Chris PeBenito 17de1b
## <summary>Miscelaneous files.</summary>
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Dan Walsh 3eaa99
##	Make the specified type usable as a cert file.
Dan Walsh 3eaa99
## </summary>
Dan Walsh 3eaa99
## <desc>
Dan Walsh 3eaa99
##	

Dan Walsh 3eaa99
##	Make the specified type usable for cert files.
Dan Walsh 3eaa99
##	This will also make the type usable for files, making
Dan Walsh 3eaa99
##	calls to files_type() redundant.  Failure to use this interface
Dan Walsh 3eaa99
##	for a temporary file may result in problems with
Dan Walsh 3eaa99
##	cert management tools.
Dan Walsh 3eaa99
##	

Dan Walsh 3eaa99
##	

Dan Walsh 3eaa99
##	Related interfaces:
Dan Walsh 3eaa99
##	

Dan Walsh 3eaa99
##	
    Dan Walsh 3eaa99
    ##		
  • files_type()
  • Dan Walsh 3eaa99
    ##	
    Dan Walsh 3eaa99
    ##	

    Dan Walsh 3eaa99
    ##	Example:
    Dan Walsh 3eaa99
    ##	

    Dan Walsh 3eaa99
    ##	

    Dan Walsh 3eaa99
    ##	type mycertfile_t;
    Dan Walsh 3eaa99
    ##	cert_type(mycertfile_t)
    Dan Walsh 3eaa99
    ##	allow mydomain_t mycertfile_t:file read_file_perms;
    Dan Walsh 3eaa99
    ##	files_search_etc(mydomain_t)
    Dan Walsh 3eaa99
    ##	

    Dan Walsh 3eaa99
    ## </desc>
    Dan Walsh 3eaa99
    ## <param name="type">
    Dan Walsh 3eaa99
    ##	<summary>
    Dan Walsh 3eaa99
    ##	Type to be used for files.
    Dan Walsh 3eaa99
    ##	</summary>
    Dan Walsh 3eaa99
    ## </param>
    Dan Walsh 3eaa99
    ## <infoflow type="none"/>
    Dan Walsh 3eaa99
    #
    Dan Walsh 3eaa99
    interface(`miscfiles_cert_type',`
    Dan Walsh 3eaa99
    	gen_require(`
    Dan Walsh 3eaa99
    		attribute cert_type;
    Dan Walsh 3eaa99
    	')
    Dan Walsh 3eaa99
    Dan Walsh 3eaa99
    	typeattribute $1 cert_type;
    Dan Walsh 3eaa99
    	files_type($1)
    Dan Walsh 3eaa99
    ')
    Dan Walsh 3eaa99
    Dan Walsh 3eaa99
    ########################################
    Dan Walsh 3eaa99
    ## <summary>
    Chris PeBenito 17de1b
    ##	Read system SSL certificates.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_certs',`
    Chris PeBenito 17de1b
    	gen_require(`
    Dan Walsh 3eaa99
    		attribute cert_type;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Dan Walsh 3eaa99
    	allow $1 cert_type:dir list_dir_perms;
    Dan Walsh 3eaa99
    	read_files_pattern($1, cert_type, cert_type)
    Dan Walsh 3eaa99
    	read_lnk_files_pattern($1, cert_type, cert_type)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 244b45
    ##	manange system SSL certificates.
    Chris PeBenito 244b45
    ## </summary>
    Chris PeBenito 244b45
    ## <param name="domain">
    Chris PeBenito 244b45
    ##	<summary>
    Chris PeBenito 244b45
    ##	Domain allowed access.
    Chris PeBenito 244b45
    ##	</summary>
    Chris PeBenito 244b45
    ## </param>
    Chris PeBenito 244b45
    ## <rolecap/>
    Chris PeBenito 244b45
    #
    Chris PeBenito 244b45
    interface(`miscfiles_manage_cert_dirs',`
    Chris PeBenito 244b45
    	gen_require(`
    Chris PeBenito 244b45
    		type cert_t;
    Chris PeBenito 244b45
    	')
    Chris PeBenito 244b45
    Chris PeBenito 244b45
    	manage_dirs_pattern($1, cert_t, cert_t)
    Chris PeBenito 244b45
    ')
