|
Chris PeBenito |
e181fe |
# Copyright (C) 2005 Tresys Technology, LLC
|
|
Chris PeBenito |
e181fe |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
ff3138 |
# init_make_init_domain(domain,entrypointfile)
|
|
Chris PeBenito |
ff3138 |
#
|
|
Chris PeBenito |
ff3138 |
define(`init_make_init_domain',`
|
|
Chris PeBenito |
ff3138 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
ff3138 |
domain_make_domain($1)
|
|
Chris PeBenito |
ff3138 |
domain_make_entrypoint_file($1,$2)
|
|
Chris PeBenito |
ff3138 |
role system_r types $1;
|
|
Chris PeBenito |
ff3138 |
allow init_t $1:process transition;
|
|
Chris PeBenito |
ff3138 |
allow init_t $2:file { getattr read execute };
|
|
Chris PeBenito |
ff3138 |
dontaudit init_t $1:process { noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
ff3138 |
type_transition init_t $2:process $1;
|
|
Chris PeBenito |
ff3138 |
')
|
|
Chris PeBenito |
ff3138 |
|
|
Chris PeBenito |
ff3138 |
define(`init_make_init_domain_depend',`
|
|
Chris PeBenito |
ff3138 |
type init_t;
|
|
Chris PeBenito |
ff3138 |
class file { getattr read execute };
|
|
Chris PeBenito |
ff3138 |
class fd use;
|
|
Chris PeBenito |
ff3138 |
class process { transition noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
ff3138 |
role system_r;
|
|
Chris PeBenito |
ff3138 |
')
|
|
Chris PeBenito |
ff3138 |
|
|
Chris PeBenito |
ff3138 |
########################################
|
|
Chris PeBenito |
ff3138 |
#
|
|
Chris PeBenito |
ff3138 |
# init_make_daemon_domain(domain,entrypointfile)
|
|
Chris PeBenito |
ff3138 |
#
|
|
Chris PeBenito |
ff3138 |
define(`init_make_daemon_domain',`
|
|
Chris PeBenito |
ff3138 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
ff3138 |
domain_make_domain($1)
|
|
Chris PeBenito |
ff3138 |
domain_make_entrypoint_file($1,$2)
|
|
Chris PeBenito |
ff3138 |
role system_r types $1;
|
|
Chris PeBenito |
ff3138 |
allow initrc_t $1:process transition;
|
|
Chris PeBenito |
ff3138 |
allow initrc_t $2:file { getattr read execute };
|
|
Chris PeBenito |
ff3138 |
dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
ff3138 |
allow $1 initrc_t:fd use;
|
|
Chris PeBenito |
ff3138 |
type_transition initrc_t $2:process $1;
|
|
Chris PeBenito |
ff3138 |
')
|
|
Chris PeBenito |
ff3138 |
|
|
Chris PeBenito |
ff3138 |
define(`init_make_daemon_domain_depend',`
|
|
Chris PeBenito |
ff3138 |
type initrc_t;
|
|
Chris PeBenito |
ff3138 |
class file { getattr read execute };
|
|
Chris PeBenito |
ff3138 |
class fd use;
|
|
Chris PeBenito |
ff3138 |
class process { transition noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
ff3138 |
role system_r;
|
|
Chris PeBenito |
ff3138 |
')
|
|
Chris PeBenito |
ff3138 |
|
|
Chris PeBenito |
ff3138 |
########################################
|
|
Chris PeBenito |
ff3138 |
#
|
|
Chris PeBenito |
ff3138 |
# init_make_system_domain(domain,entrypointfile)
|
|
Chris PeBenito |
ff3138 |
#
|
|
Chris PeBenito |
ff3138 |
define(`init_make_system_domain',`
|
|
Chris PeBenito |
ff3138 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
ff3138 |
domain_make_domain($1)
|
|
Chris PeBenito |
ff3138 |
domain_make_entrypoint_file($1,$2)
|
|
Chris PeBenito |
ff3138 |
role system_r types $1;
|
|
Chris PeBenito |
ff3138 |
allow initrc_t $1:process transition;
|
|
Chris PeBenito |
ff3138 |
allow initrc_t $2:file { getattr read execute };
|
|
Chris PeBenito |
ff3138 |
dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
ff3138 |
allow $1 initrc_t:fd use;
|
|
Chris PeBenito |
ff3138 |
type_transition initrc_t $2:process $1;
|
|
Chris PeBenito |
ff3138 |
')
|
|
Chris PeBenito |
ff3138 |
|
|
Chris PeBenito |
