policy/modules/services/kerneloops.te

   1
   2 policy_module(kerneloops, 1.2.4)
   3
   4 ########################################
   5 #
   6 # Declarations
   7 #
   8
   9 type kerneloops_t;
  10 type kerneloops_exec_t;
  11 init_daemon_domain(kerneloops_t, kerneloops_exec_t)
  12
  13 type kerneloops_initrc_exec_t;
  14 init_script_file(kerneloops_initrc_exec_t)
  15
  16 type kerneloops_tmp_t;
  17 files_tmp_file(kerneloops_tmp_t)
  18
  19 ########################################
  20 #
  21 # kerneloops local policy
  22 #
  23
  24 allow kerneloops_t self:capability sys_nice;
  25 allow kerneloops_t self:process { setsched getsched signal };
  26 allow kerneloops_t self:fifo_file rw_file_perms;
  27
  28 manage_files_pattern(kerneloops_t, kerneloops_tmp_t, kerneloops_tmp_t)
  29 files_tmp_filetrans(kerneloops_t, kerneloops_tmp_t, file)
  30
  31 kernel_read_ring_buffer(kerneloops_t)
  32
  33 # Init script handling
  34 domain_use_interactive_fds(kerneloops_t)
  35
  36 corenet_all_recvfrom_unlabeled(kerneloops_t)
  37 corenet_all_recvfrom_netlabel(kerneloops_t)
  38 corenet_tcp_sendrecv_generic_if(kerneloops_t)
  39 corenet_tcp_sendrecv_generic_node(kerneloops_t)
  40 corenet_tcp_sendrecv_all_ports(kerneloops_t)
  41 corenet_tcp_bind_http_port(kerneloops_t)
  42 corenet_tcp_connect_http_port(kerneloops_t)
  43
  44 files_read_etc_files(kerneloops_t)
  45
  46 auth_use_nsswitch(kerneloops_t)
  47
  48 logging_send_syslog_msg(kerneloops_t)
  49 logging_read_generic_logs(kerneloops_t)
  50
  51 miscfiles_read_localization(kerneloops_t)
  52
  53 optional_policy(`
  54         dbus_system_domain(kerneloops_t, kerneloops_exec_t)
  55 ')