Blob Blame History Raw
## <summary>Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.</summary>

########################################
## <summary>
##	Execute a domain transition to run kismet.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`kismet_domtrans',`
	gen_require(`
		type kismet_t, kismet_exec_t;
	')

	domtrans_pattern($1, kismet_exec_t, kismet_t)
')

########################################
## <summary>
##	Execute kismet in the kismet domain, and
##	allow the specified role the kismet domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the kismet domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the role's terminal.
##	</summary>
## </param>
#
interface(`kismet_run',`
	gen_require(`
		type kismet_t;
	')

	kismet_domtrans($1)
	role $2 types kismet_t;
	allow kismet_t $3:chr_file rw_term_perms;
')

########################################
## <summary>
##	Read kismet PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`kismet_read_pid_files',`
	gen_require(`
		type kismet_var_run_t;
	')

	allow $1 kismet_var_run_t:file read_file_perms;
	files_search_pids($1)
')

########################################
## <summary>
##	Manage kismet var_run files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`kismet_manage_pid_files',`
	gen_require(`
		type kismet_var_run_t;
	')

	allow $1 kismet_var_run_t:file manage_file_perms;
	files_search_pids($1)	
')

########################################
## <summary>
##	Search kismet lib directories.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`kismet_search_lib',`
	gen_require(`
		type kismet_var_lib_t;
	')

	allow $1 kismet_var_lib_t:dir search_dir_perms;
	files_search_var_lib($1)
')

########################################
## <summary>
##	Read kismet lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`kismet_read_lib_files',`
	gen_require(`
		type kismet_var_lib_t;
	')

	allow $1 kismet_var_lib_t:file read_file_perms;
	allow $1 kismet_var_lib_t:dir list_dir_perms;
	files_search_var_lib($1)
')

########################################
## <summary>
##	Create, read, write, and delete
##	kismet lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`kismet_manage_lib_files',`
	gen_require(`
		type kismet_var_lib_t;
	')

	manage_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
	files_search_var_lib($1)
')

########################################
## <summary>
##	Manage kismet var_lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`kismet_manage_lib',`
	gen_require(`
		type kismet_var_lib_t;
	')

	manage_dirs_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
	manage_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
	manage_lnk_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
')

########################################
## <summary>
##	Allow the specified domain to read kismet's log files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`kismet_read_log',`
	gen_require(`
		type kismet_log_t;
	')

	logging_search_logs($1)
	read_files_pattern($1, kismet_log_t, kismet_log_t)
')

########################################
## <summary>
##	Allow the specified domain to append
##	kismet log files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`kismet_append_log',`
	gen_require(`
		type kismet_log_t;
	')

	logging_search_logs($1)
	append_files_pattern($1, kismet_log_t, kismet_log_t)
')

########################################
## <summary>
##	Allow domain to manage kismet log files
## </summary>
## <param name="domain">
##	<summary>
##	Domain to not audit.
##	</summary>
## </param>
#
interface(`kismet_manage_log',`
	gen_require(`
		type kismet_log_t;
	')

	manage_dirs_pattern($1, kismet_log_t, kismet_log_t)
	manage_files_pattern($1, kismet_log_t, kismet_log_t)
	manage_lnk_files_pattern($1, kismet_log_t, kismet_log_t)
	logging_search_logs($1)
')

########################################
## <summary>
##	All of the rules required to administrate an kismet environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`kismet_admin',`
	gen_require(`
		type kismet_t;
	')

	ps_process_pattern($1, kismet_t)
	allow $1 kismet_t:process { ptrace signal_perms };

	kismet_manage_pid_files($1)
	kismet_manage_lib($1)
	kismet_manage_log($1)
')