]>
Commit | Line | Data |
---|---|---|
3865d6b9 | 1 | ## <summary>Miscelaneous files.</summary> |
e181fe05 | 2 | |
3eaa9939 DW |
3 | ######################################## |
4 | ## <summary> | |
5 | ## Make the specified type usable as a cert file. | |
6 | ## </summary> | |
7 | ## <desc> | |
8 | ## <p> | |
9 | ## Make the specified type usable for cert files. | |
10 | ## This will also make the type usable for files, making | |
11 | ## calls to files_type() redundant. Failure to use this interface | |
12 | ## for a temporary file may result in problems with | |
13 | ## cert management tools. | |
14 | ## </p> | |
15 | ## <p> | |
16 | ## Related interfaces: | |
17 | ## </p> | |
18 | ## <ul> | |
19 | ## <li>files_type()</li> | |
20 | ## </ul> | |
21 | ## <p> | |
22 | ## Example: | |
23 | ## </p> | |
24 | ## <p> | |
25 | ## type mycertfile_t; | |
26 | ## cert_type(mycertfile_t) | |
27 | ## allow mydomain_t mycertfile_t:file read_file_perms; | |
28 | ## files_search_etc(mydomain_t) | |
29 | ## </p> | |
30 | ## </desc> | |
31 | ## <param name="type"> | |
32 | ## <summary> | |
33 | ## Type to be used for files. | |
34 | ## </summary> | |
35 | ## </param> | |
36 | ## <infoflow type="none"/> | |
37 | # | |
38 | interface(`miscfiles_cert_type',` | |
39 | gen_require(` | |
40 | attribute cert_type; | |
41 | ') | |
42 | ||
43 | typeattribute $1 cert_type; | |
44 | files_type($1) | |
45 | ') | |
46 | ||
ec81ecb3 | 47 | ######################################## |
2ec4c9d3 | 48 | ## <summary> |
83406219 | 49 | ## Read all SSL certificates. |
6e99a6cf CP |
50 | ## </summary> |
51 | ## <param name="domain"> | |
885b83ec | 52 | ## <summary> |
77f6e2cd | 53 | ## Domain allowed access. |
885b83ec | 54 | ## </summary> |
6e99a6cf | 55 | ## </param> |
bbcd3c97 | 56 | ## <rolecap/> |
6e99a6cf | 57 | # |
83406219 | 58 | interface(`miscfiles_read_all_certs',` |
6e99a6cf | 59 | gen_require(` |
3eaa9939 | 60 | attribute cert_type; |
6e99a6cf CP |
61 | ') |
62 | ||
3eaa9939 DW |
63 | allow $1 cert_type:dir list_dir_perms; |
64 | read_files_pattern($1, cert_type, cert_type) | |
65 | read_lnk_files_pattern($1, cert_type, cert_type) | |
6e99a6cf CP |
66 | ') |
67 | ||
244b45d2 CP |
68 | ######################################## |
69 | ## <summary> | |
83406219 | 70 | ## Read generic SSL certificates. |
244b45d2 CP |
71 | ## </summary> |
72 | ## <param name="domain"> | |
73 | ## <summary> | |
74 | ## Domain allowed access. | |
75 | ## </summary> | |
76 | ## </param> | |
77 | ## <rolecap/> | |
78 | # | |
83406219 | 79 | interface(`miscfiles_read_generic_certs',` |
6e99a6cf CP |
80 | gen_require(` |
81 | type cert_t; | |
82 | ') | |
83 | ||
c0868a7a | 84 | allow $1 cert_t:dir list_dir_perms; |
3f67f722 CP |
85 | read_files_pattern($1, cert_t, cert_t) |
86 | read_lnk_files_pattern($1, cert_t, cert_t) | |
6e99a6cf CP |
87 | ') |
88 | ||
244b45d2 CP |
89 | ######################################## |
90 | ## <summary> | |
83406219 | 91 | ## Manage generic SSL certificates. |
244b45d2 CP |
92 | ## </summary> |
93 | ## <param name="domain"> | |
94 | ## <summary> | |
95 | ## Domain allowed access. | |
96 | ## </summary> | |
97 | ## </param> | |
244b45d2 | 98 | # |
83406219 | 99 | interface(`miscfiles_manage_generic_cert_dirs',` |
244b45d2 CP |
100 | gen_require(` |
101 | type cert_t; | |
102 | ') | |
103 | ||
104 | manage_dirs_pattern($1, cert_t, cert_t) | |
105 | ') | |
106 | ||
107 | ######################################## | |
108 | ## <summary> | |
