[people/stevee/selinux-policy.git] / policy / modules / services / ppp.te


policy_module(ppp,1.4.1)

########################################
#
# Declarations
#

## <desc>
## <p>
## Allow pppd to load kernel modules for certain modems
## </p>
## </desc>
gen_tunable(pppd_can_insmod,false)

ifdef(`strict_policy',`
## <desc>
## <p>
## Allow pppd to be run for a regular user
## </p>
## </desc>
gen_tunable(pppd_for_user,false)
')

# pppd_t is the domain for the pppd program.
# pppd_exec_t is the type of the pppd executable.
type pppd_t;
type pppd_exec_t;
init_daemon_domain(pppd_t,pppd_exec_t)

type pppd_devpts_t;
term_pty(pppd_devpts_t)

# Define a separate type for /etc/ppp
type pppd_etc_t;
files_config_file(pppd_etc_t)

# Define a separate type for writable files under /etc/ppp
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)

type pppd_script_exec_t;
files_type(pppd_script_exec_t)

# pppd_secret_t is the type of the pap and chap password files
type pppd_secret_t;
files_type(pppd_secret_t)

type pppd_log_t;
logging_log_file(pppd_log_t)

type pppd_lock_t;
files_lock_file(pppd_lock_t)

type pppd_tmp_t;
files_tmp_file(pppd_tmp_t)

type pppd_var_run_t;
files_pid_file(pppd_var_run_t)

type pptp_t;
type pptp_exec_t;
init_daemon_domain(pptp_t,pptp_exec_t)

type pptp_log_t;
logging_log_file(pptp_log_t)

type pptp_var_run_t;
files_pid_file(pptp_var_run_t)

########################################
#
# PPPD Local policy
#

allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
dontaudit pppd_t self:capability sys_tty_config;
allow pppd_t self:process signal;
allow pppd_t self:fifo_file rw_fifo_file_perms;
allow pppd_t self:socket create_socket_perms;
allow pppd_t self:unix_dgram_socket create_socket_perms;
allow pppd_t self:unix_stream_socket create_socket_perms;
allow pppd_t self:netlink_route_socket rw_netlink_socket_perms;
allow pppd_t self:tcp_socket create_stream_socket_perms;
allow pppd_t self:udp_socket { connect connected_socket_perms };
allow pppd_t self:packet_socket create_socket_perms;

domtrans_pattern(pppd_t, pptp_exec_t, pptp_t)

allow pppd_t pppd_devpts_t:chr_file { rw_chr_file_perms setattr };

allow pppd_t pppd_etc_t:dir rw_dir_perms;
allow pppd_t pppd_etc_t:file read_file_perms;
allow pppd_t pppd_etc_t:lnk_file { getattr read };

manage_files_pattern(pppd_t,pppd_etc_rw_t,pppd_etc_rw_t)
# Automatically label newly created files under /etc/ppp with this type
filetrans_pattern(pppd_t,pppd_etc_t,pppd_etc_rw_t,file)

allow pppd_t pppd_lock_t:file manage_file_perms;
files_lock_filetrans(pppd_t,pppd_lock_t,file)

allow pppd_t pppd_log_t:file manage_file_perms;
logging_log_filetrans(pppd_t,pppd_log_t,file)

manage_dirs_pattern(pppd_t,pppd_tmp_t,pppd_tmp_t)
manage_files_pattern(pppd_t,pppd_tmp_t,pppd_tmp_t)
files_tmp_filetrans(pppd_t, pppd_tmp_t, { file dir })

manage_files_pattern(pppd_t,pppd_var_run_t,pppd_var_run_t)
files_pid_filetrans(pppd_t,pppd_var_run_t,file)

allow pppd_t pptp_t:process signal;

# for SSP
# Access secret files
allow pppd_t pppd_secret_t:file read_file_perms;

kernel_read_kernel_sysctls(pppd_t)
kernel_read_system_state(pppd_t)
kernel_read_net_sysctls(pppd_t)
kernel_read_network_state(pppd_t)
kernel_load_module(pppd_t)

dev_read_urand(pppd_t)
dev_search_sysfs(pppd_t)
dev_read_sysfs(pppd_t)

