1# Copyright (C) 2007-2012 Red Hat 2# see file 'COPYING' for use and warranty information 3# 4# policygentool is a tool for the initial generation of SELinux policy 5# 6# This program is free software; you can redistribute it and/or 7# modify it under the terms of the GNU General Public License as 8# published by the Free Software Foundation; either version 2 of 9# the License, or (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program; if not, write to the Free Software 18# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 19# 02111-1307 USA 20# 21# 22########################### etc_rw Template File ############################# 23 24########################### Type Enforcement File ############################# 25te_types=""" 26type TEMPLATETYPE_etc_rw_t; 27files_type(TEMPLATETYPE_etc_rw_t) 28""" 29te_rules=""" 30manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) 31manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) 32manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) 33files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file lnk_file }) 34""" 35 36te_stream_rules=""" 37manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) 38files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file) 39""" 40 41########################### Interface File ############################# 42if_rules=""" 43######################################## 44## <summary> 45## Search TEMPLATETYPE conf directories. 46## </summary> 47## <param name="domain"> 48## <summary> 49## Domain allowed access. 50## </summary> 51## </param> 52# 53interface(`TEMPLATETYPE_search_conf',` 54 gen_require(` 55 type TEMPLATETYPE_etc_rw_t; 56 ') 57 58 allow $1 TEMPLATETYPE_etc_rw_t:dir search_dir_perms; 59 files_search_etc($1) 60') 61 62######################################## 63## <summary> 64## Read TEMPLATETYPE conf files. 65## </summary> 66## <param name="domain"> 67## <summary> 68## Domain allowed access. 69## </summary> 70## </param> 71# 72interface(`TEMPLATETYPE_read_conf_files',` 73 gen_require(` 74 type TEMPLATETYPE_etc_rw_t; 75 ') 76 77 allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms; 78 read_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) 79 files_search_etc($1) 80') 81 82######################################## 83## <summary> 84## Manage TEMPLATETYPE conf files. 85## </summary> 86## <param name="domain"> 87## <summary> 88## Domain allowed access. 89## </summary> 90## </param> 91# 92interface(`TEMPLATETYPE_manage_conf_files',` 93 gen_require(` 94 type TEMPLATETYPE_etc_rw_t; 95 ') 96 97 manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) 98 files_search_etc($1) 99') 100 101""" 102 103if_stream_rules="""\ 104######################################## 105## <summary> 106## Connect to TEMPLATETYPE over a unix stream socket. 107## </summary> 108## <param name="domain"> 109## <summary> 110## Domain allowed access. 111## </summary> 112## </param> 113# 114interface(`TEMPLATETYPE_stream_connect',` 115 gen_require(` 116 type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t; 117 ') 118 119 files_search_etc($1) 120 stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t) 121') 122""" 123 124if_admin_types=""" 125 type TEMPLATETYPE_etc_rw_t;""" 126 127if_admin_rules=""" 128 files_search_etc($1) 129 admin_pattern($1, TEMPLATETYPE_etc_rw_t) 130""" 131 132########################### File Context ################################## 133fc_file="""\ 134FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) 135""" 136 137fc_dir="""\ 138FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) 139""" 140