Jeremy Solt 33793e
## <summary>Certificate status monitor and PKI enrollment client</summary>
Jeremy Solt 33793e
Jeremy Solt 33793e
########################################
Jeremy Solt 33793e
## <summary>
Jeremy Solt 33793e
##	Execute a domain transition to run certmonger.
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## <param name="domain">
Jeremy Solt 33793e
## <summary>
Jeremy Solt 33793e
##	Domain allowed to transition.
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
#
Jeremy Solt 33793e
interface(`certmonger_domtrans',`
Jeremy Solt 33793e
	gen_require(`
Jeremy Solt 33793e
		type certmonger_t, certmonger_exec_t;
Jeremy Solt 33793e
	')
Jeremy Solt 33793e
Jeremy Solt 33793e
	domtrans_pattern($1, certmonger_exec_t, certmonger_t)
Jeremy Solt 33793e
')
Jeremy Solt 33793e
Jeremy Solt 33793e
########################################
Jeremy Solt 33793e
## <summary>
Jeremy Solt 0e5494
##	Send and receive messages from
Jeremy Solt 0e5494
##	certmonger over dbus.
Jeremy Solt 0e5494
## </summary>
Jeremy Solt 0e5494
## <param name="domain">
Jeremy Solt 0e5494
##	<summary>
Jeremy Solt 0e5494
##	Domain allowed access.
Jeremy Solt 0e5494
##	</summary>
Jeremy Solt 0e5494
## </param>
Jeremy Solt 0e5494
#
Jeremy Solt 0e5494
interface(`certmonger_dbus_chat',`
Jeremy Solt 0e5494
	gen_require(`
Jeremy Solt 0e5494
		type certmonger_t;
Jeremy Solt 0e5494
		class dbus send_msg;
Jeremy Solt 0e5494
	')
Jeremy Solt 0e5494
Jeremy Solt 0e5494
	allow $1 certmonger_t:dbus send_msg;
Jeremy Solt 0e5494
	allow certmonger_t $1:dbus send_msg;
Jeremy Solt 0e5494
')
Jeremy Solt 0e5494
Jeremy Solt 0e5494
########################################
Jeremy Solt 0e5494
## <summary>
Jeremy Solt 33793e
##	Execute certmonger server in the certmonger domain.
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## <param name="domain">
Jeremy Solt 33793e
##	<summary>
Jeremy Solt 33793e
##	The type of the process performing this action.
Jeremy Solt 33793e
##	</summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
#
Jeremy Solt 33793e
interface(`certmonger_initrc_domtrans',`
Jeremy Solt 33793e
	gen_require(`
Jeremy Solt 33793e
		type certmonger_initrc_exec_t;
Jeremy Solt 33793e
	')
Jeremy Solt 33793e
Jeremy Solt 33793e
	init_labeled_script_domtrans($1, certmonger_initrc_exec_t)
Jeremy Solt 33793e
')
Jeremy Solt 33793e
Jeremy Solt 33793e
########################################
Jeremy Solt 33793e
## <summary>
Jeremy Solt 33793e
##	Read certmonger PID files.
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## <param name="domain">
Jeremy Solt 33793e
##	<summary>
Jeremy Solt 33793e
##	Domain allowed access.
Jeremy Solt 33793e
##	</summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
#
Jeremy Solt 33793e
interface(`certmonger_read_pid_files',`
Jeremy Solt 33793e
	gen_require(`
Jeremy Solt 33793e
		type certmonger_var_run_t;
Jeremy Solt 33793e
	')
Jeremy Solt 33793e
Jeremy Solt 33793e
	files_search_pids($1)
Jeremy Solt 33793e
	allow $1 certmonger_var_run_t:file read_file_perms;
Jeremy Solt 33793e
')
