policy/modules/apps/gitosis.if

   1 ## <summary>Tools for managing and hosting git repositories.</summary>
   2
   3 #######################################
   4 ## <summary>
   5 ##      Execute a domain transition to run gitosis.
   6 ## </summary>
   7 ## <param name="domain">
   8 ## <summary>
   9 ##      Domain allowed to transition.
  10 ## </summary>
  11 ## </param>
  12 #
  13 interface(`gitosis_domtrans',`
  14         gen_require(`
  15                 type gitosis_t, gitosis_exec_t;
  16         ')
  17
  18         domtrans_pattern($1, gitosis_exec_t, gitosis_t)
  19 ')
  20
  21 #######################################
  22 ## <summary>
  23 ##      Execute gitosis-serve in the gitosis domain, and
  24 ##      allow the specified role the gitosis domain.
  25 ## </summary>
  26 ## <param name="domain">
  27 ##      <summary>
  28 ##      Domain allowed access
  29 ##      </summary>
  30 ## </param>
  31 ## <param name="role">
  32 ##      <summary>
  33 ##      Role allowed access.
  34 ##      </summary>
  35 ## </param>
  36 #
  37 interface(`gitosis_run',`
  38         gen_require(`
  39                 type gitosis_t;
  40         ')
  41
  42         gitosis_domtrans($1)
  43         role $2 types gitosis_t;
  44 ')
  45
  46 #######################################
  47 ## <summary>
  48 ##      Allow the specified domain to read
  49 ##      gitosis lib files.
  50 ## </summary>
  51 ## <param name="domain">
  52 ##      <summary>
  53 ##      Domain allowed access.
  54 ##      </summary>
  55 ## </param>
  56 #
  57 interface(`gitosis_read_lib_files',`
  58         gen_require(`
  59                 type gitosis_var_lib_t;
  60         ')
  61
  62         files_search_var_lib($1)
  63         read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
  64         read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
  65         list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
  66 ')
  67
  68 ######################################
  69 ## <summary>
  70 ##      Allow the specified domain to manage
  71 ##      gitosis lib files.
  72 ## </summary>
  73 ## <param name="domain">
  74 ##      <summary>
  75 ##      Domain allowed access.
  76 ##      </summary>
  77 ## </param>
  78 #
  79 interface(`gitosis_manage_lib_files',`
  80         gen_require(`
  81                 type gitosis_var_lib_t;
  82         ')
  83
  84         files_search_var_lib($1)
  85         manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
  86 ')