[people/stevee/selinux-policy.git] / policy / modules / services / comsat.te

policy_module(comsat, 1.7.0)

########################################
#
# Declarations
#

type comsat_t;
type comsat_exec_t;
inetd_udp_service_domain(comsat_t, comsat_exec_t)
role system_r types comsat_t;

type comsat_tmp_t;
files_tmp_file(comsat_tmp_t)

type comsat_var_run_t;
files_pid_file(comsat_var_run_t)

########################################
#
# Local policy
#

allow comsat_t self:capability { setuid setgid };
allow comsat_t self:process signal_perms;
allow comsat_t self:fifo_file rw_fifo_file_perms;
allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow comsat_t self:tcp_socket connected_stream_socket_perms;
allow comsat_t self:udp_socket create_socket_perms;

manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })

manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t)
files_pid_filetrans(comsat_t, comsat_var_run_t, file)

kernel_read_kernel_sysctls(comsat_t)
kernel_read_network_state(comsat_t)
kernel_read_system_state(comsat_t)

corenet_all_recvfrom_unlabeled(comsat_t)
corenet_all_recvfrom_netlabel(comsat_t)
corenet_tcp_sendrecv_generic_if(comsat_t)
corenet_udp_sendrecv_generic_if(comsat_t)
corenet_tcp_sendrecv_generic_node(comsat_t)
corenet_udp_sendrecv_generic_node(comsat_t)
corenet_udp_sendrecv_all_ports(comsat_t)

dev_read_urand(comsat_t)

fs_getattr_xattr_fs(comsat_t)

files_read_etc_files(comsat_t)
files_list_usr(comsat_t)
files_search_spool(comsat_t)
files_search_home(comsat_t)

auth_use_nsswitch(comsat_t)

init_read_utmp(comsat_t)
init_dontaudit_write_utmp(comsat_t)

logging_send_syslog_msg(comsat_t)

miscfiles_read_localization(comsat_t)

userdom_dontaudit_getattr_user_ttys(comsat_t)

mta_getattr_spool(comsat_t)

optional_policy(`
	kerberos_use(comsat_t)
')
Commit	Line	Data
9570b288	1	policy_module(comsat, 1.7.0)
6e61566d CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
768283ac	7
6e61566d CP	8	type comsat_t;
6e61566d CP	9	type comsat_exec_t;
0bfccda4	10	inetd_udp_service_domain(comsat_t, comsat_exec_t)
6e61566d CP	11	role system_r types comsat_t;
	12
	13	type comsat_tmp_t;
	14	files_tmp_file(comsat_tmp_t)
	15
	16	type comsat_var_run_t;
	17	files_pid_file(comsat_var_run_t)
	18
	19	########################################
	20	#
	21	# Local policy
	22	#
	23
	24	allow comsat_t self:capability { setuid setgid };
	25	allow comsat_t self:process signal_perms;
c0868a7a	26	allow comsat_t self:fifo_file rw_fifo_file_perms;
6e61566d	27	allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
681c9a02	28	allow comsat_t self:tcp_socket connected_stream_socket_perms;
1904b010	29	allow comsat_t self:udp_socket create_socket_perms;
6e61566d	30
0bfccda4 CP	31	manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
0bfccda4 CP	32	manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
103fe280	33	files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })
6e61566d	34
0bfccda4 CP	35	manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t)
0bfccda4 CP	36	files_pid_filetrans(comsat_t, comsat_var_run_t, file)
6e61566d	37
445522dc	38	kernel_read_kernel_sysctls(comsat_t)
6e61566d CP	39	kernel_read_network_state(comsat_t)
	40	kernel_read_system_state(comsat_t)
	41
19006686 CP	42	corenet_all_recvfrom_unlabeled(comsat_t)
19006686 CP	43	corenet_all_recvfrom_netlabel(comsat_t)
668b3093 CP	44	corenet_tcp_sendrecv_generic_if(comsat_t)
668b3093 CP	45	corenet_udp_sendrecv_generic_if(comsat_t)
c1262146 CP	46	corenet_tcp_sendrecv_generic_node(comsat_t)
c1262146 CP	47	corenet_udp_sendrecv_generic_node(comsat_t)
2db2c7d0	48	corenet_udp_sendrecv_all_ports(comsat_t)
6e61566d CP	49
	50	dev_read_urand(comsat_t)
	51
	52	fs_getattr_xattr_fs(comsat_t)
	53
	54	files_read_etc_files(comsat_t)
681c9a02	55	files_list_usr(comsat_t)
6e61566d CP	56	files_search_spool(comsat_t)
	57	files_search_home(comsat_t)
	58
c0cf6e0a CP	59	auth_use_nsswitch(comsat_t)
c0cf6e0a CP	60
68228b33 CP	61	init_read_utmp(comsat_t)
68228b33 CP	62	init_dontaudit_write_utmp(comsat_t)
6e61566d	63
6e61566d CP	64	logging_send_syslog_msg(comsat_t)
	65
	66	miscfiles_read_localization(comsat_t)
	67
296273a7	68	userdom_dontaudit_getattr_user_ttys(comsat_t)
6e61566d	69
296273a7	70	mta_getattr_spool(comsat_t)
e9c6cda7	71
bb7170f6	72	optional_policy(`
6e61566d CP	73	kerberos_use(comsat_t)
6e61566d CP	74	')