[people/stevee/selinux-policy.git] / policy / modules / services / ppp.te


policy_module(ppp,1.2.4)

########################################
#
# Declarations
#

# pppd_t is the domain for the pppd program.
# pppd_exec_t is the type of the pppd executable.
type pppd_t;
type pppd_exec_t;
init_daemon_domain(pppd_t,pppd_exec_t)

type pppd_devpts_t;
term_pty(pppd_devpts_t)

# Define a separate type for /etc/ppp
type pppd_etc_t;
files_config_file(pppd_etc_t)

# Define a separate type for writable files under /etc/ppp
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)

type pppd_script_exec_t;
files_type(pppd_script_exec_t)

# pppd_secret_t is the type of the pap and chap password files
type pppd_secret_t;
files_type(pppd_secret_t)

type pppd_log_t;
logging_log_file(pppd_log_t)

type pppd_lock_t;
files_lock_file(pppd_lock_t)

type pppd_tmp_t;
files_tmp_file(pppd_tmp_t)

type pppd_var_run_t;
files_pid_file(pppd_var_run_t)

type pptp_t;
type pptp_exec_t;
init_daemon_domain(pptp_t,pptp_exec_t)

type pptp_log_t;
logging_log_file(pptp_log_t)

type pptp_var_run_t;
files_pid_file(pptp_var_run_t)

########################################
#
# PPPD Local policy
#

allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
dontaudit pppd_t self:capability sys_tty_config;
allow pppd_t self:process signal;
allow pppd_t self:fifo_file rw_file_perms;
allow pppd_t self:socket create_socket_perms;
allow pppd_t self:unix_dgram_socket create_socket_perms;
allow pppd_t self:unix_stream_socket create_socket_perms;
allow pppd_t self:netlink_route_socket r_netlink_socket_perms;
allow pppd_t self:tcp_socket create_stream_socket_perms;
allow pppd_t self:udp_socket { connect connected_socket_perms };
allow pppd_t self:packet_socket create_socket_perms;

domain_auto_trans(pppd_t, pptp_exec_t, pptp_t)
allow pppd_t pptp_t:fd use;
allow pptp_t pppd_t:fd use;
allow pptp_t pppd_t:fifo_file rw_file_perms;
allow pptp_t pppd_t:process sigchld;

allow pppd_t pppd_devpts_t:chr_file { rw_file_perms setattr };

allow pppd_t pppd_etc_t:dir rw_dir_perms;
allow pppd_t pppd_etc_t:file r_file_perms;
allow pppd_t pppd_etc_t:lnk_file { getattr read };
files_etc_filetrans(pppd_t,pppd_etc_t,file)

allow pppd_t pppd_etc_rw_t:file create_file_perms;

allow pppd_t pppd_lock_t:file create_file_perms;
files_lock_filetrans(pppd_t,pppd_lock_t,file)

allow pppd_t pppd_log_t:file create_file_perms;
logging_log_filetrans(pppd_t,pppd_log_t,file)

allow pppd_t pppd_tmp_t:dir create_dir_perms;
allow pppd_t pppd_tmp_t:file create_file_perms;
files_tmp_filetrans(pppd_t, pppd_tmp_t, { file dir })

allow pppd_t pppd_var_run_t:dir rw_dir_perms;
allow pppd_t pppd_var_run_t:file create_file_perms;
files_pid_filetrans(pppd_t,pppd_var_run_t,file)

allow pppd_t pptp_t:process signal;

# for SSP
# Access secret files
allow pppd_t pppd_secret_t:file r_file_perms;

# Automatically label newly created files under /etc/ppp with this type
type_transition pppd_t pppd_etc_t:file pppd_etc_rw_t;

kernel_read_kernel_sysctls(pppd_t)
kernel_read_system_state(pppd_t)
kernel_read_net_sysctls(pppd_t)
kernel_read_network_state(pppd_t)
kernel_load_module(pppd_t)

dev_read_urand(pppd_t)
dev_search_sysfs(pppd_t)
dev_read_sysfs(pppd_t)

corenet_non_ipsec_sendrecv(pppd_t)
corenet_tcp_sendrecv_all_if(pppd_t)
corenet_raw_sendrecv_all_if(pppd_t)
corenet_udp_sendrecv_all_if(pppd_t)
corenet_tcp_sendrecv_all_nodes(pppd_t)
corenet_raw_sendrecv_all_nodes(pppd_t)
corenet_udp_sendrecv_all_nodes(pppd_t)
corenet_tcp_sendrecv_all_ports(pppd_t)
corenet_udp_sendrecv_all_ports(pppd_t)
# Access /dev/ppp.
corenet_rw_ppp_dev(pppd_t)

fs_getattr_all_fs(pppd_t)
fs_search_auto_mountpoints(pppd_t)

term_use_unallocated_ttys(pppd_t)
term_setattr_unallocated_ttys(pppd_t)
term_ioctl_generic_ptys(pppd_t)
# for pppoe
term_create_pty(pppd_t,pppd_devpts_t)
term_dontaudit_use_console(pppd_t)

