• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (C) 2007-2012 Red Hat
2# see file 'COPYING' for use and warranty information
3#
4# policygentool is a tool for the initial generation of SELinux policy
5#
6#    This program is free software; you can redistribute it and/or
7#    modify it under the terms of the GNU General Public License as
8#    published by the Free Software Foundation; either version 2 of
9#    the License, or (at your option) any later version.
10#
11#    This program is distributed in the hope that it will be useful,
12#    but WITHOUT ANY WARRANTY; without even the implied warranty of
13#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#    GNU General Public License for more details.
15#
16#    You should have received a copy of the GNU General Public License
17#    along with this program; if not, write to the Free Software
18#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19#                                        02111-1307  USA
20#
21#
22########################### var_spool Template File #############################
23
24########################### Type Enforcement File #############################
25te_types="""
26type TEMPLATETYPE_spool_t;
27files_type(TEMPLATETYPE_spool_t)
28"""
29te_rules="""
30manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
31manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
32manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
33files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file lnk_file })
34"""
35
36te_stream_rules="""\
37manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
38files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, sock_file)
39"""
40
41########################### Interface File #############################
42if_rules="""
43########################################
44## <summary>
45##	Search TEMPLATETYPE spool directories.
46## </summary>
47## <param name="domain">
48##	<summary>
49##	Domain allowed access.
50##	</summary>
51## </param>
52#
53interface(`TEMPLATETYPE_search_spool',`
54	gen_require(`
55		type TEMPLATETYPE_spool_t;
56	')
57
58	allow $1 TEMPLATETYPE_spool_t:dir search_dir_perms;
59	files_search_spool($1)
60')
61
62########################################
63## <summary>
64##	Read TEMPLATETYPE spool files.
65## </summary>
66## <param name="domain">
67##	<summary>
68##	Domain allowed access.
69##	</summary>
70## </param>
71#
72interface(`TEMPLATETYPE_read_spool_files',`
73	gen_require(`
74		type TEMPLATETYPE_spool_t;
75	')
76
77	files_search_spool($1)
78	read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
79')
80
81########################################
82## <summary>
83##	Manage TEMPLATETYPE spool files.
84## </summary>
85## <param name="domain">
86##	<summary>
87##	Domain allowed access.
88##	</summary>
89## </param>
90#
91interface(`TEMPLATETYPE_manage_spool_files',`
92	gen_require(`
93		type TEMPLATETYPE_spool_t;
94	')
95
96	files_search_spool($1)
97	manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
98')
99
100########################################
101## <summary>
102##	Manage TEMPLATETYPE spool dirs.
103## </summary>
104## <param name="domain">
105##	<summary>
106##	Domain allowed access.
107##	</summary>
108## </param>
109#
110interface(`TEMPLATETYPE_manage_spool_dirs',`
111	gen_require(`
112		type TEMPLATETYPE_spool_t;
113	')
114
115	files_search_spool($1)
116	manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
117')
118
119"""
120
121if_stream_rules="""
122########################################
123## <summary>
124##	Connect to TEMPLATETYPE over a unix stream socket.
125## </summary>
126## <param name="domain">
127##	<summary>
128##	Domain allowed access.
129##	</summary>
130## </param>
131#
132interface(`TEMPLATETYPE_stream_connect',`
133	gen_require(`
134		type TEMPLATETYPE_t, TEMPLATETYPE_spool_t;
135	')
136
137	stream_connect_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
138')
139"""
140
141if_admin_types="""
142		type TEMPLATETYPE_spool_t;"""
143
144if_admin_rules="""
145	files_search_spool($1)
146	admin_pattern($1, TEMPLATETYPE_spool_t)
147"""
148
149########################### File Context ##################################
150fc_file="""\
151FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
152"""
153
154fc_dir="""\
155FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
156"""
157