]>
Commit | Line | Data |
---|---|---|
3865d6b9 CP |
1 | ## <summary>Policy for getty.</summary> |
2 | ||
3 | ######################################## | |
f7ebea06 CP |
4 | ## <summary> |
5 | ## Execute gettys in the getty domain. | |
6 | ## </summary> | |
7 | ## <param name="domain"> | |
885b83ec | 8 | ## <summary> |
a0546c9d | 9 | ## Domain allowed to transition. |
885b83ec | 10 | ## </summary> |
f7ebea06 | 11 | ## </param> |
01543562 | 12 | # |
199895e2 | 13 | interface(`getty_domtrans',` |
139520a2 CP |
14 | gen_require(` |
15 | type getty_t, getty_exec_t; | |
139520a2 | 16 | ') |
0c73cd25 | 17 | |
8021cb4f | 18 | corecmd_search_bin($1) |
3f67f722 | 19 | domtrans_pattern($1, getty_exec_t, getty_t) |
01543562 CP |
20 | ') |
21 | ||
488ec7bd CP |
22 | ######################################## |
23 | ## <summary> | |
24 | ## Inherit and use getty file descriptors. | |
25 | ## </summary> | |
26 | ## <param name="domain"> | |
885b83ec | 27 | ## <summary> |
488ec7bd | 28 | ## Domain allowed access. |
885b83ec | 29 | ## </summary> |
488ec7bd CP |
30 | ## </param> |
31 | # | |
1c1ac67f | 32 | interface(`getty_use_fds',` |
488ec7bd CP |
33 | gen_require(` |
34 | type getty_t; | |
35 | ') | |
36 | ||
37 | allow $1 getty_t:fd use; | |
38 | ') | |
39 | ||
3865d6b9 | 40 | ######################################## |
f7ebea06 CP |
41 | ## <summary> |
42 | ## Allow process to read getty log file. | |
43 | ## </summary> | |
44 | ## <param name="domain"> | |
885b83ec | 45 | ## <summary> |
488ec7bd | 46 | ## Domain allowed access. |
885b83ec | 47 | ## </summary> |
f7ebea06 | 48 | ## </param> |
bbcd3c97 | 49 | ## <rolecap/> |
01543562 | 50 | # |
199895e2 | 51 | interface(`getty_read_log',` |
139520a2 CP |
52 | gen_require(` |
53 | type getty_log_t; | |
139520a2 | 54 | ') |
0c73cd25 | 55 | |
139520a2 | 56 | logging_search_logs($1) |
82d2775c | 57 | allow $1 getty_log_t:file read_file_perms; |
01543562 CP |
58 | ') |
59 | ||
3865d6b9 | 60 | ######################################## |
f7ebea06 CP |
61 | ## <summary> |
62 | ## Allow process to read getty config file. | |
63 | ## </summary> | |
64 | ## <param name="domain"> | |
885b83ec | 65 | ## <summary> |
488ec7bd | 66 | ## Domain allowed access. |
885b83ec | 67 | ## </summary> |
f7ebea06 | 68 | ## </param> |
bbcd3c97 | 69 | ## <rolecap/> |
01543562 | 70 | # |
199895e2 | 71 | interface(`getty_read_config',` |
139520a2 CP |
72 | gen_require(` |
73 | type getty_etc_t; | |
139520a2 | 74 | ') |
0c73cd25 | 75 | |
139520a2 | 76 | files_search_etc($1) |
82d2775c | 77 | allow $1 getty_etc_t:file read_file_perms; |
01543562 CP |
78 | ') |
79 | ||
3865d6b9 | 80 | ######################################## |
f7ebea06 CP |
81 | ## <summary> |
82 | ## Allow process to edit getty config file. | |
83 | ## </summary> | |
84 | ## <param name="domain"> | |
885b83ec | 85 | ## <summary> |
488ec7bd | 86 | ## Domain allowed access. |
885b83ec | 87 | ## </summary> |
f7ebea06 | 88 | ## </param> |
bbcd3c97 | 89 | ## <rolecap/> |
01543562 | 90 | # |
1815bad1 | 91 | interface(`getty_rw_config',` |
139520a2 CP |
92 | gen_require(` |
93 | type getty_etc_t; | |
139520a2 | 94 | ') |
0c73cd25 | 95 | |
139520a2 CP |
96 | files_search_etc($1) |
97 | allow $1 getty_etc_t:file rw_file_perms; | |
01543562 | 98 | ') |