Chris PeBenito e32d52
## <module name="init" layer="system">
Chris PeBenito e32d52
## <summary>System initialization programs (init and init scripts).</summary>
Chris PeBenito e181fe
Chris PeBenito b4cd15
########################################
Chris PeBenito b4cd15
#
Chris PeBenito c9428d
# init_domain(domain,entrypointfile)
Chris PeBenito ff3138
#
Chris PeBenito c9428d
define(`init_domain',`
Chris PeBenito 3b857e
	requires_block_template(`$0'_depend)
Chris PeBenito 3b857e
Chris PeBenito c9428d
	domain_type($1)
Chris PeBenito c9428d
	domain_entry_file($1,$2)
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	role system_r types $1;
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	allow init_t $1:process transition;
Chris PeBenito dd8229
	allow init_t $2:file rx_file_perms;
Chris PeBenito 3b857e
	dontaudit init_t $1:process { noatsecure siginh rlimitinh };
Chris PeBenito 3b857e
	type_transition init_t $2:process $1;
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	allow $1 init_t:fd use;
Chris PeBenito 3b857e
	allow init_t $1:fd use;
Chris PeBenito 3b857e
	allow $1 init_t:fifo_file rw_file_perms;
Chris PeBenito 3b857e
	allow $1 init_t:process sigchld;
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	# Red Hat systems seem to have a stray
Chris PeBenito 3b857e
	# fd open from the initrd
Chris PeBenito 3b857e
	optional_policy(`distro_redhat',`
Chris PeBenito 0fd9dc
		kernel_dontaudit_use_fd($1)
Chris PeBenito c9428d
		files_dontaudit_read_root_file($1)
Chris PeBenito 3b857e
	')
Chris PeBenito ff3138
')
Chris PeBenito ff3138
Chris PeBenito c9428d
define(`init_domain_depend',`
Chris PeBenito 3b857e
	type init_t;
Chris PeBenito dd8229
	class file rx_file_perms;
Chris PeBenito 3b857e
	class fd use;
Chris PeBenito 3b857e
	class fifo_file rw_file_perms;
Chris PeBenito 3b857e
	class process { transition noatsecure siginh rlimitinh sigchld };
Chris PeBenito 3b857e
	role system_r;
Chris PeBenito ff3138
')
Chris PeBenito ff3138
Chris PeBenito ff3138
########################################
Chris PeBenito ff3138
#
Chris PeBenito c9428d
# init_daemon_domain(domain,entrypointfile)
Chris PeBenito ff3138
#
Chris PeBenito c9428d
define(`init_daemon_domain',`
Chris PeBenito 3b857e
	requires_block_template(`$0'_depend)
Chris PeBenito 3b857e
Chris PeBenito c9428d
	domain_type($1)
Chris PeBenito c9428d
	domain_entry_file($1,$2)
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	role system_r types $1;
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	allow initrc_t $1:process transition;
Chris PeBenito dd8229
	allow initrc_t $2:file rx_file_perms;
Chris PeBenito 3b857e
	dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
Chris PeBenito 3b857e
	type_transition initrc_t $2:process $1;
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	allow initrc_t $1:fd use;
Chris PeBenito 3b857e
	allow $1 initrc_t:fd use;
Chris PeBenito 3b857e
	allow $1 initrc_t:fifo_file rw_file_perms;
Chris PeBenito 3b857e
	allow $1 initrc_t:process sigchld;
Chris PeBenito 3b857e
Chris PeBenito 3b857e
	# Red Hat systems seem to have a stray
Chris PeBenito 3b857e
	# fd open from the initrd
Chris PeBenito 3b857e
	optional_policy(`distro_redhat',`
Chris PeBenito 0fd9dc
		kernel_dontaudit_use_fd($1)
Chris PeBenito c9428d
		files_dontaudit_read_root_file($1)
Chris PeBenito 3b857e
	')
Chris PeBenito ff3138
')
Chris PeBenito ff3138
Chris PeBenito c9428d
define(`init_daemon_domain_depend',`
Chris PeBenito d115b2
	type initrc_t;
Chris PeBenito d115b2
Chris PeBenito d115b2
	role system_r;
Chris PeBenito d115b2
Chris PeBenito dd8229
	class file rx_file_perms;
Chris PeBenito d115b2
	class fifo_file rw_file_perms;
Chris PeBenito d115b2
	class fd use;
Chris PeBenito d115b2
	class process { transition noatsecure siginh rlimitinh sigchld };
Chris PeBenito ff3138
')
Chris PeBenito ff3138
Chris PeBenito ff3138
########################################
Chris PeBenito ff3138
#
Chris PeBenito c9428d
# init_system_domain(domain,entrypointfile)
Chris PeBenito ff3138
#
Chris PeBenito c9428d
define(`init_system_domain',`
Chris PeBenito d115b2
