policy/modules/services/zoneminder.te~

   1 policy_module(zoneminder, 1.0.0)
   2
   3 ########################################
   4 #
   5 # Declarations
   6 #
   7
   8 type zoneminder_t;
   9 type zoneminder_exec_t;
  10 init_daemon_domain(zoneminder_t, zoneminder_exec_t)
  11
  12 permissive zoneminder_t;
  13
  14 type zoneminder_initrc_exec_t;
  15 init_script_file(zoneminder_initrc_exec_t)
  16
  17 type zoneminder_log_t;
  18 logging_log_file(zoneminder_log_t)
  19
  20 type zoneminder_var_lib_t;
  21 files_type(zoneminder_var_lib_t)
  22
  23 type zoneminder_spool_t;
  24 files_type(zoneminder_spool_t)
  25
  26 ########################################
  27 #
  28 # zoneminder local policy
  29 #
  30
  31 allow zoneminder_t self:fifo_file rw_fifo_file_perms;
  32 allow zoneminder_t self:unix_stream_socket create_stream_socket_perms;
  33
  34 manage_dirs_pattern(zoneminder_t, zoneminder_log_t, zoneminder_log_t)
  35 manage_files_pattern(zoneminder_t, zoneminder_log_t, zoneminder_log_t)
  36 logging_log_filetrans(zoneminder_t, zoneminder_log_t, { dir file })
  37
  38 manage_dirs_pattern(zoneminder_t, zoneminder_var_lib_t, zoneminder_var_lib_t)
  39 manage_files_pattern(zoneminder_t, zoneminder_var_lib_t, zoneminder_var_lib_t)
  40 manage_sock_files_pattern(zoneminder_t, zoneminder_var_lib_t, zoneminder_var_lib_t)
  41 files_var_lib_filetrans(zoneminder_t, zoneminder_var_lib_t, { dir file sock_file })
  42
  43 manage_dirs_pattern(zoneminder_t, zoneminder_spool_t, zoneminder_spool_t)
  44 manage_files_pattern(zoneminder_t, zoneminder_spool_t, zoneminder_spool_t)
  45 manage_lnk_files_pattern(zoneminder_t, zoneminder_spool_t, zoneminder_spool_t)
  46 files_spool_filetrans(zoneminder_t, zoneminder_spool_t, { dir file })
  47
  48 dev_read_sysfs(zoneminder_t)
  49 dev_read_urand(zoneminder_t)
  50
  51 domain_use_interactive_fds(zoneminder_t)
  52
  53 files_read_etc_files(zoneminder_t)
  54 files_read_usr_files(zoneminder_t)
  55
  56 miscfiles_read_localization(zoneminder_t)
  57
  58 ########################################
  59 #
  60 # zoneminder cgi local policy
  61 #
  62
  63 apache_content_template(zoneminder)
  64
  65 permissive httpd_zoneminder_script_t;
  66
  67 manage_sock_files_pattern(httpd_zoneminder_script_t, zoneminder_var_lib_t, zoneminder_var_lib_t)
  68 zoneminder_stream_connect(httpd_zoneminder_script_t)
  69