refpolicy/policy/modules/services/slrnpull.te

   1
   2 policy_module(slrnpull,1.0.0)
   3
   4 ########################################
   5 #
   6 # Declarations
   7 #
   8
   9 type slrnpull_t;
  10 type slrnpull_exec_t;
  11 init_daemon_domain(slrnpull_t,slrnpull_exec_t)
  12
  13 type slrnpull_var_run_t;
  14 files_pid_file(slrnpull_var_run_t)
  15
  16 type slrnpull_spool_t;
  17 files_type(slrnpull_spool_t)
  18
  19 type slrnpull_log_t;
  20 logging_log_file(slrnpull_log_t)
  21
  22 ########################################
  23 #
  24 # Local policy
  25 #
  26
  27 dontaudit slrnpull_t self:capability sys_tty_config;
  28 allow slrnpull_t self:process signal_perms;
  29
  30 allow slrnpull_t slrnpull_log_t:file create_file_perms;
  31 logging_log_filetrans(slrnpull_t,slrnpull_log_t,file)
  32
  33 allow slrnpull_t slrnpull_spool_t:dir rw_dir_perms;
  34 allow slrnpull_t slrnpull_spool_t:dir create_dir_perms;
  35 allow slrnpull_t slrnpull_spool_t:file create_file_perms;
  36 allow slrnpull_t slrnpull_spool_t:lnk_file create_lnk_perms;
  37 files_search_spool(slrnpull_t)
  38
  39 allow slrnpull_t slrnpull_var_run_t:file create_file_perms;
  40 allow slrnpull_t slrnpull_var_run_t:dir rw_dir_perms;
  41 files_pid_filetrans(slrnpull_t,slrnpull_var_run_t,file)
  42
  43 kernel_list_proc(slrnpull_t)
  44 kernel_read_kernel_sysctls(slrnpull_t)
  45 kernel_read_proc_symlinks(slrnpull_t)
  46
  47 dev_read_sysfs(slrnpull_t)
  48
  49 domain_use_interactive_fds(slrnpull_t)
  50
  51 files_read_etc_files(slrnpull_t)
  52
  53 fs_getattr_all_fs(slrnpull_t)
  54 fs_search_auto_mountpoints(slrnpull_t)
  55
  56 term_dontaudit_use_console(slrnpull_t)
  57
  58 init_use_fds(slrnpull_t)
  59 init_use_script_ptys(slrnpull_t)
  60
  61 libs_use_ld_so(slrnpull_t)
  62 libs_use_shared_libs(slrnpull_t)
  63
  64 logging_send_syslog_msg(slrnpull_t)
  65
  66 miscfiles_read_localization(slrnpull_t)
  67
  68 userdom_dontaudit_use_unpriv_user_fds(slrnpull_t)
  69 userdom_dontaudit_search_sysadm_home_dirs(slrnpull_t)
  70
  71 ifdef(`targeted_policy',`
  72         files_dontaudit_read_root_files(slrnpull_t)
  73         term_dontaudit_use_unallocated_ttys(slrnpull_t)
  74         term_dontaudit_use_generic_ptys(slrnpull_t)
  75 ')
  76
  77 optional_policy(`
  78         cron_system_entry(slrnpull_t,slrnpull_exec_t)
  79 ')
  80
  81 optional_policy(`
  82         seutil_sigchld_newrole(slrnpull_t)
  83 ')
  84
  85 optional_policy(`
  86         udev_read_db(slrnpull_t)
  87 ')