policy/modules/services/ifplugd.if

   1 ## <summary>Bring up/down ethernet interfaces based on cable detection.</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Execute a domain transition to run ifplugd.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed to transition.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`ifplugd_domtrans',`
  14         gen_require(`
  15                 type ifplugd_t, ifplugd_exec_t;
  16         ')
  17
  18         domtrans_pattern($1, ifplugd_exec_t, ifplugd_t)
  19 ')
  20
  21 ########################################
  22 ## <summary>
  23 ##      Send a generic signal to ifplugd
  24 ## </summary>
  25 ## <param name="domain">
  26 ##      <summary>
  27 ##      Domain allowed access.
  28 ##      </summary>
  29 ## </param>
  30 #
  31 interface(`ifplugd_signal',`
  32         gen_require(`
  33                 type ifplugd_t;
  34         ')
  35
  36         allow $1 ifplugd_t:process signal;
  37 ')
  38
  39 ########################################
  40 ## <summary>
  41 ##      Read ifplugd etc configuration files.
  42 ## </summary>
  43 ## <param name="domain">
  44 ##      <summary>
  45 ##      Domain allowed access.
  46 ##      </summary>
  47 ## </param>
  48 #
  49 interface(`ifplugd_read_config',`
  50         gen_require(`
  51                 type ifplugd_etc_t;
  52         ')
  53
  54         files_search_etc($1)
  55         read_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
  56 ')
  57
  58 ########################################
  59 ## <summary>
  60 ##      Manage ifplugd etc configuration files.
  61 ## </summary>
  62 ## <param name="domain">
  63 ##      <summary>
  64 ##      Domain allowed access.
  65 ##      </summary>
  66 ## </param>
  67 #
  68 interface(`ifplugd_manage_config',`
  69         gen_require(`
  70                 type ifplugd_etc_t;
  71         ')
  72
  73         files_search_etc($1)
  74         manage_dirs_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
  75         manage_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
  76 ')
  77
  78 ########################################
  79 ## <summary>
  80 ##      Read ifplugd PID files.
  81 ## </summary>
  82 ## <param name="domain">
  83 ##      <summary>
  84 ##      Domain allowed access.
  85 ##      </summary>
  86 ## </param>
  87 #
  88 interface(`ifplugd_read_pid_files',`
  89         gen_require(`
  90                 type ifplugd_var_run_t;
  91         ')
  92
  93         files_search_pids($1)
  94         allow $1 ifplugd_var_run_t:file read_file_perms;
  95 ')
  96
  97 ########################################
  98 ## <summary>
  99 ##      All of the rules required to administrate
 100 ##      an ifplugd environment
 101 ## </summary>
 102 ## <param name="domain">
 103 ##      <summary>
 104 ##      Domain allowed access.
 105 ##      </summary>
 106 ## </param>
 107 ## <param name="role">
 108 ##      <summary>
 109 ##      The role to be allowed to manage the ifplugd domain.
 110 ##      </summary>
 111 ## </param>
 112 ## <rolecap/>
 113 #
 114 interface(`ifplugd_admin',`
 115         gen_require(`
 116                 type ifplugd_t, ifplugd_etc_t, ifplugd_var_run_t;
 117                 type ifplugd_initrc_exec_t;
 118         ')
 119
 120         allow $1 ifplugd_t:process signal_perms;
 121         ps_process_pattern($1, ifplugd_t)
 122
 123         init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
 124         domain_system_change_exemption($1)
 125         role_transition $2 ifplugd_initrc_exec_t system_r;
 126         allow $2 system_r;
 127
 128         files_list_etc($1)
 129         admin_pattern($1, ifplugd_etc_t)
 130
 131         files_list_pids($1)
 132         admin_pattern($1, ifplugd_var_run_t)
 133 ')