projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 3865d6b9 CP |
1 | ## <summary>Policy for getty.</summary> |
| 2 | ||
| 3 | ######################################## | |
| f7ebea06 CP |
4 | ## <summary> |
| 5 | ## Execute gettys in the getty domain. | |
| 6 | ## </summary> | |
| 7 | ## <param name="domain"> | |
| 885b83ec | 8 | ## <summary> |
| a0546c9d | 9 | ## Domain allowed to transition. |
| 885b83ec | 10 | ## </summary> |
| f7ebea06 | 11 | ## </param> |
| 01543562 | 12 | # |
| 199895e2 | 13 | interface(`getty_domtrans',` |
| 139520a2 CP |
14 | gen_require(` |
| 15 | type getty_t, getty_exec_t; | |
| 139520a2 | 16 | ') |
| 0c73cd25 | 17 | |
| 8021cb4f | 18 | corecmd_search_bin($1) |
| 3f67f722 | 19 | domtrans_pattern($1, getty_exec_t, getty_t) |
| 01543562 CP |
20 | ') |
| 21 | ||
| 488ec7bd CP |
22 | ######################################## |
| 23 | ## <summary> | |
| 24 | ## Inherit and use getty file descriptors. | |
| 25 | ## </summary> | |
| 26 | ## <param name="domain"> | |
| 885b83ec | 27 | ## <summary> |
| 488ec7bd | 28 | ## Domain allowed access. |
| 885b83ec | 29 | ## </summary> |
| 488ec7bd CP |
30 | ## </param> |
| 31 | # | |
| 1c1ac67f | 32 | interface(`getty_use_fds',` |
| 488ec7bd CP |
33 | gen_require(` |
| 34 | type getty_t; | |
| 35 | ') | |
| 36 | ||
| 37 | allow $1 getty_t:fd use; | |
| 38 | ') | |
| 39 | ||
| 3865d6b9 | 40 | ######################################## |
| f7ebea06 CP |
41 | ## <summary> |
| 42 | ## Allow process to read getty log file. | |
| 43 | ## </summary> | |
| 44 | ## <param name="domain"> | |
| 885b83ec | 45 | ## <summary> |
| 488ec7bd | 46 | ## Domain allowed access. |
| 885b83ec | 47 | ## </summary> |
| f7ebea06 | 48 | ## </param> |
| bbcd3c97 | 49 | ## <rolecap/> |
| 01543562 | 50 | # |
| 199895e2 | 51 | interface(`getty_read_log',` |
| 139520a2 CP |
52 | gen_require(` |
| 53 | type getty_log_t; | |
| 139520a2 | 54 | ') |
| 0c73cd25 | 55 | |
| 139520a2 | 56 | logging_search_logs($1) |
| 82d2775c | 57 | allow $1 getty_log_t:file read_file_perms; |
| 01543562 CP |
58 | ') |
| 59 | ||
| 3865d6b9 | 60 | ######################################## |
| f7ebea06 CP |
61 | ## <summary> |
| 62 | ## Allow process to read getty config file. | |
| 63 | ## </summary> | |
| 64 | ## <param name="domain"> | |
| 885b83ec | 65 | ## <summary> |
| 488ec7bd | 66 | ## Domain allowed access. |
| 885b83ec | 67 | ## </summary> |
| f7ebea06 | 68 | ## </param> |
| bbcd3c97 | 69 | ## <rolecap/> |
| 01543562 | 70 | # |
| 199895e2 | 71 | interface(`getty_read_config',` |
| 139520a2 CP |
72 | gen_require(` |
| 73 | type getty_etc_t; | |
| 139520a2 | 74 | ') |
| 0c73cd25 | 75 | |
| 139520a2 | 76 | files_search_etc($1) |
| 82d2775c | 77 | allow $1 getty_etc_t:file read_file_perms; |
| 01543562 CP |
78 | ') |
| 79 | ||
| 3865d6b9 | 80 | ######################################## |
| f7ebea06 CP |
81 | ## <summary> |
| 82 | ## Allow process to edit getty config file. | |
| 83 | ## </summary> | |
| 84 | ## <param name="domain"> | |
| 885b83ec | 85 | ## <summary> |
| 488ec7bd | 86 | ## Domain allowed access. |
| 885b83ec | 87 | ## </summary> |
| f7ebea06 | 88 | ## </param> |
| bbcd3c97 | 89 | ## <rolecap/> |
| 01543562 | 90 | # |
| 1815bad1 | 91 | interface(`getty_rw_config',` |
| 139520a2 CP |
92 | gen_require(` |
| 93 | type getty_etc_t; | |
| 139520a2 | 94 | ') |
| 0c73cd25 | 95 | |
| 139520a2 CP |
96 | files_search_etc($1) |
| 97 | allow $1 getty_etc_t:file rw_file_perms; | |
| 01543562 | 98 | ') |