[people/stevee/selinux-policy.git] / refpolicy / policy / modules / services / apm.if

## <summary>Advanced power management daemon</summary>

########################################
## <summary>
##	Execute APM in the apm domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`apm_domtrans_client',`
	gen_require(`
		type apm_t, apm_exec_t;
	')

	corecmd_search_bin($1)
	domain_auto_trans($1,apm_exec_t,apm_t)

	allow $1 apm_t:fd use;
	allow apm_t $1:fd use;
	allow apm_t $1:fifo_file rw_file_perms;
	allow apm_t $1:process sigchld;
')

########################################
## <summary>
##	Use file descriptors for apmd.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`apm_use_fds',`
	gen_require(`
		type apmd_t;
	')

	allow $1 apmd_t:fd use; 
')

########################################
## <summary>
##	Write to apmd unnamed pipes.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`apm_write_pipes',`
	gen_require(`
		type apmd_t;
	')

	allow $1 apmd_t:fifo_file write; 
')

########################################
## <summary>
##	Read and write to an apm unix stream socket.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`apm_rw_stream_sockets',`
	gen_require(`
		type apmd_t;
	')

	allow $1 apmd_t:unix_stream_socket { read write };
')

########################################
## <summary>
##	Append to apm's log file.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`apm_append_log',`
	gen_require(`
		type apmd_log_t;
	')

	logging_search_logs($1)
	allow $1 apmd_log_t:file append;
')

########################################
## <summary>
##	Connect to apmd over an unix stream socket.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`apm_stream_connect',`
	gen_require(`
		type apmd_t, apmd_var_run_t;
	')

	files_search_pids($1)
	allow $1 apmd_var_run_t:sock_file write;
	allow $1 apmd_t:unix_stream_socket connectto;
')
Commit	Line	Data
4483ee84 CP	1	## <summary>Advanced power management daemon</summary>
	2
	3	########################################
	4	## <summary>
	5	## Execute APM in the apm domain.
	6	## </summary>
	7	## <param name="domain">
885b83ec	8	## <summary>
4483ee84	9	## Domain allowed access.
885b83ec	10	## </summary>
4483ee84 CP	11	## </param>
	12	#
	13	interface(`apm_domtrans_client',`
	14	gen_require(`
	15	type apm_t, apm_exec_t;
	16	')
	17
	18	corecmd_search_bin($1)
	19	domain_auto_trans($1,apm_exec_t,apm_t)
	20
	21	allow $1 apm_t:fd use;
	22	allow apm_t $1:fd use;
	23	allow apm_t $1:fifo_file rw_file_perms;
	24	allow apm_t $1:process sigchld;
	25	')
	26
	27	########################################
	28	## <summary>
	29	## Use file descriptors for apmd.
	30	## </summary>
	31	## <param name="domain">
885b83ec	32	## <summary>
4483ee84	33	## The type of the process performing this action.
885b83ec	34	## </summary>
4483ee84 CP	35	## </param>
4483ee84 CP	36	#
1c1ac67f	37	interface(`apm_use_fds',`
4483ee84 CP	38	gen_require(`
	39	type apmd_t;
	40	')
	41
	42	allow $1 apmd_t:fd use;
	43	')
	44
	45	########################################
	46	## <summary>
	47	## Write to apmd unnamed pipes.
	48	## </summary>
	49	## <param name="domain">
885b83ec	50	## <summary>
4483ee84	51	## The type of the process performing this action.
885b83ec	52	## </summary>
4483ee84 CP	53	## </param>
4483ee84 CP	54	#
1815bad1	55	interface(`apm_write_pipes',`
4483ee84 CP	56	gen_require(`
	57	type apmd_t;
	58	')
	59
	60	allow $1 apmd_t:fifo_file write;
	61	')
	62
	63	########################################
	64	## <summary>
	65	## Read and write to an apm unix stream socket.
	66	## </summary>
	67	## <param name="domain">
885b83ec	68	## <summary>
4483ee84	69	## Domain allowed access.
885b83ec	70	## </summary>
4483ee84 CP	71	## </param>
4483ee84 CP	72	#
1815bad1	73	interface(`apm_rw_stream_sockets',`
4483ee84 CP	74	gen_require(`
	75	type apmd_t;
	76	')
	77
	78	allow $1 apmd_t:unix_stream_socket { read write };
	79	')
	80
	81	########################################
	82	## <summary>
	83	## Append to apm's log file.
	84	## </summary>
	85	## <param name="domain">
885b83ec	86	## <summary>
4483ee84	87	## Domain allowed access.
885b83ec	88	## </summary>
4483ee84 CP	89	## </param>
	90	#
	91	interface(`apm_append_log',`
	92	gen_require(`
	93	type apmd_log_t;
	94	')
	95
	96	logging_search_logs($1)
	97	allow $1 apmd_log_t:file append;
	98	')
725926c5 CP	99
	100	########################################
	101	## <summary>
	102	## Connect to apmd over an unix stream socket.
	103	## </summary>
	104	## <param name="domain">
885b83ec	105	## <summary>
725926c5	106	## Domain allowed access.
885b83ec	107	## </summary>
725926c5 CP	108	## </param>
	109	#
	110	interface(`apm_stream_connect',`
	111	gen_require(`
9fd4b818	112	type apmd_t, apmd_var_run_t;
725926c5 CP	113	')
	114
	115	files_search_pids($1)
	116	allow $1 apmd_var_run_t:sock_file write;
	117	allow $1 apmd_t:unix_stream_socket connectto;
	118	')