selinux-refpolicy/policy/modules/services/dcc.if

174 lines
3.5 KiB
Plaintext

## <summary>Distributed checksum clearinghouse spam filtering</summary>
########################################
## <summary>
## Execute cdcc in the cdcc domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dcc_domtrans_cdcc',`
gen_require(`
type cdcc_t, cdcc_exec_t;
')
corecmd_search_sbin($1)
domtrans_pattern($1,cdcc_exec_t,cdcc_t)
')
########################################
## <summary>
## Execute cdcc in the cdcc domain, and
## allow the specified role the cdcc domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the cdcc domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the terminal allow the cdcc domain to use.
## </summary>
## </param>
## <rolecap/>
#
interface(`dcc_run_cdcc',`
gen_require(`
type cdcc_t;
')
dcc_domtrans_cdcc($1)
role $2 types cdcc_t;
allow cdcc_t $3:chr_file rw_term_perms;
')
########################################
## <summary>
## Execute dcc_client in the dcc_client domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dcc_domtrans_client',`
gen_require(`
type dcc_client_t, dcc_client_exec_t;
')
corecmd_search_sbin($1)
domtrans_pattern($1,dcc_client_exec_t,dcc_client_t)
')
########################################
## <summary>
## Execute dcc_client in the dcc_client domain, and
## allow the specified role the dcc_client domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the dcc_client domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the terminal allow the dcc_client domain to use.
## </summary>
## </param>
## <rolecap/>
#
interface(`dcc_run_client',`
gen_require(`
type dcc_client_t;
')
dcc_domtrans_client($1)
role $2 types dcc_client_t;
allow dcc_client_t $3:chr_file rw_term_perms;
')
########################################
## <summary>
## Execute dbclean in the dcc_dbclean domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dcc_domtrans_dbclean',`
gen_require(`
type dcc_dbclean_t, dcc_dbclean_exec_t;
')
corecmd_search_sbin($1)
domtrans_pattern($1,dcc_dbclean_exec_t,dcc_dbclean_t)
')
########################################
## <summary>
## Execute dbclean in the dcc_dbclean domain, and
## allow the specified role the dcc_dbclean domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the dcc_dbclean domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the terminal allow the dcc_dbclean domain to use.
## </summary>
## </param>
## <rolecap/>
#
interface(`dcc_run_dbclean',`
gen_require(`
type dcc_dbclean_t;
')
dcc_domtrans_dbclean($1)
role $2 types dcc_dbclean_t;
allow dcc_dbclean_t $3:chr_file rw_term_perms;
')
########################################
## <summary>
## Connect to dccifd over a unix domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dcc_stream_connect_dccifd',`
gen_require(`
type dcc_var_t, dccifd_var_run_t, dccifd_t;
')
files_search_var($1)
stream_connect_pattern($1,dcc_var_t,dccifd_var_run_t,dccifd_t)
')