policy/modules/admin/backup.te

   1 policy_module(backup, 1.5.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type backup_t;
   9 type backup_exec_t;
  10 domain_type(backup_t)
  11 domain_entry_file(backup_t, backup_exec_t)
  12 role system_r types backup_t;
  13
  14 type backup_store_t;
  15 files_type(backup_store_t)
  16
  17 ########################################
  18 #
  19 # Local policy
  20 #
  21
  22 allow backup_t self:capability dac_override;
  23 allow backup_t self:process signal;
  24 allow backup_t self:fifo_file rw_fifo_file_perms;
  25 allow backup_t self:tcp_socket create_socket_perms;
  26 allow backup_t self:udp_socket create_socket_perms;
  27
  28 allow backup_t backup_store_t:file setattr;
  29 manage_files_pattern(backup_t, backup_store_t, backup_store_t)
  30 rw_files_pattern(backup_t, backup_store_t, backup_store_t)
  31 read_lnk_files_pattern(backup_t, backup_store_t, backup_store_t)
  32
  33 kernel_read_system_state(backup_t)
  34 kernel_read_kernel_sysctls(backup_t)
  35
  36 corecmd_exec_bin(backup_t)
  37 corecmd_exec_shell(backup_t)
  38
  39 corenet_all_recvfrom_unlabeled(backup_t)
  40 corenet_all_recvfrom_netlabel(backup_t)
  41 corenet_tcp_sendrecv_generic_if(backup_t)
  42 corenet_udp_sendrecv_generic_if(backup_t)
  43 corenet_raw_sendrecv_generic_if(backup_t)
  44 corenet_tcp_sendrecv_generic_node(backup_t)
  45 corenet_udp_sendrecv_generic_node(backup_t)
  46 corenet_raw_sendrecv_generic_node(backup_t)
  47 corenet_tcp_sendrecv_all_ports(backup_t)
  48 corenet_udp_sendrecv_all_ports(backup_t)
  49 corenet_tcp_connect_all_ports(backup_t)
  50 corenet_sendrecv_all_client_packets(backup_t)
  51
  52 dev_getattr_all_blk_files(backup_t)
  53 dev_getattr_all_chr_files(backup_t)
  54 # for SSP
  55 dev_read_urand(backup_t)
  56
  57 domain_use_interactive_fds(backup_t)
  58
  59 files_read_all_files(backup_t)
  60 files_read_all_symlinks(backup_t)
  61 files_getattr_all_pipes(backup_t)
  62 files_getattr_all_sockets(backup_t)
  63
  64 fs_getattr_xattr_fs(backup_t)
  65 fs_list_all(backup_t)
  66
  67 auth_read_shadow(backup_t)
  68
  69 logging_send_syslog_msg(backup_t)
  70
  71 sysnet_read_config(backup_t)
  72
  73 userdom_use_inherited_user_terminals(backup_t)
  74
  75 optional_policy(`
  76         cron_system_entry(backup_t, backup_exec_t)
  77 ')
  78
  79 optional_policy(`
  80         hostname_exec(backup_t)
  81 ')
  82
  83 optional_policy(`
  84         nis_use_ypbind(backup_t)
  85 ')