[people/stevee/selinux-policy.git] / policy / modules / services / transproxy.te


policy_module(transproxy, 1.5.0)

########################################
#
# Declarations
#

type transproxy_t;
type transproxy_exec_t;
init_daemon_domain(transproxy_t,transproxy_exec_t)

type transproxy_var_run_t;
files_pid_file(transproxy_var_run_t)

########################################
#
# Local policy
#

allow transproxy_t self:capability { setgid setuid };
dontaudit transproxy_t self:capability sys_tty_config;
allow transproxy_t self:process signal_perms;
allow transproxy_t self:tcp_socket create_stream_socket_perms;

manage_files_pattern(transproxy_t,transproxy_var_run_t,transproxy_var_run_t)
files_pid_filetrans(transproxy_t,transproxy_var_run_t,file)

kernel_read_kernel_sysctls(transproxy_t)
kernel_list_proc(transproxy_t)
kernel_read_proc_symlinks(transproxy_t)

corenet_all_recvfrom_unlabeled(transproxy_t)
corenet_all_recvfrom_netlabel(transproxy_t)
corenet_tcp_sendrecv_generic_if(transproxy_t)
corenet_tcp_sendrecv_all_nodes(transproxy_t)
corenet_tcp_sendrecv_all_ports(transproxy_t)
corenet_tcp_bind_all_nodes(transproxy_t)
corenet_tcp_bind_transproxy_port(transproxy_t)
corenet_sendrecv_transproxy_server_packets(transproxy_t)

dev_read_sysfs(transproxy_t)

domain_use_interactive_fds(transproxy_t)

files_read_etc_files(transproxy_t)

fs_getattr_all_fs(transproxy_t)
fs_search_auto_mountpoints(transproxy_t)

libs_use_ld_so(transproxy_t)
libs_use_shared_libs(transproxy_t)

logging_send_syslog_msg(transproxy_t)

miscfiles_read_localization(transproxy_t)

sysnet_read_config(transproxy_t)

userdom_dontaudit_use_unpriv_user_fds(transproxy_t)

sysadm_dontaudit_search_home_dirs(transproxy_t)

optional_policy(`
	seutil_sigchld_newrole(transproxy_t)
')

optional_policy(`
	udev_read_db(transproxy_t)
')
Commit	Line	Data
fa895160	1
cfcf5004	2	policy_module(transproxy, 1.5.0)
fa895160 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	type transproxy_t;
	10	type transproxy_exec_t;
	11	init_daemon_domain(transproxy_t,transproxy_exec_t)
	12
	13	type transproxy_var_run_t;
	14	files_pid_file(transproxy_var_run_t)
	15
	16	########################################
	17	#
	18	# Local policy
	19	#
	20
	21	allow transproxy_t self:capability { setgid setuid };
	22	dontaudit transproxy_t self:capability sys_tty_config;
	23	allow transproxy_t self:process signal_perms;
	24	allow transproxy_t self:tcp_socket create_stream_socket_perms;
	25
c0868a7a	26	manage_files_pattern(transproxy_t,transproxy_var_run_t,transproxy_var_run_t)
fa895160 CP	27	files_pid_filetrans(transproxy_t,transproxy_var_run_t,file)
	28
	29	kernel_read_kernel_sysctls(transproxy_t)
	30	kernel_list_proc(transproxy_t)
	31	kernel_read_proc_symlinks(transproxy_t)
	32
19006686 CP	33	corenet_all_recvfrom_unlabeled(transproxy_t)
19006686 CP	34	corenet_all_recvfrom_netlabel(transproxy_t)
fa895160	35	corenet_tcp_sendrecv_generic_if(transproxy_t)
fa895160	36	corenet_tcp_sendrecv_all_nodes(transproxy_t)
fa895160 CP	37	corenet_tcp_sendrecv_all_ports(transproxy_t)
	38	corenet_tcp_bind_all_nodes(transproxy_t)
	39	corenet_tcp_bind_transproxy_port(transproxy_t)
141cffdd	40	corenet_sendrecv_transproxy_server_packets(transproxy_t)
fa895160 CP	41
	42	dev_read_sysfs(transproxy_t)
	43
	44	domain_use_interactive_fds(transproxy_t)
	45
	46	files_read_etc_files(transproxy_t)
	47
	48	fs_getattr_all_fs(transproxy_t)
	49	fs_search_auto_mountpoints(transproxy_t)
	50
fa895160 CP	51	libs_use_ld_so(transproxy_t)
	52	libs_use_shared_libs(transproxy_t)
	53
	54	logging_send_syslog_msg(transproxy_t)
	55
	56	miscfiles_read_localization(transproxy_t)
	57
	58	sysnet_read_config(transproxy_t)
	59
	60	userdom_dontaudit_use_unpriv_user_fds(transproxy_t)
e9c6cda7 CP	61
e9c6cda7 CP	62	sysadm_dontaudit_search_home_dirs(transproxy_t)
fa895160	63
fa895160 CP	64	optional_policy(`
	65	seutil_sigchld_newrole(transproxy_t)
	66	')
	67
	68	optional_policy(`
	69	udev_read_db(transproxy_t)
	70	')