	requires_block_template(`$0'_depend)
Chris PeBenito d115b2
Chris PeBenito c9428d
	domain_type($1)
Chris PeBenito c9428d
	domain_entry_file($1,$2)
Chris PeBenito d115b2
Chris PeBenito d115b2
	role system_r types $1;
Chris PeBenito d115b2
Chris PeBenito d115b2
	allow initrc_t $1:process transition;
Chris PeBenito dd8229
	allow initrc_t $2:file rx_file_perms;
Chris PeBenito d115b2
	dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
Chris PeBenito d115b2
	type_transition initrc_t $2:process $1;
Chris PeBenito d115b2
Chris PeBenito d115b2
	allow initrc_t $1:fd use;
Chris PeBenito d115b2
	allow $1 initrc_t:fd use;
Chris PeBenito d115b2
	allow $1 initrc_t:fifo_file rw_file_perms;
Chris PeBenito d115b2
	allow $1 initrc_t:process sigchld;
Chris PeBenito d115b2
Chris PeBenito d115b2
	# Red Hat systems seem to have a stray
Chris PeBenito d115b2
	# fd open from the initrd
Chris PeBenito d115b2
	optional_policy(`distro_redhat',`
Chris PeBenito 0fd9dc
		kernel_dontaudit_use_fd($1)
Chris PeBenito c9428d
		files_dontaudit_read_root_file($1)
Chris PeBenito d115b2
	')
Chris PeBenito ff3138
')
Chris PeBenito ff3138
Chris PeBenito c9428d
define(`init_system_domain_depend',`
Chris PeBenito d115b2
	type initrc_t;
Chris PeBenito d115b2
	role system_r;
Chris PeBenito d115b2
Chris PeBenito dd8229
	class file rx_file_perms;
Chris PeBenito d115b2
	class fd use;
Chris PeBenito d115b2
	class fifo_file rw_file_perms;
Chris PeBenito d115b2
	class process { transition noatsecure siginh rlimitinh sigchld };
Chris PeBenito ff3138
')
Chris PeBenito ff3138
Chris PeBenito ff3138
########################################
Chris PeBenito ff3138
#
Chris PeBenito c9428d
# init_domtrans(domain)
Chris PeBenito b4cd15
#
Chris PeBenito c9428d
define(`init_domtrans',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	allow $1 init_exec_t:file rx_file_perms;
Chris PeBenito 0c73cd
	allow $1 init_t:process transition;
Chris PeBenito 0c73cd
	type_transition $1 init_exec_t:process init_t;
Chris PeBenito 0c73cd
	dontaudit $1 init_t:process { noatsecure siginh rlimitinh };
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 init_t:fd use;
Chris PeBenito 0c73cd
	allow init_t $1:fd use;
Chris PeBenito 0c73cd
	allow init_t $1:fifo_file rw_file_perms;
Chris PeBenito 0c73cd
	allow init_t $1:process sigchld;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito c9428d
define(`init_domtrans_depend',`
Chris PeBenito 0c73cd
	type init_t, init_exec_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class file rx_file_perms;
Chris PeBenito 0c73cd
	class process { transition noatsecure siginh rlimitinh sigchld };
Chris PeBenito 0c73cd
	class fd use;
Chris PeBenito 0c73cd
	class fifo_file rw_file_perms;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito b4cd15
#
Chris PeBenito 5d7e8b
# init_get_process_group(domain)
Chris PeBenito 5d7e8b
#
Chris PeBenito 5d7e8b
define(`init_get_process_group',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 init_t:process getpgid;
Chris PeBenito 5d7e8b
')
Chris PeBenito 5d7e8b
Chris PeBenito 5d7e8b
define(`init_get_process_group_depend',`
Chris PeBenito 0c73cd
	type init_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class process getpgid;
Chris PeBenito 5d7e8b
')
Chris PeBenito 5d7e8b
Chris PeBenito 5d7e8b
########################################
Chris PeBenito 5d7e8b
#
Chris PeBenito c9428d
# init_getattr_initctl(domain)
Chris PeBenito a2d824
#
Chris PeBenito c9428d
define(`init_getattr_initctl',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 initctl_t:fifo_file getattr;
Chris PeBenito a2d824
')
Chris PeBenito a2d824
Chris PeBenito c9428d
define(`init_getattr_initctl_depend',`
Chris PeBenito 0c73cd
	type initctl_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class fifo_file getattr;
Chris PeBenito a2d824
')
Chris PeBenito a2d824
Chris PeBenito a2d824
########################################
Chris PeBenito a2d824
#
Chris PeBenito c9428d
# init_dontaudit_getattr_initctl(domain)
Chris PeBenito d490eb
#
Chris PeBenito c9428d
define(`init_dontaudit_getattr_initctl',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 initctl_t:fifo_file getattr;
