39
	40	########################################
	41	## <summary>
	42	## Read aiccu PID files.
	43	## </summary>
	44	## <param name="domain">
	45	## <summary>
	46	## Domain allowed access.
	47	## </summary>
	48	## </param>
	49	#
	50	interface(`aiccu_read_pid_files',`
	51	gen_require(`
	52	type aiccu_var_run_t;
	53	')
	54
	55	allow $1 aiccu_var_run_t:file read_file_perms;
	56	files_search_pids($1)
	57	')
	58
	59	########################################
	60	## <summary>
	61	## All of the rules required to administrate
	62	## an aiccu environment
	63	## </summary>
	64	## <param name="domain">
65	## <summary>
66	## Domain allowed access.
67	## </summary>
68	## </param>
69	## <param name="role">
70	## <summary>
71	## Role allowed access.
72	## </summary>
73	## </param>
74	## <rolecap/>
75	#
76	interface(`aiccu_admin',`
77	gen_require(`
78	type aiccu_t, aiccu_initrc_exec_t, aiccu_etc_t;
79	type aiccu_var_run_t;
80	')
81
995bdbb1	82	allow $1 aiccu_t:process signal_perms;
d90a1aab CP	83	ps_process_pattern($1, aiccu_t)
d90a1aab CP	84
995bdbb1	85	tunable_policy(`deny_ptrace',`',`
	86	allow $1 aiccu_t:process ptrace;
	87	')
	88
d90a1aab CP	89	aiccu_initrc_domtrans($1)
	90	domain_system_change_exemption($1)
	91	role_transition $2 aiccu_initrc_exec_t system_r;
	92	allow $2 system_r;
	93
	94	admin_pattern($1, aiccu_etc_t)
	95	files_list_etc($1)
	96
	97	admin_pattern($1, aiccu_var_run_t)
	98	files_list_pids($1)
	99	')