# Copyright (C) 2005 Tresys Technology, LLC

#######################################

#

# logging_make_log_file(domain)

#

define(`logging_make_log_file',`

requires_block_template(`$0'_depend)

files_make_file($1)

typeattribute $1 logfile;

')

define(`logging_make_log_file_depend',`

attribute logfile;

')

########################################

#

# logging_create_private_log(domain,privatetype,[class(es)])

#

define(`logging_create_private_log',`

requires_block_template(`$0'_depend)

allow $1 var_log_t:dir { getattr search read write add_name remove_name };

ifelse(`$3',`',`

type_transition $1 var_log_t:file $2;

',`

type_transition $1 var_log_t:$3 $2;

') dnl end ifelse

')

define(`logging_create_private_log_depend',`

type var_log_t;

class dir { getattr search read write add_name remove_name };

')

#######################################

#

# logging_send_system_log_message(domain)

#

define(`logging_send_system_log_message',`

requires_block_template(`$0'_depend)

allow $1 devlog_t:lnk_file read;

allow $1 devlog_t:sock_file { ioctl read getattr lock write append };

# the type of socket depends on the syslog daemon

allow $1 syslogd_t:unix_dgram_socket sendto;

allow $1 syslogd_t:unix_stream_socket connectto;

allow $1 self:unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };

allow $1 self:unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown };

# cjp: this should most likely be removed:

terminal_use_console($1)

')

define(`logging_send_system_log_message_depend',`

type syslogd_t, devlog_t;

class sock_file { ioctl read getattr lock write append };

class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown sendto };

class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown connectto };

')

########################################

## <interface name="logging_search_system_log_directory">

##	<description>

##		Allows the domain to open a file in the

##		log directory, but does not allow the listing

##		of the contents of the log directory.

##	</description>

##	<parameter name="domain">

##		The type of the process performing this action.

##	</parameter>

##	<infoflow type="read" weight="3"/>

## </interface>

#

define(`logging_search_system_log_directory',`

requires_block_template(`$0'_depend)

files_search_system_state_data_directory($1)

allow $1 var_log_t:dir search;

')

define(`logging_search_system_log_directory_depend',`

type var_log_t;

class dir search;

')

#######################################

#

# logging_ignore_get_all_logs_attributes(domain)

#

define(`logging_ignore_get_all_logs_attributes',`

requires_block_template(`$0'_depend)

dontaudit $1 logfile:file getattr;

')

define(`logging_ignore_get_all_logs_attributes_depend',`

attribute logfile;

class file getattr;

')

#######################################

#

# logging_append_all_logs(domain)

#

define(`logging_append_all_logs',`

requires_block_template(`$0'_depend)

files_search_system_state_data_directory($1)

allow $1 var_log_t:dir { getattr search read };

allow $1 logfile:file { getattr append };

')

define(`logging_append_all_logs_depend',`

attribute logfile;

type var_log_t;

class dir { getattr search read };

class file { getattr append };

')

#######################################

#

# logging_read_all_logs(domain)

#

define(`logging_read_all_logs',`

requires_block_template(`$0'_depend)

files_search_system_state_data_directory($1)

allow $1 var_log_t:dir { getattr search read };

allow $1 logfile:file { getattr read };

')

define(`logging_read_all_logs_depend',`

attribute logfile;

type var_log_t;

class dir { getattr search read };

class file { getattr read };

')

#######################################

#

# logging_read_system_logs(domain)

#

define(`logging_read_system_logs',`

requires_block_template(`$0'_depend)

files_search_system_state_data_directory($1)

allow $1 var_log_t:dir { getattr search read };

allow $1 var_log_t:file { getattr read };

')

define(`logging_read_system_logs_depend',`

type var_log_t;

class dir { getattr search read };

class file { getattr read };

')

#######################################

#

# logging_write_system_logs(domain)

#

define(`logging_write_system_logs',`

requires_block_template(`$0'_depend)

files_search_system_state_data_directory($1)

allow $1 var_log_t:dir { getattr search read };

allow $1 var_log_t:file { getattr write };

')

define(`logging_write_system_logs_depend',`

type var_log_t;

class dir { getattr search read };

class file { getattr write };

')

#######################################

#

# logging_modify_system_logs(domain)

#

define(`logging_modify_system_logs',`

requires_block_template(`$0'_depend)

files_search_system_state_data_directory($1)

allow $1 var_log_t:dir { getattr search read };

allow $1 var_log_t:file { getattr read write append };

')

define(`logging_modify_system_logs_depend',`

type var_log_t;

class dir { getattr search read };

class file { getattr read write append };

')