Blame policy/modules/admin/ncftool.if
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
## <summary>policy for ncftool</summary>
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
########################################
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## Execute a domain transition to run ncftool.
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## <param name="domain">
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## Domain allowed to transition.
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## </param>
|
|
Dan Walsh |
3eaa99 |
#
|
|
Dan Walsh |
3eaa99 |
interface(`ncftool_domtrans',`
|
|
Dan Walsh |
3eaa99 |
gen_require(`
|
|
Dan Walsh |
3eaa99 |
type ncftool_t, ncftool_exec_t;
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
domtrans_pattern($1, ncftool_exec_t, ncftool_t)
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
########################################
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## Execute ncftool in the ncftool domain, and
|
|
Dan Walsh |
3eaa99 |
## allow the specified role the ncftool domain.
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## <param name="domain">
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## Domain allowed access
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## </param>
|
|
Dan Walsh |
3eaa99 |
## <param name="role">
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## The role to be allowed the ncftool domain.
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## </param>
|
|
Dan Walsh |
3eaa99 |
#
|
|
Dan Walsh |
3eaa99 |
interface(`ncftool_run',`
|
|
Dan Walsh |
3eaa99 |
gen_require(`
|
|
Dan Walsh |
3eaa99 |
type ncftool_t;
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
ncftool_domtrans($1)
|
|
Dan Walsh |
3eaa99 |
role $2 types ncftool_t;
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
optional_policy(`
|
|
Dan Walsh |
3eaa99 |
brctl_run(ncftool_t, $2)
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
########################################
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## Role access for ncftool
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## <param name="role">
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## Role allowed access
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## </param>
|
|
Dan Walsh |
3eaa99 |
## <param name="domain">
|
|
Dan Walsh |
3eaa99 |
## <summary>
|
|
Dan Walsh |
3eaa99 |
## User domain for the role
|
|
Dan Walsh |
3eaa99 |
## </summary>
|
|
Dan Walsh |
3eaa99 |
## </param>
|
|
Dan Walsh |
3eaa99 |
#
|
|
Dan Walsh |
3eaa99 |
interface(`ncftool_role',`
|
|
Dan Walsh |
3eaa99 |
gen_require(`
|
|
Dan Walsh |
3eaa99 |
type ncftool_t;
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
role $1 types ncftool_t;
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
ncftool_domtrans($2)
|
|
Dan Walsh |
3eaa99 |
|
|
Dan Walsh |
3eaa99 |
ps_process_pattern($2, ncftool_t)
|
|
Dan Walsh |
3eaa99 |
allow $2 ncftool_t:process signal;
|
|
Dan Walsh |
3eaa99 |
')
|
|
Dan Walsh |
3eaa99 |
|