acmetool.te 2.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. policy_module(acmetool, 0.1.17)
  2. ########################################
  3. #
  4. # Declarations
  5. #
  6. attribute_role acmetool_roles;
  7. type acmetool_t;
  8. type acmetool_exec_t;
  9. init_system_domain(acmetool_t, acmetool_exec_t)
  10. type acmetool_var_lib_t;
  11. files_type(acmetool_var_lib_t)
  12. type acmetool_usr_lib_t;
  13. files_type(acmetool_usr_lib_t)
  14. type acmetool_etc_t;
  15. files_config_file(acmetool_etc_t)
  16. ########################################
  17. #
  18. # Local policy
  19. #
  20. allow acmetool_t self:process { getsched setsched signal };
  21. allow acmetool_t self:tcp_socket { bind create setopt listen accept };
  22. allow acmetool_t self:unix_dgram_socket { create setopt connect bind getattr };
  23. allow acmetool_t self:udp_socket { create setopt };
  24. allow acmetool_t acmetool_usr_lib_t:file { execute execute_no_trans };
  25. allow acmetool_t self:fifo_file { read write getattr ioctl };
  26. manage_dirs_pattern(acmetool_t,acmetool_var_lib_t,acmetool_var_lib_t)
  27. manage_files_pattern(acmetool_t,acmetool_var_lib_t,acmetool_var_lib_t)
  28. manage_lnk_files_pattern(acmetool_t,acmetool_var_lib_t,acmetool_var_lib_t)
  29. files_var_lib_filetrans(acmetool_t, acmetool_var_lib_t, { file dir lnk_file })
  30. read_files_pattern(acmetool_t, acmetool_etc_t, acmetool_etc_t)
  31. manage_dirs_pattern(acmetool_t,acmetool_usr_lib_t,acmetool_usr_lib_t)
  32. manage_files_pattern(acmetool_t,acmetool_usr_lib_t,acmetool_usr_lib_t)
  33. gen_require(`
  34. type lib_t;
  35. ')
  36. filetrans_pattern(acmetool_t, lib_t, acmetool_usr_lib_t, { file dir lnk_file })
  37. corecmd_exec_shell(acmetool_t)
  38. corecmd_exec_bin(acmetool_t)
  39. miscfiles_read_localization(acmetool_t)
  40. miscfiles_read_all_certs(acmetool_t)
  41. files_read_usr_files(acmetool_t)
  42. dev_read_urand(acmetool_t)
  43. dev_read_sysfs(acmetool_t)
  44. kernel_read_net_sysctls(acmetool_t)
  45. kernel_read_vm_sysctls(acmetool_t)
  46. kernel_read_kernel_sysctls(acmetool_t)
  47. kernel_read_system_state(acmetool_t)
  48. kernel_search_vm_sysctl(acmetool_t)
  49. kernel_read_vm_overcommit_sysctl(acmetool_t)
  50. corenet_tcp_bind_generic_node(acmetool_t)
  51. corenet_tcp_connect_http_port(acmetool_t)
  52. corenet_tcp_bind_http_port(acmetool_t)
  53. corenet_tcp_bind_reserved_port(acmetool_t)
  54. corenet_tcp_bind_all_unreserved_ports(acmetool_t)
  55. corenet_udp_bind_generic_node(acmetool_t)
  56. corenet_udp_bind_pyzor_port(acmetool_t)
  57. corenet_udp_bind_traceroute_port(acmetool_t)
  58. corenet_udp_bind_all_unreserved_ports(acmetool_t)
  59. auth_use_nsswitch(acmetool_t)
  60. sysnet_read_config(acmetool_t)
  61. optional_policy(`
  62. cron_system_entry(acmetool_t, acmetool_exec_t)
  63. ')
  64. gen_require(`
  65. type crond_tmp_t;
  66. ')
  67. allow acmetool_t crond_tmp_t:file { read write ioctl };