corenet_non_ipsec_sendrecv(pppd_t)
corenet_tcp_sendrecv_all_if(pppd_t)
corenet_raw_sendrecv_all_if(pppd_t)
corenet_udp_sendrecv_all_if(pppd_t)
corenet_tcp_sendrecv_all_nodes(pppd_t)
corenet_raw_sendrecv_all_nodes(pppd_t)
corenet_udp_sendrecv_all_nodes(pppd_t)
corenet_tcp_sendrecv_all_ports(pppd_t)
corenet_udp_sendrecv_all_ports(pppd_t)
# Access /dev/ppp.
corenet_rw_ppp_dev(pppd_t)

fs_getattr_all_fs(pppd_t)
fs_search_auto_mountpoints(pppd_t)

term_use_unallocated_ttys(pppd_t)
term_setattr_unallocated_ttys(pppd_t)
term_ioctl_generic_ptys(pppd_t)
# for pppoe
term_create_pty(pppd_t,pppd_devpts_t)

# allow running ip-up and ip-down scripts and running chat.
corecmd_exec_bin(pppd_t)
corecmd_exec_shell(pppd_t)

domain_use_interactive_fds(pppd_t)

files_exec_etc_files(pppd_t)
files_manage_etc_runtime_files(pppd_t)
files_dontaudit_write_etc_files(pppd_t)

# for scripts
files_read_etc_files(pppd_t)

init_read_utmp(pppd_t)
init_dontaudit_write_utmp(pppd_t)

libs_use_ld_so(pppd_t)
libs_use_shared_libs(pppd_t)

logging_send_syslog_msg(pppd_t)

miscfiles_read_localization(pppd_t)

sysnet_exec_ifconfig(pppd_t)
sysnet_manage_config(pppd_t)
sysnet_etc_filetrans_config(pppd_t)

userdom_dontaudit_use_unpriv_user_fds(pppd_t)
userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
# for ~/.ppprc - if it actually exists then you need some policy to read it
#allow pppd_t { sysadm_home_dir_t home_root_t user_home_dir_type }:dir search;
userdom_search_sysadm_home_dirs(pppd_t)
userdom_search_unpriv_users_home_dirs(pppd_t)

ppp_exec(pppd_t)

ifdef(`targeted_policy', `
	term_dontaudit_use_unallocated_ttys(pppd_t)
	term_dontaudit_use_generic_ptys(pppd_t)
	files_dontaudit_read_root_files(pppd_t)
')

optional_policy(`
	ddclient_domtrans(pppd_t)
')

optional_policy(`
	tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
		modutils_domtrans_insmod_uncond(pppd_t)
	')
')

optional_policy(`
	mta_send_mail(pppd_t)
')

optional_policy(`
	nis_use_ypbind(pppd_t)
')

optional_policy(`
	nscd_socket_use(pppd_t)
')

optional_policy(`
	postfix_domtrans_master(pppd_t)
')

optional_policy(`
	seutil_sigchld_newrole(pppd_t)
')

optional_policy(`
	udev_read_db(pppd_t)
')

########################################
#
# PPTP Local policy
#

dontaudit pptp_t self:capability sys_tty_config;
allow pptp_t self:capability net_raw;
allow pptp_t self:fifo_file { read write };
allow pptp_t self:unix_dgram_socket create_socket_perms;
allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow pptp_t self:rawip_socket create_socket_perms;
allow pptp_t self:tcp_socket create_socket_perms;

allow pptp_t pppd_etc_t:dir { getattr read search };
allow pptp_t pppd_etc_t:file { read getattr };
allow pptp_t pppd_etc_t:lnk_file { getattr read };

allow pptp_t pppd_etc_rw_t:dir { getattr read search };
allow pptp_t pppd_etc_rw_t:file { read getattr };
allow pptp_t pppd_etc_rw_t:lnk_file { getattr read };
can_exec(pptp_t, pppd_etc_rw_t)

# Allow pptp to append to pppd log files
allow pptp_t pppd_log_t:file append;

allow pptp_t pptp_log_t:file manage_file_perms;
logging_log_filetrans(pptp_t,pptp_log_t,file)

manage_files_pattern(pptp_t,pptp_var_run_t,pptp_var_run_t)
manage_sock_files_pattern(pptp_t,pptp_var_run_t,pptp_var_run_t)
files_pid_filetrans(pptp_t,pptp_var_run_t,file)

kernel_list_proc(pptp_t)
kernel_read_kernel_sysctls(pptp_t)
kernel_read_proc_symlinks(pptp_t)

dev_read_sysfs(pptp_t)

