policy/modules/services/smartmon.if

   1 ## <summary>Smart disk monitoring daemon policy</summary>
   2
   3 #######################################
   4 ## <summary>
   5 ##      Allow caller to read smartmon temporary files.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed access.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`smartmon_read_tmp_files',`
  14         gen_require(`
  15                 type fsdaemon_tmp_t;
  16         ')
  17
  18         allow $1 fsdaemon_tmp_t:file read_file_perms;
  19 ')
  20
  21 ########################################
  22 ## <summary>
  23 ##      All of the rules required to administrate
  24 ##      an smartmon environment
  25 ## </summary>
  26 ## <param name="domain">
  27 ##      <summary>
  28 ##      Domain allowed access.
  29 ##      </summary>
  30 ## </param>
  31 ## <param name="role">
  32 ##      <summary>
  33 ##      Role allowed access.
  34 ##      </summary>
  35 ## </param>
  36 ## <rolecap/>
  37 #
  38 interface(`smartmon_admin',`
  39         gen_require(`
  40                 type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
  41                 type fsdaemon_initrc_exec_t;
  42         ')
  43
  44         allow $1 fsdaemon_t:process { ptrace signal_perms getattr };
  45         ps_process_pattern($1, fsdaemon_t)
  46
  47         init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
  48         domain_system_change_exemption($1)
  49         role_transition $2 fsdaemon_initrc_exec_t system_r;
  50         allow $2 system_r;
  51
  52         files_list_tmp($1)
  53         admin_pattern($1, fsdaemon_tmp_t)
  54
  55         files_list_pids($1)
  56         admin_pattern($1, fsdaemon_var_run_t)
  57 ')