projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 3865d6b9 | 1 | ## <summary>Miscelaneous files.</summary> |
| e181fe05 | 2 | |
| 3eaa9939 DW |
3 | ######################################## |
| 4 | ## <summary> | |
| 5 | ## Make the specified type usable as a cert file. | |
| 6 | ## </summary> | |
| 7 | ## <desc> | |
| 8 | ## <p> | |
| 9 | ## Make the specified type usable for cert files. | |
| 10 | ## This will also make the type usable for files, making | |
| 11 | ## calls to files_type() redundant. Failure to use this interface | |
| 12 | ## for a temporary file may result in problems with | |
| 13 | ## cert management tools. | |
| 14 | ## </p> | |
| 15 | ## <p> | |
| 16 | ## Related interfaces: | |
| 17 | ## </p> | |
| 18 | ## <ul> | |
| 19 | ## <li>files_type()</li> | |
| 20 | ## </ul> | |
| 21 | ## <p> | |
| 22 | ## Example: | |
| 23 | ## </p> | |
| 24 | ## <p> | |
| 25 | ## type mycertfile_t; | |
| 26 | ## cert_type(mycertfile_t) | |
| 27 | ## allow mydomain_t mycertfile_t:file read_file_perms; | |
| 28 | ## files_search_etc(mydomain_t) | |
| 29 | ## </p> | |
| 30 | ## </desc> | |
| 31 | ## <param name="type"> | |
| 32 | ## <summary> | |
| 33 | ## Type to be used for files. | |
| 34 | ## </summary> | |
| 35 | ## </param> | |
| 36 | ## <infoflow type="none"/> | |
| 37 | # | |
| 38 | interface(`miscfiles_cert_type',` | |
| 39 | gen_require(` | |
| 40 | attribute cert_type; | |
| 41 | ') | |
| 42 | ||
| 43 | typeattribute $1 cert_type; | |
| 44 | files_type($1) | |
| 45 | ') | |
| 46 | ||
| ec81ecb3 | 47 | ######################################## |
| 2ec4c9d3 | 48 | ## <summary> |
| 83406219 | 49 | ## Read all SSL certificates. |
| 6e99a6cf CP |
50 | ## </summary> |
| 51 | ## <param name="domain"> | |
| 885b83ec | 52 | ## <summary> |
| 77f6e2cd | 53 | ## Domain allowed access. |
| 885b83ec | 54 | ## </summary> |
| 6e99a6cf | 55 | ## </param> |
| bbcd3c97 | 56 | ## <rolecap/> |
| 6e99a6cf | 57 | # |
| 83406219 | 58 | interface(`miscfiles_read_all_certs',` |
| 6e99a6cf | 59 | gen_require(` |
| 3eaa9939 | 60 | attribute cert_type; |
| 6e99a6cf CP |
61 | ') |
| 62 | ||
| 3eaa9939 DW |
63 | allow $1 cert_type:dir list_dir_perms; |
| 64 | read_files_pattern($1, cert_type, cert_type) | |
| 65 | read_lnk_files_pattern($1, cert_type, cert_type) | |
| 6e99a6cf CP |
66 | ') |
| 67 | ||
| 244b45d2 CP |
68 | ######################################## |
| 69 | ## <summary> | |
| 83406219 | 70 | ## Read generic SSL certificates. |
| 244b45d2 CP |
71 | ## </summary> |
| 72 | ## <param name="domain"> | |
| 73 | ## <summary> | |
| 74 | ## Domain allowed access. | |
| 75 | ## </summary> | |
| 76 | ## </param> | |
| 77 | ## <rolecap/> | |
| 78 | # | |
| 83406219 | 79 | interface(`miscfiles_read_generic_certs',` |
| 6e99a6cf CP |
80 | gen_require(` |
| 81 | type cert_t; | |
| 82 | ') | |
| 83 | ||
| c0868a7a | 84 | allow $1 cert_t:dir list_dir_perms; |
| 3f67f722 CP |
85 | read_files_pattern($1, cert_t, cert_t) |
| 86 | read_lnk_files_pattern($1, cert_t, cert_t) | |
| 6e99a6cf CP |
87 | ') |
| 88 | ||
| 244b45d2 CP |
89 | ######################################## |
| 90 | ## <summary> | |
| 83406219 | 91 | ## Manage generic SSL certificates. |
| 244b45d2 CP |
92 | ## </summary> |
| 93 | ## <param name="domain"> | |
| 94 | ## <summary> | |
| 95 | ## Domain allowed access. | |
| 96 | ## </summary> | |
| 97 | ## </param> | |
| 244b45d2 | 98 | # |
| 83406219 | 99 | interface(`miscfiles_manage_generic_cert_dirs',` |
| 244b45d2 CP |
100 | gen_require(` |
| 101 | type cert_t; | |
| 102 | ') | |
| 103 | ||
| 104 | manage_dirs_pattern($1, cert_t, cert_t) | |
| 105 | ') | |
| 106 | ||
| 107 | ######################################## | |