corenet_non_ipsec_sendrecv(pptp_t)
corenet_tcp_sendrecv_all_if(pptp_t)
corenet_raw_sendrecv_all_if(pptp_t)
corenet_tcp_sendrecv_all_nodes(pptp_t)
corenet_raw_sendrecv_all_nodes(pptp_t)
corenet_tcp_sendrecv_all_ports(pptp_t)
corenet_tcp_bind_all_nodes(pptp_t)
corenet_tcp_connect_generic_port(pptp_t)
corenet_tcp_connect_all_reserved_ports(pptp_t)
corenet_sendrecv_generic_client_packets(pptp_t)

fs_getattr_all_fs(pptp_t)
fs_search_auto_mountpoints(pptp_t)

term_ioctl_generic_ptys(pptp_t)
term_search_ptys(pptp_t)
term_use_ptmx(pptp_t)

domain_use_interactive_fds(pptp_t)

libs_use_ld_so(pptp_t)
libs_use_shared_libs(pptp_t)

logging_send_syslog_msg(pptp_t)

miscfiles_read_localization(pptp_t)

sysnet_read_config(pptp_t)

userdom_dontaudit_use_unpriv_user_fds(pptp_t)
userdom_dontaudit_search_sysadm_home_dirs(pptp_t)

ifdef(`targeted_policy',`
        term_dontaudit_use_unallocated_ttys(pptp_t)
        term_dontaudit_use_generic_ptys(pptp_t)
        files_dontaudit_read_root_files(pptp_t)
')

optional_policy(`
	consoletype_exec(pppd_t)
')

optional_policy(`
	hostname_exec(pptp_t)
')

optional_policy(`
	nscd_socket_use(pptp_t)
')

optional_policy(`
        seutil_sigchld_newrole(pptp_t)
')

optional_policy(`
        udev_read_db(pptp_t)
')

optional_policy(`
	postfix_read_config(pppd_t)
')

