projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| b6df0faf DW |
1 | policy_module(matahari,1.0.0) |
| 2 | ||
| 3 | ######################################## | |
| 4 | # | |
| 5 | # Declarations | |
| 6 | # | |
| 7 | ||
| ad3f3631 | 8 | attribute matahari_domain; |
| b6df0faf | 9 | |
| d8a1e83e MG |
10 | matahari_domain_template(hostd) |
| 11 | matahari_domain_template(netd) | |
| 12 | matahari_domain_template(serviced) | |
| d6771a7e | 13 | matahari_domain_template(sysconfigd) |
| b6df0faf DW |
14 | |
| 15 | type matahari_initrc_exec_t; | |
| 16 | init_script_file(matahari_initrc_exec_t) | |
| 17 | ||
| b6df0faf DW |
18 | type matahari_var_lib_t; |
| 19 | files_type(matahari_var_lib_t) | |
| 20 | ||
| 21 | type matahari_var_run_t; | |
| 22 | files_pid_file(matahari_var_run_t) | |
| 23 | ||
| 24 | ######################################## | |
| 25 | # | |
| 26 | # matahari_hostd local policy | |
| 27 | # | |
| b6df0faf | 28 | kernel_read_network_state(matahari_hostd_t) |
| b6df0faf DW |
29 | |
| 30 | dev_read_sysfs(matahari_hostd_t) | |
| 241ff5ca | 31 | dev_rw_mtrr(matahari_hostd_t) |
| b6df0faf DW |
32 | |
| 33 | domain_use_interactive_fds(matahari_hostd_t) | |
| 34 | domain_read_all_domains_state(matahari_hostd_t) | |
| 35 | ||
| b6df0faf DW |
36 | optional_policy(` |
| 37 | dbus_system_bus_client(matahari_hostd_t) | |
| 38 | ') | |
| 39 | ||
| 40 | ######################################## | |
| 41 | # | |
| 42 | # matahari_netd local policy | |
| 43 | # | |
| b6df0faf DW |
44 | |
| 45 | domain_use_interactive_fds(matahari_netd_t) | |
| 46 | ||
| e43da3a5 MG |
47 | optional_policy(` |
| 48 | dbus_system_bus_client(matahari_netd_t) | |
| 49 | ') | |
| b6df0faf DW |
50 | |
| 51 | ######################################## | |
| 52 | # | |
| 53 | # matahari_serviced local policy | |
| 54 | # | |
| 529a547a DW |
55 | allow matahari_serviced_t self:process setpgid; |
| 56 | ||
| 57 | kernel_read_network_state(matahari_serviced_t) | |
| 58 | ||
| 59 | dev_read_sysfs(matahari_serviced_t) | |
| b6df0faf | 60 | |
| d8a1e83e | 61 | domain_use_interactive_fds(matahari_serviced_t) |
| 529a547a | 62 | |
| 14b81b8c DW |
63 | files_read_etc_runtime_files(matahari_serviced_t) |
| 64 | ||
| 99962fff | 65 | init_domtrans_script(matahari_serviced_t) |
| 529a547a | 66 | |
| 99962fff | 67 | systemd_config_all_services(matahari_serviced_t) |
| b6df0faf | 68 | |
| 14b81b8c DW |
69 | ######################################## |
| 70 | # | |
| 71 | # matahari_sysconfigd local policy | |
| 72 | # | |
| 73 | dev_read_sysfs(matahari_sysconfigd_t) | |
| 74 | ||
| d8a1e83e MG |
75 | ####################################### |
| 76 | # | |
| 77 | # matahari domain local policy | |
| 78 | # | |
| b6df0faf | 79 | |
| 0703a8c8 | 80 | allow matahari_domain self:process signal; |
| b6df0faf | 81 | |
| d8a1e83e MG |
82 | allow matahari_domain self:fifo_file rw_fifo_file_perms; |
| 83 | allow matahari_domain self:unix_stream_socket create_stream_socket_perms; | |
| b6df0faf | 84 | |
| d8a1e83e MG |
85 | kernel_read_system_state(matahari_domain) |
| 86 | ||
| 87 | corenet_tcp_connect_matahari_port(matahari_domain) | |
| b6df0faf | 88 | |
| d8a1e83e | 89 | dev_read_urand(matahari_domain) |
| b6df0faf | 90 | |
| d8a1e83e | 91 | files_read_etc_files(matahari_domain) |
| b6df0faf | 92 | |
| d8a1e83e | 93 | logging_send_syslog_msg(matahari_domain) |
| b6df0faf | 94 | |
| d8a1e83e | 95 | miscfiles_read_localization(matahari_domain) |
| b6df0faf | 96 | |
| d8a1e83e | 97 | sysnet_dns_name_resolve(matahari_domain) |