Blame strict/domains/program/i18n_input.te
|
Chris PeBenito |
0fbfa5 |
# i18n_input.te
|
|
Chris PeBenito |
0fbfa5 |
# Security Policy for IIIMF htt server
|
|
Chris PeBenito |
0fbfa5 |
# Date: 2004, 12th April (Monday)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Types for server port
|
|
Chris PeBenito |
0fbfa5 |
type i18n_input_port_t, port_type;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Establish i18n_input as a daemon
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(i18n_input)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_exec(i18n_input_t, i18n_input_exec_t)
|
|
Chris PeBenito |
0fbfa5 |
can_network(i18n_input_t)
|
|
Chris PeBenito |
0fbfa5 |
can_ypbind(i18n_input_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_tcp_connect(userdomain, i18n_input_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t i18n_input_port_t:tcp_socket name_bind;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t self:capability { kill setgid setuid };
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t self:process { setsched setpgid };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t { bin_t sbin_t }:dir search;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t etc_t:file r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t self:unix_stream_socket create_stream_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t i18n_input_var_run_t:dir create_dir_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow i18n_input_t i18n_input_var_run_t:sock_file create_file_perms;
|