]>
Commit | Line | Data |
---|---|---|
ce3145e3 CP |
1 | ## <summary>TOR, the onion router</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Execute a domain transition to run TOR. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
8 | ## <summary> | |
9 | ## Domain allowed to transition. | |
10 | ## </summary> | |
11 | ## </param> | |
12 | # | |
13 | interface(`tor_domtrans',` | |
884e3bed | 14 | gen_require(` |
ce3145e3 CP |
15 | type tor_t, tor_exec_t; |
16 | ') | |
17 | ||
0bfccda4 | 18 | domtrans_pattern($1, tor_exec_t, tor_t) |
ce3145e3 | 19 | ') |
7a5e2d8a CP |
20 | |
21 | ######################################## | |
22 | ## <summary> | |
23 | ## All of the rules required to administrate | |
24 | ## an tor environment | |
25 | ## </summary> | |
26 | ## <param name="domain"> | |
27 | ## <summary> | |
28 | ## Domain allowed access. | |
29 | ## </summary> | |
30 | ## </param> | |
e87221ce CP |
31 | ## <param name="role"> |
32 | ## <summary> | |
33 | ## The role to be allowed to manage the tor domain. | |
34 | ## </summary> | |
35 | ## </param> | |
7a5e2d8a CP |
36 | ## <rolecap/> |
37 | # | |
38 | interface(`tor_admin',` | |
39 | gen_require(` | |
8f3a0a95 | 40 | type tor_t, tor_var_log_t, tor_etc_t; |
7a5e2d8a | 41 | type tor_var_lib_t, tor_var_run_t; |
e87221ce | 42 | type tor_initrc_exec_t; |
7a5e2d8a CP |
43 | ') |
44 | ||
819518c2 | 45 | allow $1 tor_t:process { ptrace signal_perms }; |
7a5e2d8a | 46 | ps_process_pattern($1, tor_t) |
e87221ce CP |
47 | |
48 | init_labeled_script_domtrans($1, tor_initrc_exec_t) | |
49 | domain_system_change_exemption($1) | |
50 | role_transition $2 tor_initrc_exec_t system_r; | |
51 | allow $2 system_r; | |
7a5e2d8a CP |
52 | |
53 | files_list_etc($1) | |
e87221ce | 54 | admin_pattern($1, tor_etc_t) |
7a5e2d8a CP |
55 | |
56 | files_list_var_lib($1) | |
e87221ce CP |
57 | admin_pattern($1, tor_var_lib_t) |
58 | ||
59 | logging_list_logs($1) | |
60 | admin_pattern($1, tor_var_log_t) | |
7a5e2d8a CP |
61 | |
62 | files_list_pids($1) | |
e87221ce | 63 | admin_pattern($1, tor_var_run_t) |
7a5e2d8a | 64 | ') |