# FIXME:
domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
Commit	Line	Data
e08118a5	1
f6a590d7	2	policy_module(ppp,1.4.1)
e08118a5 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
56e1b3d2 CP	9	## <desc>
	10	## <p>
	11	## Allow pppd to load kernel modules for certain modems
	12	## </p>
	13	## </desc>
	14	gen_tunable(pppd_can_insmod,false)
	15
	16	ifdef(`strict_policy',`
	17	## <desc>
	18	## <p>
	19	## Allow pppd to be run for a regular user
	20	## </p>
	21	## </desc>
	22	gen_tunable(pppd_for_user,false)
	23	')
	24
e08118a5 CP	25	# pppd_t is the domain for the pppd program.
	26	# pppd_exec_t is the type of the pppd executable.
	27	type pppd_t;
	28	type pppd_exec_t;
	29	init_daemon_domain(pppd_t,pppd_exec_t)
	30
	31	type pppd_devpts_t;
	32	term_pty(pppd_devpts_t)
	33
	34	# Define a separate type for /etc/ppp
9bbc757a CP	35	type pppd_etc_t;
9bbc757a CP	36	files_config_file(pppd_etc_t)
e08118a5 CP	37
	38	# Define a separate type for writable files under /etc/ppp
	39	type pppd_etc_rw_t;
	40	files_type(pppd_etc_rw_t)
	41
	42	type pppd_script_exec_t;
	43	files_type(pppd_script_exec_t)
	44
	45	# pppd_secret_t is the type of the pap and chap password files
	46	type pppd_secret_t;
	47	files_type(pppd_secret_t)
	48
	49	type pppd_log_t;
	50	logging_log_file(pppd_log_t)
	51
	52	type pppd_lock_t;
	53	files_lock_file(pppd_lock_t)
	54
	55	type pppd_tmp_t;
	56	files_tmp_file(pppd_tmp_t)
	57
	58	type pppd_var_run_t;
	59	files_pid_file(pppd_var_run_t)
	60
	61	type pptp_t;
	62	type pptp_exec_t;
	63	init_daemon_domain(pptp_t,pptp_exec_t)
	64
	65	type pptp_log_t;
	66	logging_log_file(pptp_log_t)
	67
	68	type pptp_var_run_t;
	69	files_pid_file(pptp_var_run_t)
	70
	71	########################################
	72	#
	73	# PPPD Local policy
	74	#
	75
e08118a5	76	allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
141cffdd	77	dontaudit pppd_t self:capability sys_tty_config;
123a990b	78	allow pppd_t self:process signal;
c0868a7a	79	allow pppd_t self:fifo_file rw_fifo_file_perms;
e08118a5 CP	80	allow pppd_t self:socket create_socket_perms;
	81	allow pppd_t self:unix_dgram_socket create_socket_perms;
	82	allow pppd_t self:unix_stream_socket create_socket_perms;
8708d9be	83	allow pppd_t self:netlink_route_socket rw_netlink_socket_perms;
e08118a5 CP	84	allow pppd_t self:tcp_socket create_stream_socket_perms;
	85	allow pppd_t self:udp_socket { connect connected_socket_perms };
	86	allow pppd_t self:packet_socket create_socket_perms;
	87
c0868a7a	88	domtrans_pattern(pppd_t, pptp_exec_t, pptp_t)
e08118a5	89
c0868a7a	90	allow pppd_t pppd_devpts_t:chr_file { rw_chr_file_perms setattr };
e08118a5 CP	91
e08118a5 CP	92	allow pppd_t pppd_etc_t:dir rw_dir_perms;
c0868a7a	93	allow pppd_t pppd_etc_t:file read_file_perms;
e08118a5	94	allow pppd_t pppd_etc_t:lnk_file { getattr read };
e08118a5	95
c0868a7a	96	manage_files_pattern(pppd_t,pppd_etc_rw_t,pppd_etc_rw_t)
8708d9be	97	# Automatically label newly created files under /etc/ppp with this type
c0868a7a	98	filetrans_pattern(pppd_t,pppd_etc_t,pppd_etc_rw_t,file)
e08118a5	99
c0868a7a	100	allow pppd_t pppd_lock_t:file manage_file_perms;
1c1ac67f	101	files_lock_filetrans(pppd_t,pppd_lock_t,file)
e08118a5	102
c0868a7a	103	allow pppd_t pppd_log_t:file manage_file_perms;
1c1ac67f	104	logging_log_filetrans(pppd_t,pppd_log_t,file)
e08118a5	105
c0868a7a CP	106	manage_dirs_pattern(pppd_t,pppd_tmp_t,pppd_tmp_t)
c0868a7a CP	107	manage_files_pattern(pppd_t,pppd_tmp_t,pppd_tmp_t)
103fe280	108	files_tmp_filetrans(pppd_t, pppd_tmp_t, { file dir })
e08118a5	109
c0868a7a	110	manage_files_pattern(pppd_t,pppd_var_run_t,pppd_var_run_t)
