policy/modules/services/sasl.if

   1 ## <summary>SASL authentication server</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Connect to SASL.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed access.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`sasl_connect',`
  14         gen_require(`
  15                 type saslauthd_t, saslauthd_var_run_t;
  16         ')
  17
  18         files_search_pids($1)
  19         stream_connect_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t, saslauthd_t)
  20 ')
  21
  22 ########################################
  23 ## <summary>
  24 ##      All of the rules required to administrate
  25 ##      an sasl environment
  26 ## </summary>
  27 ## <param name="domain">
  28 ##      <summary>
  29 ##      Domain allowed access.
  30 ##      </summary>
  31 ## </param>
  32 ## <param name="role">
  33 ##      <summary>
  34 ##      Role allowed access.
  35 ##      </summary>
  36 ## </param>
  37 ## <rolecap/>
  38 #
  39 interface(`sasl_admin',`
  40         gen_require(`
  41                 type saslauthd_t, saslauthd_var_run_t;
  42                 type saslauthd_initrc_exec_t;
  43         ')
  44
  45         allow $1 saslauthd_t:process signal_perms;
  46         ps_process_pattern($1, saslauthd_t)
  47         tunable_policy(`deny_ptrace',`',`
  48                 allow $1 saslauthd_t:process ptrace;
  49         ')
  50
  51         init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
  52         domain_system_change_exemption($1)
  53         role_transition $2 saslauthd_initrc_exec_t system_r;
  54         allow $2 system_r;
  55
  56         files_list_pids($1)
  57         admin_pattern($1, saslauthd_var_run_t)
  58 ')