|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(signaling, 0.0.1)
|
|
|
+policy_module(signaling, 0.0.2)
|
|
|
|
|
|
########################################
|
|
|
#
|
|
|
@@ -9,10 +9,43 @@ type signaling_t;
|
|
|
type signaling_exec_t;
|
|
|
init_daemon_domain(signaling_t, signaling_exec_t)
|
|
|
|
|
|
+type signaling_etc_t;
|
|
|
+files_config_file(signaling_etc_t);
|
|
|
+
|
|
|
+allow signaling_t self:fifo_file { read write };
|
|
|
+allow signaling_t self:process { getsched signal };
|
|
|
+allow signaling_t self:tcp_socket { accept bind connect create getattr getopt listen read setopt write };
|
|
|
+allow signaling_t self:udp_socket { connect create getattr read setopt write };
|
|
|
+allow signaling_t self:unix_dgram_socket { connect create };
|
|
|
+
|
|
|
+corenet_tcp_bind_http_cache_port(signaling_t)
|
|
|
+corenet_tcp_connect_http_port(signaling_t)
|
|
|
+corenet_tcp_bind_generic_node(signaling_t)
|
|
|
+corenet_tcp_connect_all_unreserved_ports(signaling_t)
|
|
|
+
|
|
|
+miscfiles_read_all_certs(signaling_t)
|
|
|
+miscfiles_read_localization(signaling_t)
|
|
|
+
|
|
|
+read_files_pattern(signaling_t, signaling_etc_t, signaling_etc_t)
|
|
|
+search_dirs_pattern(signaling_t, signaling_etc_t, signaling_etc_t)
|
|
|
+
|
|
|
+sysnet_read_config(signaling_t)
|
|
|
+
|
|
|
+kernel_read_net_sysctls(signaling_t)
|
|
|
+
|
|
|
+dev_read_sysfs(signaling_t)
|
|
|
+
|
|
|
optional_policy(`
|
|
|
gen_require(`
|
|
|
type supervisor_t;
|
|
|
')
|
|
|
supervisor_service_domain(signaling_t,signaling_exec_t)
|
|
|
+ allow signaling_t supervisor_t:fifo_file lock;
|
|
|
')
|
|
|
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type usr_t;
|
|
|
+ ')
|
|
|
+ read_files_pattern(usr_t, signaling_t, signaling_t)
|
|
|
+')
|