Jeremy Solt 33793e
Jeremy Solt 33793e
########################################
Jeremy Solt 33793e
## <summary>
Jeremy Solt 33793e
##	Search certmonger lib directories.
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## <param name="domain">
Jeremy Solt 33793e
##	<summary>
Jeremy Solt 33793e
##	Domain allowed access.
Jeremy Solt 33793e
##	</summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
#
Jeremy Solt 33793e
interface(`certmonger_search_lib',`
Jeremy Solt 33793e
	gen_require(`
Jeremy Solt 33793e
		type certmonger_var_lib_t;
Jeremy Solt 33793e
	')
Jeremy Solt 33793e
Jeremy Solt 33793e
	allow $1 certmonger_var_lib_t:dir search_dir_perms;
Jeremy Solt 33793e
	files_search_var_lib($1)
Jeremy Solt 33793e
')
Jeremy Solt 33793e
Jeremy Solt 33793e
########################################
Jeremy Solt 33793e
## <summary>
Jeremy Solt 33793e
##	Read certmonger lib files.
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## <param name="domain">
Jeremy Solt 33793e
##	<summary>
Jeremy Solt 33793e
##	Domain allowed access.
Jeremy Solt 33793e
##	</summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
#
Jeremy Solt 33793e
interface(`certmonger_read_lib_files',`
Jeremy Solt 33793e
	gen_require(`
Jeremy Solt 33793e
		type certmonger_var_lib_t;
Jeremy Solt 33793e
	')
Jeremy Solt 33793e
Jeremy Solt 33793e
	files_search_var_lib($1)
Jeremy Solt 33793e
	read_files_pattern($1, certmonger_var_lib_t, certmonger_var_lib_t)
Jeremy Solt 33793e
')
Jeremy Solt 33793e
Jeremy Solt 33793e
########################################
Jeremy Solt 33793e
## <summary>
Jeremy Solt 33793e
##	Create, read, write, and delete
Jeremy Solt 33793e
##	certmonger lib files.
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## <param name="domain">
Jeremy Solt 33793e
##	<summary>
Jeremy Solt 33793e
##	Domain allowed access.
Jeremy Solt 33793e
##	</summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
#
Jeremy Solt 33793e
interface(`certmonger_manage_lib_files',`
Jeremy Solt 33793e
	gen_require(`
Jeremy Solt 33793e
		type certmonger_var_lib_t;
Jeremy Solt 33793e
	')
Jeremy Solt 33793e
Jeremy Solt 33793e
	files_search_var_lib($1)
Chris PeBenito da5940
	manage_files_pattern($1, certmonger_var_lib_t, certmonger_var_lib_t)
Jeremy Solt 33793e
')
Jeremy Solt 33793e
Jeremy Solt 33793e
########################################
Jeremy Solt 33793e
## <summary>
Chris PeBenito da5940
##	All of the rules required to administrate
Jeremy Solt 33793e
##	an certmonger environment
Jeremy Solt 33793e
## </summary>
Jeremy Solt 33793e
## <param name="domain">
Jeremy Solt 33793e
##	<summary>
Jeremy Solt 33793e
##	Domain allowed access.
Jeremy Solt 33793e
##	</summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
## <param name="role">
Jeremy Solt 33793e
##	<summary>
Jeremy Solt 33793e
##	Role allowed access.
Jeremy Solt 33793e
##	</summary>
Jeremy Solt 33793e
## </param>
Jeremy Solt 33793e
## <rolecap/>
Jeremy Solt 33793e
#
Jeremy Solt 33793e
interface(`certmonger_admin',`
Jeremy Solt 33793e
	gen_require(`
Jeremy Solt 33793e
		type certmonger_t, certmonger_initrc_exec_t;
Jeremy Solt 33793e
		type certmonger_var_lib_t, certmonger_var_run_t;
Jeremy Solt 33793e
	')
Jeremy Solt 33793e
Jeremy Solt 0e5494
	ps_process_pattern($1, certmonger_t)
Jeremy Solt 0e5494
	allow $1 certmonger_t:process { ptrace signal_perms };
Jeremy Solt 33793e
Jeremy Solt 33793e
	# Allow certmonger_t to restart the apache service
Jeremy Solt 33793e
	certmonger_initrc_domtrans($1)
Jeremy Solt 33793e
	domain_system_change_exemption($1)
Jeremy Solt 33793e
	role_transition $2 certmonger_initrc_exec_t system_r;
Jeremy Solt 33793e
	allow $2 system_r;
Jeremy Solt 33793e
Jeremy Solt 33793e
	files_search_var_lib($1)
Jeremy Solt 33793e
	admin_pattern($1, cermonger_var_lib_t)
Jeremy Solt 33793e
Jeremy Solt 33793e
	files_search_pids($1)
Jeremy Solt 33793e
	admin_pattern($1, cermonger_var_run_t)
Jeremy Solt 33793e
')