create interfaces for NetworkManager units

Create interfaces to allow start/stop, enable/disable and status of NetworkManager systemd unit
2019-04-28 10:28:51 -04:00 · 2019-04-28 10:28:51 -04:00 · de0e70f07a
parent 5d345b79ee
commit de0e70f07a
1 changed files with 57 additions and 0 deletions
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@ -293,6 +293,63 @@ interface(`networkmanager_stream_connect',`
 	stream_connect_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t, NetworkManager_t)
 ')

+########################################
+## <summary>
+##	Allow specified domain to enable/disable NetworkManager units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`networkmanager_enabledisable',`
+	gen_require(`
+		type NetworkManager_unit_t;
+		class service { enable disable };
+	')
+
+	allow $1 NetworkManager_unit_t:service { enable disable };
+')
+
+########################################
+## <summary>
+##	Allow specified domain to start/stop NetworkManager units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`networkmanager_startstop',`
+	gen_require(`
+		type NetworkManager_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 NetworkManager_unit_t:service { start stop };
+')
+
+########################################
+## <summary>
+##	Allow specified domain to get status of NetworkManager
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`networkmanager_status',`
+	gen_require(`
+		type NetworkManager_unit_t;
+		class service status;
+	')
+
+	allow $1 NetworkManager_unit_t:service status;
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to