ff3138 |
define(`init_make_system_domain_depend',`
|
|
Chris PeBenito |
ff3138 |
type initrc_t;
|
|
Chris PeBenito |
ff3138 |
class file { getattr read execute };
|
|
Chris PeBenito |
ff3138 |
class fd use;
|
|
Chris PeBenito |
ff3138 |
class process { transition noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
ff3138 |
role system_r;
|
|
Chris PeBenito |
ff3138 |
')
|
|
Chris PeBenito |
ff3138 |
|
|
Chris PeBenito |
ff3138 |
|
|
Chris PeBenito |
ff3138 |
########################################
|
|
Chris PeBenito |
ff3138 |
#
|
|
Chris PeBenito |
3ce6cb |
# init_transition(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`init_transition',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
b4cd15 |
allow $1 init_exec_t:file { getattr read execute };
|
|
Chris PeBenito |
b4cd15 |
allow $1 init_t:process transition;
|
|
Chris PeBenito |
b4cd15 |
type_transition $1 init_exec_t:file init_t;
|
|
Chris PeBenito |
b4cd15 |
dontaudit $1 init_t:process { noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`init_transition_depend',`
|
|
Chris PeBenito |
b4cd15 |
type init_t, init_exec_t;
|
|
Chris PeBenito |
b4cd15 |
class file { getattr read execute };
|
|
Chris PeBenito |
b4cd15 |
class process { transition noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
5d7e8b |
# init_get_process_group(domain)
|
|
Chris PeBenito |
5d7e8b |
#
|
|
Chris PeBenito |
5d7e8b |
define(`init_get_process_group',`
|
|
Chris PeBenito |
5d7e8b |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
5d7e8b |
allow $1 init_t:process getpgid;
|
|
Chris PeBenito |
5d7e8b |
')
|
|
Chris PeBenito |
5d7e8b |
|
|
Chris PeBenito |
5d7e8b |
define(`init_get_process_group_depend',`
|
|
Chris PeBenito |
5d7e8b |
type init_t;
|
|
Chris PeBenito |
5d7e8b |
class process getpgid;
|
|
Chris PeBenito |
5d7e8b |
')
|
|
Chris PeBenito |
5d7e8b |
|
|
Chris PeBenito |
5d7e8b |
########################################
|
|
Chris PeBenito |
5d7e8b |
#
|
|
Chris PeBenito |
3ce6cb |
# init_get_control_channel_attributes(domain)
|
|
Chris PeBenito |
a2d824 |
#
|
|
Chris PeBenito |
a2d824 |
define(`init_get_control_channel_attributes',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
a2d824 |
allow $1 initctl_t:fifo_file getattr;
|
|
Chris PeBenito |
a2d824 |
')
|
|
Chris PeBenito |
a2d824 |
|
|
Chris PeBenito |
a2d824 |
define(`init_get_control_channel_attributes_depend',`
|
|
Chris PeBenito |
a2d824 |
type initctl_t;
|
|
Chris PeBenito |
a2d824 |
class fifo_file getattr;
|
|
Chris PeBenito |
a2d824 |
')
|
|
Chris PeBenito |
a2d824 |
|
|
Chris PeBenito |
a2d824 |
########################################
|
|
Chris PeBenito |
a2d824 |
#
|
|
Chris PeBenito |
d0b6ab |
# init_use_control_channel(domain)
|
|
Chris PeBenito |
d0b6ab |
#
|
|
Chris PeBenito |
d0b6ab |
define(`init_use_control_channel',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
d0b6ab |
allow $1 initctl_t:fifo_file { getattr read write };
|
|
Chris PeBenito |
d0b6ab |
devices_list_device_nodes($1)
|
|
Chris PeBenito |
d0b6ab |
')
|
|
Chris PeBenito |
d0b6ab |
|
|
Chris PeBenito |
d0b6ab |
define(`init_use_control_channel_depend',`
|
|
Chris PeBenito |
d0b6ab |
type initctl_t;
|
|
Chris PeBenito |
d0b6ab |
class fifo_file { getattr read write };
|
|
Chris PeBenito |
d0b6ab |
')
|
|
Chris PeBenito |
d0b6ab |
|
|
Chris PeBenito |
d0b6ab |
########################################
|
|
Chris PeBenito |
d0b6ab |
#
|
|
Chris PeBenito |
d0b6ab |
# init_ignore_use_control_channel(domain)
|
|
Chris PeBenito |
d0b6ab |
#
|
|
Chris PeBenito |
d0b6ab |
define(`init_ignore_use_control_channel',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
