Blame strict/domains/program/unused/ethereal.te
|
Chris PeBenito |
2705f9 |
# DESC - Ethereal
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Type for executables
|
|
Chris PeBenito |
2705f9 |
type tethereal_exec_t, file_type, exec_type, sysadmfile;
|
|
Chris PeBenito |
2705f9 |
type ethereal_exec_t, file_type, exec_type, sysadmfile;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
########################################################
|
|
Chris PeBenito |
2705f9 |
# Tethereal
|
|
Chris PeBenito |
2705f9 |
#
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Type for program
|
|
Chris PeBenito |
2705f9 |
type tethereal_t, domain, nscd_client_domain;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Transition from sysadm type
|
|
Chris PeBenito |
2705f9 |
domain_auto_trans(sysadm_t, tethereal_exec_t, tethereal_t)
|
|
Chris PeBenito |
2705f9 |
role sysadm_r types tethereal_t;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
uses_shlib(tethereal_t)
|
|
Chris PeBenito |
2705f9 |
read_locale(tethereal_t)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Terminal output
|
|
Chris PeBenito |
2705f9 |
access_terminal(tethereal_t, sysadm)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# /proc
|
|
Chris PeBenito |
2705f9 |
read_sysctl(tethereal_t)
|
|
Chris PeBenito |
2705f9 |
allow tethereal_t { self proc_t }:dir { read search getattr };
|
|
Chris PeBenito |
2705f9 |
allow tethereal_t { self proc_t }:{ file lnk_file } { read getattr };
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Access root
|
|
Chris PeBenito |
2705f9 |
allow tethereal_t root_t:dir search;
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Read ethereal files in /usr
|
|
Chris PeBenito |
2705f9 |
allow tethereal_t usr_t:file { read getattr };
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# /etc/nsswitch.conf
|
|
Chris PeBenito |
2705f9 |
allow tethereal_t etc_t:file { read getattr };
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# Ethereal sysadm rules
|
|
Chris PeBenito |
2705f9 |
ethereal_networking(tethereal)
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
# FIXME: policy is incomplete
|
|
Chris PeBenito |
2705f9 |
|
|
Chris PeBenito |
2705f9 |
#####################################
|
|
Chris PeBenito |
2705f9 |
# Ethereal (GNOME) policy can be found
|
|
Chris PeBenito |
2705f9 |
# in ethereal_macros.te
|