83406219 | 109 | ## Manage generic SSL certificates. |
244b45d2 CP |
110 | ## </summary> |
111 | ## <param name="domain"> | |
112 | ## <summary> | |
113 | ## Domain allowed access. | |
114 | ## </summary> | |
115 | ## </param> | |
116 | ## <rolecap/> | |
117 | # | |
83406219 | 118 | interface(`miscfiles_manage_generic_cert_files',` |
244b45d2 CP |
119 | gen_require(` |
120 | type cert_t; | |
121 | ') | |
122 | ||
123 | manage_files_pattern($1, cert_t, cert_t) | |
124 | read_lnk_files_pattern($1, cert_t, cert_t) | |
125 | ') | |
126 | ||
83406219 DG |
127 | ######################################## |
128 | ## <summary> | |
129 | ## Read SSL certificates. | |
130 | ## </summary> | |
131 | ## <param name="domain"> | |
132 | ## <summary> | |
133 | ## Domain allowed access. | |
134 | ## </summary> | |
135 | ## </param> | |
136 | # | |
137 | interface(`miscfiles_read_certs',` | |
138 | miscfiles_read_generic_certs($1) | |
139 | refpolicywarn(`$0() has been deprecated, please use miscfiles_read_generic_certs() instead.') | |
140 | ') | |
141 | ||
142 | ######################################## | |
143 | ## <summary> | |
144 | ## Manage SSL certificates. | |
145 | ## </summary> | |
146 | ## <param name="domain"> | |
147 | ## <summary> | |
148 | ## Domain allowed access. | |
149 | ## </summary> | |
150 | ## </param> | |
151 | # | |
152 | interface(`miscfiles_manage_cert_dirs',` | |
153 | miscfiles_manage_generic_cert_dirs($1) | |
154 | refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_dirs() instead.') | |
155 | ') | |
156 | ||
157 | ######################################## | |
158 | ## <summary> | |
159 | ## Manage SSL certificates. | |
160 | ## </summary> | |
161 | ## <param name="domain"> | |
162 | ## <summary> | |
163 | ## Domain allowed access. | |
164 | ## </summary> | |
165 | ## </param> | |
166 | # | |
167 | interface(`miscfiles_manage_cert_files',` | |
168 | miscfiles_manage_generic_cert_files($1) | |
169 | refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_files() instead.') | |
170 | ') | |
171 | ||
6e99a6cf CP |
172 | ######################################## |
173 | ## <summary> | |
174 | ## Read fonts. | |
2ec4c9d3 CP |
175 | ## </summary> |
176 | ## <param name="domain"> | |
885b83ec | 177 | ## <summary> |
77f6e2cd | 178 | ## Domain allowed access. |
885b83ec | 179 | ## </summary> |
2ec4c9d3 | 180 | ## </param> |
bbcd3c97 | 181 | ## <rolecap/> |
ec81ecb3 | 182 | # |
199895e2 | 183 | interface(`miscfiles_read_fonts',` |
139520a2 | 184 | gen_require(` |
d0a6df5c | 185 | type fonts_t, fonts_cache_t; |
139520a2 CP |
186 | ') |
187 | ||
3f41889d | 188 | # cjp: fonts can be in either of these dirs |
139520a2 CP |
189 | files_search_usr($1) |
190 | libs_search_lib($1) | |
0c73cd25 | 191 | |
c0868a7a | 192 | allow $1 fonts_t:dir list_dir_perms; |
3f67f722 CP |
193 | read_files_pattern($1, fonts_t, fonts_t) |
194 | read_lnk_files_pattern($1, fonts_t, fonts_t) | |
d0a6df5c CP |
195 | |
196 | allow $1 fonts_cache_t:dir list_dir_perms; | |
197 | read_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
198 | read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
ec81ecb3 CP |
199 | ') |
200 | ||
9dfdd48f CP |
201 | ######################################## |
202 | ## <summary> | |
203 | ## Set the attributes on a fonts directory. | |
204 | ## </summary> | |
205 | ## <param name="domain"> | |
206 | ## <summary> | |
207 | ## Domain allowed access. | |
208 | ## </summary> | |
209 | ## </param> | |
