Chris PeBenito 6a2975
## <summary>Who is logged in on other machines?</summary>
Chris PeBenito d13941
Chris PeBenito d13941
########################################
Chris PeBenito d13941
## <summary>
Chris PeBenito d13941
##	Execute a domain transition to run rwho.
Chris PeBenito d13941
## </summary>
Chris PeBenito d13941
## <param name="domain">
Chris PeBenito d13941
## <summary>
Chris PeBenito d13941
##	Domain allowed to transition.
Chris PeBenito d13941
## </summary>
Chris PeBenito d13941
## </param>
Chris PeBenito d13941
#
Chris PeBenito d13941
interface(`rwho_domtrans',`
Chris PeBenito d13941
	gen_require(`
Chris PeBenito d13941
		type rwho_t, rwho_exec_t;
Chris PeBenito d13941
	')
Chris PeBenito d13941
Chris PeBenito 0bfccd
	domtrans_pattern($1, rwho_exec_t, rwho_t)
Chris PeBenito d13941
')
Chris PeBenito d13941
Chris PeBenito d13941
########################################
Chris PeBenito 72f82c
## <summary>
Chris PeBenito 72f82c
##	Search rwho log directories.
Chris PeBenito 72f82c
## </summary>
Chris PeBenito 72f82c
## <param name="domain">
Chris PeBenito 72f82c
##	<summary>
Chris PeBenito 72f82c
##	Domain allowed access.
Chris PeBenito 72f82c
##	</summary>
Chris PeBenito 72f82c
## </param>
Chris PeBenito 72f82c
#
Chris PeBenito 72f82c
interface(`rwho_search_log',`
Chris PeBenito 72f82c
	gen_require(`
Chris PeBenito 72f82c
		type rwho_log_t;
Chris PeBenito 72f82c
	')
Chris PeBenito 72f82c
Chris PeBenito 72f82c
	allow $1 rwho_log_t:dir search_dir_perms;
Chris PeBenito 72f82c
	logging_search_logs($1)
Chris PeBenito 72f82c
')
Chris PeBenito 72f82c
Chris PeBenito 72f82c
########################################
Chris PeBenito 72f82c
## <summary>
Chris PeBenito 72f82c
##	Read rwho log files.
Chris PeBenito 72f82c
## </summary>
Chris PeBenito 72f82c
## <param name="domain">
Chris PeBenito 72f82c
##	<summary>
Chris PeBenito 72f82c
##	Domain allowed access.
Chris PeBenito 72f82c
##	</summary>
Chris PeBenito 72f82c
## </param>
Chris PeBenito 72f82c
#
Chris PeBenito 72f82c
interface(`rwho_read_log_files',`
Chris PeBenito 72f82c
	gen_require(`
Chris PeBenito 72f82c
		type rwho_log_t;
Chris PeBenito 72f82c
	')
Chris PeBenito 72f82c
Chris PeBenito 72f82c
	allow $1 rwho_log_t:file read_file_perms;
Chris PeBenito 72f82c
	allow $1 rwho_log_t:dir list_dir_perms;
Chris PeBenito 72f82c
	logging_search_logs($1)
Chris PeBenito 72f82c
')
Chris PeBenito 72f82c
Chris PeBenito 72f82c
########################################
Chris PeBenito d13941
## <summary>
Chris PeBenito d13941
##	Search rwho spool directories.
Chris PeBenito d13941
## </summary>
Chris PeBenito d13941
## <param name="domain">
Chris PeBenito d13941
##	<summary>
Chris PeBenito d13941
##	Domain allowed access.
Chris PeBenito d13941
##	</summary>
Chris PeBenito d13941
## </param>
Chris PeBenito d13941
#
Chris PeBenito d13941
interface(`rwho_search_spool',`
Chris PeBenito d13941
	gen_require(`
Chris PeBenito d13941
		type rwho_spool_t;
Chris PeBenito d13941
	')
Chris PeBenito d13941
Chris PeBenito d13941
	allow $1 rwho_spool_t:dir search_dir_perms;
Chris PeBenito d13941
	files_search_spool($1)
Chris PeBenito d13941
')