d0b6ab |
dontaudit $1 initctl_t:fifo_file { read write };
|
|
Chris PeBenito |
d0b6ab |
')
|
|
Chris PeBenito |
d0b6ab |
|
|
Chris PeBenito |
d0b6ab |
define(`init_ignore_use_control_channel_depend',`
|
|
Chris PeBenito |
d0b6ab |
type initctl_t;
|
|
Chris PeBenito |
d0b6ab |
class fifo_file { read write };
|
|
Chris PeBenito |
d0b6ab |
')
|
|
Chris PeBenito |
d0b6ab |
|
|
Chris PeBenito |
d0b6ab |
########################################
|
|
Chris PeBenito |
d0b6ab |
#
|
|
Chris PeBenito |
3ce6cb |
# init_sigchld(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`init_sigchld',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
b4cd15 |
allow $1 init_t:process sigchld;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`init_sigchld_depend',`
|
|
Chris PeBenito |
b4cd15 |
type init_t;
|
|
Chris PeBenito |
b4cd15 |
class process sigchld;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
3ce6cb |
# init_use_file_descriptors(domain)
|
|
Chris PeBenito |
889c9a |
#
|
|
Chris PeBenito |
889c9a |
define(`init_use_file_descriptors',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
889c9a |
allow $1 init_t:fd use;
|
|
Chris PeBenito |
889c9a |
')
|
|
Chris PeBenito |
889c9a |
|
|
Chris PeBenito |
889c9a |
define(`init_use_file_descriptors_depend',`
|
|
Chris PeBenito |
889c9a |
type init_t;
|
|
Chris PeBenito |
889c9a |
class fd use;
|
|
Chris PeBenito |
889c9a |
')
|
|
Chris PeBenito |
889c9a |
|
|
Chris PeBenito |
889c9a |
########################################
|
|
Chris PeBenito |
889c9a |
#
|
|
Chris PeBenito |
3ce6cb |
# init_ignore_use_file_descriptors(domain)
|
|
Chris PeBenito |
07efe9 |
#
|
|
Chris PeBenito |
07efe9 |
define(`init_ignore_use_file_descriptors',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
07efe9 |
dontaudit $1 init_t:fd use;
|
|
Chris PeBenito |
07efe9 |
')
|
|
Chris PeBenito |
07efe9 |
|
|
Chris PeBenito |
07efe9 |
define(`init_ignore_use_file_descriptors_depend',`
|
|
Chris PeBenito |
07efe9 |
type init_t;
|
|
Chris PeBenito |
07efe9 |
class fd use;
|
|
Chris PeBenito |
07efe9 |
')
|
|
Chris PeBenito |
07efe9 |
|
|
Chris PeBenito |
07efe9 |
########################################
|
|
Chris PeBenito |
07efe9 |
#
|
|
Chris PeBenito |
3ce6cb |
# init_script_transition(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
b4cd15 |
define(`init_script_transition',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
b4cd15 |
allow $1 initrc_exec_t:file { getattr read execute };
|
|
Chris PeBenito |
b4cd15 |
allow $1 initrc_t:process transition;
|
|
Chris PeBenito |
22e113 |
type_transition $1 initrc_exec_t:process init_t;
|
|
Chris PeBenito |
b4cd15 |
dontaudit $1 init_t:process { noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
define(`init_script_transition_depend',`
|
|
Chris PeBenito |
b4cd15 |
type initrc_t, initrc_exec_t;
|
|
Chris PeBenito |
b4cd15 |
class file { getattr read execute };
|
|
Chris PeBenito |
b4cd15 |
class process { transition noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
bd202f |
# init_script_execute(domain)
|
|
Chris PeBenito |
bd202f |
#
|
|
Chris PeBenito |
bd202f |
define(`init_script_execute',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
bd202f |
allow $1 initrc_exec_t:file { getattr read execute execute_no_trans };
|
|
Chris PeBenito |
bd202f |
')
|
|
Chris PeBenito |
bd202f |
|
|
Chris PeBenito |
bd202f |
define(`init_script_execute_depend',`
|
|
Chris PeBenito |
bd202f |
type initrc_exec_t;
|
|
Chris PeBenito |
bd202f |
class file { getattr read execute execute_no_trans };
|
|
Chris PeBenito |
bd202f |
')
