dnsping.te 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. policy_module(dnsping, 0.1.8)
  2. #################################
  3. #
  4. # Declarations
  5. #
  6. type dnsping_t;
  7. type dnsping_exec_t;
  8. init_system_domain(dnsping_t, dnsping_exec_t)
  9. ########################################
  10. #
  11. # Local policy
  12. #
  13. allow dnsping_t self:capability dac_override;
  14. allow dnsping_t self:fifo_file { read write getattr };
  15. allow dnsping_t self:process { signal setsched };
  16. allow dnsping_t self:tcp_socket { create getattr };
  17. allow dnsping_t self:udp_socket { write setopt getopt read bind create getattr };
  18. allow dnsping_t self:unix_dgram_socket { write create connect };
  19. corenet_udp_bind_all_unreserved_ports(dnsping_t)
  20. corenet_udp_bind_generic_node(dnsping_t)
  21. dev_read_rand(dnsping_t)
  22. dev_read_urand(dnsping_t)
  23. kernel_search_vm_sysctl(dnsping_t)
  24. kernel_read_vm_sysctls(dnsping_t)
  25. kernel_read_net_sysctls(dnsping_t)
  26. corecmd_exec_bin(dnsping_t)
  27. logging_send_syslog_msg(dnsping_t)
  28. files_read_etc_files(dnsping_t)
  29. fs_getattr_xattr_fs(dnsping_t)
  30. fs_getattr_tmpfs(dnsping_t)
  31. miscfiles_read_localization(dnsping_t)
  32. sysnet_read_config(dnsping_t)
  33. kernel_read_system_state(dnsping_t)
  34. kernel_read_vm_overcommit_sysctl(dnsping_t)
  35. corecmd_exec_shell(dnsping_t)
  36. files_manage_generic_tmp_files(dnsping_t)
  37. optional_policy(`
  38. gen_require(`
  39. type named_var_run_t;
  40. ')
  41. read_files_pattern(dnsping_t, named_var_run_t, named_var_run_t)
  42. ')
  43. optional_policy(`
  44. gen_require(`
  45. type crond_tmp_t;
  46. ')
  47. allow dnsping_t crond_tmp_t:file { read write getattr ioctl };
  48. ')
  49. optional_policy(`
  50. gen_require(`
  51. type httpd_sys_content_t;
  52. ')
  53. allow dnsping_t httpd_sys_content_t:dir search;
  54. allow dnsping_t httpd_sys_content_t:file { read getattr open };
  55. ')
  56. optional_policy(`
  57. cron_system_entry(dnsping_t, dnsping_exec_t)
  58. ')