policy/modules/services/ddclient.if

   1 ## <summary>Update dynamic IP address at DynDNS.org</summary>
   2
   3 #######################################
   4 ## <summary>
   5 ##      Execute ddclient in the ddclient domain.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed to transition.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`ddclient_domtrans',`
  14         gen_require(`
  15                 type ddclient_t, ddclient_exec_t;
  16         ')
  17
  18         corecmd_search_bin($1)
  19         domtrans_pattern($1, ddclient_exec_t, ddclient_t)
  20 ')
  21
  22 ########################################
  23 ## <summary>
  24 ##       Execute ddclient daemon on behalf of a user or staff type.
  25 ## </summary>
  26 ## <param name="domain">
  27 ##      <summary>
  28 ##       Domain allowed to transition.
  29 ##      </summary>
  30 ## </param>
  31 ## <param name="role">
  32 ##      <summary>
  33 ##      Role allowed access.
  34 ##      </summary>
  35 ## </param>
  36 ## <rolecap/>
  37 #
  38 interface(`ddclient_run',`
  39         gen_require(`
  40                 type ddclient_t;
  41         ')
  42
  43         ddclient_domtrans($1)
  44         role $2 types ddclient_t;
  45 ')
  46
  47 ########################################
  48 ## <summary>
  49 ##      All of the rules required to administrate
  50 ##      an ddclient environment
  51 ## </summary>
  52 ## <param name="domain">
  53 ##      <summary>
  54 ##      Domain allowed access.
  55 ##      </summary>
  56 ## </param>
  57 ## <param name="role">
  58 ##      <summary>
  59 ##      The role to be allowed to manage the ddclient domain.
  60 ##      </summary>
  61 ## </param>
  62 ## <rolecap/>
  63 #
  64 interface(`ddclient_admin',`
  65         gen_require(`
  66                 type ddclient_t, ddclient_etc_t, ddclient_log_t;
  67                 type ddclient_var_t, ddclient_var_lib_t, ddclient_initrc_exec_t;
  68                 type ddclient_var_run_t;
  69         ')
  70
  71         allow $1 ddclient_t:process signal_perms;
  72         ps_process_pattern($1, ddclient_t)
  73
  74         tunable_policy(`deny_ptrace',`',`
  75                 allow $1 ddclient_t:process ptrace;
  76         ')
  77
  78         init_labeled_script_domtrans($1, ddclient_initrc_exec_t)
  79         domain_system_change_exemption($1)
  80         role_transition $2 ddclient_initrc_exec_t system_r;
  81         allow $2 system_r;
  82
  83         files_list_etc($1)
  84         admin_pattern($1, ddclient_etc_t)
  85
  86         logging_list_logs($1)
  87         admin_pattern($1, ddclient_log_t)
  88
  89         files_list_var($1)
  90         admin_pattern($1, ddclient_var_t)
  91
  92         files_list_var_lib($1)
  93         admin_pattern($1, ddclient_var_lib_t)
  94
  95         files_list_pids($1)
  96         admin_pattern($1, ddclient_var_run_t)
  97 ')