|
|
Chris PeBenito |
bd202f |
|
|
Chris PeBenito |
bd202f |
########################################
|
|
Chris PeBenito |
daa0e0 |
## <interface name="init_script_read_process_state">
|
|
Chris PeBenito |
daa0e0 |
## <description>
|
|
Chris PeBenito |
daa0e0 |
## Read the process state (/proc/pid) of the init scripts.
|
|
Chris PeBenito |
daa0e0 |
## </description>
|
|
Chris PeBenito |
daa0e0 |
## <parameter name="domain">
|
|
Chris PeBenito |
daa0e0 |
## The type of the process performing this action.
|
|
Chris PeBenito |
daa0e0 |
## </parameter>
|
|
Chris PeBenito |
daa0e0 |
## <infoflow type="read" weight="10"/>
|
|
Chris PeBenito |
daa0e0 |
## </interface>
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
daa0e0 |
define(`init_script_read_process_state',`
|
|
Chris PeBenito |
daa0e0 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
daa0e0 |
allow $1 initrc_t:dir { search getattr read };
|
|
Chris PeBenito |
daa0e0 |
allow $1 initrc_t:{ file lnk_file } { read getattr };
|
|
Chris PeBenito |
daa0e0 |
allow $1 initrc_t:process getattr;
|
|
Chris PeBenito |
daa0e0 |
# We need to suppress this denial because procps tries to access
|
|
Chris PeBenito |
daa0e0 |
# /proc/pid/environ and this now triggers a ptrace check in recent kernels
|
|
Chris PeBenito |
daa0e0 |
# (2.4 and 2.6). Might want to change procps to not do this, or only if
|
|
Chris PeBenito |
daa0e0 |
# running in a privileged domain.
|
|
Chris PeBenito |
daa0e0 |
dontaudit $1 initrc_t:process ptrace;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
define(`init_script_read_process_state_depend',`
|
|
Chris PeBenito |
daa0e0 |
type initrc_t;
|
|
Chris PeBenito |
daa0e0 |
class dir { search getattr read };
|
|
Chris PeBenito |
daa0e0 |
class file { read getattr };
|
|
Chris PeBenito |
daa0e0 |
class lnk_file { read getattr };
|
|
Chris PeBenito |
daa0e0 |
class process { getattr ptrace };
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
########################################
|
|
Chris PeBenito |
bd202f |
#
|
|
Chris PeBenito |
3ce6cb |
# init_script_direct_admin_transition(role,domain)
|
|
Chris PeBenito |
3ce6cb |
#
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_direct_admin_transition',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
3ce6cb |
allow $2 initrc_exec_t:file { getattr read execute };
|
|
Chris PeBenito |
3ce6cb |
allow $2 initrc_t:process transition;
|
|
Chris PeBenito |
3ce6cb |
type_transition $2 initrc_exec_t:file init_t;
|
|
Chris PeBenito |
3ce6cb |
role_transition $1 initrc_exec_t system_r;
|
|
Chris PeBenito |
3ce6cb |
dontaudit $2 init_t:process { noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
3ce6cb |
')
|
|
Chris PeBenito |
3ce6cb |
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_direct_admin_transition_depend',`
|
|
Chris PeBenito |
3ce6cb |
type initrc_t, initrc_exec_t;
|
|
Chris PeBenito |
3ce6cb |
class file { getattr read execute };
|
|
Chris PeBenito |
3ce6cb |
class process { transition noatsecure siginh rlimitinh };
|
|
Chris PeBenito |
3ce6cb |
kernel_system_role_transition_depend
|
|
Chris PeBenito |
3ce6cb |
')
|
|
Chris PeBenito |
3ce6cb |
|
|
Chris PeBenito |
3ce6cb |
########################################
|
|
Chris PeBenito |
3ce6cb |
#
|
|
Chris PeBenito |
