Chris PeBenito 6e6156
Chris PeBenito 5ea24b
policy_module(comsat,1.1.0)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
########################################
Chris PeBenito 6e6156
#
Chris PeBenito 6e6156
# Declarations
Chris PeBenito 6e6156
#
Chris PeBenito 768283
Chris PeBenito 6e6156
type comsat_t;
Chris PeBenito 6e6156
type comsat_exec_t;
Chris PeBenito 6e6156
inetd_udp_service_domain(comsat_t,comsat_exec_t)
Chris PeBenito 6e6156
role system_r types comsat_t;
Chris PeBenito 6e6156
Chris PeBenito 6e6156
type comsat_tmp_t;
Chris PeBenito 6e6156
files_tmp_file(comsat_tmp_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
type comsat_var_run_t;
Chris PeBenito 6e6156
files_pid_file(comsat_var_run_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
########################################
Chris PeBenito 6e6156
#
Chris PeBenito 6e6156
# Local policy
Chris PeBenito 6e6156
#
Chris PeBenito 6e6156
Chris PeBenito 6e6156
allow comsat_t self:capability { setuid setgid };
Chris PeBenito 6e6156
allow comsat_t self:process signal_perms;
Chris PeBenito 6e6156
allow comsat_t self:dir search;
Chris PeBenito 6e6156
allow comsat_t self:fifo_file rw_file_perms;
Chris PeBenito 6e6156
allow comsat_t self:{ lnk_file file } { getattr read };
Chris PeBenito 6e6156
allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
Chris PeBenito 681c9a
allow comsat_t self:tcp_socket connected_stream_socket_perms;
Chris PeBenito 1904b0
allow comsat_t self:udp_socket create_socket_perms;
Chris PeBenito 6e6156
Chris PeBenito 6e6156
allow comsat_t comsat_tmp_t:dir create_dir_perms;
Chris PeBenito 6e6156
allow comsat_t comsat_tmp_t:file create_file_perms;
Chris PeBenito 103fe2
files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })
Chris PeBenito 6e6156
Chris PeBenito 6e6156
allow comsat_t comsat_var_run_t:file create_file_perms;
Chris PeBenito 33acca
allow comsat_t comsat_var_run_t:dir rw_dir_perms;
Chris PeBenito 1c1ac6
files_pid_filetrans(comsat_t,comsat_var_run_t,file)
Chris PeBenito 6e6156
Chris PeBenito 445522
kernel_read_kernel_sysctls(comsat_t)
Chris PeBenito 6e6156
kernel_read_network_state(comsat_t)
Chris PeBenito 6e6156
kernel_read_system_state(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
corenet_tcp_sendrecv_all_if(comsat_t)
Chris PeBenito 681c9a
corenet_udp_sendrecv_all_if(comsat_t)
Chris PeBenito 681c9a
corenet_raw_sendrecv_all_if(comsat_t)
Chris PeBenito 6e6156
corenet_tcp_sendrecv_all_nodes(comsat_t)
Chris PeBenito 681c9a
corenet_udp_sendrecv_all_nodes(comsat_t)
Chris PeBenito 681c9a
corenet_raw_sendrecv_all_nodes(comsat_t)
Chris PeBenito 768283
corenet_tcp_sendrecv_all_ports(comsat_t)
Chris PeBenito 2db2c7
corenet_udp_sendrecv_all_ports(comsat_t)
Chris PeBenito bd7037
corenet_non_ipsec_sendrecv(comsat_t)
Chris PeBenito 681c9a
corenet_tcp_bind_all_nodes(comsat_t)
Chris PeBenito 2db2c7
corenet_udp_bind_all_nodes(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
dev_read_urand(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
fs_getattr_xattr_fs(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
files_read_etc_files(comsat_t)
Chris PeBenito 681c9a
files_list_usr(comsat_t)
Chris PeBenito 6e6156
files_search_spool(comsat_t)
Chris PeBenito 6e6156
files_search_home(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 68228b
init_read_utmp(comsat_t)
Chris PeBenito 68228b
init_dontaudit_write_utmp(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
libs_use_ld_so(comsat_t)
Chris PeBenito 6e6156
libs_use_shared_libs(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
logging_send_syslog_msg(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
miscfiles_read_localization(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 6e6156
sysnet_read_config(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 1815ba
userdom_dontaudit_getattr_sysadm_ttys(comsat_t)
Chris PeBenito 725926
Chris PeBenito 6e6156
mta_getattr_spool(comsat_t)
Chris PeBenito 6e6156
Chris PeBenito 132880
optional_policy(`kerberos',`
Chris PeBenito 6e6156
	kerberos_use(comsat_t)
Chris PeBenito 6e6156
')
Chris PeBenito 6e6156
Chris PeBenito 132880
optional_policy(`nis',`
Chris PeBenito 6e6156
	nis_use_ypbind(comsat_t)
Chris PeBenito 6e6156
')
Chris PeBenito 6e6156
Chris PeBenito 132880
optional_policy(`nscd',`
Chris PeBenito 1815ba
	nscd_socket_use(comsat_t)
Chris PeBenito 6e6156
')
Chris PeBenito 6e6156
Chris PeBenito 725926