| 108 | ## <summary> | |
| 83406219 | 109 | ## Manage generic SSL certificates. |
| 244b45d2 CP |
110 | ## </summary> |
| 111 | ## <param name="domain"> | |
| 112 | ## <summary> | |
| 113 | ## Domain allowed access. | |
| 114 | ## </summary> | |
| 115 | ## </param> | |
| 116 | ## <rolecap/> | |
| 117 | # | |
| 83406219 | 118 | interface(`miscfiles_manage_generic_cert_files',` |
| 244b45d2 CP |
119 | gen_require(` |
| 120 | type cert_t; | |
| 121 | ') | |
| 122 | ||
| 123 | manage_files_pattern($1, cert_t, cert_t) | |
| 124 | read_lnk_files_pattern($1, cert_t, cert_t) | |
| 125 | ') | |
| 126 | ||
| 83406219 DG |
127 | ######################################## |
| 128 | ## <summary> | |
| 129 | ## Read SSL certificates. | |
| 130 | ## </summary> | |
| 131 | ## <param name="domain"> | |
| 132 | ## <summary> | |
| 133 | ## Domain allowed access. | |
| 134 | ## </summary> | |
| 135 | ## </param> | |
| 136 | # | |
| 137 | interface(`miscfiles_read_certs',` | |
| 138 | miscfiles_read_generic_certs($1) | |
| 139 | refpolicywarn(`$0() has been deprecated, please use miscfiles_read_generic_certs() instead.') | |
| 140 | ') | |
| 141 | ||
| 142 | ######################################## | |
| 143 | ## <summary> | |
| 144 | ## Manage SSL certificates. | |
| 145 | ## </summary> | |
| 146 | ## <param name="domain"> | |
| 147 | ## <summary> | |
| 148 | ## Domain allowed access. | |
| 149 | ## </summary> | |
| 150 | ## </param> | |
| 151 | # | |
| 152 | interface(`miscfiles_manage_cert_dirs',` | |
| 153 | miscfiles_manage_generic_cert_dirs($1) | |
| 154 | refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_dirs() instead.') | |
| 155 | ') | |
| 156 | ||
| 157 | ######################################## | |
| 158 | ## <summary> | |
| 159 | ## Manage SSL certificates. | |
| 160 | ## </summary> | |
| 161 | ## <param name="domain"> | |
| 162 | ## <summary> | |
| 163 | ## Domain allowed access. | |
| 164 | ## </summary> | |
| 165 | ## </param> | |
| 166 | # | |
| 167 | interface(`miscfiles_manage_cert_files',` | |
| 168 | miscfiles_manage_generic_cert_files($1) | |
| 169 | refpolicywarn(`$0() has been deprecated, please use miscfiles_manage_generic_cert_files() instead.') | |
| 170 | ') | |
| 171 | ||
| 6e99a6cf CP |
172 | ######################################## |
| 173 | ## <summary> | |
| 174 | ## Read fonts. | |
| 2ec4c9d3 CP |
175 | ## </summary> |
| 176 | ## <param name="domain"> | |
| 885b83ec | 177 | ## <summary> |
| 77f6e2cd | 178 | ## Domain allowed access. |
| 885b83ec | 179 | ## </summary> |
| 2ec4c9d3 | 180 | ## </param> |
| bbcd3c97 | 181 | ## <rolecap/> |
| ec81ecb3 | 182 | # |
| 199895e2 | 183 | interface(`miscfiles_read_fonts',` |
| 139520a2 | 184 | gen_require(` |
| d0a6df5c | 185 | type fonts_t, fonts_cache_t; |
| 139520a2 CP |
186 | ') |
| 187 | ||
| 3f41889d | 188 | # cjp: fonts can be in either of these dirs |
| 139520a2 CP |
189 | files_search_usr($1) |
| 190 | libs_search_lib($1) | |
| 0c73cd25 | 191 | |
| c0868a7a | 192 | allow $1 fonts_t:dir list_dir_perms; |
| 3f67f722 CP |
193 | read_files_pattern($1, fonts_t, fonts_t) |
| 194 | read_lnk_files_pattern($1, fonts_t, fonts_t) | |
| d0a6df5c CP |
195 | |
| 196 | allow $1 fonts_cache_t:dir list_dir_perms; | |
| 197 | read_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
| 198 | read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
| ec81ecb3 CP |
199 | ') |
| 200 | ||
| 9dfdd48f CP |
201 | ######################################## |
| 202 | ## <summary> | |
| 203 | ## Set the attributes on a fonts directory. | |
| 204 | ## </summary> | |
| 205 | ## <param name="domain"> | |
| 206 | ## <summary> | |
| 207 | ## Domain allowed access. | |
