selinux-refpolicy/refpolicy/policy/modules/system/logging.if

89 lines
2.6 KiB
Plaintext
Raw Normal View History

2005-04-20 19:07:16 +00:00
# Copyright (C) 2005 Tresys Technology, LLC
2005-04-14 20:18:17 +00:00
#######################################
#
# logging_make_log_file(type,[`optional'])
#
define(`logging_make_log_file',`
requires_block_template(logging_make_log_file_depend,$2)
files_make_file($1,optional)
typeattribute $1 logfile;
')
define(`logging_make_log_file_depend',`
attribute logfile;
files_make_file_depend
')
2005-04-19 20:44:07 +00:00
#######################################
#
# logging_send_system_log_message(type,[`optional'])
#
define(`logging_send_system_log_message',`
requires_block_template(logging_send_system_log_message_depend,$2)
2005-04-21 21:33:50 +00:00
allow $1 devlog_t:lnk_file read;
2005-04-19 20:44:07 +00:00
allow $1 devlog_t:sock_file { ioctl read getattr lock write append };
# the type of socket depends on the syslog daemon
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
allow $1 self:unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
')
define(`logging_send_system_log_message_depend',`
type syslogd_t, devlog_t;
class sock_file { ioctl read getattr lock write append };
class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown sendto };
class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown connectto };
')
2005-04-14 20:18:17 +00:00
#######################################
#
# logging_append_all_logs(type,[`optional'])
#
define(`logging_append_all_logs',`
requires_block_template(logging_append_all_logs_depend,$2)
allow $1 var_log_t:dir { getattr search read };
allow $1 logfile:file { getattr append };
')
define(`logging_append_all_logs_depend',`
attribute logfile;
type var_log_t;
class dir { getattr search read };
class file { getattr append };
')
#######################################
#
# logging_read_all_logs(type,[`optional'])
#
define(`logging_read_all_logs',`
requires_block_template(logging_read_all_logs_depend,$2)
allow $1 var_log_t:dir { getattr search read };
allow $1 logfile:file { getattr read };
')
define(`logging_read_all_logs_depend',`
attribute logfile;
type var_log_t;
class dir { getattr search read };
class file { getattr read };
')
#######################################
#
# logging_modify_system_logs(type,[`optional'])
#
define(`logging_modify_system_logs',`
requires_block_template(logging_modify_system_logs_depend,$2)
allow $1 var_log_t:dir { getattr search read };
allow $1 var_log_t:file { getattr read write append };
')
define(`logging_modify_system_logs_depend',`
type var_log_t;
class dir { getattr search read };
class file { getattr read write append };
')