refpolicy/policy/modules/services/finger.if

   1 ## <summary>Finger user information service.</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Execute fingerd in the fingerd domain.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      The type of the process performing this action.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`finger_domtrans',`
  14         gen_require(`
  15                 type fingerd_t, fingerd_exec_t;
  16         ')
  17
  18         domain_auto_trans($1,fingerd_exec_t,fingerd_t)
  19
  20         allow $1 fingerd_t:fd use;
  21         allow fingerd_t $1:fd use;
  22         allow fingerd_t $1:fifo_file rw_file_perms;
  23         allow fingerd_t $1:process sigchld;
  24 ')
  25
  26 ########################################
  27 ## <summary>
  28 ##      Allow the specified domain to connect to fingerd with a tcp socket.
  29 ## </summary>
  30 ## <param name="domain">
  31 ##      <summary>
  32 ##      Domain allowed access.
  33 ##      </summary>
  34 ## </param>
  35 #
  36 interface(`finger_tcp_connect',`
  37         gen_require(`
  38                 type fingerd_t;
  39         ')
  40
  41         kernel_tcp_recvfrom($1)
  42         allow $1 fingerd_t:tcp_socket { connectto recvfrom };
  43         allow fingerd_t $1:tcp_socket { acceptfrom recvfrom };
  44 ')