-## <summary>APT advanced package toll.</summary>
+## <summary>APT advanced package tool.</summary>
########################################
## <summary>
## </summary>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed to transition.
## </summary>
## </param>
#
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,apt_exec_t,apt_t)
+ domtrans_pattern($1, apt_exec_t, apt_t)
')
########################################
## </summary>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## The role to allow the apt domain.
## </summary>
## </param>
-## <param name="terminal">
-## <summary>
-## The type of the terminal allow the apt domain to use.
-## </summary>
-## </param>
## <rolecap/>
#
interface(`apt_run',`
apt_domtrans($1)
role $2 types apt_t;
- allow apt_t $3:chr_file rw_term_perms;
# TODO: likely have to add dpkg_run here.
')
## </summary>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
#
# TODO: enforce dpkg_use_fd?
')
+########################################
+## <summary>
+## Do not audit attempts to use file descriptors from apt.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`apt_dontaudit_use_fds',`
+ gen_require(`
+ type apt_t;
+ ')
+
+ dontaudit $1 apt_t:fd use;
+')
+
########################################
## <summary>
## Read from an unnamed apt pipe.
## </summary>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
#
## </summary>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
#
allow $1 apt_devpts_t:chr_file rw_term_perms;
')
+########################################
+## <summary>
+## Read the apt package cache.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`apt_read_cache',`
+ gen_require(`
+ type apt_var_cache_t;
+ ')
+
+ files_search_var($1)
+ allow $1 apt_var_cache_t:dir list_dir_perms;
+ dontaudit $1 apt_var_cache_t:dir write;
+ allow $1 apt_var_cache_t:file read_file_perms;
+')
+
########################################
## <summary>
## Read the apt package database.
## </summary>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
#
files_search_var_lib($1)
allow $1 apt_var_lib_t:dir list_dir_perms;
- read_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
- read_lnk_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
+ read_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+ read_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
')
########################################
## </summary>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
#
')
files_search_var_lib($1)
- manage_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
+ manage_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
# cjp: shouldnt this be manage_lnk_files?
- rw_lnk_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
- delete_lnk_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
+ rw_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+ delete_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
')
########################################