policy/modules/services/zebra.if

   1 ## <summary>Zebra border gateway protocol network routing service</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Read the configuration files for zebra.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed access.
  10 ##      </summary>
  11 ## </param>
  12 ## <rolecap/>
  13 #
  14 interface(`zebra_read_config',`
  15         gen_require(`
  16                 type zebra_conf_t;
  17         ')
  18
  19         files_search_etc($1)
  20         allow $1 zebra_conf_t:dir list_dir_perms;
  21         read_files_pattern($1, zebra_conf_t, zebra_conf_t)
  22         read_lnk_files_pattern($1, zebra_conf_t, zebra_conf_t)
  23 ')
  24
  25 ########################################
  26 ## <summary>
  27 ##      Connect to zebra over an unix stream socket.
  28 ## </summary>
  29 ## <param name="domain">
  30 ##      <summary>
  31 ##      Domain allowed access.
  32 ##      </summary>
  33 ## </param>
  34 #
  35 interface(`zebra_stream_connect',`
  36         gen_require(`
  37                 type zebra_t, zebra_var_run_t;
  38         ')
  39
  40         files_search_pids($1)
  41         stream_connect_pattern($1, zebra_var_run_t, zebra_var_run_t, zebra_t)
  42 ')
  43
  44 ########################################
  45 ## <summary>
  46 ##      All of the rules required to administrate
  47 ##      an zebra environment
  48 ## </summary>
  49 ## <param name="domain">
  50 ##      <summary>
  51 ##      Domain allowed access.
  52 ##      </summary>
  53 ## </param>
  54 ## <param name="role">
  55 ##      <summary>
  56 ##      The role to be allowed to manage the zebra domain.
  57 ##      </summary>
  58 ## </param>
  59 ## <rolecap/>
  60 #
  61 interface(`zebra_admin',`
  62         gen_require(`
  63                 type zebra_t, zebra_tmp_t, zebra_log_t;
  64                 type zebra_conf_t, zebra_var_run_t;
  65                 type zebra_initrc_exec_t;
  66         ')
  67
  68         allow $1 zebra_t:process { ptrace signal_perms };
  69         ps_process_pattern($1, zebra_t)
  70
  71         init_labeled_script_domtrans($1, zebra_initrc_exec_t)
  72         domain_system_change_exemption($1)
  73         role_transition $2 zebra_initrc_exec_t system_r;
  74         allow $2 system_r;
  75
  76         files_list_etc($1)
  77         admin_pattern($1, zebra_conf_t)
  78
  79         logging_list_logs($1)
  80         admin_pattern($1, zebra_log_t)
  81
  82         files_list_tmp($1)
  83         admin_pattern($1, zebra_tmp_t)
  84
  85         files_list_pids($1)
  86         admin_pattern($1, zebra_var_run_t)
  87 ')