]>
Commit | Line | Data |
---|---|---|
525f1b2b MG |
1 | policy_module(rhsmcertd, 1.0.0) |
2 | ||
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
7 | ||
8 | type rhsmcertd_t; | |
9 | type rhsmcertd_exec_t; | |
10 | init_daemon_domain(rhsmcertd_t, rhsmcertd_exec_t) | |
11 | ||
525f1b2b MG |
12 | type rhsmcertd_initrc_exec_t; |
13 | init_script_file(rhsmcertd_initrc_exec_t) | |
14 | ||
15 | type rhsmcertd_log_t; | |
16 | logging_log_file(rhsmcertd_log_t) | |
17 | ||
18 | type rhsmcertd_lock_t; | |
19 | files_lock_file(rhsmcertd_lock_t) | |
20 | ||
21 | type rhsmcertd_var_lib_t; | |
22 | files_type(rhsmcertd_var_lib_t) | |
23 | ||
24 | type rhsmcertd_var_run_t; | |
25 | files_pid_file(rhsmcertd_var_run_t) | |
26 | ||
27 | ######################################## | |
28 | # | |
29 | # rhsmcertd local policy | |
30 | # | |
31 | ||
32 | allow rhsmcertd_t self:fifo_file rw_fifo_file_perms; | |
33 | allow rhsmcertd_t self:unix_stream_socket create_stream_socket_perms; | |
34 | ||
35 | manage_dirs_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t) | |
36 | manage_files_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t) | |
37 | ||
38 | manage_files_pattern(rhsmcertd_t, rhsmcertd_lock_t, rhsmcertd_lock_t) | |
39 | files_lock_filetrans(rhsmcertd_t, rhsmcertd_lock_t, file) | |
40 | ||
41 | manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t) | |
42 | manage_files_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t) | |
43 | ||
44 | manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t) | |
45 | manage_files_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t) | |
46 | ||
47 | kernel_read_system_state(rhsmcertd_t) | |
48 | ||
49 | corecmd_exec_bin(rhsmcertd_t) | |
50 | ||
51 | dev_read_urand(rhsmcertd_t) | |
52 | ||
53 | files_read_etc_files(rhsmcertd_t) | |
54 | files_read_usr_files(rhsmcertd_t) | |
55 | ||
56 | miscfiles_read_localization(rhsmcertd_t) | |
57 | miscfiles_read_certs(rhsmcertd_t) | |
209d61b7 MG |
58 | |
59 | optional_policy(` | |
60 | sysnet_dns_name_resolve(rhsmcertd_t) | |
61 | ') |