1# Copyright (C) 2007-2012 Red Hat 2# see file 'COPYING' for use and warranty information 3# 4# policygentool is a tool for the initial generation of SELinux policy 5# 6# This program is free software; you can redistribute it and/or 7# modify it under the terms of the GNU General Public License as 8# published by the Free Software Foundation; either version 2 of 9# the License, or (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program; if not, write to the Free Software 18# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 19# 02111-1307 USA 20# 21# 22########################### tmp Template File ############################# 23 24te_types=""" 25type TEMPLATETYPE_tmp_t; 26files_tmp_file(TEMPLATETYPE_tmp_t) 27""" 28 29te_rules=""" 30manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 31manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 32manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 33files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file lnk_file }) 34""" 35 36te_stream_rules=""" 37manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 38files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file) 39""" 40 41if_rules=""" 42######################################## 43## <summary> 44## Do not audit attempts to read, 45## TEMPLATETYPE tmp files 46## </summary> 47## <param name="domain"> 48## <summary> 49## Domain to not audit. 50## </summary> 51## </param> 52# 53interface(`TEMPLATETYPE_dontaudit_read_tmp_files',` 54 gen_require(` 55 type TEMPLATETYPE_tmp_t; 56 ') 57 58 dontaudit $1 TEMPLATETYPE_tmp_t:file read_file_perms; 59') 60 61######################################## 62## <summary> 63## Read TEMPLATETYPE tmp files 64## </summary> 65## <param name="domain"> 66## <summary> 67## Domain allowed access. 68## </summary> 69## </param> 70# 71interface(`TEMPLATETYPE_read_tmp_files',` 72 gen_require(` 73 type TEMPLATETYPE_tmp_t; 74 ') 75 76 files_search_tmp($1) 77 read_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 78') 79 80######################################## 81## <summary> 82## Manage TEMPLATETYPE tmp files 83## </summary> 84## <param name="domain"> 85## <summary> 86## Domain allowed access. 87## </summary> 88## </param> 89# 90interface(`TEMPLATETYPE_manage_tmp',` 91 gen_require(` 92 type TEMPLATETYPE_tmp_t; 93 ') 94 95 files_search_tmp($1) 96 manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 97 manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 98 manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 99') 100""" 101 102if_stream_rules="""\ 103######################################## 104## <summary> 105## Connect to TEMPLATETYPE over a unix stream socket. 106## </summary> 107## <param name="domain"> 108## <summary> 109## Domain allowed access. 110## </summary> 111## </param> 112# 113interface(`TEMPLATETYPE_stream_connect',` 114 gen_require(` 115 type TEMPLATETYPE_t, TEMPLATETYPE_tmp_t; 116 ') 117 118 files_search_pids($1) 119 stream_connect_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_t) 120') 121""" 122 123if_admin_types=""" 124 type TEMPLATETYPE_tmp_t;""" 125 126if_admin_rules=""" 127 files_search_tmp($1) 128 admin_pattern($1, TEMPLATETYPE_tmp_t) 129""" 130