3 years ago · 239c336480
--- a/janus.fc
+++ b/janus.fc
@@ -1,2 +1,5 @@
 
				 /usr/local/bin/janus     --      gen_context(system_u:object_r:janus_exec_t,s0)
			
 
				 
			
 
				+/var/log/janus(/.*)?                     gen_context(system_u:object_r:janus_var_log_t,s0)
			
 
				+/usr/local/etc/janus(/.*)?		gen_context(system_u:object_r:janus_local_etc_t,s0)
			
 
				+/usr/local/share/janus(/.*)?		gen_context(system_u:object_r:janus_local_share_t,s0)
			
--- a/janus.te
+++ b/janus.te
@@ -1,4 +1,4 @@
 
				-policy_module(janus, 0.0.1)
			
 
				+policy_module(janus, 0.0.3)
			
 
				 
			
 
				 ########################################
			
 
				 #
			
@@ -9,6 +9,51 @@ type janus_t;
 
				 type janus_exec_t;
			
 
				 init_daemon_domain(janus_t, janus_exec_t)
			
 
				 
			
 
				+type janus_var_log_t;
			
 
				+logging_log_file(janus_var_log_t)
			
 
				+
			
 
				+type janus_local_etc_t;
			
 
				+files_config_file(janus_local_etc_t)
			
 
				+
			
 
				+type janus_local_share_t;
			
 
				+files_type(janus_local_share_t)
			
 
				+
			
 
				+allow janus_t self:fifo_file { read write };
			
 
				+allow janus_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
			
 
				+allow janus_t self:process { getsched setsched };
			
 
				+allow janus_t self:rawip_socket create;
			
 
				+allow janus_t self:tcp_socket { accept bind create getattr listen read setopt shutdown write };
			
 
				+allow janus_t self:udp_socket { bind connect create getattr ioctl read setopt write };
			
 
				+allow janus_t self:unix_dgram_socket { create ioctl };
			
 
				+
			
 
				+
			
 
				+manage_dirs_pattern(janus_t, janus_var_log_t, janus_var_log_t)
			
 
				+manage_files_pattern(janus_t, janus_var_log_t, janus_var_log_t)
			
 
				+logging_log_filetrans(janus_t, janus_var_log_t, file)
			
 
				+
			
 
				+read_files_pattern(janus_t, janus_local_etc_t, janus_local_etc_t)
			
 
				+search_dirs_pattern(janus_t, janus_local_etc_t, janus_local_etc_t)
			
 
				+
			
 
				+read_files_pattern(janus_t, janus_local_share_t, janus_local_share_t)
			
 
				+search_dirs_pattern(janus_t, janus_local_share_t, janus_local_share_t)
			
 
				+
			
 
				+auth_use_nsswitch(janus_t)
			
 
				+
			
 
				+miscfiles_read_localization(janus_t)
			
 
				+miscfiles_read_all_certs(janus_t)
			
 
				+
			
 
				+sysnet_read_config(janus_t)
			
 
				+
			
 
				+corenet_tcp_bind_generic_node(janus_t)
			
 
				+corenet_udp_bind_generic_node(janus_t)
			
 
				+corenet_tcp_bind_all_unreserved_ports(janus_t)
			
 
				+corenet_udp_bind_all_unreserved_ports(janus_t)
			
 
				+
			
 
				+kernel_read_network_state(janus_t)
			
 
				+kernel_read_vm_overcommit_sysctl(janus_t)
			
 
				+
			
 
				+dev_read_urand(janus_t)
			
 
				+
			
 
				 optional_policy(`
			
 
				   gen_require(`
			
 
				     type supervisor_t;