policy/modules/services/rhsmcertd.te

   1 policy_module(rhsmcertd, 1.0.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type rhsmcertd_t;
   9 type rhsmcertd_exec_t;
  10 init_daemon_domain(rhsmcertd_t, rhsmcertd_exec_t)
  11
  12 type rhsmcertd_initrc_exec_t;
  13 init_script_file(rhsmcertd_initrc_exec_t)
  14
  15 type rhsmcertd_log_t;
  16 logging_log_file(rhsmcertd_log_t)
  17
  18 type rhsmcertd_lock_t;
  19 files_lock_file(rhsmcertd_lock_t)
  20
  21 type rhsmcertd_var_lib_t;
  22 files_type(rhsmcertd_var_lib_t)
  23
  24 type rhsmcertd_var_run_t;
  25 files_pid_file(rhsmcertd_var_run_t)
  26
  27 ########################################
  28 #
  29 # rhsmcertd local policy
  30 #
  31
  32 allow rhsmcertd_t self:fifo_file rw_fifo_file_perms;
  33 allow rhsmcertd_t self:unix_stream_socket create_stream_socket_perms;
  34
  35 manage_dirs_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t)
  36 manage_files_pattern(rhsmcertd_t, rhsmcertd_log_t, rhsmcertd_log_t)
  37
  38 manage_files_pattern(rhsmcertd_t, rhsmcertd_lock_t, rhsmcertd_lock_t)
  39 files_lock_filetrans(rhsmcertd_t, rhsmcertd_lock_t, file)
  40
  41 manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
  42 manage_files_pattern(rhsmcertd_t, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
  43
  44 manage_dirs_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t)
  45 manage_files_pattern(rhsmcertd_t, rhsmcertd_var_run_t, rhsmcertd_var_run_t)
  46
  47 kernel_read_network_state(rhsmcertd_t)
  48 kernel_read_system_state(rhsmcertd_t)
  49
  50 files_list_tmp(rhsmcertd_t)
  51
  52 corecmd_exec_bin(rhsmcertd_t)
  53
  54 dev_read_urand(rhsmcertd_t)
  55
  56 files_read_etc_files(rhsmcertd_t)
  57 files_read_usr_files(rhsmcertd_t)
  58 files_manage_generic_locks(rhsmcertd_t)
  59
  60 miscfiles_read_localization(rhsmcertd_t)
  61 miscfiles_read_certs(rhsmcertd_t)
  62
  63 optional_policy(`
  64         sysnet_dns_name_resolve(rhsmcertd_t)
  65 ')