| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- policy_module(turnserver, 0.1.8)
- ########################################
- #
- # Declarations
- #
- attribute_role turnserver_roles;
- type turnserver_t;
- type turnserver_exec_t;
- init_daemon_domain(turnserver_t, turnserver_exec_t)
- type turnserver_etc_t;
- files_config_file(turnserver_etc_t)
- type turnserver_initrc_exec_t;
- init_script_file(turnserver_initrc_exec_t)
- type turnserver_var_run_t;
- files_pid_file(turnserver_var_run_t)
- type turnserver_var_log_t;
- logging_log_file(turnserver_var_log_t)
- type turnserver_tmp_t;
- files_tmp_file(turnserver_tmp_t)
- ########################################
- #
- # Local policy
- #
- allow turnserver_t self:tcp_socket { bind create setopt listen };
- allow turnserver_t self:udp_socket { getopt create setopt bind };
- allow turnserver_t self:capability { setuid setgid dac_override };
- allow turnserver_t self:process signal;
- allow turnserver_t self:tcp_socket accept;
- read_files_pattern(turnserver_t, turnserver_etc_t, turnserver_etc_t)
- manage_files_pattern(turnserver_t, turnserver_var_run_t, turnserver_var_run_t)
- files_pid_filetrans(turnserver_t, turnserver_var_run_t, file)
- manage_files_pattern(turnserver_t, turnserver_var_log_t, turnserver_var_log_t)
- logging_log_filetrans(turnserver_t, turnserver_var_log_t, file)
- manage_dirs_pattern(turnserver_t,turnserver_tmp_t,turnserver_tmp_t)
- manage_files_pattern(turnserver_t,turnserver_tmp_t,turnserver_tmp_t)
- files_tmp_filetrans(turnserver_t,turnserver_tmp_t, file)
- dev_read_sysfs(turnserver_t)
- corenet_tcp_bind_all_unreserved_ports(turnserver_t)
- corenet_udp_bind_all_unreserved_ports(turnserver_t)
- corenet_tcp_bind_generic_node(turnserver_t)
- corenet_udp_bind_generic_node(turnserver_t)
- miscfiles_read_localization(turnserver_t)
- dev_read_urand(turnserver_t)
- auth_use_nsswitch(turnserver_t)
|