Chris PeBenito d490eb
')
Chris PeBenito d490eb
Chris PeBenito c9428d
define(`init_getattr_initctl_depend',`
Chris PeBenito 0c73cd
	type initctl_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class fifo_file getattr;
Chris PeBenito d490eb
')
Chris PeBenito d490eb
Chris PeBenito d490eb
########################################
Chris PeBenito d490eb
#
Chris PeBenito c9428d
# init_use_initctl(domain)
Chris PeBenito d0b6ab
#
Chris PeBenito c9428d
define(`init_use_initctl',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Karl MacMillan f0c985
	dev_list_all_dev_nodes($1)
Chris PeBenito dd8229
	allow $1 initctl_t:fifo_file rw_file_perms;
Chris PeBenito d0b6ab
')
Chris PeBenito d0b6ab
Chris PeBenito c9428d
define(`init_use_initctl_depend',`
Chris PeBenito 0c73cd
	type initctl_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class fifo_file rw_file_perms;
Chris PeBenito d0b6ab
')
Chris PeBenito d0b6ab
Chris PeBenito d0b6ab
########################################
Chris PeBenito d0b6ab
#
Chris PeBenito c9428d
# init_dontaudit_use_initctl(domain)
Chris PeBenito d0b6ab
#
Chris PeBenito c9428d
define(`init_dontaudit_use_initctl',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 initctl_t:fifo_file { read write };
Chris PeBenito d0b6ab
')
Chris PeBenito d0b6ab
Chris PeBenito c9428d
define(`init_dontaudit_use_initctl_depend',`
Chris PeBenito 0c73cd
	type initctl_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class fifo_file { read write };
Chris PeBenito d0b6ab
')
Chris PeBenito d0b6ab
Chris PeBenito d0b6ab
########################################
Chris PeBenito d0b6ab
#
Chris PeBenito 3ce6cb
# init_sigchld(domain)
Chris PeBenito b4cd15
#
Chris PeBenito b4cd15
define(`init_sigchld',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 init_t:process sigchld;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
define(`init_sigchld_depend',`
Chris PeBenito 0c73cd
	type init_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class process sigchld;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito b4cd15
#
Chris PeBenito c9428d
# init_use_fd(domain)
Chris PeBenito 889c9a
#
Chris PeBenito c9428d
define(`init_use_fd',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 init_t:fd use;
Chris PeBenito 889c9a
')
Chris PeBenito 889c9a
Chris PeBenito c9428d
define(`init_use_fd_depend',`
Chris PeBenito 0c73cd
	type init_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class fd use;
Chris PeBenito 889c9a
')
Chris PeBenito 889c9a
Chris PeBenito 889c9a
########################################
Chris PeBenito 889c9a
#
Chris PeBenito c9428d
# init_dontaudit_use_fd(domain)
Chris PeBenito 07efe9
#
Chris PeBenito c9428d
define(`init_dontaudit_use_fd',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 init_t:fd use;
Chris PeBenito 07efe9
')
Chris PeBenito 07efe9
Chris PeBenito c9428d
define(`init_dontaudit_use_fd_depend',`
Chris PeBenito 0c73cd
	type init_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class fd use;
Chris PeBenito 07efe9
')
Chris PeBenito 07efe9
Chris PeBenito 07efe9
########################################
Chris PeBenito 07efe9
#
Chris PeBenito c9428d
# init_domtrans_script(domain)
Chris PeBenito b4cd15
#
Chris PeBenito c9428d
define(`init_domtrans_script',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	allow $1 initrc_exec_t:file rx_file_perms;
Chris PeBenito 0c73cd
	allow $1 initrc_t:process transition;
Chris PeBenito 0c73cd
	type_transition $1 initrc_exec_t:process init_t;
Chris PeBenito 0c73cd
	dontaudit $1 init_t:process { noatsecure siginh rlimitinh };
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 initrc_t:fd use;
Chris PeBenito 0c73cd
	allow initrc_t $1:fd use;
Chris PeBenito 0c73cd
	allow initrc_t $1:fifo_file rw_file_perms;
Chris PeBenito 0c73cd
	allow initrc_t $1:process sigchld;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito c9428d
define(`init_domtrans_script_depend',`
Chris PeBenito 0c73cd
	type initrc_t, initrc_exec_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class file rx_file_perms;
