policy/modules/services/hddtemp.if

   1 ## <summary>hddtemp hard disk temperature tool running as a daemon.</summary>
   2
   3 #######################################
   4 ## <summary>
   5 ##      Execute a domain transition to run hddtemp.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed to transition.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`hddtemp_domtrans',`
  14         gen_require(`
  15                 type hddtemp_t, hddtemp_exec_t;
  16         ')
  17
  18         domtrans_pattern($1, hddtemp_exec_t, hddtemp_t)
  19         corecmd_search_bin($1)
  20 ')
  21
  22 ######################################
  23 ## <summary>
  24 ##      Execute hddtemp.
  25 ## </summary>
  26 ## <param name="domain">
  27 ##      <summary>
  28 ##      Domain allowed access.
  29 ##      </summary>
  30 ## </param>
  31 #
  32 interface(`hddtemp_exec',`
  33         gen_require(`
  34                 type hddtemp_exec_t;
  35         ')
  36
  37         can_exec($1, hddtemp_exec_t)
  38         corecmd_search_bin($1)
  39 ')
  40
  41 ########################################
  42 ## <summary>
  43 ##      All of the rules required to
  44 ##      administrate an hddtemp environment.
  45 ## </summary>
  46 ## <param name="domain">
  47 ##      <summary>
  48 ##      Domain allowed access.
  49 ##      </summary>
  50 ## </param>
  51 ## <param name="role">
  52 ##      <summary>
  53 ##      Role allowed access.
  54 ##      </summary>
  55 ## </param>
  56 ## <rolecap/>
  57 #
  58 interface(`hddtemp_admin',`
  59         gen_require(`
  60                 type hddtemp_t, hddtemp_etc_t, hddtemp_initrc_exec_t;
  61         ')
  62
  63         allow $1 hddtemp_t:process signal_perms;
  64         ps_process_pattern($1, hddtemp_t)
  65         tunable_policy(`deny_ptrace',`',`
  66                 allow $1 hddtemp_t:process ptrace;
  67         ')
  68
  69         init_labeled_script_domtrans($1, hddtemp_initrc_exec_t)
  70         domain_system_change_exemption($1)
  71         role_transition $2 hddtemp_initrc_exec_t system_r;
  72         allow $2 system_r;
  73
  74         admin_pattern($1, hddtemp_etc_t)
  75         files_list_etc($1)
  76 ')