[people/stevee/selinux-policy.git] / policy / modules / services / rhsmcertd.te

policy_module(rhsmcertd, 1.0.0)

########################################
#
# Declarations
#

type rhsmcertd_t;
type rhsmcertd_exec_t;
init_daemon_domain(rhsmcertd_t, rhsmcertd_exec_t)

type rhsmcertd_initrc_exec_t;
init_script_file(rhsmcertd_initrc_exec_t)

type rhsmcertd_log_t;
logging_log_file(rhsmcertd_log_t)

type rhsmcertd_lock_t;
files_lock_file(rhsmcertd_lock_t)

type rhsmcertd_var_lib_t;
files_type(rhsmcertd_var_lib_t)

type rhsmcertd_var_run_t;
files_pid_file(rhsmcertd_var_run_t)

########################################
#
# rhsmcertd local policy
#

allow rhsmcertd_t self:fifo_file rw_fifo_file_perms;
allow rhsmcertd_t self:unix_stream_socket create_stream_socket_perms;

manage_dirs_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t)
manage_files_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t)

manage_files_pattern(rhsmcertd_t, rhsmcertd_lock_t, rhsmcertd_lock_t)
files_lock_filetrans(rhsmcertd_t, rhsmcertd_lock_t, file)

manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
manage_files_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)

manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t)
manage_files_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t)

kernel_read_system_state(rhsmcertd_t)

corecmd_exec_bin(rhsmcertd_t)

dev_read_urand(rhsmcertd_t)

files_read_etc_files(rhsmcertd_t)
files_read_usr_files(rhsmcertd_t)

miscfiles_read_localization(rhsmcertd_t)
miscfiles_read_certs(rhsmcertd_t)

optional_policy(`
	sysnet_dns_name_resolve(rhsmcertd_t)
')
Commit	Line	Data
525f1b2b MG	1	policy_module(rhsmcertd, 1.0.0)
	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type rhsmcertd_t;
	9	type rhsmcertd_exec_t;
	10	init_daemon_domain(rhsmcertd_t, rhsmcertd_exec_t)
	11
525f1b2b MG	12	type rhsmcertd_initrc_exec_t;
	13	init_script_file(rhsmcertd_initrc_exec_t)
	14
	15	type rhsmcertd_log_t;
	16	logging_log_file(rhsmcertd_log_t)
	17
	18	type rhsmcertd_lock_t;
	19	files_lock_file(rhsmcertd_lock_t)
	20
	21	type rhsmcertd_var_lib_t;
	22	files_type(rhsmcertd_var_lib_t)
	23
	24	type rhsmcertd_var_run_t;
	25	files_pid_file(rhsmcertd_var_run_t)
	26
	27	########################################
	28	#
	29	# rhsmcertd local policy
	30	#
	31
	32	allow rhsmcertd_t self:fifo_file rw_fifo_file_perms;
	33	allow rhsmcertd_t self:unix_stream_socket create_stream_socket_perms;
	34
	35	manage_dirs_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t)
	36	manage_files_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t)
	37
	38	manage_files_pattern(rhsmcertd_t, rhsmcertd_lock_t, rhsmcertd_lock_t)
	39	files_lock_filetrans(rhsmcertd_t, rhsmcertd_lock_t, file)
	40
	41	manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
	42	manage_files_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
	43
	44	manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t)
	45	manage_files_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t)
	46
	47	kernel_read_system_state(rhsmcertd_t)
	48
	49	corecmd_exec_bin(rhsmcertd_t)
	50
	51	dev_read_urand(rhsmcertd_t)
	52
	53	files_read_etc_files(rhsmcertd_t)
	54	files_read_usr_files(rhsmcertd_t)
	55
	56	miscfiles_read_localization(rhsmcertd_t)
	57	miscfiles_read_certs(rhsmcertd_t)
209d61b7 MG	58
	59	optional_policy(`
	60	sysnet_dns_name_resolve(rhsmcertd_t)
	61	')