# allow running ip-up and ip-down scripts and running chat.
corecmd_exec_bin(pppd_t)
corecmd_exec_sbin(pppd_t)
corecmd_exec_shell(pppd_t)

domain_use_interactive_fds(pppd_t)

files_exec_etc_files(pppd_t)
files_read_etc_runtime_files(pppd_t)
# for scripts
files_read_etc_files(pppd_t)

init_read_utmp(pppd_t)
init_dontaudit_write_utmp(pppd_t)
init_use_fds(pppd_t)
init_use_script_ptys(pppd_t)

libs_use_ld_so(pppd_t)
libs_use_shared_libs(pppd_t)

logging_send_syslog_msg(pppd_t)

miscfiles_read_localization(pppd_t)

sysnet_read_config(pppd_t)
sysnet_exec_ifconfig(pppd_t)
sysnet_manage_config(pppd_t)

userdom_dontaudit_use_unpriv_user_fds(pppd_t)
userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
# for ~/.ppprc - if it actually exists then you need some policy to read it
#allow pppd_t { sysadm_home_dir_t home_root_t user_home_dir_type }:dir search;
userdom_search_sysadm_home_dirs(pppd_t)
userdom_search_unpriv_users_home_dirs(pppd_t)

ifdef(`targeted_policy', `
	term_dontaudit_use_unallocated_ttys(pppd_t)
	term_dontaudit_use_generic_ptys(pppd_t)
	files_dontaudit_read_root_files(pppd_t)

	optional_policy(`
		gen_require(`
			bool postfix_disable_trans;
		')

		if(!postfix_disable_trans) {
			postfix_domtrans_master(pppd_t)
		}
	')
',`
	optional_policy(`
		postfix_domtrans_master(pppd_t)
	')
')

optional_policy(`
	ddclient_domtrans(pppd_t)
')

optional_policy(`
	tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
		modutils_domtrans_insmod_uncond(pppd_t)
	')
')

optional_policy(`
	mta_send_mail(pppd_t)
')

optional_policy(`
	nis_use_ypbind(pppd_t)
')

optional_policy(`
	nscd_socket_use(pppd_t)
')

optional_policy(`
	seutil_sigchld_newrole(pppd_t)
')

optional_policy(`
	udev_read_db(pppd_t)
')

########################################
#
# PPTP Local policy
#

dontaudit pptp_t self:capability sys_tty_config;
allow pptp_t self:capability net_raw;
allow pptp_t self:fifo_file { read write };
allow pptp_t self:unix_dgram_socket create_socket_perms;
allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow pptp_t self:rawip_socket create_socket_perms;
allow pptp_t self:tcp_socket create_socket_perms;

allow pptp_t pppd_etc_t:dir { getattr read search };
allow pptp_t pppd_etc_t:file { read getattr };
allow pptp_t pppd_etc_t:lnk_file { getattr read };

allow pptp_t pppd_etc_rw_t:dir { getattr read search };
allow pptp_t pppd_etc_rw_t:file { read getattr };
allow pptp_t pppd_etc_rw_t:lnk_file { getattr read };
can_exec(pptp_t, pppd_etc_rw_t)

# Allow pptp to append to pppd log files
allow pptp_t pppd_log_t:file append;

allow pptp_t pptp_log_t:file create_file_perms;
logging_log_filetrans(pptp_t,pptp_log_t,file)

allow pptp_t pptp_var_run_t:file create_file_perms;
allow pptp_t pptp_var_run_t:dir rw_dir_perms;
allow pptp_t pptp_var_run_t:sock_file create_file_perms;
files_pid_filetrans(pptp_t,pptp_var_run_t,file)

kernel_list_proc(pptp_t)
kernel_read_kernel_sysctls(pptp_t)
kernel_read_proc_symlinks(pptp_t)

dev_read_sysfs(pptp_t)

