[people/stevee/selinux-policy.git] / refpolicy / policy / modules / services / ldap.if

## <summary>OpenLDAP directory server</summary>

########################################
## <summary>
##	Read the contents of the OpenLDAP
##	database directories.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`ldap_list_db',`
	gen_require(`
		type slapd_db_t;
	')

	allow $1 slapd_db_t:dir r_dir_perms;
')

########################################
## <summary>
##	Read the OpenLDAP configuration files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`ldap_read_config',`
	gen_require(`
		type slapd_etc_t;
	')

	files_search_etc($1)
	allow $1 slapd_etc_t:file { getattr read };
')

########################################
## <summary>
##	Use LDAP over TCP connection.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`ldap_use',`
	gen_require(`
		type slapd_t;
	')

	allow $1 slapd_t:tcp_socket { connectto recvfrom };
	allow slapd_t $1:tcp_socket { acceptfrom recvfrom };
	kernel_tcp_recvfrom($1)
')
Commit	Line	Data
2961e79b CP	1	## <summary>OpenLDAP directory server</summary>
	2
	3	########################################
	4	## <summary>
	5	## Read the contents of the OpenLDAP
	6	## database directories.
	7	## </summary>
	8	## <param name="domain">
885b83ec	9	## <summary>
2961e79b	10	## Domain allowed access.
885b83ec	11	## </summary>
2961e79b CP	12	## </param>
2961e79b CP	13	#
1815bad1	14	interface(`ldap_list_db',`
2961e79b CP	15	gen_require(`
2961e79b CP	16	type slapd_db_t;
2961e79b CP	17	')
	18
	19	allow $1 slapd_db_t:dir r_dir_perms;
	20	')
	21
	22	########################################
	23	## <summary>
	24	## Read the OpenLDAP configuration files.
	25	## </summary>
	26	## <param name="domain">
885b83ec	27	## <summary>
2961e79b	28	## Domain allowed access.
885b83ec	29	## </summary>
2961e79b CP	30	## </param>
	31	#
	32	interface(`ldap_read_config',`
	33	gen_require(`
	34	type slapd_etc_t;
2961e79b CP	35	')
	36
	37	files_search_etc($1)
	38	allow $1 slapd_etc_t:file { getattr read };
	39	')
3774e4eb CP	40
	41	########################################
	42	## <summary>
	43	## Use LDAP over TCP connection.
	44	## </summary>
	45	## <param name="domain">
885b83ec	46	## <summary>
3774e4eb	47	## Domain allowed access.
885b83ec	48	## </summary>
3774e4eb CP	49	## </param>
	50	#
	51	interface(`ldap_use',`
	52	gen_require(`
	53	type slapd_t;
	54	')
	55
	56	allow $1 slapd_t:tcp_socket { connectto recvfrom };
	57	allow slapd_t $1:tcp_socket { acceptfrom recvfrom };
	58	kernel_tcp_recvfrom($1)
	59	')