| 208 | ## </summary> | |
| 209 | ## </param> | |
| 210 | ## <rolecap/> | |
| 211 | # | |
| 212 | interface(`miscfiles_setattr_fonts_dirs',` | |
| 213 | gen_require(` | |
| 214 | type fonts_t; | |
| 215 | ') | |
| 216 | ||
| 217 | allow $1 fonts_t:dir setattr; | |
| 218 | ') | |
| 219 | ||
| 220 | ######################################## | |
| 221 | ## <summary> | |
| 222 | ## Do not audit attempts to set the attributes | |
| 223 | ## on a fonts directory. | |
| 224 | ## </summary> | |
| 225 | ## <param name="domain"> | |
| 226 | ## <summary> | |
| a0546c9d | 227 | ## Domain to not audit. |
| 9dfdd48f CP |
228 | ## </summary> |
| 229 | ## </param> | |
| 230 | ## <rolecap/> | |
| 231 | # | |
| 232 | interface(`miscfiles_dontaudit_setattr_fonts_dirs',` | |
| 233 | gen_require(` | |
| 234 | type fonts_t; | |
| 235 | ') | |
| 236 | ||
| 237 | dontaudit $1 fonts_t:dir setattr; | |
| 238 | ') | |
| 239 | ||
| 226c0696 CP |
240 | ######################################## |
| 241 | ## <summary> | |
| 242 | ## Do not audit attempts to write fonts. | |
| 243 | ## </summary> | |
| 244 | ## <param name="domain"> | |
| 245 | ## <summary> | |
| a0546c9d | 246 | ## Domain to not audit. |
| 226c0696 CP |
247 | ## </summary> |
| 248 | ## </param> | |
| 249 | ## <rolecap/> | |
| 250 | # | |
| 251 | interface(`miscfiles_dontaudit_write_fonts',` | |
| 252 | gen_require(` | |
| 253 | type fonts_t; | |
| 254 | ') | |
| 255 | ||
| 244b45d2 | 256 | dontaudit $1 fonts_t:dir { write setattr }; |
| 226c0696 CP |
257 | dontaudit $1 fonts_t:file write; |
| 258 | ') | |
| 259 | ||
| 3f41889d CP |
260 | ######################################## |
| 261 | ## <summary> | |
| 262 | ## Create, read, write, and delete fonts. | |
| 263 | ## </summary> | |
| 264 | ## <param name="domain"> | |
| 885b83ec | 265 | ## <summary> |
| 3f41889d | 266 | ## Domain allowed access. |
| 885b83ec | 267 | ## </summary> |
| 3f41889d | 268 | ## </param> |
| bbcd3c97 | 269 | ## <rolecap/> |
| 3f41889d CP |
270 | # |
| 271 | interface(`miscfiles_manage_fonts',` | |
| 272 | gen_require(` | |
| 273 | type fonts_t; | |
| 274 | ') | |
| 275 | ||
| 276 | # cjp: fonts can be in either of these dirs | |
| 277 | files_search_usr($1) | |
| 278 | libs_search_lib($1) | |
| 279 | ||
| 3f67f722 CP |
280 | manage_dirs_pattern($1, fonts_t, fonts_t) |
| 281 | manage_files_pattern($1, fonts_t, fonts_t) | |
| 282 | manage_lnk_files_pattern($1, fonts_t, fonts_t) | |
| 3f41889d CP |
283 | ') |
| 284 | ||
| d0a6df5c CP |
285 | ######################################## |
| 286 | ## <summary> | |
| 287 | ## Set the attributes on a fonts cache directory. | |
| 288 | ## </summary> | |
| 289 | ## <param name="domain"> | |
| 290 | ## <summary> | |
| 291 | ## Domain allowed access. | |
| 292 | ## </summary> | |
| 293 | ## </param> | |
| 294 | # | |
| 295 | interface(`miscfiles_setattr_fonts_cache_dirs',` | |
| 296 | gen_require(` | |
| 297 | type fonts_cache_t; | |
| 298 | ') | |
| 299 | ||
| 300 | allow $1 fonts_cache_t:dir setattr; | |
| 301 | ') | |
| 302 | ||
| 303 | ######################################## | |
| 304 | ## <summary> | |
| 305 | ## Do not audit attempts to set the attributes | |
| 306 | ## on a fonts cache directory. | |
| 307 | ## </summary> | |
| 308 | ## <param name="domain"> | |
| 309 | ## <summary> | |
| a0546c9d | 310 | ## Domain to not audit. |
| d0a6df5c CP |
311 | ## </summary> |
| 312 | ## </param> | |
| 313 | # | |
| 314 | interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',` | |
| 315 | gen_require(` | |
| 316 | type fonts_cache_t; | |
| 317 | ') | |
| 318 | ||
| 319 | dontaudit $1 fonts_cache_t:dir setattr; | |
| 320 | ') | |
| 321 | ||
| 322 | ######################################## | |