corenet_non_ipsec_sendrecv(pptp_t)
corenet_tcp_sendrecv_all_if(pptp_t)
corenet_raw_sendrecv_all_if(pptp_t)
corenet_tcp_sendrecv_all_nodes(pptp_t)
corenet_raw_sendrecv_all_nodes(pptp_t)
corenet_tcp_sendrecv_all_ports(pptp_t)
corenet_tcp_bind_all_nodes(pptp_t)
corenet_tcp_connect_generic_port(pptp_t)
corenet_tcp_connect_all_reserved_ports(pptp_t)
corenet_sendrecv_generic_client_packets(pptp_t)

fs_getattr_all_fs(pptp_t)
fs_search_auto_mountpoints(pptp_t)

term_dontaudit_use_console(pptp_t)
term_ioctl_generic_ptys(pptp_t)
term_search_ptys(pptp_t)
term_use_ptmx(pptp_t)

domain_use_interactive_fds(pptp_t)

init_use_fds(pptp_t)
init_use_script_ptys(pptp_t)

libs_use_ld_so(pptp_t)
libs_use_shared_libs(pptp_t)

logging_send_syslog_msg(pptp_t)

miscfiles_read_localization(pptp_t)

sysnet_read_config(pptp_t)

userdom_dontaudit_use_unpriv_user_fds(pptp_t)
userdom_dontaudit_search_sysadm_home_dirs(pptp_t)

ifdef(`targeted_policy',`
        term_dontaudit_use_unallocated_ttys(pptp_t)
        term_dontaudit_use_generic_ptys(pptp_t)
        files_dontaudit_read_root_files(pptp_t)
')

optional_policy(`
	hostname_exec(pptp_t)
')

optional_policy(`
	nscd_socket_use(pptp_t)
')

optional_policy(`
        seutil_sigchld_newrole(pptp_t)
')

optional_policy(`
        udev_read_db(pptp_t)
')

optional_policy(`
	postfix_read_config(pppd_t)
')

