## Trivial file transfer protocol daemon. ######################################## ## ## Read tftp content files. ## ## ## ## Domain allowed access. ## ## # interface(`tftp_read_content',` gen_require(` type tftpdir_t; ') files_search_var_lib($1) allow $1 tftpdir_t:dir list_dir_perms; allow $1 tftpdir_t:file read_file_perms; allow $1 tftpdir_t:lnk_file read_lnk_file_perms; ') ######################################## ## ## Create, read, write, and delete ## tftp rw content. ## ## ## ## Domain allowed access. ## ## # interface(`tftp_manage_rw_content',` gen_require(` type tftpdir_rw_t; ') files_search_var_lib($1) allow $1 tftpdir_rw_t:dir manage_dir_perms; allow $1 tftpdir_rw_t:file manage_file_perms; allow $1 tftpdir_rw_t:lnk_file manage_lnk_file_perms; ') ######################################## ## ## Read tftpd configuration files. ## ## ## ## Domain allowed access. ## ## # interface(`tftp_read_config_files',` gen_require(` type tftpd_conf_t; ') files_search_etc($1) allow $1 tftpd_conf_t:file read_file_perms; ') ######################################## ## ## Create, read, write, and delete ## tftpd configuration files. ## ## ## ## Domain allowed access. ## ## # interface(`tftp_manage_config_files',` gen_require(` type tftpd_conf_t; ') files_search_etc($1) allow $1 tftpd_conf_t:file manage_file_perms; ') ######################################## ## ## Create objects in etc directories ## with tftp conf type. ## ## ## ## Domain allowed to transition. ## ## ## ## ## Class of the object being created. ## ## ## ## ## The name of the object being created. ## ## # interface(`tftp_etc_filetrans_config',` gen_require(` type tftpd_conf_t; ') files_etc_filetrans($1, tftpd_conf_t, $2, $3) ') ######################################## ## ## Create objects in tftpdir directories ## with a private type. ## ## ## ## Domain allowed access. ## ## ## ## ## Private file type. ## ## ## ## ## Class of the object being created. ## ## ## ## ## The name of the object being created. ## ## # interface(`tftp_filetrans_tftpdir',` gen_require(` type tftpdir_rw_t; ') files_search_var_lib($1) filetrans_pattern($1, tftpdir_rw_t, $2, $3, $4) ') ######################################## ## ## All of the rules required to ## administrate an tftp environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`tftp_admin',` gen_require(` type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_runtime_t; type tftpd_conf_t; ') allow $1 tftpd_t:process { ptrace signal_perms }; ps_process_pattern($1, tftpd_t) files_search_etc($1) admin_pattern($1, tftpd_conf_t) files_search_var_lib($1) admin_pattern($1, { tftpdir_t tftpdir_rw_t }) files_list_runtime($1) admin_pattern($1, tftpd_runtime_t) ')