policy/modules/services/kerneloops.te

   1 policy_module(kerneloops,1.0.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type kerneloops_t;
   9 type kerneloops_exec_t;
  10 init_daemon_domain(kerneloops_t, kerneloops_exec_t)
  11
  12 ########################################
  13 #
  14 # kerneloops local policy
  15 #
  16
  17 allow kerneloops_t self:capability sys_nice;
  18 allow kerneloops_t self:process { setsched getsched };
  19 allow kerneloops_t self:fifo_file rw_file_perms;
  20
  21 kernel_read_ring_buffer(kerneloops_t)
  22
  23 # Init script handling
  24 domain_use_interactive_fds(kerneloops_t)
  25
  26 corenet_all_recvfrom_unlabeled(kerneloops_t)
  27 corenet_all_recvfrom_netlabel(kerneloops_t)
  28 corenet_tcp_sendrecv_all_if(kerneloops_t)
  29 corenet_tcp_sendrecv_all_nodes(kerneloops_t)
  30 corenet_tcp_sendrecv_all_ports(kerneloops_t)
  31 corenet_tcp_bind_http_port(kerneloops_t)
  32 corenet_tcp_connect_http_port(kerneloops_t)
  33
  34 files_read_etc_files(kerneloops_t)
  35
  36 libs_use_ld_so(kerneloops_t)
  37 libs_use_shared_libs(kerneloops_t)
  38
  39 logging_send_syslog_msg(kerneloops_t)
  40 logging_read_generic_logs(kerneloops_t)
  41
  42 miscfiles_read_localization(kerneloops_t)
  43
  44 sysnet_dns_name_resolve(kerneloops_t)
  45
  46 optional_policy(`
  47         dbus_system_bus_client_template(kerneloops, kerneloops_t)
  48         dbus_connect_system_bus(kerneloops_t)
  49 ')