Chris PeBenito 0c73cd
	class process { transition noatsecure siginh rlimitinh sigchld };
Chris PeBenito 0c73cd
	class fd use;
Chris PeBenito 0c73cd
	class fifo_file rw_file_perms;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito b4cd15
#
Chris PeBenito c9428d
# init_exec_script(domain)
Chris PeBenito bd202f
#
Chris PeBenito c9428d
define(`init_exec_script',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	can_exec($1,initrc_exec_t)
Chris PeBenito dd8229
Chris PeBenito bd202f
')
Chris PeBenito bd202f
Chris PeBenito c9428d
define(`init_exec_script_depend',`
Chris PeBenito 0c73cd
	type initrc_exec_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class file { getattr read execute execute_no_trans };
Chris PeBenito bd202f
')
Chris PeBenito bd202f
Chris PeBenito bd202f
########################################
Chris PeBenito c9428d
## <interface name="init_read_script_process_state">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Read the process state (/proc/pid) of the init scripts.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito c9428d
define(`init_read_script_process_state',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	allow $1 initrc_t:dir r_dir_perms;
Chris PeBenito dd8229
	allow $1 initrc_t:{ file lnk_file } r_file_perms;
Chris PeBenito 0c73cd
	allow $1 initrc_t:process getattr;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	# We need to suppress this denial because procps tries to access
Chris PeBenito 0c73cd
	# /proc/pid/environ and this now triggers a ptrace check in recent kernels
Chris PeBenito 0c73cd
	# (2.4 and 2.6).  Might want to change procps to not do this, or only if
Chris PeBenito 0c73cd
	# running in a privileged domain.
Chris PeBenito 0c73cd
	dontaudit $1 initrc_t:process ptrace;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito c9428d
define(`init_read_script_process_state_depend',`
Chris PeBenito 0c73cd
	type initrc_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class dir r_dir_perms;
Chris PeBenito dd8229
	class file r_file_perms;
Chris PeBenito dd8229
	class lnk_file r_file_perms;
Chris PeBenito 0c73cd
	class process { getattr ptrace };
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito bd202f
#
Chris PeBenito c9428d
# init_use_script_fd(domain)
Chris PeBenito ee5772
#
Chris PeBenito c9428d
define(`init_use_script_fd',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 initrc_t:fd use;
Chris PeBenito ee5772
')
Chris PeBenito ee5772
Chris PeBenito c9428d
define(`init_use_script_fd_depend',`
Chris PeBenito 0c73cd
	type initrc_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class fd use;
Chris PeBenito ee5772
')
Chris PeBenito ee5772
Chris PeBenito ee5772
########################################
Chris PeBenito ee5772
#
Chris PeBenito c9428d
# init_dontaudit_use_script_fd(domain)
Chris PeBenito daa0e0
#
Chris PeBenito c9428d
define(`init_dontaudit_use_script_fd',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 initrc_t:fd use;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito c9428d
define(`init_dontaudit_use_script_fd_depend',`
Chris PeBenito 0c73cd
	type initrc_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class fd use;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito daa0e0
#
Chris PeBenito c9428d
# init_get_script_process_group(domain)
Chris PeBenito b16c6b
#
Chris PeBenito c9428d
define(`init_get_script_process_group',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 initrc_t:process getpgid;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito c9428d
define(`init_get_script_process_group_depend',`
Chris PeBenito 0c73cd
	type initrc_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class process getpgid;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito b16c6b
#
Chris PeBenito c9428d
# init_use_script_pty(domain)
Chris PeBenito 889c9a
#
Chris PeBenito c9428d
define(`init_use_script_pty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0fd9dc
	term_list_ptys($1)
Chris PeBenito 0c73cd
	allow $1 initrc_devpts_t:chr_file { getattr read write ioctl };