    Chris PeBenito 244b45
    Chris PeBenito 244b45
    ########################################
    Chris PeBenito 244b45
    ## <summary>
    Chris PeBenito 244b45
    ##	manange system SSL certificates.
    Chris PeBenito 244b45
    ## </summary>
    Chris PeBenito 244b45
    ## <param name="domain">
    Chris PeBenito 244b45
    ##	<summary>
    Chris PeBenito 244b45
    ##	Domain allowed access.
    Chris PeBenito 244b45
    ##	</summary>
    Chris PeBenito 244b45
    ## </param>
    Chris PeBenito 244b45
    ## <rolecap/>
    Chris PeBenito 244b45
    #
    Chris PeBenito 244b45
    interface(`miscfiles_manage_cert_files',`
    Chris PeBenito 244b45
    	gen_require(`
    Chris PeBenito 244b45
    		type cert_t;
    Chris PeBenito 244b45
    	')
    Chris PeBenito 244b45
    Chris PeBenito 244b45
    	manage_files_pattern($1, cert_t, cert_t)
    Chris PeBenito 244b45
    	read_lnk_files_pattern($1, cert_t, cert_t)
    Chris PeBenito 244b45
    ')
    Chris PeBenito 244b45
    Chris PeBenito 244b45
    ########################################
    Chris PeBenito 244b45
    ## <summary>
    Chris PeBenito 17de1b
    ##	Read fonts.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_fonts',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito d0a6df
    		type fonts_t, fonts_cache_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	# cjp: fonts can be in either of these dirs
    Chris PeBenito 17de1b
    	files_search_usr($1)
    Chris PeBenito 17de1b
    	libs_search_lib($1)
    Chris PeBenito 17de1b
    Chris PeBenito c0868a
    	allow $1 fonts_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	read_files_pattern($1, fonts_t, fonts_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, fonts_t, fonts_t)
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    	allow $1 fonts_cache_t:dir list_dir_perms;
    Chris PeBenito d0a6df
    	read_files_pattern($1, fonts_cache_t, fonts_cache_t)
    Chris PeBenito d0a6df
    	read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 9dfdd4
    ##	Set the attributes on a fonts directory.
    Chris PeBenito 9dfdd4
    ## </summary>
    Chris PeBenito 9dfdd4
    ## <param name="domain">
    Chris PeBenito 9dfdd4
    ##	<summary>
    Chris PeBenito 9dfdd4
    ##	Domain allowed access.
    Chris PeBenito 9dfdd4
    ##	</summary>
    Chris PeBenito 9dfdd4
    ## </param>
    Chris PeBenito 9dfdd4
    ## <rolecap/>
    Chris PeBenito 9dfdd4
    #
    Chris PeBenito 9dfdd4
    interface(`miscfiles_setattr_fonts_dirs',`
    Chris PeBenito 9dfdd4
    	gen_require(`
    Chris PeBenito 9dfdd4
    		type fonts_t;
    Chris PeBenito 9dfdd4
    	')
    Chris PeBenito 9dfdd4
    Chris PeBenito 9dfdd4
    	allow $1 fonts_t:dir setattr;
    Chris PeBenito 9dfdd4
    ')
    Chris PeBenito 9dfdd4
    Chris PeBenito 9dfdd4
    ########################################
    Chris PeBenito 9dfdd4
    ## <summary>
    Chris PeBenito 9dfdd4
    ##	Do not audit attempts to set the attributes
    Chris PeBenito 9dfdd4
    ##	on a fonts directory.
    Chris PeBenito 9dfdd4
    ## </summary>
    Chris PeBenito 9dfdd4
    ## <param name="domain">
    Chris PeBenito 9dfdd4
    ##	<summary>
    Dominick Grift a0546c
    ##	Domain to not audit.
    Chris PeBenito 9dfdd4
    ##	</summary>
    Chris PeBenito 9dfdd4
    ## </param>
    Chris PeBenito 9dfdd4
    ## <rolecap/>
    Chris PeBenito 9dfdd4
    #
    Chris PeBenito 9dfdd4
    interface(`miscfiles_dontaudit_setattr_fonts_dirs',`
    Chris PeBenito 9dfdd4
    	gen_require(`
    Chris PeBenito 9dfdd4
    		type fonts_t;
    Chris PeBenito 9dfdd4
    	')
    Chris PeBenito 9dfdd4
    Chris PeBenito 9dfdd4
    	dontaudit $1 fonts_t:dir setattr;
    Chris PeBenito 9dfdd4
    ')
