[people/stevee/selinux-policy.git] / policy / modules / services / lircd.te

policy_module(lircd, 1.1.0)

########################################
#
# Declarations
#

type lircd_t;
type lircd_exec_t;
init_daemon_domain(lircd_t, lircd_exec_t)

type lircd_initrc_exec_t;
init_script_file(lircd_initrc_exec_t)

type lircd_etc_t;
files_type(lircd_etc_t)

type lircd_var_run_t alias lircd_sock_t;
files_pid_file(lircd_var_run_t)

########################################
#
# lircd local policy
#

allow lircd_t self:capability { chown kill sys_admin };
allow lircd_t self:process { fork signal };
allow lircd_t self:fifo_file rw_fifo_file_perms;
allow lircd_t self:unix_dgram_socket create_socket_perms;
allow lircd_t self:tcp_socket create_stream_socket_perms;

# etc file
read_files_pattern(lircd_t, lircd_etc_t, lircd_etc_t)

manage_dirs_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
manage_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
manage_sock_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
files_pid_filetrans(lircd_t, lircd_var_run_t, { file dir })
# /dev/lircd socket
dev_filetrans(lircd_t, lircd_var_run_t, sock_file)

corenet_tcp_sendrecv_generic_if(lircd_t)
corenet_tcp_bind_generic_node(lircd_t)
corenet_tcp_bind_lirc_port(lircd_t)
corenet_tcp_sendrecv_all_ports(lircd_t)
corenet_tcp_connect_lirc_port(lircd_t)

dev_rw_generic_usb_dev(lircd_t)
dev_read_mouse(lircd_t)
dev_filetrans_lirc(lircd_t)
dev_rw_lirc(lircd_t)
dev_rw_input_dev(lircd_t)

files_read_etc_files(lircd_t)
files_list_var(lircd_t)
files_manage_generic_locks(lircd_t)
files_read_all_locks(lircd_t)

term_use_ptmx(lircd_t)

logging_send_syslog_msg(lircd_t)

miscfiles_read_localization(lircd_t)

sysnet_dns_name_resolve(lircd_t)
Commit	Line	Data
29af4c13	1	policy_module(lircd, 1.1.0)
da3ed066 CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type lircd_t;
	9	type lircd_exec_t;
	10	init_daemon_domain(lircd_t, lircd_exec_t)
	11
	12	type lircd_initrc_exec_t;
	13	init_script_file(lircd_initrc_exec_t)
	14
	15	type lircd_etc_t;
	16	files_type(lircd_etc_t)
	17
8a8b24a4	18	type lircd_var_run_t alias lircd_sock_t;
da3ed066 CP	19	files_pid_file(lircd_var_run_t)
da3ed066 CP	20
da3ed066 CP	21	########################################
	22	#
	23	# lircd local policy
	24	#
	25
05a2e3e2	26	allow lircd_t self:capability { chown kill sys_admin };
3eaa9939	27	allow lircd_t self:process { fork signal };
05a2e3e2	28	allow lircd_t self:fifo_file rw_fifo_file_perms;
da3ed066	29	allow lircd_t self:unix_dgram_socket create_socket_perms;
05a2e3e2	30	allow lircd_t self:tcp_socket create_stream_socket_perms;
da3ed066 CP	31
	32	# etc file
	33	read_files_pattern(lircd_t, lircd_etc_t, lircd_etc_t)
	34
da3ed066 CP	35	manage_dirs_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
da3ed066 CP	36	manage_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
8a8b24a4	37	manage_sock_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
3eaa9939	38	files_pid_filetrans(lircd_t, lircd_var_run_t, { file dir })
da3ed066	39	# /dev/lircd socket
8a8b24a4 CP	40	dev_filetrans(lircd_t, lircd_var_run_t, sock_file)
8a8b24a4 CP	41
05a2e3e2 CP	42	corenet_tcp_sendrecv_generic_if(lircd_t)
	43	corenet_tcp_bind_generic_node(lircd_t)
	44	corenet_tcp_bind_lirc_port(lircd_t)
	45	corenet_tcp_sendrecv_all_ports(lircd_t)
	46	corenet_tcp_connect_lirc_port(lircd_t)
	47
3eaa9939	48	dev_rw_generic_usb_dev(lircd_t)
05a2e3e2	49	dev_read_mouse(lircd_t)
8a8b24a4 CP	50	dev_filetrans_lirc(lircd_t)
	51	dev_rw_lirc(lircd_t)
	52	dev_rw_input_dev(lircd_t)
	53
	54	files_read_etc_files(lircd_t)
	55	files_list_var(lircd_t)
	56	files_manage_generic_locks(lircd_t)
	57	files_read_all_locks(lircd_t)
	58
	59	term_use_ptmx(lircd_t)
da3ed066 CP	60
	61	logging_send_syslog_msg(lircd_t)
	62
	63	miscfiles_read_localization(lircd_t)
05a2e3e2 CP	64
05a2e3e2 CP	65	sysnet_dns_name_resolve(lircd_t)