Home | History | Annotate | Download | only in templates 
      1 # Copyright (C) 2007-2012 Red Hat
      2 # see file 'COPYING' for use and warranty information
      3 #
      4 # policygentool is a tool for the initial generation of SELinux policy
      5 #
      6 #    This program is free software; you can redistribute it and/or
      7 #    modify it under the terms of the GNU General Public License as
      8 #    published by the Free Software Foundation; either version 2 of
      9 #    the License, or (at your option) any later version.
     10 #
     11 #    This program is distributed in the hope that it will be useful,
     12 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     14 #    GNU General Public License for more details.
     15 #
     16 #    You should have received a copy of the GNU General Public License
     17 #    along with this program; if not, write to the Free Software
     18 #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
     19 #                                        02111-1307  USA
     20 #
     21 #
     22 
     23 ########################### tmp Template File #############################
     24 te_types="""
     25 type TEMPLATETYPE_rw_t;
     26 files_type(TEMPLATETYPE_rw_t)
     27 """
     28 
     29 te_rules="""
     30 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
     31 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
     32 manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
     33 """
     34 
     35 ########################### Interface File #############################
     36 if_rules="""
     37 ########################################
     38 ## <summary>
     39 ##	Search TEMPLATETYPE rw directories.
     40 ## </summary>
     41 ## <param name="domain">
     42 ##	<summary>
     43 ##	Domain allowed access.
     44 ##	</summary>
     45 ## </param>
     46 #
     47 interface(`TEMPLATETYPE_search_rw_dir',`
     48 	gen_require(`
     49 		type TEMPLATETYPE_rw_t;
     50 	')
     51 
     52 	allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms;
     53 	files_search_rw($1)
     54 ')
     55 
     56 ########################################
     57 ## <summary>
     58 ##	Read TEMPLATETYPE rw files.
     59 ## </summary>
     60 ## <param name="domain">
     61 ##	<summary>
     62 ##	Domain allowed access.
     63 ##	</summary>
     64 ## </param>
     65 #
     66 interface(`TEMPLATETYPE_read_rw_files',`
     67 	gen_require(`
     68 		type TEMPLATETYPE_rw_t;
     69 	')
     70 
     71 	read_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
     72 	allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms;
     73 	files_search_rw($1)
     74 ')
     75 
     76 ########################################
     77 ## <summary>
     78 ##	Manage TEMPLATETYPE rw files.
     79 ## </summary>
     80 ## <param name="domain">
     81 ##	<summary>
     82 ##	Domain allowed access.
     83 ##	</summary>
     84 ## </param>
     85 #
     86 interface(`TEMPLATETYPE_manage_rw_files',`
     87 	gen_require(`
     88 		type TEMPLATETYPE_rw_t;
     89 	')
     90 
     91 	manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
     92 ')
     93 
     94 ########################################
     95 ## <summary>
     96 ##	Create, read, write, and delete
     97 ##	TEMPLATETYPE rw dirs.
     98 ## </summary>
     99 ## <param name="domain">
    100 ##	<summary>
    101 ##	Domain allowed access.
    102 ##	</summary>
    103 ## </param>
    104 #
    105 interface(`TEMPLATETYPE_manage_rw_dirs',`
    106 	gen_require(`
    107 		type TEMPLATETYPE_rw_t;
    108 	')
    109 
    110 	manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
    111 ')
    112 
    113 """
    114 
    115 te_stream_rules="""
    116 manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
    117 """
    118 
    119 if_stream_rules="""\
    120 ########################################
    121 ## <summary>
    122 ##	Connect to TEMPLATETYPE over a unix stream socket.
    123 ## </summary>
    124 ## <param name="domain">
    125 ##	<summary>
    126 ##	Domain allowed access.
    127 ##	</summary>
    128 ## </param>
    129 #
    130 interface(`TEMPLATETYPE_stream_connect',`
    131 	gen_require(`
    132 		type TEMPLATETYPE_t, TEMPLATETYPE_rw_t;
    133 	')
    134 
    135 	stream_connect_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_t)
    136 ')
    137 """
    138 
    139 if_admin_types="""
    140 		type TEMPLATETYPE_rw_t;"""
    141 
    142 if_admin_rules="""
    143 	files_search_etc($1)
    144 	admin_pattern($1, TEMPLATETYPE_rw_t)
    145 """
    146 
    147 ########################### File Context ##################################
    148 fc_file="""
    149 FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
    150 """
    151 
    152 fc_sock_file="""\
    153 FILENAME        -s  gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
    154 """
    155 
    156 fc_dir="""
    157 FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
    158 """
    159