• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (C) 2007-2012 Red Hat
2# see file 'COPYING' for use and warranty information
3#
4# policygentool is a tool for the initial generation of SELinux policy
5#
6#    This program is free software; you can redistribute it and/or
7#    modify it under the terms of the GNU General Public License as
8#    published by the Free Software Foundation; either version 2 of
9#    the License, or (at your option) any later version.
10#
11#    This program is distributed in the hope that it will be useful,
12#    but WITHOUT ANY WARRANTY; without even the implied warranty of
13#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#    GNU General Public License for more details.
15#
16#    You should have received a copy of the GNU General Public License
17#    along with this program; if not, write to the Free Software
18#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19#                                        02111-1307  USA
20#
21#
22########################### var_run Template File #############################
23
24te_types="""
25type TEMPLATETYPE_var_run_t;
26files_pid_file(TEMPLATETYPE_var_run_t)
27"""
28
29te_rules="""
30manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
31manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
32manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
33files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file lnk_file })
34"""
35
36te_stream_rules="""
37manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
38files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file)
39"""
40
41if_rules="""\
42########################################
43## <summary>
44##	Read TEMPLATETYPE PID files.
45## </summary>
46## <param name="domain">
47##	<summary>
48##	Domain allowed access.
49##	</summary>
50## </param>
51#
52interface(`TEMPLATETYPE_read_pid_files',`
53	gen_require(`
54		type TEMPLATETYPE_var_run_t;
55	')
56
57	files_search_pids($1)
58	read_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
59')
60
61"""
62
63if_stream_rules="""\
64########################################
65## <summary>
66##	Connect to TEMPLATETYPE over a unix stream socket.
67## </summary>
68## <param name="domain">
69##	<summary>
70##	Domain allowed access.
71##	</summary>
72## </param>
73#
74interface(`TEMPLATETYPE_stream_connect',`
75	gen_require(`
76		type TEMPLATETYPE_t, TEMPLATETYPE_var_run_t;
77	')
78
79	files_search_pids($1)
80	stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t)
81')
82"""
83
84if_admin_types="""
85		type TEMPLATETYPE_var_run_t;"""
86
87if_admin_rules="""
88	files_search_pids($1)
89	admin_pattern($1, TEMPLATETYPE_var_run_t)
90"""
91
92fc_file="""\
93FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
94"""
95
96fc_sock_file="""\
97FILENAME		-s	gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
98"""
99
100fc_dir="""\
101FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
102"""
103