1c1ac67f	111	files_pid_filetrans(pppd_t,pppd_var_run_t,file)
e08118a5 CP	112
	113	allow pppd_t pptp_t:process signal;
	114
	115	# for SSP
	116	# Access secret files
c0868a7a	117	allow pppd_t pppd_secret_t:file read_file_perms;
e08118a5	118
445522dc	119	kernel_read_kernel_sysctls(pppd_t)
725926c5	120	kernel_read_system_state(pppd_t)
445522dc	121	kernel_read_net_sysctls(pppd_t)
e08118a5 CP	122	kernel_read_network_state(pppd_t)
	123	kernel_load_module(pppd_t)
	124
	125	dev_read_urand(pppd_t)
	126	dev_search_sysfs(pppd_t)
	127	dev_read_sysfs(pppd_t)
	128
141cffdd	129	corenet_non_ipsec_sendrecv(pppd_t)
e08118a5 CP	130	corenet_tcp_sendrecv_all_if(pppd_t)
	131	corenet_raw_sendrecv_all_if(pppd_t)
	132	corenet_udp_sendrecv_all_if(pppd_t)
	133	corenet_tcp_sendrecv_all_nodes(pppd_t)
	134	corenet_raw_sendrecv_all_nodes(pppd_t)
	135	corenet_udp_sendrecv_all_nodes(pppd_t)
	136	corenet_tcp_sendrecv_all_ports(pppd_t)
	137	corenet_udp_sendrecv_all_ports(pppd_t)
e08118a5	138	# Access /dev/ppp.
5b6ddb98	139	corenet_rw_ppp_dev(pppd_t)
e08118a5 CP	140
	141	fs_getattr_all_fs(pppd_t)
	142	fs_search_auto_mountpoints(pppd_t)
	143
1815bad1	144	term_use_unallocated_ttys(pppd_t)
e08118a5	145	term_setattr_unallocated_ttys(pppd_t)
1815bad1	146	term_ioctl_generic_ptys(pppd_t)
e08118a5 CP	147	# for pppoe
e08118a5 CP	148	term_create_pty(pppd_t,pppd_devpts_t)
e08118a5 CP	149
	150	# allow running ip-up and ip-down scripts and running chat.
	151	corecmd_exec_bin(pppd_t)
e08118a5 CP	152	corecmd_exec_shell(pppd_t)
e08118a5 CP	153
15722ec9	154	domain_use_interactive_fds(pppd_t)
e08118a5 CP	155
e08118a5 CP	156	files_exec_etc_files(pppd_t)
8708d9be	157	files_manage_etc_runtime_files(pppd_t)
8708d9be CP	158	files_dontaudit_write_etc_files(pppd_t)
8708d9be CP	159
e08118a5 CP	160	# for scripts
	161	files_read_etc_files(pppd_t)
	162
68228b33 CP	163	init_read_utmp(pppd_t)
68228b33 CP	164	init_dontaudit_write_utmp(pppd_t)
e08118a5 CP	165
	166	libs_use_ld_so(pppd_t)
	167	libs_use_shared_libs(pppd_t)
	168
	169	logging_send_syslog_msg(pppd_t)
	170
	171	miscfiles_read_localization(pppd_t)
	172
e08118a5 CP	173	sysnet_exec_ifconfig(pppd_t)
e08118a5 CP	174	sysnet_manage_config(pppd_t)
f6a590d7	175	sysnet_etc_filetrans_config(pppd_t)
e08118a5	176
15722ec9	177	userdom_dontaudit_use_unpriv_user_fds(pppd_t)
103fe280	178	userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
e08118a5 CP	179	# for ~/.ppprc - if it actually exists then you need some policy to read it
e08118a5 CP	180	#allow pppd_t { sysadm_home_dir_t home_root_t user_home_dir_type }:dir search;
103fe280	181	userdom_search_sysadm_home_dirs(pppd_t)
15722ec9	182	userdom_search_unpriv_users_home_dirs(pppd_t)
e08118a5	183
8708d9be CP	184	ppp_exec(pppd_t)
8708d9be CP	185
e08118a5	186	ifdef(`targeted_policy', `
1815bad1 CP	187	term_dontaudit_use_unallocated_ttys(pppd_t)
1815bad1 CP	188	term_dontaudit_use_generic_ptys(pppd_t)
9e04f5c5	189	files_dontaudit_read_root_files(pppd_t)
e08118a5 CP	190	')
e08118a5 CP	191
70b8a723 CP	192	optional_policy(`
	193	ddclient_domtrans(pppd_t)
	194	')
	195
bb7170f6	196	optional_policy(`
8967bf8b CP	197	tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
8967bf8b CP	198	modutils_domtrans_insmod_uncond(pppd_t)
e08118a5 CP	199	')
	200	')
	201
bb7170f6	202	optional_policy(`
88dd3896 CP	203	mta_send_mail(pppd_t)
	204	')
	205
bb7170f6	206	optional_policy(`
e08118a5 CP	207	nis_use_ypbind(pppd_t)
	208	')
	209
bb7170f6	210	optional_policy(`
1815bad1	211	nscd_socket_use(pppd_t)
e08118a5 CP	212	')
e08118a5 CP	213
56e1b3d2 CP	214	optional_policy(`
	215	postfix_domtrans_master(pppd_t)
	216	')
	217
bb7170f6	218	optional_policy(`
