1 # Copyright (C) 2007-2012 Red Hat 2 # see file 'COPYING' for use and warranty information 3 # 4 # policygentool is a tool for the initial generation of SELinux policy 5 # 6 # This program is free software; you can redistribute it and/or 7 # modify it under the terms of the GNU General Public License as 8 # published by the Free Software Foundation; either version 2 of 9 # the License, or (at your option) any later version. 10 # 11 # This program is distributed in the hope that it will be useful, 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 # GNU General Public License for more details. 15 # 16 # You should have received a copy of the GNU General Public License 17 # along with this program; if not, write to the Free Software 18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 19 # 02111-1307 USA 20 # 21 # 22 ########################### tmp Template File ############################# 23 24 te_types=""" 25 type TEMPLATETYPE_tmp_t; 26 files_tmp_file(TEMPLATETYPE_tmp_t) 27 """ 28 29 te_rules=""" 30 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 31 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 32 manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 33 files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file lnk_file }) 34 """ 35 36 te_stream_rules=""" 37 manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 38 files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file) 39 """ 40 41 if_rules=""" 42 ######################################## 43 ## <summary> 44 ## Do not audit attempts to read, 45 ## TEMPLATETYPE tmp files 46 ## </summary> 47 ## <param name="domain"> 48 ## <summary> 49 ## Domain to not audit. 50 ## </summary> 51 ## </param> 52 # 53 interface(`TEMPLATETYPE_dontaudit_read_tmp_files',` 54 gen_require(` 55 type TEMPLATETYPE_tmp_t; 56 ') 57 58 dontaudit $1 TEMPLATETYPE_tmp_t:file read_file_perms; 59 ') 60 61 ######################################## 62 ## <summary> 63 ## Read TEMPLATETYPE tmp files 64 ## </summary> 65 ## <param name="domain"> 66 ## <summary> 67 ## Domain allowed access. 68 ## </summary> 69 ## </param> 70 # 71 interface(`TEMPLATETYPE_read_tmp_files',` 72 gen_require(` 73 type TEMPLATETYPE_tmp_t; 74 ') 75 76 files_search_tmp($1) 77 read_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 78 ') 79 80 ######################################## 81 ## <summary> 82 ## Manage TEMPLATETYPE tmp files 83 ## </summary> 84 ## <param name="domain"> 85 ## <summary> 86 ## Domain allowed access. 87 ## </summary> 88 ## </param> 89 # 90 interface(`TEMPLATETYPE_manage_tmp',` 91 gen_require(` 92 type TEMPLATETYPE_tmp_t; 93 ') 94 95 files_search_tmp($1) 96 manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 97 manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 98 manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) 99 ') 100 """ 101 102 if_stream_rules="""\ 103 ######################################## 104 ## <summary> 105 ## Connect to TEMPLATETYPE over a unix stream socket. 106 ## </summary> 107 ## <param name="domain"> 108 ## <summary> 109 ## Domain allowed access. 110 ## </summary> 111 ## </param> 112 # 113 interface(`TEMPLATETYPE_stream_connect',` 114 gen_require(` 115 type TEMPLATETYPE_t, TEMPLATETYPE_tmp_t; 116 ') 117 118 files_search_pids($1) 119 stream_connect_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_t) 120 ') 121 """ 122 123 if_admin_types=""" 124 type TEMPLATETYPE_tmp_t;""" 125 126 if_admin_rules=""" 127 files_search_tmp($1) 128 admin_pattern($1, TEMPLATETYPE_tmp_t) 129 """ 130