210 | ## <rolecap/> | |
211 | # | |
212 | interface(`miscfiles_setattr_fonts_dirs',` | |
213 | gen_require(` | |
214 | type fonts_t; | |
215 | ') | |
216 | ||
217 | allow $1 fonts_t:dir setattr; | |
218 | ') | |
219 | ||
220 | ######################################## | |
221 | ## <summary> | |
222 | ## Do not audit attempts to set the attributes | |
223 | ## on a fonts directory. | |
224 | ## </summary> | |
225 | ## <param name="domain"> | |
226 | ## <summary> | |
a0546c9d | 227 | ## Domain to not audit. |
9dfdd48f CP |
228 | ## </summary> |
229 | ## </param> | |
230 | ## <rolecap/> | |
231 | # | |
232 | interface(`miscfiles_dontaudit_setattr_fonts_dirs',` | |
233 | gen_require(` | |
234 | type fonts_t; | |
235 | ') | |
236 | ||
237 | dontaudit $1 fonts_t:dir setattr; | |
238 | ') | |
239 | ||
226c0696 CP |
240 | ######################################## |
241 | ## <summary> | |
242 | ## Do not audit attempts to write fonts. | |
243 | ## </summary> | |
244 | ## <param name="domain"> | |
245 | ## <summary> | |
a0546c9d | 246 | ## Domain to not audit. |
226c0696 CP |
247 | ## </summary> |
248 | ## </param> | |
249 | ## <rolecap/> | |
250 | # | |
251 | interface(`miscfiles_dontaudit_write_fonts',` | |
252 | gen_require(` | |
253 | type fonts_t; | |
254 | ') | |
255 | ||
244b45d2 | 256 | dontaudit $1 fonts_t:dir { write setattr }; |
226c0696 CP |
257 | dontaudit $1 fonts_t:file write; |
258 | ') | |
259 | ||
3f41889d CP |
260 | ######################################## |
261 | ## <summary> | |
262 | ## Create, read, write, and delete fonts. | |
263 | ## </summary> | |
264 | ## <param name="domain"> | |
885b83ec | 265 | ## <summary> |
3f41889d | 266 | ## Domain allowed access. |
885b83ec | 267 | ## </summary> |
3f41889d | 268 | ## </param> |
bbcd3c97 | 269 | ## <rolecap/> |
3f41889d CP |
270 | # |
271 | interface(`miscfiles_manage_fonts',` | |
272 | gen_require(` | |
273 | type fonts_t; | |
274 | ') | |
275 | ||
276 | # cjp: fonts can be in either of these dirs | |
277 | files_search_usr($1) | |
278 | libs_search_lib($1) | |
279 | ||
3f67f722 CP |
280 | manage_dirs_pattern($1, fonts_t, fonts_t) |
281 | manage_files_pattern($1, fonts_t, fonts_t) | |
282 | manage_lnk_files_pattern($1, fonts_t, fonts_t) | |
3f41889d CP |
283 | ') |
284 | ||
d0a6df5c CP |
285 | ######################################## |
286 | ## <summary> | |
287 | ## Set the attributes on a fonts cache directory. | |
288 | ## </summary> | |
289 | ## <param name="domain"> | |
290 | ## <summary> | |
291 | ## Domain allowed access. | |
292 | ## </summary> | |
293 | ## </param> | |
294 | # | |
295 | interface(`miscfiles_setattr_fonts_cache_dirs',` | |
296 | gen_require(` | |
297 | type fonts_cache_t; | |
298 | ') | |
299 | ||
300 | allow $1 fonts_cache_t:dir setattr; | |
301 | ') | |
302 | ||
303 | ######################################## | |
304 | ## <summary> | |
305 | ## Do not audit attempts to set the attributes | |
306 | ## on a fonts cache directory. | |
307 | ## </summary> | |
308 | ## <param name="domain"> | |
309 | ## <summary> | |
a0546c9d | 310 | ## Domain to not audit. |
d0a6df5c CP |
311 | ## </summary> |
312 | ## </param> | |
313 | # | |
314 | interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',` | |
315 | gen_require(` | |
316 | type fonts_cache_t; | |
317 | ') | |
318 | ||
319 | dontaudit $1 fonts_cache_t:dir setattr; | |
320 | ') | |
321 | ||
322 | ######################################## | |
323 | ## <summary> | |
