policy/modules/services/tftp.if

   1 ## <summary>Trivial file transfer protocol daemon</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Read tftp content
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed access.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`tftp_read_content',`
  14         gen_require(`
  15                 type tftpdir_t;
  16                 type tftpdir_rw_t;
  17         ')
  18
  19         read_files_pattern($1, tftpdir_t, tftpdir_t)
  20         read_lnk_files_pattern($1, tftpdir_t, tftpdir_t)
  21
  22         read_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
  23         read_lnk_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
  24 ')
  25
  26 ########################################
  27 ## <summary>
  28 ##      Search tftp /var/lib directories.
  29 ## </summary>
  30 ## <param name="domain">
  31 ##      <summary>
  32 ##      Domain allowed access.
  33 ##      </summary>
  34 ## </param>
  35 #
  36 interface(`tftp_search_rw_content',`
  37         gen_require(`
  38                 type tftpdir_rw_t;
  39         ')
  40
  41         search_dirs_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
  42         files_search_var_lib($1)
  43 ')
  44
  45 ########################################
  46 ## <summary>
  47 ##      Manage tftp /var/lib files.
  48 ## </summary>
  49 ## <param name="domain">
  50 ##      <summary>
  51 ##      Domain allowed access.
  52 ##      </summary>
  53 ## </param>
  54 #
  55 interface(`tftp_manage_rw_content',`
  56         gen_require(`
  57                 type tftpdir_rw_t;
  58         ')
  59
  60         files_search_var_lib($1)
  61         manage_dirs_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
  62         manage_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
  63 ')
  64
  65 ########################################
  66 ## <summary>
  67 ##      Create objects in tftpdir directories
  68 ##      with specified types.
  69 ## </summary>
  70 ## <param name="domain">
  71 ##      <summary>
  72 ##      Domain allowed access.
  73 ##      </summary>
  74 ## </param>
  75 ## <param name="file_type">
  76 ##      <summary>
  77 ##      Private file type.
  78 ##      </summary>
  79 ## </param>
  80 ## <param name="object_class">
  81 ##      <summary>
  82 ##      Class of the object being created.
  83 ##      </summary>
  84 ## </param>
  85 #
  86 interface(`tftp_filetrans_tftpdir',`
  87         gen_require(`
  88                 type tftpdir_rw_t;
  89         ')
  90
  91         filetrans_pattern($1, tftpdir_rw_t, $2, $3)
  92         files_search_var_lib($1)
  93 ')
  94
  95 ########################################
  96 ## <summary>
  97 ##      All of the rules required to administrate
  98 ##      an tftp environment
  99 ## </summary>
 100 ## <param name="domain">
 101 ##      <summary>
 102 ##      Domain allowed access.
 103 ##      </summary>
 104 ## </param>
 105 ## <rolecap/>
 106 #
 107 interface(`tftp_admin',`
 108         gen_require(`
 109                 type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t;
 110         ')
 111
 112         allow $1 tftpd_t:process signal_perms;
 113         ps_process_pattern($1, tftpd_t)
 114         tunable_policy(`deny_ptrace',`',`
 115                 allow $1 tftp_t:process ptrace;
 116         ')
 117
 118         files_list_var_lib($1)
 119         admin_pattern($1, tftpdir_rw_t)
 120
 121         admin_pattern($1, tftpdir_t)
 122
 123         files_list_pids($1)
 124         admin_pattern($1, tftpd_var_run_t)
 125 ')