3ce6cb |
# init_script_use_file_descriptors(domain)
|
|
Chris PeBenito |
ee5772 |
#
|
|
Chris PeBenito |
ee5772 |
define(`init_script_use_file_descriptors',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
ee5772 |
allow $1 initrc_t:fd use;
|
|
Chris PeBenito |
ee5772 |
')
|
|
Chris PeBenito |
ee5772 |
|
|
Chris PeBenito |
ee5772 |
define(`init_script_use_file_descriptors_depend',`
|
|
Chris PeBenito |
ee5772 |
type initrc_t;
|
|
Chris PeBenito |
ee5772 |
class fd use;
|
|
Chris PeBenito |
ee5772 |
')
|
|
Chris PeBenito |
ee5772 |
|
|
Chris PeBenito |
ee5772 |
########################################
|
|
Chris PeBenito |
ee5772 |
#
|
|
Chris PeBenito |
daa0e0 |
# init_script_ignore_use_file_descriptors(domain)
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
daa0e0 |
define(`init_script_ignore_use_file_descriptors',`
|
|
Chris PeBenito |
daa0e0 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
daa0e0 |
dontaudit $1 initrc_t:fd use;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
define(`init_script_ignore_use_file_descriptors_depend',`
|
|
Chris PeBenito |
daa0e0 |
type initrc_t;
|
|
Chris PeBenito |
daa0e0 |
class fd use;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
########################################
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
b16c6b |
# init_script_get_process_group(domain)
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
b16c6b |
define(`init_script_get_process_group',`
|
|
Chris PeBenito |
b16c6b |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
b16c6b |
allow $1 initrc_t:process getpgid;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
define(`init_script_get_process_group_depend',`
|
|
Chris PeBenito |
b16c6b |
type initrc_t;
|
|
Chris PeBenito |
b16c6b |
class process getpgid;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
3ce6cb |
# init_script_use_pseudoterminal(domain)
|
|
Chris PeBenito |
889c9a |
#
|
|
Chris PeBenito |
889c9a |
define(`init_script_use_pseudoterminal',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
daa0e0 |
terminal_list_pseudoterminals($1)
|
|
Chris PeBenito |
b16c6b |
allow $1 initrc_devpts_t:chr_file { getattr read write ioctl };
|
|
Chris PeBenito |
889c9a |
')
|
|
Chris PeBenito |
889c9a |
|
|
Chris PeBenito |
889c9a |
define(`init_script_use_pseudoterminal_depend',`
|
|
Chris PeBenito |
889c9a |
type initrc_devpts_t;
|
|
Chris PeBenito |
b16c6b |
class chr_file { getattr read write ioctl };
|
|
Chris PeBenito |
889c9a |
')
|
|
Chris PeBenito |
889c9a |
|
|
Chris PeBenito |
889c9a |
########################################
|
|
Chris PeBenito |
889c9a |
#
|
|
Chris PeBenito |
b16c6b |
# init_script_ignore_use_pseudoterminal(domain)
|
|
Chris PeBenito |
5d7e8b |
#
|
|
Chris PeBenito |
b16c6b |
define(`init_script_ignore_use_pseudoterminal',`
|
|
Chris PeBenito |
5d7e8b |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
b16c6b |
allow $1 initrc_devpts_t:chr_file { read write ioctl };
|
|
Chris PeBenito |
5d7e8b |
')
|
|
Chris PeBenito |
5d7e8b |
|
|
Chris PeBenito |
b16c6b |
define(`init_script_ignore_use_pseudoterminal_depend',`
|
|
Chris PeBenito |
b16c6b |
type initrc_devpts_t;
|
|
Chris PeBenito |
b16c6b |
class chr_file { read write ioctl };
|
|
Chris PeBenito |
5d7e8b |
')
