Home | History | Annotate | Download | only in templates 
      1 # Copyright (C) 2007-2012 Red Hat
      2 # see file 'COPYING' for use and warranty information
      3 #
      4 # policygentool is a tool for the initial generation of SELinux policy
      5 #
      6 #    This program is free software; you can redistribute it and/or
      7 #    modify it under the terms of the GNU General Public License as
      8 #    published by the Free Software Foundation; either version 2 of
      9 #    the License, or (at your option) any later version.
     10 #
     11 #    This program is distributed in the hope that it will be useful,
     12 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     14 #    GNU General Public License for more details.
     15 #
     16 #    You should have received a copy of the GNU General Public License
     17 #    along with this program; if not, write to the Free Software
     18 #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
     19 #                                        02111-1307  USA
     20 #
     21 #
     22 ########################### var_lib Template File #############################
     23 
     24 ########################### Type Enforcement File #############################
     25 te_types="""
     26 type TEMPLATETYPE_var_lib_t;
     27 files_type(TEMPLATETYPE_var_lib_t)
     28 """
     29 te_rules="""
     30 manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
     31 manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
     32 manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
     33 files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file lnk_file })
     34 """
     35 
     36 te_stream_rules="""\
     37 manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
     38 files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file)
     39 """
     40 
     41 
     42 ########################### Interface File #############################
     43 if_rules="""
     44 ########################################
     45 ## <summary>
     46 ##	Search TEMPLATETYPE lib directories.
     47 ## </summary>
     48 ## <param name="domain">
     49 ##	<summary>
     50 ##	Domain allowed access.
     51 ##	</summary>
     52 ## </param>
     53 #
     54 interface(`TEMPLATETYPE_search_lib',`
     55 	gen_require(`
     56 		type TEMPLATETYPE_var_lib_t;
     57 	')
     58 
     59 	allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms;
     60 	files_search_var_lib($1)
     61 ')
     62 
     63 ########################################
     64 ## <summary>
     65 ##	Read TEMPLATETYPE lib files.
     66 ## </summary>
     67 ## <param name="domain">
     68 ##	<summary>
     69 ##	Domain allowed access.
     70 ##	</summary>
     71 ## </param>
     72 #
     73 interface(`TEMPLATETYPE_read_lib_files',`
     74 	gen_require(`
     75 		type TEMPLATETYPE_var_lib_t;
     76 	')
     77 
     78 	files_search_var_lib($1)
     79 	read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
     80 ')
     81 
     82 ########################################
     83 ## <summary>
     84 ##	Manage TEMPLATETYPE lib files.
     85 ## </summary>
     86 ## <param name="domain">
     87 ##	<summary>
     88 ##	Domain allowed access.
     89 ##	</summary>
     90 ## </param>
     91 #
     92 interface(`TEMPLATETYPE_manage_lib_files',`
     93 	gen_require(`
     94 		type TEMPLATETYPE_var_lib_t;
     95 	')
     96 
     97 	files_search_var_lib($1)
     98 	manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
     99 ')
    100 
    101 ########################################
    102 ## <summary>
    103 ##	Manage TEMPLATETYPE lib directories.
    104 ## </summary>
    105 ## <param name="domain">
    106 ##	<summary>
    107 ##	Domain allowed access.
    108 ##	</summary>
    109 ## </param>
    110 #
    111 interface(`TEMPLATETYPE_manage_lib_dirs',`
    112 	gen_require(`
    113 		type TEMPLATETYPE_var_lib_t;
    114 	')
    115 
    116 	files_search_var_lib($1)
    117 	manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
    118 ')
    119 
    120 """
    121 
    122 if_stream_rules="""
    123 ########################################
    124 ## <summary>
    125 ##	Connect to TEMPLATETYPE over a unix stream socket.
    126 ## </summary>
    127 ## <param name="domain">
    128 ##	<summary>
    129 ##	Domain allowed access.
    130 ##	</summary>
    131 ## </param>
    132 #
    133 interface(`TEMPLATETYPE_stream_connect',`
    134 	gen_require(`
    135 		type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t;
    136 	')
    137 
    138 	stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
    139 ')
    140 """
    141 
    142 if_admin_types="""
    143 		type TEMPLATETYPE_var_lib_t;"""
    144 
    145 if_admin_rules="""
    146 	files_search_var_lib($1)
    147 	admin_pattern($1, TEMPLATETYPE_var_lib_t)
    148 """
    149 
    150 ########################### File Context ##################################
    151 fc_file="""\
    152 FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
    153 """
    154 
    155 fc_sock_file="""\
    156 FILENAME		-s	gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
    157 """
    158 
    159 fc_dir="""\
    160 FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
    161 """
    162