324 | ## Create, read, write, and delete fonts cache. | |
325 | ## </summary> | |
326 | ## <param name="domain"> | |
327 | ## <summary> | |
328 | ## Domain allowed access. | |
329 | ## </summary> | |
330 | ## </param> | |
331 | ## <rolecap/> | |
332 | # | |
333 | interface(`miscfiles_manage_fonts_cache',` | |
334 | gen_require(` | |
335 | type fonts_cache_t; | |
336 | ') | |
337 | ||
338 | files_search_var($1) | |
339 | ||
340 | manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t) | |
341 | manage_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
342 | manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
343 | ') | |
344 | ||
f4d7fdcf CP |
345 | ######################################## |
346 | ## <summary> | |
77f6e2cd | 347 | ## Read hardware identification data. |
f4d7fdcf CP |
348 | ## </summary> |
349 | ## <param name="domain"> | |
885b83ec | 350 | ## <summary> |
f4d7fdcf | 351 | ## Domain allowed access. |
885b83ec | 352 | ## </summary> |
f4d7fdcf CP |
353 | ## </param> |
354 | # | |
77f6e2cd | 355 | interface(`miscfiles_read_hwdata',` |
f4d7fdcf | 356 | gen_require(` |
77f6e2cd | 357 | type hwdata_t; |
f4d7fdcf CP |
358 | ') |
359 | ||
c0868a7a | 360 | allow $1 hwdata_t:dir list_dir_perms; |
3f67f722 CP |
361 | read_files_pattern($1, hwdata_t, hwdata_t) |
362 | read_lnk_files_pattern($1, hwdata_t, hwdata_t) | |
f4d7fdcf CP |
363 | ') |
364 | ||
6b19be33 CP |
365 | ######################################## |
366 | ## <summary> | |
367 | ## Allow process to setattr localization info | |
368 | ## </summary> | |
369 | ## <param name="domain"> | |
370 | ## <summary> | |
371 | ## Domain allowed access. | |
372 | ## </summary> | |
373 | ## </param> | |
374 | # | |
375 | interface(`miscfiles_setattr_localization',` | |
376 | gen_require(` | |
377 | type locale_t; | |
378 | ') | |
379 | ||
380 | files_search_usr($1) | |
381 | allow $1 locale_t:dir list_dir_perms; | |
382 | allow $1 locale_t:file setattr; | |
383 | ') | |
384 | ||
b4cd1533 | 385 | ######################################## |
2ec4c9d3 | 386 | ## <summary> |
611bc931 | 387 | ## Allow process to read localization information. |
2ec4c9d3 | 388 | ## </summary> |
611bc931 CP |
389 | ## <desc> |
390 | ## <p> | |
391 | ## Allow the specified domain to read the localization files. | |
392 | ## This is typically for time zone configuration files, such as | |
393 | ## /etc/localtime and files in /usr/share/zoneinfo. | |
394 | ## Typically, any domain which needs to know the GMT/UTC | |
395 | ## offset of the current timezone will need access | |
396 | ## to these files. Generally, it should be safe for any | |
397 | ## domain to read these files. | |
398 | ## </p> | |
399 | ## </desc> | |
2ec4c9d3 | 400 | ## <param name="domain"> |
885b83ec | 401 | ## <summary> |
77f6e2cd | 402 | ## Domain allowed access. |
885b83ec | 403 | ## </summary> |
2ec4c9d3 | 404 | ## </param> |
611bc931 | 405 | ## <infoflow type="read" weight="10"/> |
b4cd1533 | 406 | # |
199895e2 | 407 | interface(`miscfiles_read_localization',` |
139520a2 CP |
408 | gen_require(` |
409 | type locale_t; | |
139520a2 CP |
410 | ') |
411 | ||
2cac32a6 | 412 | files_read_etc_symlinks($1) |
139520a2 | 413 | files_search_usr($1) |
c0868a7a | 414 | allow $1 locale_t:dir list_dir_perms; |
3f67f722 CP |
415 | read_files_pattern($1, locale_t, locale_t) |
416 | read_lnk_files_pattern($1, locale_t, locale_t) | |
b4cd1533 CP |
417 | ') |
418 | ||
a5e2133b CP |
419 | ######################################## |
