[people/stevee/selinux-policy.git] / policy / modules / services / aiccu.te

policy_module(aiccu, 1.0.0)

########################################
#
# Declarations
#

type aiccu_t;
type aiccu_exec_t;
init_daemon_domain(aiccu_t, aiccu_exec_t)

type aiccu_initrc_exec_t;
init_script_file(aiccu_initrc_exec_t)

type aiccu_etc_t;
files_config_file(aiccu_etc_t)

type aiccu_var_run_t;
files_pid_file(aiccu_var_run_t)

########################################
#
# aiccu local policy
#

allow aiccu_t self:capability { kill net_admin net_raw };
dontaudit aiccu_t self:capability sys_tty_config;
allow aiccu_t self:process signal;
allow aiccu_t self:fifo_file rw_fifo_file_perms;
allow aiccu_t self:netlink_route_socket create_netlink_socket_perms;
allow aiccu_t self:tcp_socket create_stream_socket_perms;
allow aiccu_t self:tun_socket create_socket_perms;
allow aiccu_t self:udp_socket create_stream_socket_perms;
allow aiccu_t self:unix_stream_socket create_stream_socket_perms;

allow aiccu_t aiccu_etc_t:file read_file_perms;

manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
files_pid_filetrans(aiccu_t, aiccu_var_run_t, { file dir })

kernel_read_system_state(aiccu_t)

corecmd_exec_shell(aiccu_t)

corenet_all_recvfrom_netlabel(aiccu_t)
corenet_all_recvfrom_unlabeled(aiccu_t)
corenet_tcp_bind_generic_node(aiccu_t)
corenet_tcp_sendrecv_generic_if(aiccu_t)
corenet_tcp_sendrecv_generic_node(aiccu_t)
corenet_tcp_sendrecv_generic_port(aiccu_t)
corenet_sendrecv_sixxsconfig_client_packets(aiccu_t)
corenet_tcp_sendrecv_sixxsconfig_port(aiccu_t)
corenet_tcp_bind_generic_node(aiccu_t)
corenet_tcp_connect_sixxsconfig_port(aiccu_t)
corenet_sendrecv_sixxsconfig_client_packets(aiccu_t)

corenet_rw_tun_tap_dev(aiccu_t)

domain_use_interactive_fds(aiccu_t)

dev_read_rand(aiccu_t)
dev_read_urand(aiccu_t)

files_read_etc_files(aiccu_t)

logging_send_syslog_msg(aiccu_t)

miscfiles_read_localization(aiccu_t)

optional_policy(`
	modutils_domtrans_insmod(aiccu_t)
')

optional_policy(`
	sysnet_domtrans_ifconfig(aiccu_t)
	sysnet_dns_name_resolve(aiccu_t)
')
Commit	Line	Data
3eaa9939 DW	1	policy_module(aiccu, 1.0.0)
	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type aiccu_t;
	9	type aiccu_exec_t;
	10	init_daemon_domain(aiccu_t, aiccu_exec_t)
	11
	12	type aiccu_initrc_exec_t;
	13	init_script_file(aiccu_initrc_exec_t)
	14
	15	type aiccu_etc_t;
	16	files_config_file(aiccu_etc_t)
	17
	18	type aiccu_var_run_t;
	19	files_pid_file(aiccu_var_run_t)
	20
	21	########################################
	22	#
	23	# aiccu local policy
	24	#
	25
0a394bf0	26	allow aiccu_t self:capability { kill net_admin net_raw };
3eaa9939 DW	27	dontaudit aiccu_t self:capability sys_tty_config;
	28	allow aiccu_t self:process signal;
	29	allow aiccu_t self:fifo_file rw_fifo_file_perms;
	30	allow aiccu_t self:netlink_route_socket create_netlink_socket_perms;
	31	allow aiccu_t self:tcp_socket create_stream_socket_perms;
	32	allow aiccu_t self:tun_socket create_socket_perms;
	33	allow aiccu_t self:udp_socket create_stream_socket_perms;
	34	allow aiccu_t self:unix_stream_socket create_stream_socket_perms;
	35
	36	allow aiccu_t aiccu_etc_t:file read_file_perms;
	37
9a0f7994 DG	38	manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
9a0f7994 DG	39	manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
3eaa9939 DW	40	files_pid_filetrans(aiccu_t, aiccu_var_run_t, { file dir })
	41
	42	kernel_read_system_state(aiccu_t)
	43
	44	corecmd_exec_shell(aiccu_t)
	45
	46	corenet_all_recvfrom_netlabel(aiccu_t)
	47	corenet_all_recvfrom_unlabeled(aiccu_t)
	48	corenet_tcp_bind_generic_node(aiccu_t)
	49	corenet_tcp_sendrecv_generic_if(aiccu_t)
	50	corenet_tcp_sendrecv_generic_node(aiccu_t)
	51	corenet_tcp_sendrecv_generic_port(aiccu_t)
	52	corenet_sendrecv_sixxsconfig_client_packets(aiccu_t)
	53	corenet_tcp_sendrecv_sixxsconfig_port(aiccu_t)
d90a1aab	54	corenet_tcp_bind_generic_node(aiccu_t)
3eaa9939	55	corenet_tcp_connect_sixxsconfig_port(aiccu_t)
d90a1aab CP	56	corenet_sendrecv_sixxsconfig_client_packets(aiccu_t)
d90a1aab CP	57
3eaa9939 DW	58	corenet_rw_tun_tap_dev(aiccu_t)
	59
	60	domain_use_interactive_fds(aiccu_t)
	61
	62	dev_read_rand(aiccu_t)
	63	dev_read_urand(aiccu_t)
	64
	65	files_read_etc_files(aiccu_t)
	66
	67	logging_send_syslog_msg(aiccu_t)
	68
	69	miscfiles_read_localization(aiccu_t)
	70
2371d8d8 MG	71	optional_policy(`
	72	modutils_domtrans_insmod(aiccu_t)
	73	')
	74
	75	optional_policy(`
	76	sysnet_domtrans_ifconfig(aiccu_t)
	77	sysnet_dns_name_resolve(aiccu_t)
	78	')