    Chris PeBenito 9dfdd4
    Chris PeBenito 9dfdd4
    ########################################
    Chris PeBenito 9dfdd4
    ## <summary>
    Chris PeBenito 226c06
    ##	Do not audit attempts to write fonts.
    Chris PeBenito 226c06
    ## </summary>
    Chris PeBenito 226c06
    ## <param name="domain">
    Chris PeBenito 226c06
    ##	<summary>
    Dominick Grift a0546c
    ##	Domain to not audit.
    Chris PeBenito 226c06
    ##	</summary>
    Chris PeBenito 226c06
    ## </param>
    Chris PeBenito 226c06
    ## <rolecap/>
    Chris PeBenito 226c06
    #
    Chris PeBenito 226c06
    interface(`miscfiles_dontaudit_write_fonts',`
    Chris PeBenito 226c06
    	gen_require(`
    Chris PeBenito 226c06
    		type fonts_t;
    Chris PeBenito 226c06
    	')
    Chris PeBenito 226c06
    Chris PeBenito 244b45
    	dontaudit $1 fonts_t:dir { write setattr };
    Chris PeBenito 226c06
    	dontaudit $1 fonts_t:file write;
    Chris PeBenito 226c06
    ')
    Chris PeBenito 226c06
    Chris PeBenito 226c06
    ########################################
    Chris PeBenito 226c06
    ## <summary>
    Chris PeBenito 17de1b
    ##	Create, read, write, and delete fonts.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_manage_fonts',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type fonts_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	# cjp: fonts can be in either of these dirs
    Chris PeBenito 17de1b
    	files_search_usr($1)
    Chris PeBenito 17de1b
    	libs_search_lib($1)
    Chris PeBenito 17de1b
    Chris PeBenito 3f67f7
    	manage_dirs_pattern($1, fonts_t, fonts_t)
    Chris PeBenito 3f67f7
    	manage_files_pattern($1, fonts_t, fonts_t)
    Chris PeBenito 3f67f7
    	manage_lnk_files_pattern($1, fonts_t, fonts_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito d0a6df
    ##	Set the attributes on a fonts cache directory.
    Chris PeBenito d0a6df
    ## </summary>
    Chris PeBenito d0a6df
    ## <param name="domain">
    Chris PeBenito d0a6df
    ##	<summary>
    Chris PeBenito d0a6df
    ##	Domain allowed access.
    Chris PeBenito d0a6df
    ##	</summary>
    Chris PeBenito d0a6df
    ## </param>
    Chris PeBenito d0a6df
    #
    Chris PeBenito d0a6df
    interface(`miscfiles_setattr_fonts_cache_dirs',`
    Chris PeBenito d0a6df
    	gen_require(`
    Chris PeBenito d0a6df
    		type fonts_cache_t;
    Chris PeBenito d0a6df
    	')
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    	allow $1 fonts_cache_t:dir setattr;
    Chris PeBenito d0a6df
    ')
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    ########################################
    Chris PeBenito d0a6df
    ## <summary>
    Chris PeBenito d0a6df
    ##	Do not audit attempts to set the attributes
    Chris PeBenito d0a6df
    ##	on a fonts cache directory.
    Chris PeBenito d0a6df
    ## </summary>
    Chris PeBenito d0a6df
    ## <param name="domain">
    Chris PeBenito d0a6df
    ##	<summary>
    Dominick Grift a0546c
    ##	Domain to not audit.
    Chris PeBenito d0a6df
    ##	</summary>
    Chris PeBenito d0a6df
    ## </param>
    Chris PeBenito d0a6df
    #
    Chris PeBenito d0a6df
    interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
    Chris PeBenito d0a6df
    	gen_require(`
    Chris PeBenito d0a6df
    		type fonts_cache_t;
    Chris PeBenito d0a6df
    	')
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    	dontaudit $1 fonts_cache_t:dir setattr;
    Chris PeBenito d0a6df
    ')
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    ########################################
