Home | History | Annotate | Download | only in templates 
      1 # Copyright (C) 2007-2012 Red Hat
      2 # see file 'COPYING' for use and warranty information
      3 #
      4 # policygentool is a tool for the initial generation of SELinux policy
      5 #
      6 #    This program is free software; you can redistribute it and/or
      7 #    modify it under the terms of the GNU General Public License as
      8 #    published by the Free Software Foundation; either version 2 of
      9 #    the License, or (at your option) any later version.
     10 #
     11 #    This program is distributed in the hope that it will be useful,
     12 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     14 #    GNU General Public License for more details.
     15 #
     16 #    You should have received a copy of the GNU General Public License
     17 #    along with this program; if not, write to the Free Software
     18 #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
     19 #                                        02111-1307  USA
     20 #
     21 #
     22 ########################### etc_rw Template File #############################
     23 
     24 ########################### Type Enforcement File #############################
     25 te_types="""
     26 type TEMPLATETYPE_etc_rw_t;
     27 files_type(TEMPLATETYPE_etc_rw_t)
     28 """
     29 te_rules="""
     30 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
     31 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
     32 manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
     33 files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file lnk_file })
     34 """
     35 
     36 te_stream_rules="""
     37 manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
     38 files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
     39 """
     40 
     41 ########################### Interface File #############################
     42 if_rules="""
     43 ########################################
     44 ## <summary>
     45 ##	Search TEMPLATETYPE conf directories.
     46 ## </summary>
     47 ## <param name="domain">
     48 ##	<summary>
     49 ##	Domain allowed access.
     50 ##	</summary>
     51 ## </param>
     52 #
     53 interface(`TEMPLATETYPE_search_conf',`
     54 	gen_require(`
     55 		type TEMPLATETYPE_etc_rw_t;
     56 	')
     57 
     58 	allow $1 TEMPLATETYPE_etc_rw_t:dir search_dir_perms;
     59 	files_search_etc($1)
     60 ')
     61 
     62 ########################################
     63 ## <summary>
     64 ##	Read TEMPLATETYPE conf files.
     65 ## </summary>
     66 ## <param name="domain">
     67 ##	<summary>
     68 ##	Domain allowed access.
     69 ##	</summary>
     70 ## </param>
     71 #
     72 interface(`TEMPLATETYPE_read_conf_files',`
     73 	gen_require(`
     74 		type TEMPLATETYPE_etc_rw_t;
     75 	')
     76 
     77 	allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms;
     78 	read_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
     79 	files_search_etc($1)
     80 ')
     81 
     82 ########################################
     83 ## <summary>
     84 ##	Manage TEMPLATETYPE conf files.
     85 ## </summary>
     86 ## <param name="domain">
     87 ##	<summary>
     88 ##	Domain allowed access.
     89 ##	</summary>
     90 ## </param>
     91 #
     92 interface(`TEMPLATETYPE_manage_conf_files',`
     93 	gen_require(`
     94 		type TEMPLATETYPE_etc_rw_t;
     95 	')
     96 
     97 	manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
     98 	files_search_etc($1)
     99 ')
    100 
    101 """
    102 
    103 if_stream_rules="""\
    104 ########################################
    105 ## <summary>
    106 ##	Connect to TEMPLATETYPE over a unix stream socket.
    107 ## </summary>
    108 ## <param name="domain">
    109 ##	<summary>
    110 ##	Domain allowed access.
    111 ##	</summary>
    112 ## </param>
    113 #
    114 interface(`TEMPLATETYPE_stream_connect',`
    115 	gen_require(`
    116 		type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t;
    117 	')
    118 
    119 	files_search_etc($1)
    120 	stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t)
    121 ')
    122 """
    123 
    124 if_admin_types="""
    125 		type TEMPLATETYPE_etc_rw_t;"""
    126 
    127 if_admin_rules="""
    128 	files_search_etc($1)
    129 	admin_pattern($1, TEMPLATETYPE_etc_rw_t)
    130 """
    131 
    132 ########################### File Context ##################################
    133 fc_file="""\
    134 FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
    135 """
    136 
    137 fc_dir="""\
    138 FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
    139 """
    140