e08118a5 CP	219	seutil_sigchld_newrole(pppd_t)
	220	')
	221
bb7170f6	222	optional_policy(`
e08118a5 CP	223	udev_read_db(pppd_t)
	224	')
	225
	226	########################################
	227	#
	228	# PPTP Local policy
	229	#
	230
	231	dontaudit pptp_t self:capability sys_tty_config;
	232	allow pptp_t self:capability net_raw;
	233	allow pptp_t self:fifo_file { read write };
	234	allow pptp_t self:unix_dgram_socket create_socket_perms;
	235	allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
	236	allow pptp_t self:rawip_socket create_socket_perms;
	237	allow pptp_t self:tcp_socket create_socket_perms;
	238
	239	allow pptp_t pppd_etc_t:dir { getattr read search };
	240	allow pptp_t pppd_etc_t:file { read getattr };
	241	allow pptp_t pppd_etc_t:lnk_file { getattr read };
	242
	243	allow pptp_t pppd_etc_rw_t:dir { getattr read search };
	244	allow pptp_t pppd_etc_rw_t:file { read getattr };
	245	allow pptp_t pppd_etc_rw_t:lnk_file { getattr read };
	246	can_exec(pptp_t, pppd_etc_rw_t)
	247
	248	# Allow pptp to append to pppd log files
	249	allow pptp_t pppd_log_t:file append;
	250
c0868a7a	251	allow pptp_t pptp_log_t:file manage_file_perms;
1c1ac67f	252	logging_log_filetrans(pptp_t,pptp_log_t,file)
e08118a5	253
c0868a7a CP	254	manage_files_pattern(pptp_t,pptp_var_run_t,pptp_var_run_t)
c0868a7a CP	255	manage_sock_files_pattern(pptp_t,pptp_var_run_t,pptp_var_run_t)
1c1ac67f	256	files_pid_filetrans(pptp_t,pptp_var_run_t,file)
e08118a5 CP	257
e08118a5 CP	258	kernel_list_proc(pptp_t)
445522dc	259	kernel_read_kernel_sysctls(pptp_t)
e08118a5 CP	260	kernel_read_proc_symlinks(pptp_t)
	261
	262	dev_read_sysfs(pptp_t)
	263
141cffdd	264	corenet_non_ipsec_sendrecv(pptp_t)
e08118a5 CP	265	corenet_tcp_sendrecv_all_if(pptp_t)
	266	corenet_raw_sendrecv_all_if(pptp_t)
	267	corenet_tcp_sendrecv_all_nodes(pptp_t)
	268	corenet_raw_sendrecv_all_nodes(pptp_t)
	269	corenet_tcp_sendrecv_all_ports(pptp_t)
	270	corenet_tcp_bind_all_nodes(pptp_t)
	271	corenet_tcp_connect_generic_port(pptp_t)
	272	corenet_tcp_connect_all_reserved_ports(pptp_t)
141cffdd	273	corenet_sendrecv_generic_client_packets(pptp_t)
e08118a5 CP	274
	275	fs_getattr_all_fs(pptp_t)
	276	fs_search_auto_mountpoints(pptp_t)
	277
1815bad1	278	term_ioctl_generic_ptys(pptp_t)
e08118a5 CP	279	term_search_ptys(pptp_t)
	280	term_use_ptmx(pptp_t)
	281
15722ec9	282	domain_use_interactive_fds(pptp_t)
e08118a5	283
e08118a5 CP	284	libs_use_ld_so(pptp_t)
	285	libs_use_shared_libs(pptp_t)
	286
	287	logging_send_syslog_msg(pptp_t)
	288
	289	miscfiles_read_localization(pptp_t)
	290
	291	sysnet_read_config(pptp_t)
	292
15722ec9	293	userdom_dontaudit_use_unpriv_user_fds(pptp_t)
103fe280	294	userdom_dontaudit_search_sysadm_home_dirs(pptp_t)
e08118a5 CP	295
e08118a5 CP	296	ifdef(`targeted_policy',`
1815bad1 CP	297	term_dontaudit_use_unallocated_ttys(pptp_t)
1815bad1 CP	298	term_dontaudit_use_generic_ptys(pptp_t)
9e04f5c5	299	files_dontaudit_read_root_files(pptp_t)
e08118a5 CP	300	')
e08118a5 CP	301
8708d9be CP	302	optional_policy(`
	303	consoletype_exec(pppd_t)
	304	')
	305
bb7170f6	306	optional_policy(`
e08118a5 CP	307	hostname_exec(pptp_t)
	308	')
	309
bb7170f6	310	optional_policy(`
1815bad1	311	nscd_socket_use(pptp_t)
e08118a5 CP	312	')
e08118a5 CP	313
bb7170f6	314	optional_policy(`
e08118a5 CP	315	seutil_sigchld_newrole(pptp_t)
	316	')
	317
bb7170f6	318	optional_policy(`
e08118a5 CP	319	udev_read_db(pptp_t)
	320	')
	321
bb7170f6	322	optional_policy(`
bf080a46	323	postfix_read_config(pppd_t)
e08118a5	324	')
725926c5	325
445522dc	326	# FIXME:
c0868a7a	327	domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)