| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- policy_module(spreed-webrtc, 0.1.4)
- ########################################
- #
- # Declarations
- #
- attribute_role spreed_roles;
- type spreed_t;
- type spreed_exec_t;
- init_daemon_domain(spreed_t, spreed_exec_t)
- type spreed_opt_t;
- files_type(spreed_opt_t)
- type spreed_etc_t;
- files_config_file(spreed_etc_t)
- ########################################
- #
- # Local policy
- #
- allow spreed_t self:process getsched;
- allow spreed_t self:tcp_socket { getattr setopt bind create accept listen read write };
- read_files_pattern(spreed_t, spreed_opt_t, spreed_opt_t)
- search_dirs_pattern(spreed_t, spreed_opt_t, spreed_opt_t)
- list_dirs_pattern(spreed_t, spreed_opt_t, spreed_opt_t)
- read_files_pattern(spreed_t, spreed_etc_t, spreed_etc_t)
- apache_read_sys_content(spreed_t)
- corenet_tcp_bind_http_cache_port(spreed_t)
- corenet_tcp_bind_generic_node(spreed_t)
- miscfiles_read_localization(spreed_t)
- kernel_read_net_sysctls(spreed_t)
- files_read_etc_files(spreed_t)
- dev_read_urand(spreed_t)
- optional_policy(`
- gen_require(`
- type supervisor_t;
- ')
- supervisor_service_domain(spreed_t,spreed_exec_t)
- allow supervisor_t spreed_opt_t:dir search;
- ')
|
