Chris PeBenito 42be7c
## <summary>Policy for MySQL</summary>
Chris PeBenito 42be7c
Chris PeBenito 42be7c
########################################
Chris PeBenito 42be7c
## <summary>
Chris PeBenito 42be7c
##	Send a generic signal to MySQL.
Chris PeBenito 42be7c
## </summary>
Chris PeBenito 42be7c
## <param name="domain">
Chris PeBenito 42be7c
##	Domain allowed access.
Chris PeBenito 42be7c
## </param>
Chris PeBenito 42be7c
#
Chris PeBenito 42be7c
interface(`mysql_signal',`
Chris PeBenito 42be7c
	gen_require(`
Chris PeBenito 42be7c
		type mysqld_t;
Chris PeBenito 42be7c
	')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
	allow $1 mysqld_t:process signal;
Chris PeBenito 42be7c
')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
########################################
Chris PeBenito 42be7c
## <summary>
Chris PeBenito 42be7c
##	Connect to MySQL using a unix domain stream socket.
Chris PeBenito 42be7c
## </summary>
Chris PeBenito 42be7c
## <param name="domain">
Chris PeBenito 42be7c
##	Domain allowed access.
Chris PeBenito 42be7c
## </param>
Chris PeBenito 42be7c
#
Chris PeBenito 42be7c
interface(`mysql_stream_connect',`
Chris PeBenito 42be7c
	gen_require(`
Chris PeBenito 71fe0f
		type mysqld_t, mysqld_var_run_t;
Chris PeBenito 42be7c
	')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
	allow $1 mysqld_var_run_t:dir search;
Chris PeBenito 42be7c
	allow $1 mysqld_var_run_t:sock_file write;
Chris PeBenito 42be7c
	allow $1 mysqld_t:unix_stream_socket connectto;
Chris PeBenito 42be7c
')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
########################################
Chris PeBenito 42be7c
## <summary>
Chris PeBenito 42be7c
##	Read MySQL configuration files.
Chris PeBenito 42be7c
## </summary>
Chris PeBenito 42be7c
## <param name="domain">
Chris PeBenito 42be7c
##	Domain allowed access.
Chris PeBenito 42be7c
## </param>
Chris PeBenito 42be7c
#
Chris PeBenito 42be7c
interface(`mysql_read_config',`
Chris PeBenito 42be7c
	gen_require(`
Chris PeBenito 42be7c
		type mysqld_etc_t;
Chris PeBenito 42be7c
	')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
	allow $1 mysqld_etc_t:dir { getattr read search };
Chris PeBenito 42be7c
	allow $1 mysqld_etc_t:file { read getattr };
Chris PeBenito 42be7c
	allow $1 mysqld_etc_t:lnk_file { getattr read };
Chris PeBenito 42be7c
')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
########################################
Chris PeBenito 42be7c
## <summary>
Chris PeBenito 42be7c
##	Search the directories that contain MySQL
Chris PeBenito 42be7c
##	database storage.
Chris PeBenito 42be7c
## </summary>
Chris PeBenito 42be7c
## <param name="domain">
Chris PeBenito 42be7c
##	Domain allowed access.
Chris PeBenito 42be7c
## </param>
Chris PeBenito 42be7c
#
Chris PeBenito 42be7c
# cjp: "_dir" in the name is added to clarify that this
Chris PeBenito 42be7c
# is not searching the database itself.
Chris PeBenito 42be7c
interface(`mysql_search_db_dir',`
Chris PeBenito 42be7c
	gen_require(`
Chris PeBenito 42be7c
		type mysqld_db_t;
Chris PeBenito 42be7c
	')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
	files_search_var_lib($1)
Chris PeBenito 42be7c
	allow $1 mysqld_db_t:dir search;
Chris PeBenito 42be7c
')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
########################################
Chris PeBenito 42be7c
## <summary>
Chris PeBenito 42be7c
##	Read and write to the MySQL database directory.
Chris PeBenito 42be7c
## </summary>
Chris PeBenito 42be7c
## <param name="domain">
Chris PeBenito 42be7c
##	Domain allowed access.
Chris PeBenito 42be7c
## </param>
Chris PeBenito 42be7c
#
Chris PeBenito 42be7c
interface(`mysql_rw_db_dir',`
Chris PeBenito 42be7c
	gen_require(`
Chris PeBenito 42be7c
		type mysqld_db_t;
Chris PeBenito 42be7c
	')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
	files_search_var_lib($1)
Chris PeBenito 42be7c
	allow $1 mysqld_db_t:dir rw_dir_perms;
Chris PeBenito 42be7c
')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
########################################
Chris PeBenito 42be7c
## <summary>
Chris PeBenito 42be7c
##	Create, read, write, and delete MySQL database directories.
Chris PeBenito 42be7c
## </summary>
Chris PeBenito 42be7c
## <param name="domain">
Chris PeBenito 42be7c
##	Domain allowed access.
Chris PeBenito 42be7c
## </param>
Chris PeBenito 42be7c
#
Chris PeBenito 42be7c
interface(`mysql_manage_db_dir',`
Chris PeBenito 42be7c
	gen_require(`
Chris PeBenito af4752
		type mysqld_db_t;
Chris PeBenito 42be7c
	')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
	files_search_var_lib($1)
Chris PeBenito 42be7c
	allow $1 mysqld_db_t:dir create_dir_perms;
Chris PeBenito 42be7c
')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
########################################
Chris PeBenito 42be7c
## <summary>
Chris PeBenito 4c7199
##	Read and write to the MySQL database
Chris PeBenito 4c7199
##	named socket.
Chris PeBenito 4c7199
## </summary>
Chris PeBenito 4c7199
## <param name="domain">
Chris PeBenito 4c7199
##	Domain allowed access.
Chris PeBenito 4c7199
## </param>
Chris PeBenito 4c7199
#
Chris PeBenito 4c7199
interface(`mysql_rw_db_socket',`
Chris PeBenito 4c7199
	gen_require(`
Chris PeBenito 4c7199
		type mysqld_db_t;
Chris PeBenito 4c7199
	')
Chris PeBenito 4c7199
Chris PeBenito 4c7199
	files_search_var_lib($1)
Chris PeBenito 4c7199
	allow $1 mysqld_db_t:dir search;
Chris PeBenito 4c7199
	allow $1 mysqld_db_t:sock_file rw_file_perms;
Chris PeBenito 4c7199
')
Chris PeBenito 4c7199
Chris PeBenito 4c7199
########################################
Chris PeBenito 4c7199
## <summary>
Chris PeBenito 42be7c
##	Write to the MySQL log.
Chris PeBenito 42be7c
## </summary>
Chris PeBenito 42be7c
## <param name="domain">
Chris PeBenito 42be7c
##	Domain allowed access.
Chris PeBenito 42be7c
## </param>
Chris PeBenito 42be7c
#
Chris PeBenito 42be7c
interface(`mysql_write_log',`
Chris PeBenito 42be7c
	gen_require(`
Chris PeBenito 42be7c
		type mysqld_log_t;
Chris PeBenito 42be7c
	')
Chris PeBenito 42be7c
Chris PeBenito 42be7c
	logging_search_logs($1)
Chris PeBenito 42be7c
	allow $1 mysqld_log_t:file { write append setattr ioctl };
Chris PeBenito 42be7c
')