[people/stevee/selinux-policy.git] / policy / modules / services / comsat.te


policy_module(comsat, 1.6.0)

########################################
#
# Declarations
#

type comsat_t;
type comsat_exec_t;
inetd_udp_service_domain(comsat_t, comsat_exec_t)
role system_r types comsat_t;

type comsat_tmp_t;
files_tmp_file(comsat_tmp_t)

type comsat_var_run_t;
files_pid_file(comsat_var_run_t)

########################################
#
# Local policy
#

allow comsat_t self:capability { setuid setgid };
allow comsat_t self:process signal_perms;
allow comsat_t self:fifo_file rw_fifo_file_perms;
allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow comsat_t self:tcp_socket connected_stream_socket_perms;
allow comsat_t self:udp_socket create_socket_perms;

manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })

manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t)
files_pid_filetrans(comsat_t, comsat_var_run_t, file)

kernel_read_kernel_sysctls(comsat_t)
kernel_read_network_state(comsat_t)
kernel_read_system_state(comsat_t)

corenet_all_recvfrom_unlabeled(comsat_t)
corenet_all_recvfrom_netlabel(comsat_t)
corenet_tcp_sendrecv_all_if(comsat_t)
corenet_udp_sendrecv_all_if(comsat_t)
corenet_tcp_sendrecv_all_nodes(comsat_t)
corenet_udp_sendrecv_all_nodes(comsat_t)
corenet_udp_sendrecv_all_ports(comsat_t)

dev_read_urand(comsat_t)

fs_getattr_xattr_fs(comsat_t)

files_read_etc_files(comsat_t)
files_list_usr(comsat_t)
files_search_spool(comsat_t)
files_search_home(comsat_t)

auth_use_nsswitch(comsat_t)

init_read_utmp(comsat_t)
init_dontaudit_write_utmp(comsat_t)

logging_send_syslog_msg(comsat_t)

miscfiles_read_localization(comsat_t)

userdom_dontaudit_getattr_user_ttys(comsat_t)

mta_getattr_spool(comsat_t)

optional_policy(`
	kerberos_use(comsat_t)
')
Commit	Line	Data
6e61566d	1
17ec8c1f	2	policy_module(comsat, 1.6.0)
6e61566d CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
768283ac	8
6e61566d CP	9	type comsat_t;
6e61566d CP	10	type comsat_exec_t;
0bfccda4	11	inetd_udp_service_domain(comsat_t, comsat_exec_t)
6e61566d CP	12	role system_r types comsat_t;
	13
	14	type comsat_tmp_t;
	15	files_tmp_file(comsat_tmp_t)
	16
	17	type comsat_var_run_t;
	18	files_pid_file(comsat_var_run_t)
	19
	20	########################################
	21	#
	22	# Local policy
	23	#
	24
	25	allow comsat_t self:capability { setuid setgid };
	26	allow comsat_t self:process signal_perms;
c0868a7a	27	allow comsat_t self:fifo_file rw_fifo_file_perms;
6e61566d	28	allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
681c9a02	29	allow comsat_t self:tcp_socket connected_stream_socket_perms;
1904b010	30	allow comsat_t self:udp_socket create_socket_perms;
6e61566d	31
0bfccda4 CP	32	manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
0bfccda4 CP	33	manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
103fe280	34	files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })
6e61566d	35
0bfccda4 CP	36	manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t)
0bfccda4 CP	37	files_pid_filetrans(comsat_t, comsat_var_run_t, file)
6e61566d	38
445522dc	39	kernel_read_kernel_sysctls(comsat_t)
6e61566d CP	40	kernel_read_network_state(comsat_t)
	41	kernel_read_system_state(comsat_t)
	42
19006686 CP	43	corenet_all_recvfrom_unlabeled(comsat_t)
19006686 CP	44	corenet_all_recvfrom_netlabel(comsat_t)
6e61566d	45	corenet_tcp_sendrecv_all_if(comsat_t)
681c9a02	46	corenet_udp_sendrecv_all_if(comsat_t)
6e61566d	47	corenet_tcp_sendrecv_all_nodes(comsat_t)
681c9a02	48	corenet_udp_sendrecv_all_nodes(comsat_t)
2db2c7d0	49	corenet_udp_sendrecv_all_ports(comsat_t)
6e61566d CP	50
	51	dev_read_urand(comsat_t)
	52
	53	fs_getattr_xattr_fs(comsat_t)
	54
	55	files_read_etc_files(comsat_t)
681c9a02	56	files_list_usr(comsat_t)
6e61566d CP	57	files_search_spool(comsat_t)
	58	files_search_home(comsat_t)
	59
c0cf6e0a CP	60	auth_use_nsswitch(comsat_t)
c0cf6e0a CP	61
68228b33 CP	62	init_read_utmp(comsat_t)
68228b33 CP	63	init_dontaudit_write_utmp(comsat_t)
6e61566d	64
6e61566d CP	65	logging_send_syslog_msg(comsat_t)
	66
	67	miscfiles_read_localization(comsat_t)
	68
296273a7	69	userdom_dontaudit_getattr_user_ttys(comsat_t)
6e61566d	70
296273a7	71	mta_getattr_spool(comsat_t)
e9c6cda7	72
bb7170f6	73	optional_policy(`
6e61566d CP	74	kerberos_use(comsat_t)
6e61566d CP	75	')