420 | ## <summary> | |
421 | ## Allow process to write localization info | |
422 | ## </summary> | |
423 | ## <param name="domain"> | |
424 | ## <summary> | |
425 | ## Domain allowed access. | |
426 | ## </summary> | |
427 | ## </param> | |
428 | # | |
429 | interface(`miscfiles_rw_localization',` | |
430 | gen_require(` | |
431 | type locale_t; | |
432 | ') | |
433 | ||
434 | files_search_usr($1) | |
435 | allow $1 locale_t:dir list_dir_perms; | |
3f67f722 | 436 | rw_files_pattern($1, locale_t, locale_t) |
a5e2133b CP |
437 | ') |
438 | ||
6b19be33 CP |
439 | ######################################## |
440 | ## <summary> | |
441 | ## Allow process to relabel localization info | |
442 | ## </summary> | |
443 | ## <param name="domain"> | |
444 | ## <summary> | |
445 | ## Domain allowed access. | |
446 | ## </summary> | |
447 | ## </param> | |
448 | # | |
449 | interface(`miscfiles_relabel_localization',` | |
450 | gen_require(` | |
451 | type locale_t; | |
452 | ') | |
453 | ||
454 | files_search_usr($1) | |
3f67f722 | 455 | relabel_files_pattern($1, locale_t, locale_t) |
6b19be33 CP |
456 | ') |
457 | ||
0fef98c4 | 458 | ######################################## |
2ec4c9d3 CP |
459 | ## <summary> |
460 | ## Allow process to read legacy time localization info | |
461 | ## </summary> | |
462 | ## <param name="domain"> | |
885b83ec | 463 | ## <summary> |
77f6e2cd | 464 | ## Domain allowed access. |
885b83ec | 465 | ## </summary> |
2ec4c9d3 | 466 | ## </param> |
0fef98c4 | 467 | # |
199895e2 | 468 | interface(`miscfiles_legacy_read_localization',` |
139520a2 CP |
469 | gen_require(` |
470 | type locale_t; | |
139520a2 | 471 | ') |
0c73cd25 CP |
472 | |
473 | miscfiles_read_localization($1) | |
474 | allow $1 locale_t:file execute; | |
0fef98c4 CP |
475 | ') |
476 | ||
9dfdd48f CP |
477 | ######################################## |
478 | ## <summary> | |
479 | ## Search man pages. | |
480 | ## </summary> | |
481 | ## <param name="domain"> | |
482 | ## <summary> | |
a0546c9d | 483 | ## Domain allowed access. |
9dfdd48f CP |
484 | ## </summary> |
485 | ## </param> | |
486 | # | |
487 | interface(`miscfiles_search_man_pages',` | |
488 | gen_require(` | |
489 | type man_t; | |
490 | ') | |
491 | ||
492 | allow $1 man_t:dir search_dir_perms; | |
493 | files_search_usr($1) | |
494 | ') | |
495 | ||
04926d07 CP |
496 | ######################################## |
497 | ## <summary> | |
498 | ## Do not audit attempts to search man pages. | |
499 | ## </summary> | |
500 | ## <param name="domain"> | |
885b83ec | 501 | ## <summary> |
04926d07 | 502 | ## Domain to not audit. |
885b83ec | 503 | ## </summary> |
04926d07 CP |
504 | ## </param> |
505 | # | |
506 | interface(`miscfiles_dontaudit_search_man_pages',` | |
507 | gen_require(` | |
508 | type man_t; | |
509 | ') | |
510 | ||
9dfdd48f | 511 | dontaudit $1 man_t:dir search_dir_perms; |
04926d07 CP |
512 | ') |
513 | ||
24280a52 | 514 | ######################################## |
2ec4c9d3 | 515 | ## <summary> |
cf6a7d89 | 516 | ## Read man pages |
2ec4c9d3 CP |
517 | ## </summary> |
518 | ## <param name="domain"> | |
885b83ec | 519 | ## <summary> |
cf6a7d89 | 520 | ## Domain allowed access. |
885b83ec | 521 | ## </summary> |
2ec4c9d3 | 522 | ## </param> |
bbcd3c97 | 523 | ## <rolecap/> |
24280a52 | 524 | # |
199895e2 | 525 | interface(`miscfiles_read_man_pages',` |
139520a2 CP |
526 | gen_require(` |
527 | type man_t; | |
139520a2 CP |
528 | ') |
529 | ||
