[people/stevee/selinux-policy.git] / policy / modules / apps / gitosis.if

## <summary>Tools for managing and hosting git repositories.</summary>

#######################################
## <summary>
##	Execute a domain transition to run gitosis.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`gitosis_domtrans',`
	gen_require(`
		type gitosis_t, gitosis_exec_t;
	')

	domtrans_pattern($1, gitosis_exec_t, gitosis_t)
')

#######################################
## <summary>
##	Execute gitosis-serve in the gitosis domain, and
##	allow the specified role the gitosis domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
#
interface(`gitosis_run',`
	gen_require(`
		type gitosis_t;
	')

	gitosis_domtrans($1)
	role $2 types gitosis_t;
')

#######################################
## <summary>
##	Allow the specified domain to read
##	gitosis lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gitosis_read_lib_files',`
	gen_require(`
		type gitosis_var_lib_t;
	')

	files_search_var_lib($1)
	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
	list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
')

######################################
## <summary>
##	Allow the specified domain to manage
##	gitosis lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`gitosis_manage_lib_files',`
	gen_require(`
		type gitosis_var_lib_t;
	')

	files_search_var_lib($1)
	manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
')
Commit	Line	Data
dbed9536 CP	1	## <summary>Tools for managing and hosting git repositories.</summary>
	2
	3	#######################################
	4	## <summary>
	5	## Execute a domain transition to run gitosis.
	6	## </summary>
	7	## <param name="domain">
	8	## <summary>
	9	## Domain allowed to transition.
	10	## </summary>
	11	## </param>
	12	#
	13	interface(`gitosis_domtrans',`
	14	gen_require(`
	15	type gitosis_t, gitosis_exec_t;
	16	')
	17
	18	domtrans_pattern($1, gitosis_exec_t, gitosis_t)
	19	')
	20
	21	#######################################
	22	## <summary>
	23	## Execute gitosis-serve in the gitosis domain, and
	24	## allow the specified role the gitosis domain.
	25	## </summary>
	26	## <param name="domain">
	27	## <summary>
	28	## Domain allowed access
	29	## </summary>
	30	## </param>
	31	## <param name="role">
	32	## <summary>
	33	## Role allowed access.
	34	## </summary>
	35	## </param>
	36	#
	37	interface(`gitosis_run',`
	38	gen_require(`
	39	type gitosis_t;
	40	')
	41
	42	gitosis_domtrans($1)
	43	role $2 types gitosis_t;
	44	')
	45
75c8a691 JS	46	#######################################
	47	## <summary>
	48	## Allow the specified domain to read
	49	## gitosis lib files.
	50	## </summary>
	51	## <param name="domain">
	52	## <summary>
	53	## Domain allowed access.
	54	## </summary>
	55	## </param>
	56	#
	57	interface(`gitosis_read_lib_files',`
	58	gen_require(`
	59	type gitosis_var_lib_t;
	60	')
	61
	62	files_search_var_lib($1)
	63	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
	64	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
5f04c91f	65	list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
75c8a691 JS	66	')
	67
	68	######################################
	69	## <summary>
	70	## Allow the specified domain to manage
	71	## gitosis lib files.
	72	## </summary>
	73	## <param name="domain">
	74	## <summary>
	75	## Domain allowed access.
	76	## </summary>
	77	## </param>
	78	#
	79	interface(`gitosis_manage_lib_files',`
	80	gen_require(`
	81	type gitosis_var_lib_t;
	82	')
	83
	84	files_search_var_lib($1)
	85	manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
	86	')