Chris PeBenito 17de1b
Chris PeBenito a52b4d
policy_module(ethereal,1.1.0)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Declarations
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
Chris PeBenito 17de1b
type ethereal_exec_t;
Chris PeBenito 17de1b
corecmd_executable_file(ethereal_exec_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
type tethereal_t;
Chris PeBenito 17de1b
type tethereal_exec_t;
Chris PeBenito 17de1b
domain_type(tethereal_t)
Chris PeBenito 17de1b
domain_entry_file(tethereal_t,tethereal_exec_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
type tethereal_tmp_t;
Chris PeBenito 17de1b
files_tmp_file(tethereal_tmp_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
# Tethereal policy
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
Chris PeBenito 17de1b
allow tethereal_t tethereal_t : capability { dac_override dac_read_search setgid setuid net_raw };
Chris PeBenito 17de1b
allow tethereal_t self:unix_stream_socket create_stream_socket_perms;
Chris PeBenito 17de1b
allow tethereal_t self:netlink_route_socket create_netlink_socket_perms;
Chris PeBenito 17de1b
allow tethereal_t self:packet_socket create_socket_perms;
Chris PeBenito 17de1b
allow tethereal_t self:tcp_socket create_socket_perms;
Chris PeBenito 17de1b
allow tethereal_t self:udp_socket create_socket_perms;
Chris PeBenito 17de1b
Chris PeBenito 17de1b
# Store temporary files
Chris PeBenito 17de1b
allow tethereal_t tethereal_tmp_t:dir create_dir_perms;
Chris PeBenito 17de1b
allow tethereal_t tethereal_tmp_t:file create_file_perms;
Chris PeBenito 17de1b
files_tmp_filetrans(tethereal_t, tethereal_tmp_t, { dir file })
Chris PeBenito 17de1b
Chris PeBenito 17de1b
# /proc
Chris PeBenito 17de1b
kernel_read_all_sysctls(tethereal_t)
Chris PeBenito 17de1b
kernel_read_system_state(tethereal_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
# Read ethereal files in /usr
Chris PeBenito 17de1b
files_read_usr_files(tethereal_t)
Chris PeBenito 17de1b
# /etc/nsswitch.conf
Chris PeBenito 17de1b
files_read_etc_files(tethereal_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
libs_use_ld_so(tethereal_t)
Chris PeBenito 17de1b
libs_use_shared_libs(tethereal_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
miscfiles_read_localization(tethereal_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
seutil_use_newrole_fds(tethereal_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
sysnet_dns_name_resolve(tethereal_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
optional_policy(`
Chris PeBenito 17de1b
	nscd_socket_use(tethereal_t)
Chris PeBenito 17de1b
')