[people/stevee/selinux-policy.git] / refpolicy / policy / modules / services / rdisc.te


policy_module(rdisc,1.1.0)

########################################
#
# Declarations
#

type rdisc_t;
type rdisc_exec_t;
init_daemon_domain(rdisc_t,rdisc_exec_t)

########################################
#
# Local policy
#

allow rdisc_t self:capability net_raw;
dontaudit rdisc_t self:capability sys_tty_config;
allow rdisc_t self:process signal_perms;
allow rdisc_t self:unix_stream_socket create_stream_socket_perms;
allow rdisc_t self:udp_socket create_socket_perms;
allow rdisc_t self:rawip_socket create_socket_perms;

kernel_list_proc(rdisc_t)
kernel_read_proc_symlinks(rdisc_t)
kernel_read_kernel_sysctls(rdisc_t)

corenet_udp_sendrecv_generic_if(rdisc_t)
corenet_raw_sendrecv_generic_if(rdisc_t)
corenet_udp_sendrecv_all_nodes(rdisc_t)
corenet_raw_sendrecv_all_nodes(rdisc_t)
corenet_udp_sendrecv_all_ports(rdisc_t)
corenet_non_ipsec_sendrecv(rdisc_t)
corenet_udp_bind_all_nodes(rdisc_t)

dev_read_sysfs(rdisc_t)

fs_search_auto_mountpoints(rdisc_t)

term_dontaudit_use_console(rdisc_t)

domain_use_interactive_fds(rdisc_t)

files_read_etc_files(rdisc_t)

init_use_fds(rdisc_t)
init_use_script_ptys(rdisc_t)

libs_use_ld_so(rdisc_t)
libs_use_shared_libs(rdisc_t)

logging_send_syslog_msg(rdisc_t)

sysnet_read_config(rdisc_t)

userdom_dontaudit_use_unpriv_user_fds(rdisc_t)

ifdef(`targeted_policy',`
	term_dontaudit_use_unallocated_ttys(rdisc_t)
	term_dontaudit_use_generic_ptys(rdisc_t)
	files_dontaudit_read_root_files(rdisc_t)
')

optional_policy(`
	seutil_sigchld_newrole(rdisc_t)
')

optional_policy(`
	udev_read_db(rdisc_t)
')
Commit	Line	Data
19ff64f8	1
5ea24be9	2	policy_module(rdisc,1.1.0)
19ff64f8 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
	9	type rdisc_t;
	10	type rdisc_exec_t;
	11	init_daemon_domain(rdisc_t,rdisc_exec_t)
	12
	13	########################################
	14	#
	15	# Local policy
	16	#
	17
	18	allow rdisc_t self:capability net_raw;
	19	dontaudit rdisc_t self:capability sys_tty_config;
	20	allow rdisc_t self:process signal_perms;
	21	allow rdisc_t self:unix_stream_socket create_stream_socket_perms;
	22	allow rdisc_t self:udp_socket create_socket_perms;
	23	allow rdisc_t self:rawip_socket create_socket_perms;
	24
	25	kernel_list_proc(rdisc_t)
	26	kernel_read_proc_symlinks(rdisc_t)
445522dc	27	kernel_read_kernel_sysctls(rdisc_t)
19ff64f8 CP	28
	29	corenet_udp_sendrecv_generic_if(rdisc_t)
	30	corenet_raw_sendrecv_generic_if(rdisc_t)
	31	corenet_udp_sendrecv_all_nodes(rdisc_t)
	32	corenet_raw_sendrecv_all_nodes(rdisc_t)
	33	corenet_udp_sendrecv_all_ports(rdisc_t)
bd70373d	34	corenet_non_ipsec_sendrecv(rdisc_t)
19ff64f8 CP	35	corenet_udp_bind_all_nodes(rdisc_t)
	36
	37	dev_read_sysfs(rdisc_t)
	38
	39	fs_search_auto_mountpoints(rdisc_t)
	40
	41	term_dontaudit_use_console(rdisc_t)
	42
15722ec9	43	domain_use_interactive_fds(rdisc_t)
19ff64f8 CP	44
	45	files_read_etc_files(rdisc_t)
	46
1c1ac67f	47	init_use_fds(rdisc_t)
1815bad1	48	init_use_script_ptys(rdisc_t)
19ff64f8 CP	49
	50	libs_use_ld_so(rdisc_t)
	51	libs_use_shared_libs(rdisc_t)
	52
	53	logging_send_syslog_msg(rdisc_t)
	54
	55	sysnet_read_config(rdisc_t)
	56
15722ec9	57	userdom_dontaudit_use_unpriv_user_fds(rdisc_t)
19ff64f8 CP	58
19ff64f8 CP	59	ifdef(`targeted_policy',`
1815bad1 CP	60	term_dontaudit_use_unallocated_ttys(rdisc_t)
1815bad1 CP	61	term_dontaudit_use_generic_ptys(rdisc_t)
9e04f5c5	62	files_dontaudit_read_root_files(rdisc_t)
19ff64f8 CP	63	')
19ff64f8 CP	64
bb7170f6	65	optional_policy(`
19ff64f8 CP	66	seutil_sigchld_newrole(rdisc_t)
	67	')
	68
bb7170f6	69	optional_policy(`
19ff64f8 CP	70	udev_read_db(rdisc_t)
19ff64f8 CP	71	')