123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 |
- policy_module(acmetool, 0.1.15)
- ########################################
- #
- # Declarations
- #
- attribute_role acmetool_roles;
- type acmetool_t;
- type acmetool_exec_t;
- init_system_domain(acmetool_t, acmetool_exec_t)
- type acmetool_var_lib_t;
- files_type(acmetool_var_lib_t)
- type acmetool_usr_lib_t;
- files_type(acmetool_usr_lib_t)
- type acmetool_etc_t;
- files_config_file(acmetool_etc_t)
- ########################################
- #
- # Local policy
- #
- allow acmetool_t self:process getsched;
- allow acmetool_t self:tcp_socket { bind create setopt listen accept };
- allow acmetool_t self:unix_dgram_socket { create setopt connect bind getattr };
- allow acmetool_t self:udp_socket { create setopt };
- allow acmetool_t acmetool_usr_lib_t:file { execute execute_no_trans };
- allow acmetool_t self:fifo_file { read write getattr ioctl };
- allow acmetool_t self:process signal;
- manage_dirs_pattern(acmetool_t,acmetool_var_lib_t,acmetool_var_lib_t)
- manage_files_pattern(acmetool_t,acmetool_var_lib_t,acmetool_var_lib_t)
- manage_lnk_files_pattern(acmetool_t,acmetool_var_lib_t,acmetool_var_lib_t)
- files_var_lib_filetrans(acmetool_t, acmetool_var_lib_t, { file dir lnk_file })
- read_files_pattern(acmetool_t, acmetool_etc_t, acmetool_etc_t)
- manage_dirs_pattern(acmetool_t,acmetool_usr_lib_t,acmetool_usr_lib_t)
- manage_files_pattern(acmetool_t,acmetool_usr_lib_t,acmetool_usr_lib_t)
- gen_require(`
- type lib_t;
- ')
- filetrans_pattern(acmetool_t, lib_t, acmetool_usr_lib_t, { file dir lnk_file })
- corecmd_exec_shell(acmetool_t)
- corecmd_exec_bin(acmetool_t)
- miscfiles_read_localization(acmetool_t)
- dev_read_urand(acmetool_t)
- dev_read_sysfs(acmetool_t)
- kernel_read_net_sysctls(acmetool_t)
- kernel_read_vm_sysctls(acmetool_t)
- kernel_read_kernel_sysctls(acmetool_t)
- kernel_read_system_state(acmetool_t)
- kernel_search_vm_sysctl(acmetool_t)
- kernel_read_vm_overcommit_sysctl(acmetool_t)
- corenet_tcp_bind_generic_node(acmetool_t)
- corenet_tcp_connect_http_port(acmetool_t)
- corenet_tcp_bind_http_port(acmetool_t)
- corenet_tcp_bind_reserved_port(acmetool_t)
- corenet_tcp_bind_all_unreserved_ports(acmetool_t)
- corenet_udp_bind_generic_node(acmetool_t)
- corenet_udp_bind_pyzor_port(acmetool_t)
- corenet_udp_bind_traceroute_port(acmetool_t)
- corenet_udp_bind_all_unreserved_ports(acmetool_t)
- auth_use_nsswitch(acmetool_t)
- sysnet_read_config(acmetool_t)
- optional_policy(`
- cron_system_entry(acmetool_t, acmetool_exec_t)
- ')
- gen_require(`
- type crond_tmp_t;
- ')
- allow acmetool_t crond_tmp_t:file { read write ioctl };
|