530 | files_search_usr($1) | |
c0868a7a | 531 | allow $1 man_t:dir list_dir_perms; |
3f67f722 CP |
532 | read_files_pattern($1, man_t, man_t) |
533 | read_lnk_files_pattern($1, man_t, man_t) | |
24280a52 CP |
534 | ') |
535 | ||
2ec4c9d3 | 536 | ######################################## |
cf6a7d89 CP |
537 | ## <summary> |
538 | ## Delete man pages | |
539 | ## </summary> | |
540 | ## <param name="domain"> | |
885b83ec | 541 | ## <summary> |
cf6a7d89 | 542 | ## Domain allowed access. |
885b83ec | 543 | ## </summary> |
cf6a7d89 CP |
544 | ## </param> |
545 | # cjp: added for tmpreaper | |
546 | # | |
547 | interface(`miscfiles_delete_man_pages',` | |
548 | gen_require(` | |
549 | type man_t; | |
cf6a7d89 CP |
550 | ') |
551 | ||
552 | files_search_usr($1) | |
c0868a7a CP |
553 | |
554 | allow $1 man_t:dir setattr; | |
226c0696 CP |
555 | # RH bug #309351 |
556 | allow $1 man_t:dir list_dir_perms; | |
3f67f722 CP |
557 | delete_dirs_pattern($1, man_t, man_t) |
558 | delete_files_pattern($1, man_t, man_t) | |
559 | delete_lnk_files_pattern($1, man_t, man_t) | |
cf6a7d89 CP |
560 | ') |
561 | ||
562 | ######################################## | |
563 | ## <summary> | |
564 | ## Create, read, write, and delete man pages | |
565 | ## </summary> | |
566 | ## <param name="domain"> | |
885b83ec | 567 | ## <summary> |
cf6a7d89 | 568 | ## Domain allowed access. |
885b83ec | 569 | ## </summary> |
cf6a7d89 CP |
570 | ## </param> |
571 | # | |
572 | interface(`miscfiles_manage_man_pages',` | |
573 | gen_require(` | |
574 | type man_t; | |
cf6a7d89 CP |
575 | ') |
576 | ||
577 | files_search_usr($1) | |
3f67f722 CP |
578 | manage_dirs_pattern($1, man_t, man_t) |
579 | manage_files_pattern($1, man_t, man_t) | |
580 | read_lnk_files_pattern($1, man_t, man_t) | |
cf6a7d89 CP |
581 | ') |
582 | ||
77f6e2cd | 583 | ######################################## |
86998556 DW |
584 | ## <summary> |
585 | ## Allow process to relabel man_pages info | |
586 | ## </summary> | |
587 | ## <param name="domain"> | |
588 | ## <summary> | |
589 | ## Domain allowed access. | |
590 | ## </summary> | |
591 | ## </param> | |
592 | # | |
593 | interface(`miscfiles_relabel_man_pages',` | |
594 | gen_require(` | |
595 | type man_t; | |
596 | ') | |
597 | ||
598 | files_search_usr($1) | |
1dc8e349 | 599 | relabel_dirs_pattern($1, man_t, man_t) |
86998556 DW |
600 | relabel_files_pattern($1, man_t, man_t) |
601 | ') | |
602 | ||
603 | ######################################## | |
77f6e2cd CP |
604 | ## <summary> |
605 | ## Read public files used for file | |
606 | ## transfer services. | |
607 | ## </summary> | |
608 | ## <param name="domain"> | |
885b83ec | 609 | ## <summary> |
77f6e2cd | 610 | ## Domain allowed access. |
885b83ec | 611 | ## </summary> |
77f6e2cd | 612 | ## </param> |
bbcd3c97 | 613 | ## <rolecap/> |
77f6e2cd CP |
614 | # |
615 | interface(`miscfiles_read_public_files',` | |
616 | gen_require(` | |
67167371 | 617 | type public_content_t, public_content_rw_t; |
77f6e2cd CP |
618 | ') |
619 | ||
c0868a7a | 620 | allow $1 { public_content_t public_content_rw_t }:dir list_dir_perms; |
dccbb80c CP |
621 | read_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t }) |
622 | read_lnk_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t }) | |
77f6e2cd CP |
623 | ') |
624 | ||
625 | ######################################## | |
626 | ## <summary> | |
627 | ## Create, read, write, and delete public files | |
628 | ## and directories used for file transfer services. | |
