]>
Commit | Line | Data |
---|---|---|
f1b7d092 DG |
1 | ## <summary>Caching web proxy.</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Role access for polipo session. | |
6 | ## </summary> | |
7 | ## <param name="role"> | |
8 | ## <summary> | |
9 | ## Role allowed access. | |
10 | ## </summary> | |
11 | ## </param> | |
12 | ## <param name="domain"> | |
13 | ## <summary> | |
14 | ## Domain allowed access. | |
15 | ## </summary> | |
16 | ## </param> | |
17 | # | |
18 | template(`polipo_role',` | |
19 | gen_require(` | |
20 | type polipo_session_t, polipo_exec_t; | |
21 | ') | |
22 | ||
23 | ######################################## | |
24 | # | |
25 | # Declarations | |
26 | # | |
27 | ||
28 | role $1 types polipo_session_t; | |
29 | ||
30 | ######################################## | |
31 | # | |
32 | # Policy | |
33 | # | |
34 | ||
995bdbb1 | 35 | allow $2 polipo_session_t:process signal_perms; |
f1b7d092 | 36 | ps_process_pattern($2, polipo_session_t) |
995bdbb1 | 37 | tunable_policy(`deny_ptrace',`',` |
38 | allow $2 polipo_session_t:process ptrace; | |
39 | ') | |
f1b7d092 DG |
40 | |
41 | tunable_policy(`polipo_session_users',` | |
42 | domtrans_pattern($2, polipo_exec_t, polipo_session_t) | |
43 | ',` | |
44 | can_exec($2, polipo_exec_t) | |
45 | ') | |
46 | ') | |
47 | ||
48 | ######################################## | |
49 | ## <summary> | |
50 | ## Create configuration files in user | |
51 | ## home directories with a named file | |
52 | ## type transition. | |
53 | ## </summary> | |
54 | ## <param name="domain"> | |
55 | ## <summary> | |
56 | ## Domain allowed access. | |
57 | ## </summary> | |
58 | ## </param> | |
59 | # | |
60 | interface(`polipo_named_filetrans_config_home_files',` | |
61 | gen_require(` | |
62 | type polipo_config_home_t; | |
63 | ') | |
64 | ||
65 | userdom_user_home_dir_filetrans($1, polipo_config_home_t, file, ".polipo") | |
66 | ') | |
67 | ||
68 | ######################################## | |
69 | ## <summary> | |
70 | ## Create cache directories in user | |
71 | ## home directories with a named file | |
72 | ## type transition. | |
73 | ## </summary> | |
74 | ## <param name="domain"> | |
75 | ## <summary> | |
76 | ## Domain allowed access. | |
77 | ## </summary> | |
78 | ## </param> | |
79 | # | |
80 | interface(`polipo_named_filetrans_cache_home_dirs',` | |
81 | gen_require(` | |
82 | type polipo_cache_home_t; | |
83 | ') | |
84 | ||
85 | userdom_user_home_dir_filetrans($1, polipo_cache_home_t, dir, ".polipo-cache") | |
86 | ') | |
87 | ||
88 | ######################################## | |
89 | ## <summary> | |
90 | ## Create configuration files in admin | |
91 | ## home directories with a named file | |
92 | ## type transition. | |
93 | ## </summary> | |
94 | ## <param name="domain"> | |
95 | ## <summary> | |
96 | ## Domain allowed access. | |
97 | ## </summary> | |
98 | ## </param> | |
99 | # | |
100 | interface(`polipo_named_filetrans_admin_config_home_files',` | |
101 | gen_require(` | |
102 | type polipo_config_home_t; | |
103 | ') | |
104 | ||
105 | userdom_admin_home_dir_filetrans($1, polipo_config_home_t, file, ".polipo") | |
106 | ') | |
107 | ||
108 | ######################################## | |
109 | ## <summary> | |
110 | ## Create cache directories in admin | |
111 | ## home directories with a named file | |
112 | ## type transition. | |
113 | ## </summary> | |
114 | ## <param name="domain"> | |
115 | ## <summary> | |
116 | ## Domain allowed access. | |
117 | ## </summary> | |
118 | ## </param> | |
119 | # | |
120 | interface(`polipo_named_filetrans_admin_cache_home_dirs',` | |
121 | gen_require(` | |
122 | type polipo_cache_home_t; | |
123 | ') | |
124 | ||
125 | userdom_admin_home_dir_filetrans($1, polipo_cache_home_t, dir, ".polipo-cache") | |
126 | ') | |
127 | ||
128 | ######################################## | |
129 | ## <summary> | |
130 | ## Create log files with a named file | |
131 | ## type transition. | |
132 | ## </summary> | |
133 | ## <param name="domain"> | |
134 | ## <summary> | |
135 | ## Domain allowed access. | |
136 | ## </summary> | |
137 | ## </param> | |
138 | # | |
139 | interface(`polipo_named_filetrans_log_files',` | |
140 | gen_require(` | |
141 | type polipo_log_t; | |
142 | ') | |
143 | ||
144 | logging_log_named_filetrans($1, polipo_log_t, file, "polipo") | |
145 | ') | |
146 | ||
147 | ######################################## | |
148 | ## <summary> | |
149 | ## Administrate an polipo environment. | |
150 | ## </summary> | |
151 | ## <param name="domain"> | |
152 | ## <summary> | |
153 | ## Domain allowed access. | |
154 | ## </summary> | |
155 | ## </param> | |
156 | ## <param name="role"> | |
157 | ## <summary> | |
158 | ## Role allowed access. | |
159 | ## </summary> | |
160 | ## </param> | |
161 | ## <rolecap/> | |
162 | # | |
163 | interface(`polipo_admin',` | |
164 | gen_require(` | |
165 | type polipo_t, polipo_pid_t, polipo_cache_t; | |
166 | type polipo_etc_t, polipo_log_t, polipo_initrc_exec_t; | |
167 | ') | |
168 | ||
995bdbb1 | 169 | allow $1 polipo_t:process signal_perms; |
f1b7d092 | 170 | ps_process_pattern($1, polipo_t) |
995bdbb1 | 171 | tunable_policy(`deny_ptrace',`',` |
172 | allow $1 polipo_t:process ptrace; | |
173 | ') | |
f1b7d092 DG |
174 | |
175 | init_labeled_script_domtrans($1, polipo_initrc_exec_t) | |
176 | domain_system_change_exemption($1) | |
177 | role_transition $2 polipo_initrc_exec_t system_r; | |
178 | allow $2 system_r; | |
179 | ||
180 | files_list_etc($1) | |
181 | admin_pattern($1, polipo_etc_t) | |
182 | ||
183 | logging_list_logs($1) | |
184 | admin_pattern($1, polipo_log_t) | |
185 | ||
186 | files_list_var($1) | |
187 | admin_pattern($1, polipo_cache_t) | |
188 | ||
189 | files_list_pids($1) | |
190 | admin_pattern($1, polipo_pid_t) | |
191 | ') |