    Chris PeBenito d0a6df
    ## <summary>
    Chris PeBenito d0a6df
    ##	Create, read, write, and delete fonts cache.
    Chris PeBenito d0a6df
    ## </summary>
    Chris PeBenito d0a6df
    ## <param name="domain">
    Chris PeBenito d0a6df
    ##	<summary>
    Chris PeBenito d0a6df
    ##	Domain allowed access.
    Chris PeBenito d0a6df
    ##	</summary>
    Chris PeBenito d0a6df
    ## </param>
    Chris PeBenito d0a6df
    ## <rolecap/>
    Chris PeBenito d0a6df
    #
    Chris PeBenito d0a6df
    interface(`miscfiles_manage_fonts_cache',`
    Chris PeBenito d0a6df
    	gen_require(`
    Chris PeBenito d0a6df
    		type fonts_cache_t;
    Chris PeBenito d0a6df
    	')
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    	files_search_var($1)
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    	manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t)
    Chris PeBenito d0a6df
    	manage_files_pattern($1, fonts_cache_t, fonts_cache_t)
    Chris PeBenito d0a6df
    	manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
    Chris PeBenito d0a6df
    ')
    Chris PeBenito d0a6df
    Chris PeBenito d0a6df
    ########################################
    Chris PeBenito d0a6df
    ## <summary>
    Chris PeBenito 17de1b
    ##	Read hardware identification data.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_hwdata',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type hwdata_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito c0868a
    	allow $1 hwdata_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	read_files_pattern($1, hwdata_t, hwdata_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, hwdata_t, hwdata_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 6b19be
    ##	Allow process to setattr localization info
    Chris PeBenito 6b19be
    ## </summary>
    Chris PeBenito 6b19be
    ## <param name="domain">
    Chris PeBenito 6b19be
    ##	<summary>
    Chris PeBenito 6b19be
    ##	Domain allowed access.
    Chris PeBenito 6b19be
    ##	</summary>
    Chris PeBenito 6b19be
    ## </param>
    Chris PeBenito 6b19be
    #
    Chris PeBenito 6b19be
    interface(`miscfiles_setattr_localization',`
    Chris PeBenito 6b19be
    	gen_require(`
    Chris PeBenito 6b19be
    		type locale_t;
    Chris PeBenito 6b19be
    	')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    	files_search_usr($1)
    Chris PeBenito 6b19be
    	allow $1 locale_t:dir list_dir_perms;
    Chris PeBenito 6b19be
    	allow $1 locale_t:file setattr;
    Chris PeBenito 6b19be
    ')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    ########################################
    Chris PeBenito 6b19be
    ## <summary>
    Chris PeBenito 611bc9
    ##	Allow process to read localization information.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 611bc9
    ## <desc>
    Chris PeBenito 611bc9
    ##	

    Chris PeBenito 611bc9
    ##	Allow the specified domain to read the localization files.
    Chris PeBenito 611bc9
    ##	This is typically for time zone configuration files, such as
    Chris PeBenito 611bc9
    ##	/etc/localtime and files in /usr/share/zoneinfo.
    Chris PeBenito 611bc9
    ##	Typically, any domain which needs to know the GMT/UTC
    Chris PeBenito 611bc9
    ##	offset of the current timezone will need access
    Chris PeBenito 611bc9
    ##	to these files. Generally, it should be safe for any
    Chris PeBenito 611bc9
    ##	domain to read these files.
    Chris PeBenito 611bc9
    ##	

    Chris PeBenito 611bc9
    ## </desc>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 611bc9
    ## <infoflow type="read" weight="10"/>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_localization',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type locale_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 2cac32
    	files_read_etc_symlinks($1)
    Chris PeBenito 17de1b
    	files_search_usr($1)
    Chris PeBenito c0868a
    	allow $1 locale_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	read_files_pattern($1, locale_t, locale_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, locale_t, locale_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito a5e213
    ##	Allow process to write localization info
    Chris PeBenito a5e213
    ## </summary>
    Chris PeBenito a5e213
    ## <param name="domain">
    Chris PeBenito a5e213
    ##	<summary>
    Chris PeBenito a5e213
    ##	Domain allowed access.
    Chris PeBenito a5e213
    ##	</summary>
    Chris PeBenito a5e213
    ## </param>
    Chris PeBenito a5e213
    #
    Chris PeBenito a5e213
    interface(`miscfiles_rw_localization',`
    Chris PeBenito a5e213
    	gen_require(`
    Chris PeBenito a5e213
    		type locale_t;
    Chris PeBenito a5e213
    	')
    Chris PeBenito a5e213
    Chris PeBenito a5e213
    	files_search_usr($1)
    Chris PeBenito a5e213
    	allow $1 locale_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	rw_files_pattern($1, locale_t, locale_t)
    Chris PeBenito a5e213
    ')