# FIXME:
domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
allow pppd_t initrc_t:fd use;
allow initrc_t pppd_t:fd use;
allow initrc_t pppd_t:fifo_file rw_file_perms;
allow initrc_t pppd_t:process sigchld;
Commit	Line	Data
e08118a5	1
123a990b	2	policy_module(ppp,1.2.4)
e08118a5 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	# pppd_t is the domain for the pppd program.
	10	# pppd_exec_t is the type of the pppd executable.
	11	type pppd_t;
	12	type pppd_exec_t;
	13	init_daemon_domain(pppd_t,pppd_exec_t)
	14
	15	type pppd_devpts_t;
	16	term_pty(pppd_devpts_t)
	17
	18	# Define a separate type for /etc/ppp
9bbc757a CP	19	type pppd_etc_t;
9bbc757a CP	20	files_config_file(pppd_etc_t)
e08118a5 CP	21
	22	# Define a separate type for writable files under /etc/ppp
	23	type pppd_etc_rw_t;
	24	files_type(pppd_etc_rw_t)
	25
	26	type pppd_script_exec_t;
	27	files_type(pppd_script_exec_t)
	28
	29	# pppd_secret_t is the type of the pap and chap password files
	30	type pppd_secret_t;
	31	files_type(pppd_secret_t)
	32
	33	type pppd_log_t;
	34	logging_log_file(pppd_log_t)
	35
	36	type pppd_lock_t;
	37	files_lock_file(pppd_lock_t)
	38
	39	type pppd_tmp_t;
	40	files_tmp_file(pppd_tmp_t)
	41
	42	type pppd_var_run_t;
	43	files_pid_file(pppd_var_run_t)
	44
	45	type pptp_t;
	46	type pptp_exec_t;
	47	init_daemon_domain(pptp_t,pptp_exec_t)
	48
	49	type pptp_log_t;
	50	logging_log_file(pptp_log_t)
	51
	52	type pptp_var_run_t;
	53	files_pid_file(pptp_var_run_t)
	54
	55	########################################
	56	#
	57	# PPPD Local policy
	58	#
	59
e08118a5	60	allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
141cffdd	61	dontaudit pppd_t self:capability sys_tty_config;
123a990b	62	allow pppd_t self:process signal;
e08118a5	63	allow pppd_t self:fifo_file rw_file_perms;
e08118a5 CP	64	allow pppd_t self:socket create_socket_perms;
	65	allow pppd_t self:unix_dgram_socket create_socket_perms;
	66	allow pppd_t self:unix_stream_socket create_socket_perms;
	67	allow pppd_t self:netlink_route_socket r_netlink_socket_perms;
	68	allow pppd_t self:tcp_socket create_stream_socket_perms;
	69	allow pppd_t self:udp_socket { connect connected_socket_perms };
	70	allow pppd_t self:packet_socket create_socket_perms;
	71
	72	domain_auto_trans(pppd_t, pptp_exec_t, pptp_t)
4614e83f CP	73	allow pppd_t pptp_t:fd use;
	74	allow pptp_t pppd_t:fd use;
	75	allow pptp_t pppd_t:fifo_file rw_file_perms;
	76	allow pptp_t pppd_t:process sigchld;
e08118a5 CP	77
	78	allow pppd_t pppd_devpts_t:chr_file { rw_file_perms setattr };
	79
	80	allow pppd_t pppd_etc_t:dir rw_dir_perms;
	81	allow pppd_t pppd_etc_t:file r_file_perms;
	82	allow pppd_t pppd_etc_t:lnk_file { getattr read };
1c1ac67f	83	files_etc_filetrans(pppd_t,pppd_etc_t,file)
e08118a5 CP	84
	85	allow pppd_t pppd_etc_rw_t:file create_file_perms;
	86
	87	allow pppd_t pppd_lock_t:file create_file_perms;
1c1ac67f	88	files_lock_filetrans(pppd_t,pppd_lock_t,file)
e08118a5 CP	89
e08118a5 CP	90	allow pppd_t pppd_log_t:file create_file_perms;
1c1ac67f	91	logging_log_filetrans(pppd_t,pppd_log_t,file)
e08118a5 CP	92
	93	allow pppd_t pppd_tmp_t:dir create_dir_perms;
	94	allow pppd_t pppd_tmp_t:file create_file_perms;
103fe280	95	files_tmp_filetrans(pppd_t, pppd_tmp_t, { file dir })
e08118a5 CP	96
	97	allow pppd_t pppd_var_run_t:dir rw_dir_perms;
	98	allow pppd_t pppd_var_run_t:file create_file_perms;
1c1ac67f	99	files_pid_filetrans(pppd_t,pppd_var_run_t,file)
e08118a5 CP	100
	101	allow pppd_t pptp_t:process signal;
	102
	103	# for SSP
	104	# Access secret files
	105	allow pppd_t pppd_secret_t:file r_file_perms;
	106
	107	# Automatically label newly created files under /etc/ppp with this type
	108	type_transition pppd_t pppd_etc_t:file pppd_etc_rw_t;
