Home Explore Help
Sign In
Hoshpak
/
gentoo-selinux-policies
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 328583eb59
Branches Tags
gentoo-selinux-...
/
signaling.te

signaling.te 1.5 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. policy_module(signaling, 0.0.4)
    2. 

  2. 

  3. ########################################
    4. 

  4. #
    5. 

  5. # Declarations
    6. 

  6. #
    7. 

  7. 

  8. type signaling_t;
    9. 

  9. type signaling_exec_t;
    10. 

  10. init_daemon_domain(signaling_t, signaling_exec_t)
    11. 

  11. 

  12. type signaling_etc_t;
    13. 

  13. files_config_file(signaling_etc_t);
    14. 

  14. 

  15. allow signaling_t self:fifo_file { read write };
    16. 

  16. allow signaling_t self:process { getsched signal };
    17. 

  17. allow signaling_t self:tcp_socket { accept bind connect create getattr getopt listen read setopt write };
    18. 

  18. allow signaling_t self:udp_socket { connect create getattr read setopt write };
    19. 

  19. allow signaling_t self:unix_dgram_socket { connect create };
    20. 

  20. allow signaling_t self:netlink_route_socket create;
    21. 

  21. 

  22. corenet_tcp_bind_http_cache_port(signaling_t)
    23. 

  23. corenet_tcp_connect_http_port(signaling_t)
    24. 

  24. corenet_tcp_bind_generic_node(signaling_t)
    25. 

  25. corenet_tcp_connect_all_unreserved_ports(signaling_t)
    26. 

  26. 

  27. miscfiles_read_all_certs(signaling_t)
    28. 

  28. miscfiles_read_localization(signaling_t)
    29. 

  29. files_read_usr_files(signaling_t)
    30. 

  30. 

  31. read_files_pattern(signaling_t, signaling_etc_t, signaling_etc_t)
    32. 

  32. search_dirs_pattern(signaling_t, signaling_etc_t, signaling_etc_t)
    33. 

  33. 

  34. sysnet_read_config(signaling_t)
    35. 

  35. 

  36. kernel_read_net_sysctls(signaling_t)
    37. 

  37. 

  38. dev_read_sysfs(signaling_t)
    39. 

  39. 

  40. files_read_etc_files(signaling_t)
    41. 

  41. 

  42. optional_policy(`
    43. 

  43.   gen_require(`
    44. 

  44.     type supervisor_t;
    45. 

  45.   ')
    46. 

  46.   supervisor_service_domain(signaling_t,signaling_exec_t)
    47. 

  47.   allow signaling_t supervisor_t:fifo_file lock;
    48. 

  48. ')
    49. 

  49. 

  50. optional_policy(`
    51. 

  51.   gen_require(`
    52. 

  52.     type usr_t;
    53. 

  53.   ')
    54. 

  54.   read_files_pattern(usr_t, signaling_t, signaling_t)
    55. 

  55. ')
    56.