    Chris PeBenito a5e213
    Chris PeBenito a5e213
    ########################################
    Chris PeBenito a5e213
    ## <summary>
    Chris PeBenito 6b19be
    ##	Allow process to relabel localization info
    Chris PeBenito 6b19be
    ## </summary>
    Chris PeBenito 6b19be
    ## <param name="domain">
    Chris PeBenito 6b19be
    ##	<summary>
    Chris PeBenito 6b19be
    ##	Domain allowed access.
    Chris PeBenito 6b19be
    ##	</summary>
    Chris PeBenito 6b19be
    ## </param>
    Chris PeBenito 6b19be
    #
    Chris PeBenito 6b19be
    interface(`miscfiles_relabel_localization',`
    Chris PeBenito 6b19be
    	gen_require(`
    Chris PeBenito 6b19be
    		type locale_t;
    Chris PeBenito 6b19be
    	')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    	files_search_usr($1)
    Chris PeBenito 3f67f7
    	relabel_files_pattern($1, locale_t, locale_t)
    Chris PeBenito 6b19be
    ')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    ########################################
    Chris PeBenito 6b19be
    ## <summary>
    Chris PeBenito 17de1b
    ##	Allow process to read legacy time localization info
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_legacy_read_localization',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type locale_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	miscfiles_read_localization($1)
    Chris PeBenito 17de1b
    	allow $1 locale_t:file execute;
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 9dfdd4
    ##	Search man pages.
    Chris PeBenito 9dfdd4
    ## </summary>
    Chris PeBenito 9dfdd4
    ## <param name="domain">
    Chris PeBenito 9dfdd4
    ##	<summary>
    Dominick Grift a0546c
    ##	Domain allowed access.
    Chris PeBenito 9dfdd4
    ##	</summary>
    Chris PeBenito 9dfdd4
    ## </param>
    Chris PeBenito 9dfdd4
    #
    Chris PeBenito 9dfdd4
    interface(`miscfiles_search_man_pages',`
    Chris PeBenito 9dfdd4
    	gen_require(`
    Chris PeBenito 9dfdd4
    		type man_t;
    Chris PeBenito 9dfdd4
    	')
    Chris PeBenito 9dfdd4
    Chris PeBenito 9dfdd4
    	allow $1 man_t:dir search_dir_perms;
    Chris PeBenito 9dfdd4
    	files_search_usr($1)
    Chris PeBenito 9dfdd4
    ')
    Chris PeBenito 9dfdd4
    Chris PeBenito 9dfdd4
    ########################################
    Chris PeBenito 9dfdd4
    ## <summary>
    Chris PeBenito 17de1b
    ##	Do not audit attempts to search man pages.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain to not audit.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_dontaudit_search_man_pages',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type man_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 9dfdd4
    	dontaudit $1 man_t:dir search_dir_perms;
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Read man pages
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_man_pages',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type man_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	files_search_usr($1)
    Chris PeBenito c0868a
    	allow $1 man_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	read_files_pattern($1, man_t, man_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, man_t, man_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Delete man pages
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    # cjp: added for tmpreaper
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_delete_man_pages',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type man_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	files_search_usr($1)
    Chris PeBenito c0868a
    Chris PeBenito c0868a
    	allow $1 man_t:dir setattr;
    Chris PeBenito 226c06
    	# RH bug #309351
    Chris PeBenito 226c06
    	allow $1 man_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	delete_dirs_pattern($1, man_t, man_t)
    Chris PeBenito 3f67f7
    	delete_files_pattern($1, man_t, man_t)
    Chris PeBenito 3f67f7
    	delete_lnk_files_pattern($1, man_t, man_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Create, read, write, and delete man pages
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_manage_man_pages',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type man_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	files_search_usr($1)
    Chris PeBenito 3f67f7
    	manage_dirs_pattern($1, man_t, man_t)
    Chris PeBenito 3f67f7
    	manage_files_pattern($1, man_t, man_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, man_t, man_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Read public files used for file
    Chris PeBenito 17de1b
    ##	transfer services.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_public_files',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type public_content_t, public_content_rw_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito c0868a
    	allow $1 { public_content_t public_content_rw_t }:dir list_dir_perms;
    Chris PeBenito dccbb8
    	read_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t })
    Chris PeBenito dccbb8
    	read_lnk_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t })
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Create, read, write, and delete public files
    Chris PeBenito 17de1b
    ##	and directories used for file transfer services.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito bbcd3c
    ## <rolecap/>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_manage_public_files',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type public_content_rw_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 3f67f7
    	manage_dirs_pattern($1, public_content_rw_t, public_content_rw_t)
    Chris PeBenito 3f67f7
    	manage_files_pattern($1, public_content_rw_t, public_content_rw_t)
    Chris PeBenito 3f67f7
    	manage_lnk_files_pattern($1, public_content_rw_t, public_content_rw_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Read TeX data
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_tetex_data',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type tetex_data_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	files_search_var($1)
    Chris PeBenito 17de1b
    	files_search_var_lib($1)
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	# cjp: TeX data can be in either of the above dirs
    Chris PeBenito c0868a
    	allow $1 tetex_data_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	read_files_pattern($1, tetex_data_t, tetex_data_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, tetex_data_t, tetex_data_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Execute TeX data programs in the caller domain.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_exec_tetex_data',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type fonts_t;
    Chris PeBenito 8f3a0a
    		type tetex_data_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	files_search_var($1)
    Chris PeBenito 17de1b
    	files_search_var_lib($1)
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	# cjp: TeX data can be in either of the above dirs
    Chris PeBenito c0868a
    	allow $1 tetex_data_t:dir list_dir_perms;
    Chris PeBenito 3f67f7
    	exec_files_pattern($1, tetex_data_t, tetex_data_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Let test files be an entry point for
    Chris PeBenito 17de1b
    ##	a specified domain.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Dominick Grift a0546c
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_domain_entry_test_files',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type test_file_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    	domain_entry_file($1, test_file_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Read test files and directories.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_read_test_files',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type test_file_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 3f67f7
    	read_files_pattern($1, test_file_t, test_file_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, test_file_t, test_file_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 17de1b