| 323 | ## <summary> | |
| 324 | ## Create, read, write, and delete fonts cache. | |
| 325 | ## </summary> | |
| 326 | ## <param name="domain"> | |
| 327 | ## <summary> | |
| 328 | ## Domain allowed access. | |
| 329 | ## </summary> | |
| 330 | ## </param> | |
| 331 | ## <rolecap/> | |
| 332 | # | |
| 333 | interface(`miscfiles_manage_fonts_cache',` | |
| 334 | gen_require(` | |
| 335 | type fonts_cache_t; | |
| 336 | ') | |
| 337 | ||
| 338 | files_search_var($1) | |
| 339 | ||
| 340 | manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t) | |
| 341 | manage_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
| 342 | manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t) | |
| 343 | ') | |
| 344 | ||
| f4d7fdcf CP |
345 | ######################################## |
| 346 | ## <summary> | |
| 77f6e2cd | 347 | ## Read hardware identification data. |
| f4d7fdcf CP |
348 | ## </summary> |
| 349 | ## <param name="domain"> | |
| 885b83ec | 350 | ## <summary> |
| f4d7fdcf | 351 | ## Domain allowed access. |
| 885b83ec | 352 | ## </summary> |
| f4d7fdcf CP |
353 | ## </param> |
| 354 | # | |
| 77f6e2cd | 355 | interface(`miscfiles_read_hwdata',` |
| f4d7fdcf | 356 | gen_require(` |
| 77f6e2cd | 357 | type hwdata_t; |
| f4d7fdcf CP |
358 | ') |
| 359 | ||
| c0868a7a | 360 | allow $1 hwdata_t:dir list_dir_perms; |
| 3f67f722 CP |
361 | read_files_pattern($1, hwdata_t, hwdata_t) |
| 362 | read_lnk_files_pattern($1, hwdata_t, hwdata_t) | |
| f4d7fdcf CP |
363 | ') |
| 364 | ||
| 6b19be33 CP |
365 | ######################################## |
| 366 | ## <summary> | |
| 367 | ## Allow process to setattr localization info | |
| 368 | ## </summary> | |
| 369 | ## <param name="domain"> | |
| 370 | ## <summary> | |
| 371 | ## Domain allowed access. | |
| 372 | ## </summary> | |
| 373 | ## </param> | |
| 374 | # | |
| 375 | interface(`miscfiles_setattr_localization',` | |
| 376 | gen_require(` | |
| 377 | type locale_t; | |
| 378 | ') | |
| 379 | ||
| 380 | files_search_usr($1) | |
| 381 | allow $1 locale_t:dir list_dir_perms; | |
| 382 | allow $1 locale_t:file setattr; | |
| 383 | ') | |
| 384 | ||
| b4cd1533 | 385 | ######################################## |
| 2ec4c9d3 | 386 | ## <summary> |
| 611bc931 | 387 | ## Allow process to read localization information. |
| 2ec4c9d3 | 388 | ## </summary> |
| 611bc931 CP |
389 | ## <desc> |
| 390 | ## <p> | |
| 391 | ## Allow the specified domain to read the localization files. | |
| 392 | ## This is typically for time zone configuration files, such as | |
| 393 | ## /etc/localtime and files in /usr/share/zoneinfo. | |
| 394 | ## Typically, any domain which needs to know the GMT/UTC | |
| 395 | ## offset of the current timezone will need access | |
| 396 | ## to these files. Generally, it should be safe for any | |
| 397 | ## domain to read these files. | |
| 398 | ## </p> | |
| 399 | ## </desc> | |
| 2ec4c9d3 | 400 | ## <param name="domain"> |
| 885b83ec | 401 | ## <summary> |
| 77f6e2cd | 402 | ## Domain allowed access. |
| 885b83ec | 403 | ## </summary> |
| 2ec4c9d3 | 404 | ## </param> |
| 611bc931 | 405 | ## <infoflow type="read" weight="10"/> |
| b4cd1533 | 406 | # |
| 199895e2 | 407 | interface(`miscfiles_read_localization',` |
| 139520a2 CP |
408 | gen_require(` |
| 409 | type locale_t; | |
| 139520a2 CP |
410 | ') |
| 411 | ||
| 2cac32a6 | 412 | files_read_etc_symlinks($1) |
| 139520a2 | 413 | files_search_usr($1) |
| c0868a7a | 414 | allow $1 locale_t:dir list_dir_perms; |
| 3f67f722 CP |
415 | read_files_pattern($1, locale_t, locale_t) |
| 416 | read_lnk_files_pattern($1, locale_t, locale_t) | |
| b4cd1533 CP |
417 | ') |
| 418 | ||
| a5e2133b CP |
