]>
Commit | Line | Data |
---|---|---|
4bf4ed9e | 1 | ## <summary> |
414e4151 CP |
2 | ## Policy for hotplug system, for supporting the |
3 | ## connection and disconnection of devices at runtime. | |
4bf4ed9e | 4 | ## </summary> |
6b93833b | 5 | |
ac9db9b5 CP |
6 | ######################################## |
7 | ## <summary> | |
8 | ## Execute hotplug with a domain transition. | |
9 | ## </summary> | |
10 | ## <param name="domain"> | |
11 | ## <summary> | |
a0546c9d | 12 | ## Domain allowed to transition. |
ac9db9b5 CP |
13 | ## </summary> |
14 | ## </param> | |
6b93833b | 15 | # |
199895e2 | 16 | interface(`hotplug_domtrans',` |
139520a2 CP |
17 | gen_require(` |
18 | type hotplug_t, hotplug_exec_t; | |
139520a2 | 19 | ') |
0c73cd25 | 20 | |
8021cb4f | 21 | corecmd_search_bin($1) |
3f67f722 | 22 | domtrans_pattern($1, hotplug_exec_t, hotplug_t) |
6b93833b CP |
23 | ') |
24 | ||
ac9db9b5 CP |
25 | ######################################## |
26 | ## <summary> | |
27 | ## Execute hotplug in the caller domain. | |
28 | ## </summary> | |
29 | ## <param name="domain"> | |
30 | ## <summary> | |
31 | ## Domain allowed access. | |
32 | ## </summary> | |
33 | ## </param> | |
6b93833b | 34 | # |
199895e2 | 35 | interface(`hotplug_exec',` |
139520a2 | 36 | gen_require(` |
5c339835 | 37 | type hotplug_exec_t; |
139520a2 | 38 | ') |
0c73cd25 | 39 | |
8021cb4f | 40 | corecmd_search_bin($1) |
3f67f722 | 41 | can_exec($1, hotplug_exec_t) |
6b93833b CP |
42 | ') |
43 | ||
ac9db9b5 CP |
44 | ######################################## |
45 | ## <summary> | |
46 | ## Inherit and use hotplug file descriptors. | |
47 | ## </summary> | |
48 | ## <param name="domain"> | |
49 | ## <summary> | |
50 | ## Domain allowed access. | |
51 | ## </summary> | |
52 | ## </param> | |
6b93833b | 53 | # |
1c1ac67f | 54 | interface(`hotplug_use_fds',` |
139520a2 CP |
55 | gen_require(` |
56 | type hotplug_t; | |
139520a2 | 57 | ') |
0c73cd25 CP |
58 | |
59 | allow $1 hotplug_t:fd use; | |
6b93833b CP |
60 | ') |
61 | ||
ac9db9b5 CP |
62 | ######################################## |
63 | ## <summary> | |
64 | ## Do not audit attempts to inherit | |
65 | ## hotplug file descriptors. | |
66 | ## </summary> | |
67 | ## <param name="domain"> | |
68 | ## <summary> | |
69 | ## Domain to not audit. | |
70 | ## </summary> | |
71 | ## </param> | |
13e94c09 | 72 | # |
1c1ac67f | 73 | interface(`hotplug_dontaudit_use_fds',` |
139520a2 CP |
74 | gen_require(` |
75 | type hotplug_t; | |
139520a2 | 76 | ') |
0c73cd25 CP |
77 | |
78 | dontaudit $1 hotplug_t:fd use; | |
13e94c09 CP |
79 | ') |
80 | ||
1e5c2a41 | 81 | ######################################## |
ac9db9b5 CP |
82 | ## <summary> |
83 | ## Do not audit attempts to search the | |
84 | ## hotplug configuration directories. | |
85 | ## </summary> | |
86 | ## <param name="domain"> | |
87 | ## <summary> | |
88 | ## Domain to not audit. | |
89 | ## </summary> | |
90 | ## </param> | |
1e5c2a41 | 91 | # |
199895e2 | 92 | interface(`hotplug_dontaudit_search_config',` |
139520a2 CP |
93 | gen_require(` |
94 | type hotplug_etc_t; | |
139520a2 | 95 | ') |
0c73cd25 CP |
96 | |
97 | dontaudit $1 hotplug_etc_t:dir search; | |
1e5c2a41 CP |
98 | ') |
99 | ||
1e5c2a41 | 100 | ######################################## |
ae9e2716 CP |
101 | ## <summary> |
102 | ## Get the attributes of the hotplug configuration directory. | |
103 | ## </summary> | |
104 | ## <param name="domain"> | |
885b83ec | 105 | ## <summary> |
ae9e2716 | 106 | ## Domain allowed access. |
885b83ec | 107 | ## </summary> |
ae9e2716 CP |
108 | ## </param> |
109 | # | |
1815bad1 | 110 | interface(`hotplug_getattr_config_dirs',` |
ae9e2716 CP |
111 | gen_require(` |
112 | type hotplug_etc_t; | |
ae9e2716 CP |
113 | ') |
114 | ||
115 | allow $1 hotplug_etc_t:dir getattr; | |
116 | ') | |
117 | ||
118 | ######################################## | |
119 | ## <summary> | |
120 | ## Search the hotplug configuration directory. | |
121 | ## </summary> | |
122 | ## <param name="domain"> | |
885b83ec | 123 | ## <summary> |
ae9e2716 | 124 | ## Domain allowed access. |
885b83ec | 125 | ## </summary> |
ae9e2716 CP |
126 | ## </param> |
127 | # | |
128 | interface(`hotplug_search_config',` | |
129 | gen_require(` | |
130 | type hotplug_etc_t; | |
ae9e2716 CP |
131 | ') |
132 | ||
c0868a7a | 133 | allow $1 hotplug_etc_t:dir search_dir_perms; |
ae9e2716 CP |
134 | ') |
135 | ||
136 | ######################################## | |
137 | ## <summary> | |
414e4151 | 138 | ## Read the configuration files for hotplug. |
ae9e2716 | 139 | ## </summary> |
414e4151 | 140 | ## <param name="domain"> |
885b83ec | 141 | ## <summary> |
a0546c9d | 142 | ## Domain allowed access. |
885b83ec | 143 | ## </summary> |
414e4151 | 144 | ## </param> |
bbcd3c97 | 145 | ## <rolecap/> |
1e5c2a41 | 146 | # |
199895e2 | 147 | interface(`hotplug_read_config',` |
139520a2 CP |
148 | gen_require(` |
149 | type hotplug_etc_t; | |
139520a2 | 150 | ') |
0c73cd25 | 151 | |
c9428d33 | 152 | files_search_etc($1) |
c0868a7a | 153 | allow $1 hotplug_etc_t:dir list_dir_perms; |
3f67f722 CP |
154 | read_files_pattern($1, hotplug_etc_t, hotplug_etc_t) |
155 | read_lnk_files_pattern($1, hotplug_etc_t, hotplug_etc_t) | |
1e5c2a41 CP |
156 | ') |
157 | ||
ed38ca9f CP |
158 | ######################################## |
159 | ## <summary> | |
160 | ## Search the hotplug PIDs. | |
161 | ## </summary> | |
162 | ## <param name="domain"> | |
163 | ## <summary> | |
164 | ## Domain allowed access. | |
165 | ## </summary> | |
166 | ## </param> | |
167 | # | |
168 | interface(`hotplug_search_pids',` | |
169 | gen_require(` | |
170 | type hotplug_var_run_t; | |
171 | ') | |
172 | ||
173 | allow $1 hotplug_var_run_t:dir search_dir_perms; | |
174 | files_search_pids($1) | |
175 | ') |