• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (C) 2007-2012 Red Hat
2# see file 'COPYING' for use and warranty information
3#
4# policygentool is a tool for the initial generation of SELinux policy
5#
6#    This program is free software; you can redistribute it and/or
7#    modify it under the terms of the GNU General Public License as
8#    published by the Free Software Foundation; either version 2 of
9#    the License, or (at your option) any later version.
10#
11#    This program is distributed in the hope that it will be useful,
12#    but WITHOUT ANY WARRANTY; without even the implied warranty of
13#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#    GNU General Public License for more details.
15#
16#    You should have received a copy of the GNU General Public License
17#    along with this program; if not, write to the Free Software
18#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19#                                        02111-1307  USA
20#
21#
22########################### var_log Template File #############################
23
24########################### Type Enforcement File #############################
25te_types="""
26type TEMPLATETYPE_log_t;
27logging_log_file(TEMPLATETYPE_log_t)
28"""
29
30te_rules="""
31manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
32manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
33manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
34logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file lnk_file })
35"""
36
37########################### Interface File #############################
38if_rules="""\
39########################################
40## <summary>
41##	Read TEMPLATETYPE's log files.
42## </summary>
43## <param name="domain">
44##	<summary>
45##	Domain allowed access.
46##	</summary>
47## </param>
48## <rolecap/>
49#
50interface(`TEMPLATETYPE_read_log',`
51	gen_require(`
52		type TEMPLATETYPE_log_t;
53	')
54
55	logging_search_logs($1)
56	read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
57')
58
59########################################
60## <summary>
61##	Append to TEMPLATETYPE log files.
62## </summary>
63## <param name="domain">
64##	<summary>
65##	Domain allowed access.
66##	</summary>
67## </param>
68#
69interface(`TEMPLATETYPE_append_log',`
70	gen_require(`
71		type TEMPLATETYPE_log_t;
72	')
73
74	logging_search_logs($1)
75	append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
76')
77
78########################################
79## <summary>
80##	Manage TEMPLATETYPE log files
81## </summary>
82## <param name="domain">
83##	<summary>
84##	Domain allowed access.
85##	</summary>
86## </param>
87#
88interface(`TEMPLATETYPE_manage_log',`
89	gen_require(`
90		type TEMPLATETYPE_log_t;
91	')
92
93	logging_search_logs($1)
94	manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
95	manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
96	manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
97')
98"""
99
100if_admin_types="""
101		type TEMPLATETYPE_log_t;"""
102
103if_admin_rules="""
104	logging_search_logs($1)
105	admin_pattern($1, TEMPLATETYPE_log_t)
106"""
107
108########################### File Context ##################################
109fc_file="""\
110FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
111"""
112
113fc_dir="""\
114FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
115"""
116