	109
445522dc	110	kernel_read_kernel_sysctls(pppd_t)
725926c5	111	kernel_read_system_state(pppd_t)
445522dc	112	kernel_read_net_sysctls(pppd_t)
e08118a5 CP	113	kernel_read_network_state(pppd_t)
	114	kernel_load_module(pppd_t)
	115
	116	dev_read_urand(pppd_t)
	117	dev_search_sysfs(pppd_t)
	118	dev_read_sysfs(pppd_t)
	119
141cffdd	120	corenet_non_ipsec_sendrecv(pppd_t)
e08118a5 CP	121	corenet_tcp_sendrecv_all_if(pppd_t)
	122	corenet_raw_sendrecv_all_if(pppd_t)
	123	corenet_udp_sendrecv_all_if(pppd_t)
	124	corenet_tcp_sendrecv_all_nodes(pppd_t)
	125	corenet_raw_sendrecv_all_nodes(pppd_t)
	126	corenet_udp_sendrecv_all_nodes(pppd_t)
	127	corenet_tcp_sendrecv_all_ports(pppd_t)
	128	corenet_udp_sendrecv_all_ports(pppd_t)
e08118a5	129	# Access /dev/ppp.
5b6ddb98	130	corenet_rw_ppp_dev(pppd_t)
e08118a5 CP	131
	132	fs_getattr_all_fs(pppd_t)
	133	fs_search_auto_mountpoints(pppd_t)
	134
1815bad1	135	term_use_unallocated_ttys(pppd_t)
e08118a5	136	term_setattr_unallocated_ttys(pppd_t)
1815bad1	137	term_ioctl_generic_ptys(pppd_t)
e08118a5 CP	138	# for pppoe
	139	term_create_pty(pppd_t,pppd_devpts_t)
	140	term_dontaudit_use_console(pppd_t)
	141
	142	# allow running ip-up and ip-down scripts and running chat.
	143	corecmd_exec_bin(pppd_t)
	144	corecmd_exec_sbin(pppd_t)
	145	corecmd_exec_shell(pppd_t)
	146
15722ec9	147	domain_use_interactive_fds(pppd_t)
e08118a5 CP	148
	149	files_exec_etc_files(pppd_t)
	150	files_read_etc_runtime_files(pppd_t)
	151	# for scripts
	152	files_read_etc_files(pppd_t)
	153
68228b33 CP	154	init_read_utmp(pppd_t)
68228b33 CP	155	init_dontaudit_write_utmp(pppd_t)
1c1ac67f	156	init_use_fds(pppd_t)
1815bad1	157	init_use_script_ptys(pppd_t)
e08118a5 CP	158
	159	libs_use_ld_so(pppd_t)
	160	libs_use_shared_libs(pppd_t)
	161
	162	logging_send_syslog_msg(pppd_t)
	163
	164	miscfiles_read_localization(pppd_t)
	165
	166	sysnet_read_config(pppd_t)
	167	sysnet_exec_ifconfig(pppd_t)
	168	sysnet_manage_config(pppd_t)
	169
15722ec9	170	userdom_dontaudit_use_unpriv_user_fds(pppd_t)
103fe280	171	userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
e08118a5 CP	172	# for ~/.ppprc - if it actually exists then you need some policy to read it
e08118a5 CP	173	#allow pppd_t { sysadm_home_dir_t home_root_t user_home_dir_type }:dir search;
103fe280	174	userdom_search_sysadm_home_dirs(pppd_t)
15722ec9	175	userdom_search_unpriv_users_home_dirs(pppd_t)
e08118a5 CP	176
e08118a5 CP	177	ifdef(`targeted_policy', `
1815bad1 CP	178	term_dontaudit_use_unallocated_ttys(pppd_t)
1815bad1 CP	179	term_dontaudit_use_generic_ptys(pppd_t)
9e04f5c5	180	files_dontaudit_read_root_files(pppd_t)
04926d07	181
bb7170f6	182	optional_policy(`
04926d07	183	gen_require(`
4614e83f	184	bool postfix_disable_trans;
04926d07 CP	185	')
04926d07 CP	186
4614e83f	187	if(!postfix_disable_trans) {
04926d07 CP	188	postfix_domtrans_master(pppd_t)
	189	}
	190	')
	191	',`
bb7170f6	192	optional_policy(`
04926d07 CP	193	postfix_domtrans_master(pppd_t)
04926d07 CP	194	')
e08118a5 CP	195	')
e08118a5 CP	196
70b8a723 CP	197	optional_policy(`
	198	ddclient_domtrans(pppd_t)
	199	')
	200
bb7170f6	201	optional_policy(`
8967bf8b CP	202	tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
8967bf8b CP	203	modutils_domtrans_insmod_uncond(pppd_t)
e08118a5 CP	204	')
	205	')
	206
bb7170f6	207	optional_policy(`
88dd3896 CP	208	mta_send_mail(pppd_t)
	209	')
	210
bb7170f6	211	optional_policy(`
e08118a5 CP	212	nis_use_ypbind(pppd_t)
	213	')
	214
bb7170f6	215	optional_policy(`
1815bad1	216	nscd_socket_use(pppd_t)
e08118a5 CP	217	')
e08118a5 CP	218
bb7170f6	219	optional_policy(`
e08118a5 CP	220	seutil_sigchld_newrole(pppd_t)
	221	')
	222
bb7170f6	223	optional_policy(`
e08118a5 CP	224	udev_read_db(pppd_t)
