refpolicy/policy/modules/services/i18n_input.te

   1
   2 policy_module(i18n_input,1.1.0)
   3
   4 ########################################
   5 #
   6 # Declarations
   7 #
   8
   9 type i18n_input_t;
  10 type i18n_input_exec_t;
  11 init_daemon_domain(i18n_input_t,i18n_input_exec_t)
  12
  13 type i18n_input_var_run_t;
  14 files_pid_file(i18n_input_var_run_t)
  15
  16 ########################################
  17 #
  18 # i18n_input local policy
  19 #
  20
  21 allow i18n_input_t self:capability { kill setgid setuid };
  22 dontaudit i18n_input_t self:capability sys_tty_config;
  23 allow i18n_input_t self:process { signal_perms setsched setpgid };
  24 allow i18n_input_t self:fifo_file rw_file_perms;
  25 allow i18n_input_t self:unix_dgram_socket create_socket_perms;
  26 allow i18n_input_t self:unix_stream_socket create_stream_socket_perms;
  27 allow i18n_input_t self:tcp_socket create_stream_socket_perms;
  28 allow i18n_input_t self:udp_socket create_socket_perms;
  29
  30 allow i18n_input_t i18n_input_var_run_t:dir create_dir_perms;
  31 allow i18n_input_t i18n_input_var_run_t:file create_file_perms;
  32 allow i18n_input_t i18n_input_var_run_t:sock_file create_file_perms;
  33 files_pid_filetrans(i18n_input_t,i18n_input_var_run_t,file)
  34
  35 can_exec(i18n_input_t, i18n_input_exec_t)
  36
  37 kernel_read_kernel_sysctls(i18n_input_t)
  38 kernel_read_system_state(i18n_input_t)
  39 kernel_tcp_recvfrom(i18n_input_t)
  40
  41 corenet_tcp_sendrecv_generic_if(i18n_input_t)
  42 corenet_udp_sendrecv_generic_if(i18n_input_t)
  43 corenet_raw_sendrecv_generic_if(i18n_input_t)
  44 corenet_tcp_sendrecv_all_nodes(i18n_input_t)
  45 corenet_udp_sendrecv_all_nodes(i18n_input_t)
  46 corenet_raw_sendrecv_all_nodes(i18n_input_t)
  47 corenet_tcp_sendrecv_all_ports(i18n_input_t)
  48 corenet_udp_sendrecv_all_ports(i18n_input_t)
  49 corenet_non_ipsec_sendrecv(i18n_input_t)
  50 corenet_tcp_bind_all_nodes(i18n_input_t)
  51 corenet_udp_bind_all_nodes(i18n_input_t)
  52 corenet_tcp_bind_i18n_input_port(i18n_input_t)
  53 corenet_tcp_connect_all_ports(i18n_input_t)
  54
  55 dev_read_sysfs(i18n_input_t)
  56
  57 fs_getattr_all_fs(i18n_input_t)
  58 fs_search_auto_mountpoints(i18n_input_t)
  59
  60 term_dontaudit_use_console(i18n_input_t)
  61
  62 corecmd_search_sbin(i18n_input_t)
  63 corecmd_search_bin(i18n_input_t)
  64 corecmd_exec_bin(i18n_input_t)
  65
  66 domain_use_interactive_fds(i18n_input_t)
  67
  68 files_read_etc_files(i18n_input_t)
  69 files_read_etc_runtime_files(i18n_input_t)
  70 files_read_usr_files(i18n_input_t)
  71
  72 init_use_fds(i18n_input_t)
  73 init_use_script_ptys(i18n_input_t)
  74 init_stream_connect_script(i18n_input_t)
  75
  76 libs_use_ld_so(i18n_input_t)
  77 libs_use_shared_libs(i18n_input_t)
  78
  79 logging_send_syslog_msg(i18n_input_t)
  80
  81 miscfiles_read_localization(i18n_input_t)
  82
  83 sysnet_read_config(i18n_input_t)
  84
  85 userdom_dontaudit_use_unpriv_user_fds(i18n_input_t)
  86 userdom_dontaudit_search_sysadm_home_dirs(i18n_input_t)
  87 userdom_read_unpriv_users_home_content_files(i18n_input_t)
  88
  89 ifdef(`targeted_policy',`
  90         term_dontaudit_use_unallocated_ttys(i18n_input_t)
  91         term_dontaudit_use_generic_ptys(i18n_input_t)
  92         files_dontaudit_read_root_files(i18n_input_t)
  93 ')
  94
  95 tunable_policy(`use_nfs_home_dirs',`
  96         fs_read_nfs_files(i18n_input_t)
  97         fs_read_nfs_symlinks(i18n_input_t)
  98 ')
  99
 100 tunable_policy(`use_samba_home_dirs',`
 101         fs_read_cifs_files(i18n_input_t)
 102         fs_read_cifs_symlinks(i18n_input_t)
 103 ')
 104
 105 optional_policy(`
 106         canna_stream_connect(i18n_input_t)
 107 ')
 108
 109 optional_policy(`
 110         mount_send_nfs_client_request(i18n_input_t)
 111 ')
 112
 113 optional_policy(`
 114         nis_use_ypbind(i18n_input_t)
 115 ')
 116
 117 optional_policy(`
 118         seutil_sigchld_newrole(i18n_input_t)
 119 ')
 120
 121 optional_policy(`
 122         udev_read_db(i18n_input_t)
 123 ')