419 | ######################################## |
| 420 | ## <summary> | |
| 421 | ## Allow process to write localization info | |
| 422 | ## </summary> | |
| 423 | ## <param name="domain"> | |
| 424 | ## <summary> | |
| 425 | ## Domain allowed access. | |
| 426 | ## </summary> | |
| 427 | ## </param> | |
| 428 | # | |
| 429 | interface(`miscfiles_rw_localization',` | |
| 430 | gen_require(` | |
| 431 | type locale_t; | |
| 432 | ') | |
| 433 | ||
| 434 | files_search_usr($1) | |
| 435 | allow $1 locale_t:dir list_dir_perms; | |
| 3f67f722 | 436 | rw_files_pattern($1, locale_t, locale_t) |
| a5e2133b CP |
437 | ') |
| 438 | ||
| 6b19be33 CP |
439 | ######################################## |
| 440 | ## <summary> | |
| 441 | ## Allow process to relabel localization info | |
| 442 | ## </summary> | |
| 443 | ## <param name="domain"> | |
| 444 | ## <summary> | |
| 445 | ## Domain allowed access. | |
| 446 | ## </summary> | |
| 447 | ## </param> | |
| 448 | # | |
| 449 | interface(`miscfiles_relabel_localization',` | |
| 450 | gen_require(` | |
| 451 | type locale_t; | |
| 452 | ') | |
| 453 | ||
| 454 | files_search_usr($1) | |
| 3f67f722 | 455 | relabel_files_pattern($1, locale_t, locale_t) |
| 6b19be33 CP |
456 | ') |
| 457 | ||
| 0fef98c4 | 458 | ######################################## |
| 2ec4c9d3 CP |
459 | ## <summary> |
| 460 | ## Allow process to read legacy time localization info | |
| 461 | ## </summary> | |
| 462 | ## <param name="domain"> | |
| 885b83ec | 463 | ## <summary> |
| 77f6e2cd | 464 | ## Domain allowed access. |
| 885b83ec | 465 | ## </summary> |
| 2ec4c9d3 | 466 | ## </param> |
| 0fef98c4 | 467 | # |
| 199895e2 | 468 | interface(`miscfiles_legacy_read_localization',` |
| 139520a2 CP |
469 | gen_require(` |
| 470 | type locale_t; | |
| 139520a2 | 471 | ') |
| 0c73cd25 CP |
472 | |
| 473 | miscfiles_read_localization($1) | |
| 474 | allow $1 locale_t:file execute; | |
| 0fef98c4 CP |
475 | ') |
| 476 | ||
| 9dfdd48f CP |
477 | ######################################## |
| 478 | ## <summary> | |
| 479 | ## Search man pages. | |
| 480 | ## </summary> | |
| 481 | ## <param name="domain"> | |
| 482 | ## <summary> | |
| a0546c9d | 483 | ## Domain allowed access. |
| 9dfdd48f CP |
484 | ## </summary> |
| 485 | ## </param> | |
| 486 | # | |
| 487 | interface(`miscfiles_search_man_pages',` | |
| 488 | gen_require(` | |
| 489 | type man_t; | |
| 490 | ') | |
| 491 | ||
| 492 | allow $1 man_t:dir search_dir_perms; | |
| 493 | files_search_usr($1) | |
| 494 | ') | |
| 495 | ||
| 04926d07 CP |
496 | ######################################## |
| 497 | ## <summary> | |
| 498 | ## Do not audit attempts to search man pages. | |
| 499 | ## </summary> | |
| 500 | ## <param name="domain"> | |
| 885b83ec | 501 | ## <summary> |
| 04926d07 | 502 | ## Domain to not audit. |
| 885b83ec | 503 | ## </summary> |
| 04926d07 CP |
504 | ## </param> |
| 505 | # | |
| 506 | interface(`miscfiles_dontaudit_search_man_pages',` | |
| 507 | gen_require(` | |
| 508 | type man_t; | |
| 509 | ') | |
| 510 | ||
| 9dfdd48f | 511 | dontaudit $1 man_t:dir search_dir_perms; |
| 04926d07 CP |
512 | ') |
| 513 | ||
| 24280a52 | 514 | ######################################## |
| 2ec4c9d3 | 515 | ## <summary> |
| cf6a7d89 | 516 | ## Read man pages |
| 2ec4c9d3 CP |
517 | ## </summary> |
| 518 | ## <param name="domain"> | |
| 885b83ec | 519 | ## <summary> |
| cf6a7d89 | 520 | ## Domain allowed access. |
| 885b83ec | 521 | ## </summary> |
| 2ec4c9d3 | 522 | ## </param> |
| bbcd3c97 | 523 | ## <rolecap/> |
| 24280a52 | 524 | # |
| 199895e2 | 525 | interface(`miscfiles_read_man_pages',` |
| 139520a2 CP |
526 | gen_require(` |
| 527 | type man_t; | |
| 139520a2 CP |
