policy/modules/system/getty.if

   1 ## <summary>Policy for getty.</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Execute gettys in the getty domain.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed access.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`getty_domtrans',`
  14         gen_require(`
  15                 type getty_t, getty_exec_t;
  16         ')
  17
  18         corecmd_search_bin($1)
  19         domtrans_pattern($1, getty_exec_t, getty_t)
  20 ')
  21
  22 ########################################
  23 ## <summary>
  24 ##      Inherit and use getty file descriptors.
  25 ## </summary>
  26 ## <param name="domain">
  27 ##      <summary>
  28 ##      Domain allowed access.
  29 ##      </summary>
  30 ## </param>
  31 #
  32 interface(`getty_use_fds',`
  33         gen_require(`
  34                 type getty_t;
  35         ')
  36
  37         allow $1 getty_t:fd use;
  38 ')
  39
  40 ########################################
  41 ## <summary>
  42 ##      Allow process to read getty log file.
  43 ## </summary>
  44 ## <param name="domain">
  45 ##      <summary>
  46 ##      Domain allowed access.
  47 ##      </summary>
  48 ## </param>
  49 ## <rolecap/>
  50 #
  51 interface(`getty_read_log',`
  52         gen_require(`
  53                 type getty_log_t;
  54         ')
  55
  56         logging_search_logs($1)
  57         allow $1 getty_log_t:file read_file_perms;
  58 ')
  59
  60 ########################################
  61 ## <summary>
  62 ##      Allow process to read getty config file.
  63 ## </summary>
  64 ## <param name="domain">
  65 ##      <summary>
  66 ##      Domain allowed access.
  67 ##      </summary>
  68 ## </param>
  69 ## <rolecap/>
  70 #
  71 interface(`getty_read_config',`
  72         gen_require(`
  73                 type getty_etc_t;
  74         ')
  75
  76         files_search_etc($1)
  77         allow $1 getty_etc_t:file read_file_perms;
  78 ')
  79
  80 ########################################
  81 ## <summary>
  82 ##      Allow process to edit getty config file.
  83 ## </summary>
  84 ## <param name="domain">
  85 ##      <summary>
  86 ##      Domain allowed access.
  87 ##      </summary>
  88 ## </param>
  89 ## <rolecap/>
  90 #
  91 interface(`getty_rw_config',`
  92         gen_require(`
  93                 type getty_etc_t;
  94         ')
  95
  96         files_search_etc($1)
  97         allow $1 getty_etc_t:file rw_file_perms;
  98 ')