    Chris PeBenito 17de1b
    ########################################
    Chris PeBenito 17de1b
    ## <summary>
    Chris PeBenito 17de1b
    ##	Execute test files.
    Chris PeBenito 17de1b
    ## </summary>
    Chris PeBenito 17de1b
    ## <param name="domain">
    Chris PeBenito 17de1b
    ##	<summary>
    Chris PeBenito 17de1b
    ##	Domain allowed access.
    Chris PeBenito 17de1b
    ##	</summary>
    Chris PeBenito 17de1b
    ## </param>
    Chris PeBenito 17de1b
    #
    Chris PeBenito 17de1b
    interface(`miscfiles_exec_test_files',`
    Chris PeBenito 17de1b
    	gen_require(`
    Chris PeBenito 17de1b
    		type test_file_t;
    Chris PeBenito 17de1b
    	')
    Chris PeBenito 17de1b
    Chris PeBenito 3f67f7
    	exec_files_pattern($1, test_file_t, test_file_t)
    Chris PeBenito 3f67f7
    	read_lnk_files_pattern($1, test_file_t, test_file_t)
    Chris PeBenito 17de1b
    ')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    ########################################
    Chris PeBenito 6b19be
    ## <summary>
    Chris PeBenito 6b19be
    ##	Execute test files.
    Chris PeBenito 6b19be
    ## </summary>
    Chris PeBenito 6b19be
    ## <param name="domain">
    Chris PeBenito 6b19be
    ##	<summary>
    Chris PeBenito 6b19be
    ##	Domain allowed access.
    Chris PeBenito 6b19be
    ##	</summary>
    Chris PeBenito 6b19be
    ## </param>
    Chris PeBenito 6b19be
    #
    Chris PeBenito 6b19be
    interface(`miscfiles_etc_filetrans_localization',`
    Chris PeBenito 6b19be
    	gen_require(`
    Chris PeBenito 6b19be
    		type locale_t;
    Chris PeBenito 6b19be
    	')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    	files_etc_filetrans($1, locale_t, file)
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    ')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    ########################################
    Chris PeBenito 6b19be
    ## <summary>
    Chris PeBenito 6b19be
    ##	Create, read, write, and delete localization
    Chris PeBenito 6b19be
    ## </summary>
    Chris PeBenito 6b19be
    ## <param name="domain">
    Chris PeBenito 6b19be
    ##	<summary>
    Chris PeBenito 6b19be
    ##	Domain allowed access.
    Chris PeBenito 6b19be
    ##	</summary>
    Chris PeBenito 6b19be
    ## </param>
    Chris PeBenito 6b19be
    ## <rolecap/>
    Chris PeBenito 6b19be
    #
    Chris PeBenito 6b19be
    interface(`miscfiles_manage_localization',`
    Chris PeBenito 6b19be
    	gen_require(`
    Chris PeBenito 6b19be
    		type locale_t;
    Chris PeBenito 6b19be
    	')
    Chris PeBenito 6b19be
    Chris PeBenito 3f67f7
    	manage_dirs_pattern($1, locale_t, locale_t)
    Chris PeBenito 3f67f7
    	manage_files_pattern($1, locale_t, locale_t)
    Chris PeBenito 3f67f7
    	manage_lnk_files_pattern($1, locale_t, locale_t)
    Chris PeBenito 6b19be
    ')
    Chris PeBenito 6b19be