gentoo-selinux-policies/dnsping.te

policy_module(dnsping, 0.1.11)

#################################
#
# Declarations
#

type dnsping_t;
type dnsping_exec_t;
init_system_domain(dnsping_t, dnsping_exec_t)


########################################
#
# Local policy
#

allow dnsping_t self:capability dac_override;
allow dnsping_t self:fifo_file { read write getattr };
allow dnsping_t self:process { signal setsched getsched };
allow dnsping_t self:tcp_socket { create getattr };
allow dnsping_t self:udp_socket { write setopt getopt read bind create getattr };
allow dnsping_t self:unix_dgram_socket { write create connect };

corenet_udp_bind_all_unreserved_ports(dnsping_t)
corenet_udp_bind_generic_node(dnsping_t)

dev_read_rand(dnsping_t)
dev_read_urand(dnsping_t)

kernel_search_vm_sysctl(dnsping_t)
kernel_read_vm_sysctls(dnsping_t)
kernel_read_net_sysctls(dnsping_t)

corecmd_exec_bin(dnsping_t)
logging_send_syslog_msg(dnsping_t)
files_read_etc_files(dnsping_t)
fs_getattr_xattr_fs(dnsping_t)
fs_getattr_tmpfs(dnsping_t)
miscfiles_read_localization(dnsping_t)
miscfiles_read_generic_certs(dnsping_t)
sysnet_read_config(dnsping_t)

kernel_read_system_state(dnsping_t)
kernel_read_vm_overcommit_sysctl(dnsping_t)

corecmd_exec_shell(dnsping_t)
files_manage_generic_tmp_files(dnsping_t)

dontaudit dnsping_t self:capability dac_read_search;

optional_policy(`
	gen_require(`
		type named_var_run_t;
	')
	read_files_pattern(dnsping_t, named_var_run_t, named_var_run_t)
')

optional_policy(`
	gen_require(`
		type crond_tmp_t;
	')
	allow dnsping_t crond_tmp_t:file { read write getattr ioctl };
')

optional_policy(`
	gen_require(`
        	type httpd_sys_content_t;
	')
allow dnsping_t httpd_sys_content_t:dir search;
allow dnsping_t httpd_sys_content_t:file { read getattr open };
')

optional_policy(`
	cron_system_entry(dnsping_t, dnsping_exec_t)
')