• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (C) 2007-2012 Red Hat
2# see file 'COPYING' for use and warranty information
3#
4# policygentool is a tool for the initial generation of SELinux policy
5#
6#    This program is free software; you can redistribute it and/or
7#    modify it under the terms of the GNU General Public License as
8#    published by the Free Software Foundation; either version 2 of
9#    the License, or (at your option) any later version.
10#
11#    This program is distributed in the hope that it will be useful,
12#    but WITHOUT ANY WARRANTY; without even the implied warranty of
13#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#    GNU General Public License for more details.
15#
16#    You should have received a copy of the GNU General Public License
17#    along with this program; if not, write to the Free Software
18#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19#                                        02111-1307  USA
20#
21#
22########################### var_lib Template File #############################
23
24########################### Type Enforcement File #############################
25te_types="""
26type TEMPLATETYPE_var_lib_t;
27files_type(TEMPLATETYPE_var_lib_t)
28"""
29te_rules="""
30manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
31manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
32manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
33files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file lnk_file })
34"""
35
36te_stream_rules="""\
37manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
38files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file)
39"""
40
41
42########################### Interface File #############################
43if_rules="""
44########################################
45## <summary>
46##	Search TEMPLATETYPE lib directories.
47## </summary>
48## <param name="domain">
49##	<summary>
50##	Domain allowed access.
51##	</summary>
52## </param>
53#
54interface(`TEMPLATETYPE_search_lib',`
55	gen_require(`
56		type TEMPLATETYPE_var_lib_t;
57	')
58
59	allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms;
60	files_search_var_lib($1)
61')
62
63########################################
64## <summary>
65##	Read TEMPLATETYPE lib files.
66## </summary>
67## <param name="domain">
68##	<summary>
69##	Domain allowed access.
70##	</summary>
71## </param>
72#
73interface(`TEMPLATETYPE_read_lib_files',`
74	gen_require(`
75		type TEMPLATETYPE_var_lib_t;
76	')
77
78	files_search_var_lib($1)
79	read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
80')
81
82########################################
83## <summary>
84##	Manage TEMPLATETYPE lib files.
85## </summary>
86## <param name="domain">
87##	<summary>
88##	Domain allowed access.
89##	</summary>
90## </param>
91#
92interface(`TEMPLATETYPE_manage_lib_files',`
93	gen_require(`
94		type TEMPLATETYPE_var_lib_t;
95	')
96
97	files_search_var_lib($1)
98	manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
99')
100
101########################################
102## <summary>
103##	Manage TEMPLATETYPE lib directories.
104## </summary>
105## <param name="domain">
106##	<summary>
107##	Domain allowed access.
108##	</summary>
109## </param>
110#
111interface(`TEMPLATETYPE_manage_lib_dirs',`
112	gen_require(`
113		type TEMPLATETYPE_var_lib_t;
114	')
115
116	files_search_var_lib($1)
117	manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
118')
119
120"""
121
122if_stream_rules="""
123########################################
124## <summary>
125##	Connect to TEMPLATETYPE over a unix stream socket.
126## </summary>
127## <param name="domain">
128##	<summary>
129##	Domain allowed access.
130##	</summary>
131## </param>
132#
133interface(`TEMPLATETYPE_stream_connect',`
134	gen_require(`
135		type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t;
136	')
137
138	stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
139')
140"""
141
142if_admin_types="""
143		type TEMPLATETYPE_var_lib_t;"""
144
145if_admin_rules="""
146	files_search_var_lib($1)
147	admin_pattern($1, TEMPLATETYPE_var_lib_t)
148"""
149
150########################### File Context ##################################
151fc_file="""\
152FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
153"""
154
155fc_sock_file="""\
156FILENAME		-s	gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
157"""
158
159fc_dir="""\
160FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
161"""
162