528 | ') |
| 529 | ||
| 530 | files_search_usr($1) | |
| c0868a7a | 531 | allow $1 man_t:dir list_dir_perms; |
| 3f67f722 CP |
532 | read_files_pattern($1, man_t, man_t) |
| 533 | read_lnk_files_pattern($1, man_t, man_t) | |
| 24280a52 CP |
534 | ') |
| 535 | ||
| 2ec4c9d3 | 536 | ######################################## |
| cf6a7d89 CP |
537 | ## <summary> |
| 538 | ## Delete man pages | |
| 539 | ## </summary> | |
| 540 | ## <param name="domain"> | |
| 885b83ec | 541 | ## <summary> |
| cf6a7d89 | 542 | ## Domain allowed access. |
| 885b83ec | 543 | ## </summary> |
| cf6a7d89 CP |
544 | ## </param> |
| 545 | # cjp: added for tmpreaper | |
| 546 | # | |
| 547 | interface(`miscfiles_delete_man_pages',` | |
| 548 | gen_require(` | |
| 549 | type man_t; | |
| cf6a7d89 CP |
550 | ') |
| 551 | ||
| 552 | files_search_usr($1) | |
| c0868a7a CP |
553 | |
| 554 | allow $1 man_t:dir setattr; | |
| 226c0696 CP |
555 | # RH bug #309351 |
| 556 | allow $1 man_t:dir list_dir_perms; | |
| 3f67f722 CP |
557 | delete_dirs_pattern($1, man_t, man_t) |
| 558 | delete_files_pattern($1, man_t, man_t) | |
| 559 | delete_lnk_files_pattern($1, man_t, man_t) | |
| cf6a7d89 CP |
560 | ') |
| 561 | ||
| 562 | ######################################## | |
| 563 | ## <summary> | |
| 564 | ## Create, read, write, and delete man pages | |
| 565 | ## </summary> | |
| 566 | ## <param name="domain"> | |
| 885b83ec | 567 | ## <summary> |
| cf6a7d89 | 568 | ## Domain allowed access. |
| 885b83ec | 569 | ## </summary> |
| cf6a7d89 CP |
570 | ## </param> |
| 571 | # | |
| 572 | interface(`miscfiles_manage_man_pages',` | |
| 573 | gen_require(` | |
| 574 | type man_t; | |
| cf6a7d89 CP |
575 | ') |
| 576 | ||
| 577 | files_search_usr($1) | |
| 3f67f722 CP |
578 | manage_dirs_pattern($1, man_t, man_t) |
| 579 | manage_files_pattern($1, man_t, man_t) | |
| 580 | read_lnk_files_pattern($1, man_t, man_t) | |
| cf6a7d89 CP |
581 | ') |
| 582 | ||
| 77f6e2cd | 583 | ######################################## |
| 86998556 DW |
584 | ## <summary> |
| 585 | ## Allow process to relabel man_pages info | |
| 586 | ## </summary> | |
| 587 | ## <param name="domain"> | |
| 588 | ## <summary> | |
| 589 | ## Domain allowed access. | |
| 590 | ## </summary> | |
| 591 | ## </param> | |
| 592 | # | |
| 593 | interface(`miscfiles_relabel_man_pages',` | |
| 594 | gen_require(` | |
| 595 | type man_t; | |
| 596 | ') | |
| 597 | ||
| 598 | files_search_usr($1) | |
| 1dc8e349 | 599 | relabel_dirs_pattern($1, man_t, man_t) |
| 86998556 DW |
600 | relabel_files_pattern($1, man_t, man_t) |
| 601 | ') | |
| 602 | ||
| 603 | ######################################## | |
| 77f6e2cd CP |
604 | ## <summary> |
| 605 | ## Read public files used for file | |
| 606 | ## transfer services. | |
| 607 | ## </summary> | |
| 608 | ## <param name="domain"> | |
| 885b83ec | 609 | ## <summary> |
| 77f6e2cd | 610 | ## Domain allowed access. |
| 885b83ec | 611 | ## </summary> |
| 77f6e2cd | 612 | ## </param> |
| bbcd3c97 | 613 | ## <rolecap/> |
| 77f6e2cd CP |
614 | # |
| 615 | interface(`miscfiles_read_public_files',` | |
| 616 | gen_require(` | |
| 67167371 | 617 | type public_content_t, public_content_rw_t; |
| 77f6e2cd CP |
618 | ') |
| 619 | ||
| c0868a7a | 620 | allow $1 { public_content_t public_content_rw_t }:dir list_dir_perms; |
| dccbb80c CP |
621 | read_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t }) |
| 622 | read_lnk_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t }) | |
| 77f6e2cd CP |
623 | ') |
| 624 | ||
| 625 | ######################################## | |
| 626 | ## <summary> | |
| 627 | ## Create, read, write, and delete public files | |
