]>
Commit | Line | Data |
---|---|---|
9570b288 | 1 | policy_module(backup, 1.5.0) |
57f233b0 CP |
2 | |
3 | ######################################## | |
4 | # | |
5 | # Declarations | |
6 | # | |
7 | ||
8 | type backup_t; | |
9 | type backup_exec_t; | |
10 | domain_type(backup_t) | |
0bfccda4 | 11 | domain_entry_file(backup_t, backup_exec_t) |
57f233b0 CP |
12 | role system_r types backup_t; |
13 | ||
14 | type backup_store_t; | |
15 | files_type(backup_store_t) | |
16 | ||
17 | ######################################## | |
18 | # | |
19 | # Local policy | |
20 | # | |
21 | ||
22 | allow backup_t self:capability dac_override; | |
23 | allow backup_t self:process signal; | |
c0868a7a | 24 | allow backup_t self:fifo_file rw_fifo_file_perms; |
57f233b0 CP |
25 | allow backup_t self:tcp_socket create_socket_perms; |
26 | allow backup_t self:udp_socket create_socket_perms; | |
27 | ||
c0868a7a | 28 | allow backup_t backup_store_t:file setattr; |
0bfccda4 CP |
29 | manage_files_pattern(backup_t, backup_store_t, backup_store_t) |
30 | rw_files_pattern(backup_t, backup_store_t, backup_store_t) | |
31 | read_lnk_files_pattern(backup_t, backup_store_t, backup_store_t) | |
57f233b0 CP |
32 | |
33 | kernel_read_system_state(backup_t) | |
34 | kernel_read_kernel_sysctls(backup_t) | |
35 | ||
36 | corecmd_exec_bin(backup_t) | |
45b56b01 | 37 | corecmd_exec_shell(backup_t) |
57f233b0 | 38 | |
19006686 CP |
39 | corenet_all_recvfrom_unlabeled(backup_t) |
40 | corenet_all_recvfrom_netlabel(backup_t) | |
57f233b0 CP |
41 | corenet_tcp_sendrecv_generic_if(backup_t) |
42 | corenet_udp_sendrecv_generic_if(backup_t) | |
43 | corenet_raw_sendrecv_generic_if(backup_t) | |
c1262146 CP |
44 | corenet_tcp_sendrecv_generic_node(backup_t) |
45 | corenet_udp_sendrecv_generic_node(backup_t) | |
46 | corenet_raw_sendrecv_generic_node(backup_t) | |
57f233b0 CP |
47 | corenet_tcp_sendrecv_all_ports(backup_t) |
48 | corenet_udp_sendrecv_all_ports(backup_t) | |
57f233b0 | 49 | corenet_tcp_connect_all_ports(backup_t) |
9d0c9b3e | 50 | corenet_sendrecv_all_client_packets(backup_t) |
57f233b0 CP |
51 | |
52 | dev_getattr_all_blk_files(backup_t) | |
53 | dev_getattr_all_chr_files(backup_t) | |
54 | # for SSP | |
55 | dev_read_urand(backup_t) | |
56 | ||
57 | domain_use_interactive_fds(backup_t) | |
58 | ||
59 | files_read_all_files(backup_t) | |
60 | files_read_all_symlinks(backup_t) | |
61 | files_getattr_all_pipes(backup_t) | |
62 | files_getattr_all_sockets(backup_t) | |
63 | ||
64 | fs_getattr_xattr_fs(backup_t) | |
65 | fs_list_all(backup_t) | |
66 | ||
67 | auth_read_shadow(backup_t) | |
68 | ||
57f233b0 CP |
69 | logging_send_syslog_msg(backup_t) |
70 | ||
71 | sysnet_read_config(backup_t) | |
72 | ||
af2d8802 | 73 | userdom_use_inherited_user_terminals(backup_t) |
296273a7 | 74 | |
57f233b0 | 75 | optional_policy(` |
0bfccda4 | 76 | cron_system_entry(backup_t, backup_exec_t) |
57f233b0 CP |
77 | ') |
78 | ||
79 | optional_policy(` | |
80 | hostname_exec(backup_t) | |
81 | ') | |
82 | ||
83 | optional_policy(` | |
84 | nis_use_ypbind(backup_t) | |
85 | ') |