Chris PeBenito 889c9a
')
Chris PeBenito 889c9a
Chris PeBenito c9428d
define(`init_use_script_pty_depend',`
Chris PeBenito 0c73cd
	type initrc_devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { getattr read write ioctl };
Chris PeBenito 889c9a
')
Chris PeBenito 889c9a
Chris PeBenito 889c9a
########################################
Chris PeBenito 889c9a
#
Chris PeBenito c9428d
# init_dontaudit_use_script_pty(domain)
Chris PeBenito 5d7e8b
#
Chris PeBenito c9428d
define(`init_dontaudit_use_script_pty',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	dontaudit $1 initrc_devpts_t:chr_file { read write ioctl };
Chris PeBenito 5d7e8b
')
Chris PeBenito 5d7e8b
Chris PeBenito c9428d
define(`init_dontaudit_use_script_pty_depend',`
Chris PeBenito 0c73cd
	type initrc_devpts_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class chr_file { read write ioctl };
Chris PeBenito 5d7e8b
')
Chris PeBenito 5d7e8b
Chris PeBenito 5d7e8b
########################################
Chris PeBenito c9428d
## <interface name="init_rw_script_tmp_files">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Read and write init script temporary data.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito c9428d
define(`init_rw_script_tmp_files',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	# FIXME: read tmp_t
Chris PeBenito dd8229
	allow $1 initrc_tmp_t:file rw_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito c9428d
define(`init_rw_script_tmp_files_depend',`
Chris PeBenito 0c73cd
	type initrc_var_run_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class file rw_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito 5d7e8b
#
Chris PeBenito c9428d
# init_read_script_pid(domain)
Chris PeBenito b4cd15
#
Chris PeBenito c9428d
define(`init_read_script_pid',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito c9428d
	files_list_pids($1)
Chris PeBenito dd8229
	allow $1 initrc_var_run_t:file r_file_perms;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito c9428d
define(`init_read_script_pid_depend',`
Chris PeBenito 0c73cd
	type initrc_var_run_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class file r_file_perms;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito 3ce6cb
#
Chris PeBenito c9428d
# init_dontaudit_write_script_pid(domain)
Chris PeBenito 7bba9d
#
Chris PeBenito c9428d
define(`init_dontaudit_write_script_pid',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 initrc_var_run_t:file { write lock };
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito c9428d
define(`init_dontaudit_write_script_pid_depend',`
Chris PeBenito 0c73cd
	type initrc_var_run_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class file { write lock };
Chris PeBenito 7bba9d
')
Chris PeBenito 7bba9d
Chris PeBenito 7bba9d
########################################
Chris PeBenito 7bba9d
#
Chris PeBenito c9428d
# init_rw_script_pid(domain)
Chris PeBenito 3ce6cb
#
Chris PeBenito c9428d
define(`init_rw_script_pid',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito c9428d
	files_list_pids($1)
Chris PeBenito dd8229
	allow $1 initrc_var_run_t:file rw_file_perms;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito c9428d
define(`init_rw_script_pid_depend',`
Chris PeBenito 0c73cd
	type initrc_var_run_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class file rw_file_perms;
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito 3ce6cb
########################################
Chris PeBenito 3ce6cb
#
Chris PeBenito c9428d
# init_dontaudit_rw_script_pid(domain)
Chris PeBenito 3ce6cb
#
Chris PeBenito c9428d
define(`init_dontaudit_rw_script_pid',`
Chris PeBenito 0c73cd
	requires_block_template(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 initrc_var_run_t:file { getattr read write append };
Chris PeBenito 3ce6cb
')
Chris PeBenito 3ce6cb
Chris PeBenito c9428d
define(`init_dontaudit_rw_script_pid_depend',`
Chris PeBenito 0c73cd
	type initrc_var_run_t;
Chris PeBenito 0c73cd
Chris PeBenito dd8229
	class file rw_file_perms;
Chris PeBenito b4cd15
')
Chris PeBenito e32d52
Chris PeBenito e32d52
## </module>