| 628 | ## and directories used for file transfer services. | |
| 629 | ## </summary> | |
| 630 | ## <param name="domain"> | |
| 885b83ec | 631 | ## <summary> |
| 77f6e2cd | 632 | ## Domain allowed access. |
| 885b83ec | 633 | ## </summary> |
| 77f6e2cd | 634 | ## </param> |
| bbcd3c97 | 635 | ## <rolecap/> |
| 77f6e2cd CP |
636 | # |
| 637 | interface(`miscfiles_manage_public_files',` | |
| 638 | gen_require(` | |
| 639 | type public_content_rw_t; | |
| 640 | ') | |
| 641 | ||
| 3f67f722 CP |
642 | manage_dirs_pattern($1, public_content_rw_t, public_content_rw_t) |
| 643 | manage_files_pattern($1, public_content_rw_t, public_content_rw_t) | |
| 644 | manage_lnk_files_pattern($1, public_content_rw_t, public_content_rw_t) | |
| 77f6e2cd CP |
645 | ') |
| 646 | ||
| cf6a7d89 | 647 | ######################################## |
| 2ec4c9d3 CP |
648 | ## <summary> |
| 649 | ## Read TeX data | |
| 650 | ## </summary> | |
| 651 | ## <param name="domain"> | |
| 885b83ec | 652 | ## <summary> |
| 77f6e2cd | 653 | ## Domain allowed access. |
| 885b83ec | 654 | ## </summary> |
| 2ec4c9d3 CP |
655 | ## </param> |
| 656 | # | |
| 657 | interface(`miscfiles_read_tetex_data',` | |
| 658 | gen_require(` | |
| 659 | type tetex_data_t; | |
| 2ec4c9d3 CP |
660 | ') |
| 661 | ||
| 662 | files_search_var($1) | |
| 663 | files_search_var_lib($1) | |
| 664 | ||
| 665 | # cjp: TeX data can be in either of the above dirs | |
| c0868a7a | 666 | allow $1 tetex_data_t:dir list_dir_perms; |
| 3f67f722 CP |
667 | read_files_pattern($1, tetex_data_t, tetex_data_t) |
| 668 | read_lnk_files_pattern($1, tetex_data_t, tetex_data_t) | |
| 2ec4c9d3 CP |
669 | ') |
| 670 | ||
| 671 | ######################################## | |
| 672 | ## <summary> | |
| 673 | ## Execute TeX data programs in the caller domain. | |
| 674 | ## </summary> | |
| 675 | ## <param name="domain"> | |
| 885b83ec | 676 | ## <summary> |
| 77f6e2cd | 677 | ## Domain allowed access. |
| 885b83ec | 678 | ## </summary> |
| 2ec4c9d3 CP |
679 | ## </param> |
| 680 | # | |
| 681 | interface(`miscfiles_exec_tetex_data',` | |
| 682 | gen_require(` | |
| 683 | type fonts_t; | |
| 8f3a0a95 | 684 | type tetex_data_t; |
| 2ec4c9d3 CP |
685 | ') |
| 686 | ||
| 687 | files_search_var($1) | |
| 688 | files_search_var_lib($1) | |
| 689 | ||
| 690 | # cjp: TeX data can be in either of the above dirs | |
| c0868a7a | 691 | allow $1 tetex_data_t:dir list_dir_perms; |
| 3f67f722 | 692 | exec_files_pattern($1, tetex_data_t, tetex_data_t) |
| 2ec4c9d3 | 693 | ') |
| d42c7ede CP |
694 | |
| 695 | ######################################## | |
| 696 | ## <summary> | |
| 697 | ## Let test files be an entry point for | |
| 698 | ## a specified domain. | |
| 699 | ## </summary> | |
| 700 | ## <param name="domain"> | |
| 701 | ## <summary> | |
| a0546c9d | 702 | ## Domain allowed access. |
| d42c7ede CP |
703 | ## </summary> |
| 704 | ## </param> | |
| 705 | # | |
| 706 | interface(`miscfiles_domain_entry_test_files',` | |
| 707 | gen_require(` | |
| 708 | type test_file_t; | |
| 709 | ') | |
| 710 | ||
| 711 | domain_entry_file($1, test_file_t) | |
| 712 | ') | |
| 713 | ||
| 714 | ######################################## | |
| 715 | ## <summary> | |
| 716 | ## Read test files and directories. | |
| 717 | ## </summary> | |
| 718 | ## <param name="domain"> | |
| 719 | ## <summary> | |
| 720 | ## Domain allowed access. | |
| 721 | ## </summary> | |
| 722 | ## </param> | |
| 723 | # | |
| 724 | interface(`miscfiles_read_test_files',` | |
| 725 | gen_require(` | |
| 726 | type test_file_t; | |
| 727 | ') | |
| 728 | ||
| 3f67f722 CP |
729 | read_files_pattern($1, test_file_t, test_file_t) |
| 730 | read_lnk_files_pattern($1, test_file_t, test_file_t) | |
