2 ## <summary>policy for daemon for playing music</summary>
4 ########################################
6 ## Execute a domain transition to run mpd.
8 ## <param name="domain">
10 ## Domain allowed to transition.
14 interface(`mpd_domtrans',`
16 type mpd_t, mpd_exec_t;
19 domtrans_pattern($1, mpd_exec_t, mpd_t)
23 ########################################
25 ## Execute mpd server in the mpd domain.
27 ## <param name="domain">
29 ## Domain allowed access.
33 interface(`mpd_initrc_domtrans',`
35 type mpd_initrc_exec_t;
38 init_labeled_script_domtrans($1, mpd_initrc_exec_t)
41 #######################################
43 ## Read mpd data files.
45 ## <param name="domain">
47 ## Domain allowed access.
51 interface(`mpd_read_data_files',`
57 read_files_pattern($1, mpd_data_t, mpd_data_t)
60 #######################################
62 ## Read mpd tmpfs files.
64 ## <param name="domain">
66 ## Domain allowed access.
70 interface(`mpd_read_tmpfs_files',`
76 read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
79 ###################################
81 ## Manage mpd tmpfs files.
83 ## <param name="domain">
85 ## Domain allowed access.
89 interface(`mpd_manage_tmpfs_files',`
95 manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
96 manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
99 ######################################
101 ## Manage mpd data files.
103 ## <param name="domain">
105 ## Domain allowed access.
109 interface(`mpd_manage_data_files',`
115 manage_files_pattern($1, mpd_data_t, mpd_data_t)
118 ########################################
120 ## Search mpd lib directories.
122 ## <param name="domain">
124 ## Domain allowed access.
128 interface(`mpd_search_lib',`
133 allow $1 mpd_var_lib_t:dir search_dir_perms;
134 files_search_var_lib($1)
137 ########################################
139 ## Read mpd lib files.
141 ## <param name="domain">
143 ## Domain allowed access.
147 interface(`mpd_read_lib_files',`
152 files_search_var_lib($1)
153 read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
156 ########################################
158 ## Create, read, write, and delete
161 ## <param name="domain">
163 ## Domain allowed access.
167 interface(`mpd_manage_lib_files',`
172 files_search_var_lib($1)
173 manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
176 #######################################
178 ## Create an object in the root directory, with a private
179 ## type using a type transition.
181 ## <param name="domain">
183 ## Domain allowed access.
186 ## <param name="private type">
188 ## The type of the object to be created.
191 ## <param name="object">
193 ## The object class of the object being created.
197 interface(`mpd_var_lib_filetrans',`
202 filetrans_pattern($1, mpd_var_lib_t, $2, $3)
205 ########################################
207 ## Manage mpd lib dirs files.
209 ## <param name="domain">
211 ## Domain allowed access.
215 interface(`mpd_manage_lib_dirs',`
220 files_search_var_lib($1)
221 manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
224 ########################################
226 ## All of the rules required to administrate
227 ## an mpd environment
229 ## <param name="domain">
231 ## Domain allowed access.
234 ## <param name="role">
236 ## Role allowed access.
241 interface(`mpd_admin',`
244 type mpd_initrc_exec_t;
252 allow $1 mpd_t:process { ptrace signal_perms };
253 ps_process_pattern($1, mpd_t)
255 mpd_initrc_domtrans($1)
256 domain_system_change_exemption($1)
257 role_transition $2 mpd_initrc_exec_t system_r;
260 admin_pattern($1, mpd_etc_t)
263 files_search_var_lib($1)
264 admin_pattern($1, mpd_var_lib_t)
267 admin_pattern($1, mpd_data_t)
269 admin_pattern($1, mpd_log_t)
272 admin_pattern($1, mpd_tmpfs_t)