Chris PeBenito d13941
Chris PeBenito d13941
########################################
Chris PeBenito d13941
## <summary>
Chris PeBenito d13941
##	Read rwho spool files.
Chris PeBenito d13941
## </summary>
Chris PeBenito d13941
## <param name="domain">
Chris PeBenito d13941
##	<summary>
Chris PeBenito d13941
##	Domain allowed access.
Chris PeBenito d13941
##	</summary>
Chris PeBenito d13941
## </param>
Chris PeBenito d13941
#
Chris PeBenito d13941
interface(`rwho_read_spool_files',`
Chris PeBenito d13941
	gen_require(`
Chris PeBenito d13941
		type rwho_spool_t;
Chris PeBenito d13941
	')
Chris PeBenito d13941
Chris PeBenito 0bfccd
	read_files_pattern($1, rwho_spool_t, rwho_spool_t)
Chris PeBenito d13941
	files_search_spool($1)
Chris PeBenito d13941
')
Chris PeBenito d13941
Chris PeBenito d13941
########################################
Chris PeBenito d13941
## <summary>
Chris PeBenito d13941
##	Create, read, write, and delete
Chris PeBenito d13941
##	rwho spool files.
Chris PeBenito d13941
## </summary>
Chris PeBenito d13941
## <param name="domain">
Chris PeBenito d13941
##	<summary>
Chris PeBenito d13941
##	Domain allowed access.
Chris PeBenito d13941
##	</summary>
Chris PeBenito d13941
## </param>
Chris PeBenito d13941
#
Chris PeBenito d13941
interface(`rwho_manage_spool_files',`
Chris PeBenito d13941
	gen_require(`
Chris PeBenito d13941
		type rwho_spool_t;
Chris PeBenito d13941
	')
Chris PeBenito d13941
Chris PeBenito d13941
	manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
Chris PeBenito d13941
	files_search_spool($1)
Chris PeBenito d13941
')
Chris PeBenito 7a5e2d
Chris PeBenito 7a5e2d
########################################
Chris PeBenito 7a5e2d
## <summary>
Chris PeBenito 7a5e2d
##	All of the rules required to administrate 
Chris PeBenito 7a5e2d
##	an rwho environment
Chris PeBenito 7a5e2d
## </summary>
Chris PeBenito 7a5e2d
## <param name="domain">
Chris PeBenito 7a5e2d
##	<summary>
Chris PeBenito 7a5e2d
##	Domain allowed access.
Chris PeBenito 7a5e2d
##	</summary>
Chris PeBenito 7a5e2d
## </param>
Chris PeBenito e87221
## <param name="role">
Chris PeBenito e87221
##	<summary>
Chris PeBenito e87221
##	The role allowed access.
Chris PeBenito e87221
##	</summary>
Chris PeBenito e87221
## </param>
Chris PeBenito 7a5e2d
## <rolecap/>
Chris PeBenito 7a5e2d
#
Chris PeBenito 7a5e2d
interface(`rwho_admin',`
Chris PeBenito 7a5e2d
	gen_require(`
Chris PeBenito 7a5e2d
		type rwho_t, rwho_log_t, rwho_spool_t;
Chris PeBenito e87221
		type rwho_initrc_exec_t;
Chris PeBenito 7a5e2d
	')
Chris PeBenito 7a5e2d
Chris PeBenito e87221
	allow $1 rwho_t:process { ptrace signal_perms };
Chris PeBenito 7a5e2d
	ps_process_pattern($1, rwho_t)
Chris PeBenito e87221
Chris PeBenito e87221
	init_labeled_script_domtrans($1, rwho_initrc_exec_t)
Chris PeBenito e87221
	domain_system_change_exemption($1)
Chris PeBenito e87221
	role_transition $2 rwho_initrc_exec_t system_r;
Chris PeBenito e87221
	allow $2 system_r;
Chris PeBenito e87221
Chris PeBenito 7a5e2d
	logging_list_logs($1)
Chris PeBenito e87221
	admin_pattern($1, rwho_log_t)
Chris PeBenito 7a5e2d
Chris PeBenito 7a5e2d
	files_list_spool($1)
Chris PeBenito e87221
	admin_pattern($1, rwho_spool_t)
Chris PeBenito 7a5e2d
')