dnsping.te 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. policy_module(dnsping, 0.1.6)
  2. #################################
  3. #
  4. # Declarations
  5. #
  6. type dnsping_t;
  7. type dnsping_exec_t;
  8. init_system_domain(dnsping_t, dnsping_exec_t)
  9. ########################################
  10. #
  11. # Local policy
  12. #
  13. allow dnsping_t self:capability dac_override;
  14. allow dnsping_t self:fifo_file { read write getattr };
  15. allow dnsping_t self:process signal;
  16. allow dnsping_t self:tcp_socket { create getattr };
  17. allow dnsping_t self:udp_socket { write setopt getopt read bind create getattr };
  18. allow dnsping_t self:unix_dgram_socket { write create connect };
  19. corenet_udp_bind_all_unreserved_ports(dnsping_t)
  20. corenet_udp_bind_generic_node(dnsping_t)
  21. dev_read_rand(dnsping_t)
  22. dev_read_urand(dnsping_t)
  23. kernel_search_vm_sysctl(dnsping_t)
  24. kernel_read_vm_sysctls(dnsping_t)
  25. corecmd_exec_bin(dnsping_t)
  26. logging_send_syslog_msg(dnsping_t)
  27. files_read_etc_files(dnsping_t)
  28. fs_getattr_xattr_fs(dnsping_t)
  29. miscfiles_read_localization(dnsping_t)
  30. sysnet_read_config(dnsping_t)
  31. kernel_read_system_state(dnsping_t)
  32. kernel_read_vm_overcommit_sysctl(dnsping_t)
  33. corecmd_exec_shell(dnsping_t)
  34. files_manage_generic_tmp_files(dnsping_t)
  35. optional_policy(`
  36. gen_require(`
  37. type named_var_run_t;
  38. ')
  39. read_files_pattern(dnsping_t, named_var_run_t, named_var_run_t)
  40. ')
  41. optional_policy(`
  42. gen_require(`
  43. type crond_tmp_t;
  44. ')
  45. allow dnsping_t crond_tmp_t:file { read write getattr ioctl };
  46. ')
  47. optional_policy(`
  48. gen_require(`
  49. type httpd_sys_content_t;
  50. ')
  51. allow dnsping_t httpd_sys_content_t:dir search;
  52. allow dnsping_t httpd_sys_content_t:file { read getattr open };
  53. ')
  54. optional_policy(`
  55. cron_system_entry(dnsping_t, dnsping_exec_t)
  56. ')