[people/stevee/selinux-policy.git] / policy / modules / services / l2tpd.if


## <summary>policy for l2tpd</summary>

########################################
## <summary>
##	Transition to l2tpd.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`l2tpd_domtrans',`
	gen_require(`
		type l2tpd_t, l2tpd_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, l2tpd_exec_t, l2tpd_t)
')


########################################
## <summary>
##	Execute l2tpd server in the l2tpd domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`l2tpd_initrc_domtrans',`
	gen_require(`
		type l2tpd_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, l2tpd_initrc_exec_t)
')


########################################
## <summary>
##	Read l2tpd PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`l2tpd_read_pid_files',`
	gen_require(`
		type l2tpd_var_run_t;
	')

	files_search_pids($1)
	allow $1 l2tpd_var_run_t:file read_file_perms;
')

########################################
## <summary>
##	Read and write l2tpd unnamed pipes.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`l2tpd_rw_pipes',`
	gen_require(`
		type l2tpd_t;
	')

	allow $1 l2tpd_t:fifo_file rw_fifo_file_perms;
')

########################################
## <summary>
##	All of the rules required to administrate
##	an l2tpd environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`l2tpd_admin',`
	gen_require(`
		type l2tpd_t;
	type l2tpd_initrc_exec_t;
	type l2tpd_var_run_t;
	')

	allow $1 l2tpd_t:process signal_perms;
	ps_process_pattern($1, l2tpd_t)
	tunable_policy(`deny_ptrace',`',`
		allow $1 l2tpd_t:process ptrace;
	')

	l2tpd_initrc_domtrans($1)
	domain_system_change_exemption($1)
	role_transition $2 l2tpd_initrc_exec_t system_r;
	allow $2 system_r;

	files_search_pids($1)
	admin_pattern($1, l2tpd_var_run_t)
')
Commit	Line	Data
45a66b2c DW	1
	2	## <summary>policy for l2tpd</summary>
	3
	4	########################################
	5	## <summary>
	6	## Transition to l2tpd.
	7	## </summary>
	8	## <param name="domain">
	9	## <summary>
	10	## Domain allowed to transition.
	11	## </summary>
	12	## </param>
	13	#
	14	interface(`l2tpd_domtrans',`
	15	gen_require(`
	16	type l2tpd_t, l2tpd_exec_t;
	17	')
	18
	19	corecmd_search_bin($1)
	20	domtrans_pattern($1, l2tpd_exec_t, l2tpd_t)
	21	')
	22
	23
	24	########################################
	25	## <summary>
	26	## Execute l2tpd server in the l2tpd domain.
	27	## </summary>
	28	## <param name="domain">
	29	## <summary>
	30	## Domain allowed access.
	31	## </summary>
	32	## </param>
	33	#
	34	interface(`l2tpd_initrc_domtrans',`
	35	gen_require(`
	36	type l2tpd_initrc_exec_t;
	37	')
	38
	39	init_labeled_script_domtrans($1, l2tpd_initrc_exec_t)
	40	')
	41
	42
	43	########################################
	44	## <summary>
	45	## Read l2tpd PID files.
	46	## </summary>
	47	## <param name="domain">
	48	## <summary>
	49	## Domain allowed access.
	50	## </summary>
	51	## </param>
	52	#
	53	interface(`l2tpd_read_pid_files',`
	54	gen_require(`
	55	type l2tpd_var_run_t;
	56	')
	57
	58	files_search_pids($1)
	59	allow $1 l2tpd_var_run_t:file read_file_perms;
	60	')
	61
	62	########################################
	63	## <summary>
	64	## Read and write l2tpd unnamed pipes.
65	## </summary>
66	## <param name="domain">
67	## <summary>
68	## Domain allowed access.
69	## </summary>
70	## </param>
71	#
72	interface(`l2tpd_rw_pipes',`
73	gen_require(`
74	type l2tpd_t;
75	')
76
77	allow $1 l2tpd_t:fifo_file rw_fifo_file_perms;
78	')
79
80	########################################
81	## <summary>
82	## All of the rules required to administrate
83	## an l2tpd environment
84	## </summary>
85	## <param name="domain">
86	## <summary>
87	## Domain allowed access.
88	## </summary>
89	## </param>
90	## <param name="role">
91	## <summary>
92	## Role allowed access.
93	## </summary>
94	## </param>
95	## <rolecap/>
96	#
97	interface(`l2tpd_admin',`
98	gen_require(`
99	type l2tpd_t;
100	type l2tpd_initrc_exec_t;
101	type l2tpd_var_run_t;
102	')
103
995bdbb1	104	allow $1 l2tpd_t:process signal_perms;
45a66b2c	105	ps_process_pattern($1, l2tpd_t)
995bdbb1	106	tunable_policy(`deny_ptrace',`',`
	107	allow $1 l2tpd_t:process ptrace;
	108	')
45a66b2c DW	109
	110	l2tpd_initrc_domtrans($1)
	111	domain_system_change_exemption($1)
	112	role_transition $2 l2tpd_initrc_exec_t system_r;
	113	allow $2 system_r;
	114
	115	files_search_pids($1)
	116	admin_pattern($1, l2tpd_var_run_t)
	117	')
	118