	225	')
	226
	227	########################################
	228	#
	229	# PPTP Local policy
	230	#
	231
	232	dontaudit pptp_t self:capability sys_tty_config;
	233	allow pptp_t self:capability net_raw;
	234	allow pptp_t self:fifo_file { read write };
	235	allow pptp_t self:unix_dgram_socket create_socket_perms;
	236	allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
	237	allow pptp_t self:rawip_socket create_socket_perms;
	238	allow pptp_t self:tcp_socket create_socket_perms;
	239
	240	allow pptp_t pppd_etc_t:dir { getattr read search };
	241	allow pptp_t pppd_etc_t:file { read getattr };
	242	allow pptp_t pppd_etc_t:lnk_file { getattr read };
	243
	244	allow pptp_t pppd_etc_rw_t:dir { getattr read search };
	245	allow pptp_t pppd_etc_rw_t:file { read getattr };
	246	allow pptp_t pppd_etc_rw_t:lnk_file { getattr read };
	247	can_exec(pptp_t, pppd_etc_rw_t)
	248
	249	# Allow pptp to append to pppd log files
	250	allow pptp_t pppd_log_t:file append;
	251
	252	allow pptp_t pptp_log_t:file create_file_perms;
1c1ac67f	253	logging_log_filetrans(pptp_t,pptp_log_t,file)
e08118a5 CP	254
	255	allow pptp_t pptp_var_run_t:file create_file_perms;
	256	allow pptp_t pptp_var_run_t:dir rw_dir_perms;
	257	allow pptp_t pptp_var_run_t:sock_file create_file_perms;
1c1ac67f	258	files_pid_filetrans(pptp_t,pptp_var_run_t,file)
e08118a5 CP	259
e08118a5 CP	260	kernel_list_proc(pptp_t)
445522dc	261	kernel_read_kernel_sysctls(pptp_t)
e08118a5 CP	262	kernel_read_proc_symlinks(pptp_t)
	263
	264	dev_read_sysfs(pptp_t)
	265
141cffdd	266	corenet_non_ipsec_sendrecv(pptp_t)
e08118a5 CP	267	corenet_tcp_sendrecv_all_if(pptp_t)
	268	corenet_raw_sendrecv_all_if(pptp_t)
	269	corenet_tcp_sendrecv_all_nodes(pptp_t)
	270	corenet_raw_sendrecv_all_nodes(pptp_t)
	271	corenet_tcp_sendrecv_all_ports(pptp_t)
	272	corenet_tcp_bind_all_nodes(pptp_t)
	273	corenet_tcp_connect_generic_port(pptp_t)
	274	corenet_tcp_connect_all_reserved_ports(pptp_t)
141cffdd	275	corenet_sendrecv_generic_client_packets(pptp_t)
e08118a5 CP	276
	277	fs_getattr_all_fs(pptp_t)
	278	fs_search_auto_mountpoints(pptp_t)
	279
	280	term_dontaudit_use_console(pptp_t)
1815bad1	281	term_ioctl_generic_ptys(pptp_t)
e08118a5 CP	282	term_search_ptys(pptp_t)
	283	term_use_ptmx(pptp_t)
	284
15722ec9	285	domain_use_interactive_fds(pptp_t)
e08118a5	286
1c1ac67f	287	init_use_fds(pptp_t)
1815bad1	288	init_use_script_ptys(pptp_t)
e08118a5 CP	289
	290	libs_use_ld_so(pptp_t)
	291	libs_use_shared_libs(pptp_t)
	292
	293	logging_send_syslog_msg(pptp_t)
	294
	295	miscfiles_read_localization(pptp_t)
	296
	297	sysnet_read_config(pptp_t)
	298
15722ec9	299	userdom_dontaudit_use_unpriv_user_fds(pptp_t)
103fe280	300	userdom_dontaudit_search_sysadm_home_dirs(pptp_t)
e08118a5 CP	301
e08118a5 CP	302	ifdef(`targeted_policy',`
1815bad1 CP	303	term_dontaudit_use_unallocated_ttys(pptp_t)
1815bad1 CP	304	term_dontaudit_use_generic_ptys(pptp_t)
9e04f5c5	305	files_dontaudit_read_root_files(pptp_t)
e08118a5 CP	306	')
e08118a5 CP	307
bb7170f6	308	optional_policy(`
e08118a5 CP	309	hostname_exec(pptp_t)
	310	')
	311
bb7170f6	312	optional_policy(`
1815bad1	313	nscd_socket_use(pptp_t)
e08118a5 CP	314	')
e08118a5 CP	315
bb7170f6	316	optional_policy(`
e08118a5 CP	317	seutil_sigchld_newrole(pptp_t)
	318	')
	319
bb7170f6	320	optional_policy(`
e08118a5 CP	321	udev_read_db(pptp_t)
	322	')
	323
bb7170f6	324	optional_policy(`
bf080a46	325	postfix_read_config(pppd_t)
e08118a5	326	')
725926c5	327
445522dc	328	# FIXME:
725926c5 CP	329	domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
	330	allow pppd_t initrc_t:fd use;
	331	allow initrc_t pppd_t:fd use;
	332	allow initrc_t pppd_t:fifo_file rw_file_perms;
	333	allow initrc_t pppd_t:process sigchld;