]>
Commit | Line | Data |
---|---|---|
d90a1aab CP |
1 | ## <summary>Automatic IPv6 Connectivity Client Utility.</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Execute a domain transition to run aiccu. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
8 | ## <summary> | |
9 | ## Domain allowed to transition. | |
10 | ## </summary> | |
11 | ## </param> | |
12 | # | |
13 | interface(`aiccu_domtrans',` | |
14 | gen_require(` | |
15 | type aiccu_t, aiccu_exec_t; | |
16 | ') | |
17 | ||
18 | domtrans_pattern($1, aiccu_exec_t, aiccu_t) | |
19 | corecmd_search_bin($1) | |
20 | ') | |
21 | ||
22 | ######################################## | |
23 | ## <summary> | |
24 | ## Execute aiccu server in the aiccu domain. | |
25 | ## </summary> | |
26 | ## <param name="domain"> | |
27 | ## <summary> | |
28 | ## Domain allowed to transition. | |
29 | ## </summary> | |
30 | ## </param> | |
31 | # | |
32 | interface(`aiccu_initrc_domtrans',` | |
33 | gen_require(` | |
34 | type aiccu_initrc_exec_t; | |
35 | ') | |
36 | ||
37 | init_labeled_script_domtrans($1, aiccu_initrc_exec_t) | |
38 | ') | |
39 | ||
40 | ######################################## | |
41 | ## <summary> | |
42 | ## Read aiccu PID files. | |
43 | ## </summary> | |
44 | ## <param name="domain"> | |
45 | ## <summary> | |
46 | ## Domain allowed access. | |
47 | ## </summary> | |
48 | ## </param> | |
49 | # | |
50 | interface(`aiccu_read_pid_files',` | |
51 | gen_require(` | |
52 | type aiccu_var_run_t; | |
53 | ') | |
54 | ||
55 | allow $1 aiccu_var_run_t:file read_file_perms; | |
56 | files_search_pids($1) | |
57 | ') | |
58 | ||
59 | ######################################## | |
60 | ## <summary> | |
61 | ## All of the rules required to administrate | |
62 | ## an aiccu environment | |
63 | ## </summary> | |
64 | ## <param name="domain"> | |
65 | ## <summary> | |
66 | ## Domain allowed access. | |
67 | ## </summary> | |
68 | ## </param> | |
69 | ## <param name="role"> | |
70 | ## <summary> | |
71 | ## Role allowed access. | |
72 | ## </summary> | |
73 | ## </param> | |
74 | ## <rolecap/> | |
75 | # | |
76 | interface(`aiccu_admin',` | |
77 | gen_require(` | |
78 | type aiccu_t, aiccu_initrc_exec_t, aiccu_etc_t; | |
79 | type aiccu_var_run_t; | |
80 | ') | |
81 | ||
995bdbb1 | 82 | allow $1 aiccu_t:process signal_perms; |
d90a1aab CP |
83 | ps_process_pattern($1, aiccu_t) |
84 | ||
995bdbb1 | 85 | tunable_policy(`deny_ptrace',`',` |
86 | allow $1 aiccu_t:process ptrace; | |
87 | ') | |
88 | ||
d90a1aab CP |
89 | aiccu_initrc_domtrans($1) |
90 | domain_system_change_exemption($1) | |
91 | role_transition $2 aiccu_initrc_exec_t system_r; | |
92 | allow $2 system_r; | |
93 | ||
94 | admin_pattern($1, aiccu_etc_t) | |
95 | files_list_etc($1) | |
96 | ||
97 | admin_pattern($1, aiccu_var_run_t) | |
98 | files_list_pids($1) | |
99 | ') |