629 | ## </summary> | |
630 | ## <param name="domain"> | |
885b83ec | 631 | ## <summary> |
77f6e2cd | 632 | ## Domain allowed access. |
885b83ec | 633 | ## </summary> |
77f6e2cd | 634 | ## </param> |
bbcd3c97 | 635 | ## <rolecap/> |
77f6e2cd CP |
636 | # |
637 | interface(`miscfiles_manage_public_files',` | |
638 | gen_require(` | |
639 | type public_content_rw_t; | |
640 | ') | |
641 | ||
3f67f722 CP |
642 | manage_dirs_pattern($1, public_content_rw_t, public_content_rw_t) |
643 | manage_files_pattern($1, public_content_rw_t, public_content_rw_t) | |
644 | manage_lnk_files_pattern($1, public_content_rw_t, public_content_rw_t) | |
77f6e2cd CP |
645 | ') |
646 | ||
cf6a7d89 | 647 | ######################################## |
2ec4c9d3 CP |
648 | ## <summary> |
649 | ## Read TeX data | |
650 | ## </summary> | |
651 | ## <param name="domain"> | |
885b83ec | 652 | ## <summary> |
77f6e2cd | 653 | ## Domain allowed access. |
885b83ec | 654 | ## </summary> |
2ec4c9d3 CP |
655 | ## </param> |
656 | # | |
657 | interface(`miscfiles_read_tetex_data',` | |
658 | gen_require(` | |
659 | type tetex_data_t; | |
2ec4c9d3 CP |
660 | ') |
661 | ||
662 | files_search_var($1) | |
663 | files_search_var_lib($1) | |
664 | ||
665 | # cjp: TeX data can be in either of the above dirs | |
c0868a7a | 666 | allow $1 tetex_data_t:dir list_dir_perms; |
3f67f722 CP |
667 | read_files_pattern($1, tetex_data_t, tetex_data_t) |
668 | read_lnk_files_pattern($1, tetex_data_t, tetex_data_t) | |
2ec4c9d3 CP |
669 | ') |
670 | ||
671 | ######################################## | |
672 | ## <summary> | |
673 | ## Execute TeX data programs in the caller domain. | |
674 | ## </summary> | |
675 | ## <param name="domain"> | |
885b83ec | 676 | ## <summary> |
77f6e2cd | 677 | ## Domain allowed access. |
885b83ec | 678 | ## </summary> |
2ec4c9d3 CP |
679 | ## </param> |
680 | # | |
681 | interface(`miscfiles_exec_tetex_data',` | |
682 | gen_require(` | |
683 | type fonts_t; | |
8f3a0a95 | 684 | type tetex_data_t; |
2ec4c9d3 CP |
685 | ') |
686 | ||
687 | files_search_var($1) | |
688 | files_search_var_lib($1) | |
689 | ||
690 | # cjp: TeX data can be in either of the above dirs | |
c0868a7a | 691 | allow $1 tetex_data_t:dir list_dir_perms; |
3f67f722 | 692 | exec_files_pattern($1, tetex_data_t, tetex_data_t) |
2ec4c9d3 | 693 | ') |
d42c7ede CP |
694 | |
695 | ######################################## | |
696 | ## <summary> | |
697 | ## Let test files be an entry point for | |
698 | ## a specified domain. | |
699 | ## </summary> | |
700 | ## <param name="domain"> | |
701 | ## <summary> | |
a0546c9d | 702 | ## Domain allowed access. |
d42c7ede CP |
703 | ## </summary> |
704 | ## </param> | |
705 | # | |
706 | interface(`miscfiles_domain_entry_test_files',` | |
707 | gen_require(` | |
708 | type test_file_t; | |
709 | ') | |
710 | ||
711 | domain_entry_file($1, test_file_t) | |
712 | ') | |
713 | ||
714 | ######################################## | |
715 | ## <summary> | |
716 | ## Read test files and directories. | |
717 | ## </summary> | |
718 | ## <param name="domain"> | |
719 | ## <summary> | |
720 | ## Domain allowed access. | |
721 | ## </summary> | |
722 | ## </param> | |
723 | # | |
724 | interface(`miscfiles_read_test_files',` | |
725 | gen_require(` | |
726 | type test_file_t; | |
727 | ') | |
728 | ||
3f67f722 CP |
729 | read_files_pattern($1, test_file_t, test_file_t) |
730 | read_lnk_files_pattern($1, test_file_t, test_file_t) | |