| d42c7ede CP |
731 | ') |
| 732 | ||
| 733 | ######################################## | |
| 734 | ## <summary> | |
| 735 | ## Execute test files. | |
| 736 | ## </summary> | |
| 737 | ## <param name="domain"> | |
| 738 | ## <summary> | |
| 739 | ## Domain allowed access. | |
| 740 | ## </summary> | |
| 741 | ## </param> | |
| 742 | # | |
| 743 | interface(`miscfiles_exec_test_files',` | |
| 744 | gen_require(` | |
| 745 | type test_file_t; | |
| 746 | ') | |
| 747 | ||
| 3f67f722 CP |
748 | exec_files_pattern($1, test_file_t, test_file_t) |
| 749 | read_lnk_files_pattern($1, test_file_t, test_file_t) | |
| d42c7ede | 750 | ') |
| 6b19be33 CP |
751 | |
| 752 | ######################################## | |
| 753 | ## <summary> | |
| 754 | ## Execute test files. | |
| 755 | ## </summary> | |
| 756 | ## <param name="domain"> | |
| 757 | ## <summary> | |
| 758 | ## Domain allowed access. | |
| 759 | ## </summary> | |
| 760 | ## </param> | |
| 761 | # | |
| 762 | interface(`miscfiles_etc_filetrans_localization',` | |
| 763 | gen_require(` | |
| 764 | type locale_t; | |
| 765 | ') | |
| 766 | ||
| 767 | files_etc_filetrans($1, locale_t, file) | |
| c8cacd98 DW |
768 | ') |
| 769 | ||
| 6b19be33 CP |
770 | ######################################## |
| 771 | ## <summary> | |
| 772 | ## Create, read, write, and delete localization | |
| 773 | ## </summary> | |
| 774 | ## <param name="domain"> | |
| 775 | ## <summary> | |
| 776 | ## Domain allowed access. | |
| 777 | ## </summary> | |
| 778 | ## </param> | |
| 779 | ## <rolecap/> | |
| 780 | # | |
| 781 | interface(`miscfiles_manage_localization',` | |
| 782 | gen_require(` | |
| 783 | type locale_t; | |
| 784 | ') | |
| 785 | ||
| 3f67f722 CP |
786 | manage_dirs_pattern($1, locale_t, locale_t) |
| 787 | manage_files_pattern($1, locale_t, locale_t) | |
| 788 | manage_lnk_files_pattern($1, locale_t, locale_t) | |
| 6b19be33 CP |
789 | ') |
| 790 | ||
| 91a6f708 DW |
791 | ######################################## |
| 792 | ## <summary> | |
| 793 | ## Transition to miscfiles named content | |
| 794 | ## </summary> | |
| 795 | ## <param name="domain"> | |
| 796 | ## <summary> | |
| 797 | ## Domain allowed access. | |
| 798 | ## </summary> | |
| 799 | ## </param> | |
| 800 | # | |
| 801 | interface(`miscfiles_filetrans_named_content',` | |
| 802 | gen_require(` | |
| 803 | type locale_t; | |
| 2df1e856 | 804 | type man_t; |
| 91a6f708 DW |
805 | type cert_t; |
| 806 | type fonts_t; | |
| 807 | type fonts_cache_t; | |
| 808 | type hwdata_t; | |
| 809 | type tetex_data_t; | |
| 810 | type public_content_t; | |
| 811 | ') | |
| 812 | ||
| 813 | files_etc_filetrans($1, locale_t, file, "localtime") | |
| 4be99793 | 814 | files_etc_filetrans($1, locale_t, file, "locale.conf") |
| 2df1e856 | 815 | files_var_filetrans($1, man_t, dir, "man") |
| 91a6f708 DW |
816 | files_etc_filetrans($1, locale_t, file, "timezone") |
| 817 | files_etc_filetrans($1, locale_t, file, "clock") | |
| 818 | files_etc_filetrans($1, cert_t, dir, "pki") | |
| 819 | files_usr_filetrans($1, locale_t, dir, "locale") | |
| 820 | files_usr_filetrans($1, locale_t, dir, "zoneinfo") | |
| 821 | files_usr_filetrans($1, cert_t, dir, "certs") | |
| 822 | files_usr_filetrans($1, fonts_t, dir, "fonts") | |
| 823 | files_usr_filetrans($1, hwdata_t, dir, "hwdata") | |
| 824 | files_var_filetrans($1, fonts_cache_t, dir, "fontconfig") | |
| 825 | files_var_filetrans($1, tetex_data_t, dir, "fonts") | |
| 826 | files_spool_filetrans($1, tetex_data_t, dir, "texmf") | |
| 827 | files_var_lib_filetrans($1, tetex_data_t, dir, "texmf") | |
| 828 | files_var_filetrans($1, public_content_t, dir, "ftp") | |
| 829 | ') |