[people/stevee/selinux-policy.git] / policy / modules / system / raid.if

## <summary>RAID array management tools</summary>

########################################
## <summary>
##	Execute software raid tools in the mdadm domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`raid_domtrans_mdadm',`
	gen_require(`
		type mdadm_t, mdadm_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, mdadm_exec_t, mdadm_t)
')

######################################
## <summary>
##	Execute a domain transition to mdadm_t for the
##	specified role, allowing it to use the mdadm_t
##	domain
## </summary>
## <param name="role">
##	<summary>
##	Role allowed to access mdadm_t domain
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	Domain allowed to transition to mdadm_t
##	</summary>
## </param>
#
interface(`raid_run_mdadm',`
	gen_require(`
		type mdadm_t;
	')

	role $1 types mdadm_t;
	raid_domtrans_mdadm($2)
')

########################################
## <summary>
##	read the mdadm pid files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`raid_read_mdadm_pid',`
	gen_require(`
		type mdadm_var_run_t;
	')

	read_files_pattern($1, mdadm_var_run_t, mdadm_var_run_t)
')

########################################
## <summary>
##	Create, read, write, and delete the mdadm pid files.
## </summary>
## <desc>
##	<p>
##	Create, read, write, and delete the mdadm pid files.
##	</p>
##	<p>
##	Added for use in the init module.
##	</p>
## </desc>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`raid_manage_mdadm_pid',`
	gen_require(`
		type mdadm_var_run_t;
	')

	# FIXME: maybe should have a type_transition.  not
	# clear what this is doing, from the original
	# mdadm policy
	allow $1 mdadm_var_run_t:file manage_file_perms;
')
Commit	Line	Data
50aca6d2 CP	1	## <summary>RAID array management tools</summary>
	2
	3	########################################
	4	## <summary>
	5	## Execute software raid tools in the mdadm domain.
	6	## </summary>
	7	## <param name="domain">
885b83ec	8	## <summary>
a0546c9d	9	## Domain allowed to transition.
885b83ec	10	## </summary>
50aca6d2 CP	11	## </param>
	12	#
	13	interface(`raid_domtrans_mdadm',`
	14	gen_require(`
	15	type mdadm_t, mdadm_exec_t;
50aca6d2 CP	16	')
50aca6d2 CP	17
8021cb4f	18	corecmd_search_bin($1)
3f67f722	19	domtrans_pattern($1, mdadm_exec_t, mdadm_t)
50aca6d2	20	')
a5f339f1	21
c3a60ead CP	22	######################################
	23	## <summary>
	24	## Execute a domain transition to mdadm_t for the
	25	## specified role, allowing it to use the mdadm_t
	26	## domain
	27	## </summary>
	28	## <param name="role">
	29	## <summary>
	30	## Role allowed to access mdadm_t domain
	31	## </summary>
	32	## </param>
	33	## <param name="domain">
	34	## <summary>
	35	## Domain allowed to transition to mdadm_t
	36	## </summary>
	37	## </param>
	38	#
	39	interface(`raid_run_mdadm',`
	40	gen_require(`
	41	type mdadm_t;
	42	')
	43
	44	role $1 types mdadm_t;
	45	raid_domtrans_mdadm($2)
	46	')
	47
91249179 DW	48	########################################
	49	## <summary>
	50	## read the mdadm pid files.
	51	## </summary>
	52	## <param name="domain">
	53	## <summary>
	54	## Domain allowed access.
	55	## </summary>
	56	## </param>
	57	#
	58	interface(`raid_read_mdadm_pid',`
	59	gen_require(`
	60	type mdadm_var_run_t;
	61	')
	62
	63	read_files_pattern($1, mdadm_var_run_t, mdadm_var_run_t)
	64	')
	65
a5f339f1 CP	66	########################################
	67	## <summary>
	68	## Create, read, write, and delete the mdadm pid files.
	69	## </summary>
	70	## <desc>
	71	## <p>
	72	## Create, read, write, and delete the mdadm pid files.
	73	## </p>
	74	## <p>
	75	## Added for use in the init module.
	76	## </p>
	77	## </desc>
	78	## <param name="domain">
885b83ec	79	## <summary>
a0546c9d	80	## Domain allowed access.
885b83ec	81	## </summary>
a5f339f1 CP	82	## </param>
	83	#
	84	interface(`raid_manage_mdadm_pid',`
	85	gen_require(`
	86	type mdadm_var_run_t;
a5f339f1 CP	87	')
	88
	89	# FIXME: maybe should have a type_transition. not
	90	# clear what this is doing, from the original
	91	# mdadm policy
c0868a7a	92	allow $1 mdadm_var_run_t:file manage_file_perms;
a5f339f1	93	')