d42c7ede CP |
731 | ') |
732 | ||
733 | ######################################## | |
734 | ## <summary> | |
735 | ## Execute test files. | |
736 | ## </summary> | |
737 | ## <param name="domain"> | |
738 | ## <summary> | |
739 | ## Domain allowed access. | |
740 | ## </summary> | |
741 | ## </param> | |
742 | # | |
743 | interface(`miscfiles_exec_test_files',` | |
744 | gen_require(` | |
745 | type test_file_t; | |
746 | ') | |
747 | ||
3f67f722 CP |
748 | exec_files_pattern($1, test_file_t, test_file_t) |
749 | read_lnk_files_pattern($1, test_file_t, test_file_t) | |
d42c7ede | 750 | ') |
6b19be33 CP |
751 | |
752 | ######################################## | |
753 | ## <summary> | |
754 | ## Execute test files. | |
755 | ## </summary> | |
756 | ## <param name="domain"> | |
757 | ## <summary> | |
758 | ## Domain allowed access. | |
759 | ## </summary> | |
760 | ## </param> | |
761 | # | |
762 | interface(`miscfiles_etc_filetrans_localization',` | |
763 | gen_require(` | |
764 | type locale_t; | |
765 | ') | |
766 | ||
767 | files_etc_filetrans($1, locale_t, file) | |
c8cacd98 DW |
768 | ') |
769 | ||
6b19be33 CP |
770 | ######################################## |
771 | ## <summary> | |
772 | ## Create, read, write, and delete localization | |
773 | ## </summary> | |
774 | ## <param name="domain"> | |
775 | ## <summary> | |
776 | ## Domain allowed access. | |
777 | ## </summary> | |
778 | ## </param> | |
779 | ## <rolecap/> | |
780 | # | |
781 | interface(`miscfiles_manage_localization',` | |
782 | gen_require(` | |
783 | type locale_t; | |
784 | ') | |
785 | ||
3f67f722 CP |
786 | manage_dirs_pattern($1, locale_t, locale_t) |
787 | manage_files_pattern($1, locale_t, locale_t) | |
788 | manage_lnk_files_pattern($1, locale_t, locale_t) | |
6b19be33 CP |
789 | ') |
790 | ||
91a6f708 DW |
791 | ######################################## |
792 | ## <summary> | |
793 | ## Transition to miscfiles named content | |
794 | ## </summary> | |
795 | ## <param name="domain"> | |
796 | ## <summary> | |
797 | ## Domain allowed access. | |
798 | ## </summary> | |
799 | ## </param> | |
800 | # | |
801 | interface(`miscfiles_filetrans_named_content',` | |
802 | gen_require(` | |
803 | type locale_t; | |
2df1e856 | 804 | type man_t; |
91a6f708 DW |
805 | type cert_t; |
806 | type fonts_t; | |
807 | type fonts_cache_t; | |
808 | type hwdata_t; | |
809 | type tetex_data_t; | |
810 | type public_content_t; | |
811 | ') | |
812 | ||
813 | files_etc_filetrans($1, locale_t, file, "localtime") | |
4be99793 | 814 | files_etc_filetrans($1, locale_t, file, "locale.conf") |
2df1e856 | 815 | files_var_filetrans($1, man_t, dir, "man") |
91a6f708 DW |
816 | files_etc_filetrans($1, locale_t, file, "timezone") |
817 | files_etc_filetrans($1, locale_t, file, "clock") | |
818 | files_etc_filetrans($1, cert_t, dir, "pki") | |
819 | files_usr_filetrans($1, locale_t, dir, "locale") | |
820 | files_usr_filetrans($1, locale_t, dir, "zoneinfo") | |
821 | files_usr_filetrans($1, cert_t, dir, "certs") | |
822 | files_usr_filetrans($1, fonts_t, dir, "fonts") | |
823 | files_usr_filetrans($1, hwdata_t, dir, "hwdata") | |
824 | files_var_filetrans($1, fonts_cache_t, dir, "fontconfig") | |
825 | files_var_filetrans($1, tetex_data_t, dir, "fonts") | |
826 | files_spool_filetrans($1, tetex_data_t, dir, "texmf") | |
827 | files_var_lib_filetrans($1, tetex_data_t, dir, "texmf") | |
828 | files_var_filetrans($1, public_content_t, dir, "ftp") | |
829 | ') |