|
|
Chris PeBenito |
5d7e8b |
|
|
Chris PeBenito |
5d7e8b |
########################################
|
|
Chris PeBenito |
daa0e0 |
## <interface name="init_script_modify_temporary_data">
|
|
Chris PeBenito |
daa0e0 |
## <description>
|
|
Chris PeBenito |
daa0e0 |
## Read and write init script temporary data.
|
|
Chris PeBenito |
daa0e0 |
## </description>
|
|
Chris PeBenito |
daa0e0 |
## <parameter name="domain">
|
|
Chris PeBenito |
daa0e0 |
## The type of the process performing this action.
|
|
Chris PeBenito |
daa0e0 |
## </parameter>
|
|
Chris PeBenito |
daa0e0 |
## <infoflow type="read" weight="10"/>
|
|
Chris PeBenito |
daa0e0 |
## </interface>
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
daa0e0 |
define(`init_script_modify_temporary_data',`
|
|
Chris PeBenito |
daa0e0 |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
daa0e0 |
# FIXME: read tmp_t
|
|
Chris PeBenito |
daa0e0 |
allow $1 initrc_tmp_t:file { getattr read write };
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
define(`init_script_modify_temporary_data_depend',`
|
|
Chris PeBenito |
daa0e0 |
type initrc_var_run_t;
|
|
Chris PeBenito |
daa0e0 |
class file { getattr read write };
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
########################################
|
|
Chris PeBenito |
5d7e8b |
#
|
|
Chris PeBenito |
3ce6cb |
# init_script_read_runtime_data(domain)
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_read_runtime_data',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
3ce6cb |
files_read_runtime_data_directory($1)
|
|
Chris PeBenito |
24280a |
allow $1 initrc_var_run_t:file { getattr read lock };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_read_runtime_data_depend',`
|
|
Chris PeBenito |
3ce6cb |
type initrc_var_run_t;
|
|
Chris PeBenito |
24280a |
class file { getattr read lock };
|
|
Chris PeBenito |
3ce6cb |
')
|
|
Chris PeBenito |
3ce6cb |
|
|
Chris PeBenito |
3ce6cb |
########################################
|
|
Chris PeBenito |
3ce6cb |
#
|
|
Chris PeBenito |
7bba9d |
# init_script_ignore_write_runtime_data(domain)
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
7bba9d |
define(`init_script_ignore_write_runtime_data',`
|
|
Chris PeBenito |
7bba9d |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
7bba9d |
dontaudit $1 initrc_var_run_t:file { write lock };
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
define(`init_script_ignore_write_runtime_data_depend',`
|
|
Chris PeBenito |
7bba9d |
type initrc_var_run_t;
|
|
Chris PeBenito |
7bba9d |
class file { write lock };
|
|
Chris PeBenito |
7bba9d |
')
|
|
Chris PeBenito |
7bba9d |
|
|
Chris PeBenito |
7bba9d |
########################################
|
|
Chris PeBenito |
7bba9d |
#
|
|
Chris PeBenito |
3ce6cb |
# init_script_modify_runtime_data(domain)
|
|
Chris PeBenito |
3ce6cb |
#
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_modify_runtime_data',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
3ce6cb |
files_read_runtime_data_directory($1)
|
|
Chris PeBenito |
24280a |
allow $1 initrc_var_run_t:file { getattr read write append lock };
|
|
Chris PeBenito |
3ce6cb |
')
|
|
Chris PeBenito |
3ce6cb |
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_modify_runtime_data_depend',`
|
|
Chris PeBenito |
3ce6cb |
type initrc_var_run_t;
|
|
Chris PeBenito |
24280a |
class file { getattr read write append lock };
|
|
Chris PeBenito |
3ce6cb |
')
|
|
Chris PeBenito |
3ce6cb |
|
|
Chris PeBenito |
3ce6cb |
########################################
|
|
Chris PeBenito |
3ce6cb |
#
|
|
Chris PeBenito |
3ce6cb |
# init_script_ignore_modify_runtime_data(domain)
|
|
Chris PeBenito |
3ce6cb |
#
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_ignore_modify_runtime_data',`
|
|
Chris PeBenito |
bd202f |
requires_block_template(`$0'_depend)
|
|
Chris PeBenito |
3ce6cb |
dontaudit $1 initrc_var_run_t:file { getattr read write append };
|
|
Chris PeBenito |
3ce6cb |
')
|
|
Chris PeBenito |
3ce6cb |
|
|
Chris PeBenito |
3ce6cb |
define(`init_script_ignore_modify_runtime_data_depend',`
|
|
Chris PeBenito |
3ce6cb |
type initrc_var_run_t;
|
|
Chris PeBenito |
3ce6cb |
class file { getattr read write append };
|
|
Chris PeBenito |
b4cd15 |
')
|