dnsping.te 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. policy_module(dnsping, 0.1.9)
  2. #################################
  3. #
  4. # Declarations
  5. #
  6. type dnsping_t;
  7. type dnsping_exec_t;
  8. init_system_domain(dnsping_t, dnsping_exec_t)
  9. ########################################
  10. #
  11. # Local policy
  12. #
  13. allow dnsping_t self:capability dac_override;
  14. allow dnsping_t self:fifo_file { read write getattr };
  15. allow dnsping_t self:process { signal setsched };
  16. allow dnsping_t self:tcp_socket { create getattr };
  17. allow dnsping_t self:udp_socket { write setopt getopt read bind create getattr };
  18. allow dnsping_t self:unix_dgram_socket { write create connect };
  19. corenet_udp_bind_all_unreserved_ports(dnsping_t)
  20. corenet_udp_bind_generic_node(dnsping_t)
  21. dev_read_rand(dnsping_t)
  22. dev_read_urand(dnsping_t)
  23. kernel_search_vm_sysctl(dnsping_t)
  24. kernel_read_vm_sysctls(dnsping_t)
  25. kernel_read_net_sysctls(dnsping_t)
  26. corecmd_exec_bin(dnsping_t)
  27. logging_send_syslog_msg(dnsping_t)
  28. files_read_etc_files(dnsping_t)
  29. fs_getattr_xattr_fs(dnsping_t)
  30. fs_getattr_tmpfs(dnsping_t)
  31. miscfiles_read_localization(dnsping_t)
  32. sysnet_read_config(dnsping_t)
  33. kernel_read_system_state(dnsping_t)
  34. kernel_read_vm_overcommit_sysctl(dnsping_t)
  35. corecmd_exec_shell(dnsping_t)
  36. files_manage_generic_tmp_files(dnsping_t)
  37. dontaudit dnsping_t self:capability dac_read_search;
  38. optional_policy(`
  39. gen_require(`
  40. type named_var_run_t;
  41. ')
  42. read_files_pattern(dnsping_t, named_var_run_t, named_var_run_t)
  43. ')
  44. optional_policy(`
  45. gen_require(`
  46. type crond_tmp_t;
  47. ')
  48. allow dnsping_t crond_tmp_t:file { read write getattr ioctl };
  49. ')
  50. optional_policy(`
  51. gen_require(`
  52. type httpd_sys_content_t;
  53. ')
  54. allow dnsping_t httpd_sys_content_t:dir search;
  55. allow dnsping_t httpd_sys_content_t:file { read getattr open };
  56. ')
  57. optional_policy(`
  58. cron_system_entry(dnsping_t, dnsping_exec_t)
  59. ')