[people/stevee/selinux-policy.git] / policy / modules / services / ulogd.te

policy_module(ulogd, 1.2.0)

########################################
#
# Declarations
#

type ulogd_t;
type ulogd_exec_t;
init_daemon_domain(ulogd_t, ulogd_exec_t)

# config files
type ulogd_etc_t;
files_config_file(ulogd_etc_t)

type ulogd_initrc_exec_t;
init_script_file(ulogd_initrc_exec_t)

# /usr/lib files
type ulogd_modules_t;
files_type(ulogd_modules_t)

# log files
type ulogd_var_log_t;
logging_log_file(ulogd_var_log_t)

########################################
#
# ulogd local policy
#

allow ulogd_t self:capability { net_admin sys_nice };
allow ulogd_t self:process { setsched };
allow ulogd_t self:netlink_nflog_socket create_socket_perms;
allow ulogd_t self:netlink_route_socket r_netlink_socket_perms;
allow ulogd_t self:netlink_socket create_socket_perms;
allow ulogd_t self:tcp_socket { create_stream_socket_perms connect };
allow ulogd_t self:udp_socket create_socket_perms;

# config files
read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)

# modules for ulogd
list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)

# log files
manage_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
logging_log_filetrans(ulogd_t, ulogd_var_log_t, file)

files_read_etc_files(ulogd_t)
files_read_usr_files(ulogd_t)

miscfiles_read_localization(ulogd_t)

optional_policy(`
	allow ulogd_t self:tcp_socket create_stream_socket_perms;

	mysql_stream_connect(ulogd_t)
	mysql_tcp_connect(ulogd_t)

	sysnet_dns_name_resolve(ulogd_t)
')

optional_policy(`
	allow ulogd_t self:tcp_socket create_stream_socket_perms;

	postgresql_stream_connect(ulogd_t)
	postgresql_tcp_connect(ulogd_t)

	sysnet_dns_name_resolve(ulogd_t)
')
Commit	Line	Data
826d0142	1	policy_module(ulogd, 1.2.0)
a5ef553c CP	2
	3	########################################
	4	#
	5	# Declarations
	6	#
	7
	8	type ulogd_t;
	9	type ulogd_exec_t;
	10	init_daemon_domain(ulogd_t, ulogd_exec_t)
	11
	12	# config files
	13	type ulogd_etc_t;
5e4542af	14	files_config_file(ulogd_etc_t)
a5ef553c CP	15
	16	type ulogd_initrc_exec_t;
	17	init_script_file(ulogd_initrc_exec_t)
	18
	19	# /usr/lib files
	20	type ulogd_modules_t;
	21	files_type(ulogd_modules_t)
	22
	23	# log files
	24	type ulogd_var_log_t;
	25	logging_log_file(ulogd_var_log_t)
	26
	27	########################################
	28	#
	29	# ulogd local policy
	30	#
	31
e304e012 DW	32	allow ulogd_t self:capability { net_admin sys_nice };
e304e012 DW	33	allow ulogd_t self:process { setsched };
a5ef553c	34	allow ulogd_t self:netlink_nflog_socket create_socket_perms;
3eaa9939	35	allow ulogd_t self:netlink_route_socket r_netlink_socket_perms;
e304e012	36	allow ulogd_t self:netlink_socket create_socket_perms;
3eaa9939 DW	37	allow ulogd_t self:tcp_socket { create_stream_socket_perms connect };
3eaa9939 DW	38	allow ulogd_t self:udp_socket create_socket_perms;
a5ef553c CP	39
	40	# config files
	41	read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
	42
	43	# modules for ulogd
	44	list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
	45	mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
	46
	47	# log files
	48	manage_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
	49	logging_log_filetrans(ulogd_t, ulogd_var_log_t, file)
	50
3eaa9939 DW	51	files_read_etc_files(ulogd_t)
3eaa9939 DW	52	files_read_usr_files(ulogd_t)
a5ef553c CP	53
a5ef553c CP	54	miscfiles_read_localization(ulogd_t)
3eaa9939	55
3eaa9939	56	optional_policy(`
b9a56244 CP	57	allow ulogd_t self:tcp_socket create_stream_socket_perms;
b9a56244 CP	58
1e2abee1	59	mysql_stream_connect(ulogd_t)
fae94732	60	mysql_tcp_connect(ulogd_t)
b9a56244 CP	61
b9a56244 CP	62	sysnet_dns_name_resolve(ulogd_t)
3eaa9939 DW	63	')
	64
	65	optional_policy(`
b9a56244 CP	66	allow ulogd_t self:tcp_socket create_stream_socket_perms;
b9a56244 CP	67
1e2abee1	68	postgresql_stream_connect(ulogd_t)
3eaa9939	69	postgresql_tcp_connect(ulogd_t)
b9a56244 CP	70
b9a56244 CP	71	sysnet_dns_name_resolve(ulogd_t)
3eaa9939	72	')