policy/modules/services/vnstatd.te

   1 policy_module(vnstatd, 1.0.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type vnstat_t;
   9 type vnstat_exec_t;
  10 application_domain(vnstat_t, vnstat_exec_t)
  11
  12 type vnstatd_t;
  13 type vnstatd_exec_t;
  14 init_daemon_domain(vnstatd_t, vnstatd_exec_t)
  15
  16 type vnstatd_var_lib_t;
  17 files_type(vnstatd_var_lib_t)
  18
  19 type vnstatd_var_run_t;
  20 files_pid_file(vnstatd_var_run_t)
  21
  22 ########################################
  23 #
  24 # vnstatd local policy
  25 #
  26
  27 allow vnstatd_t self:process signal;
  28 allow vnstatd_t self:fifo_file rw_fifo_file_perms;
  29 allow vnstatd_t self:unix_stream_socket create_stream_socket_perms;
  30
  31 manage_files_pattern(vnstatd_t, vnstatd_var_run_t, vnstatd_var_run_t)
  32 manage_dirs_pattern(vnstatd_t, vnstatd_var_run_t, vnstatd_var_run_t)
  33 files_pid_filetrans(vnstatd_t, vnstatd_var_run_t, { dir file })
  34
  35 manage_dirs_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
  36 manage_files_pattern(vnstatd_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
  37
  38 manage_files_pattern(vnstatd_t, vnstatd_var_run_t, vnstatd_var_run_t)
  39 manage_dirs_pattern(vnstatd_t, vnstatd_var_run_t, vnstatd_var_run_t)
  40 files_pid_filetrans(vnstatd_t, vnstatd_var_run_t, { dir file })
  41
  42 kernel_read_network_state(vnstatd_t)
  43 kernel_read_system_state(vnstatd_t)
  44
  45 domain_use_interactive_fds(vnstatd_t)
  46
  47 files_read_etc_files(vnstatd_t)
  48
  49 fs_getattr_xattr_fs(vnstatd_t)
  50
  51 logging_send_syslog_msg(vnstatd_t)
  52
  53 miscfiles_read_localization(vnstatd_t)
  54
  55 optional_policy(`
  56         cron_system_entry(vnstat_t, vnstat_exec_t)
  57 ')
  58
  59 ########################################
  60 #
  61 # vnstat local policy
  62 #
  63
  64 allow vnstat_t self:process signal;
  65 allow vnstat_t self:fifo_file rw_fifo_file_perms;
  66 allow vnstat_t self:unix_stream_socket create_stream_socket_perms;
  67
  68 manage_dirs_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
  69 manage_files_pattern(vnstat_t, vnstatd_var_lib_t, vnstatd_var_lib_t)
  70
  71 kernel_read_network_state(vnstat_t)
  72 kernel_read_system_state(vnstat_t)
  73
  74 domain_use_interactive_fds(vnstat_t)
  75
  76 files_read_etc_files(vnstat_t)
  77
  78 fs_getattr_xattr_fs(vnstat_t)
  79
  80 logging_send_syslog_msg(vnstat_t)
  81
  82 miscfiles_read_localization(vnstat_t)