2018-06-23 13:00:56 +00:00
|
|
|
## <summary>Likewise Active Directory support for UNIX.</summary>
|
|
|
|
|
|
|
|
#######################################
|
|
|
|
## <summary>
|
|
|
|
## The template to define a likewise domain.
|
|
|
|
## </summary>
|
|
|
|
## <param name="userdomain_prefix">
|
|
|
|
## <summary>
|
|
|
|
## The type of daemon to be used.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
template(`likewise_domain_template',`
|
|
|
|
gen_require(`
|
|
|
|
attribute likewise_domains;
|
|
|
|
type likewise_var_lib_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
type $1_t;
|
|
|
|
type $1_exec_t;
|
|
|
|
init_daemon_domain($1_t, $1_exec_t)
|
|
|
|
|
|
|
|
typeattribute $1_t likewise_domains;
|
|
|
|
|
2019-09-08 20:55:02 +00:00
|
|
|
type $1_runtime_t alias $1_var_run_t;
|
2020-06-27 21:11:48 +00:00
|
|
|
files_runtime_file($1_runtime_t)
|
2018-06-23 13:00:56 +00:00
|
|
|
|
|
|
|
type $1_var_socket_t;
|
|
|
|
files_type($1_var_socket_t)
|
|
|
|
|
|
|
|
type $1_var_lib_t;
|
|
|
|
files_type($1_var_lib_t)
|
|
|
|
|
|
|
|
####################################
|
|
|
|
#
|
|
|
|
# Policy
|
|
|
|
#
|
|
|
|
|
|
|
|
allow $1_t self:process { signal_perms getsched setsched };
|
|
|
|
allow $1_t self:fifo_file rw_fifo_file_perms;
|
|
|
|
allow $1_t self:unix_stream_socket { accept listen };
|
|
|
|
allow $1_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
allow $1_t self:udp_socket create_socket_perms;
|
|
|
|
|
2019-09-08 20:55:02 +00:00
|
|
|
manage_files_pattern($1_t, $1_runtime_t, $1_runtime_t)
|
2020-06-27 21:11:48 +00:00
|
|
|
files_runtime_filetrans($1_t, $1_runtime_t, file)
|
2018-06-23 13:00:56 +00:00
|
|
|
|
|
|
|
manage_files_pattern($1_t, likewise_var_lib_t, $1_var_lib_t)
|
|
|
|
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_lib_t, file)
|
|
|
|
|
|
|
|
manage_sock_files_pattern($1_t, likewise_var_lib_t, $1_var_socket_t)
|
|
|
|
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_socket_t, sock_file)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Connect to lsassd with a unix domain
|
|
|
|
## stream socket.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`likewise_stream_connect_lsassd',`
|
|
|
|
gen_require(`
|
|
|
|
type likewise_var_lib_t, lsassd_var_socket_t, lsassd_t;
|
|
|
|
')
|
|
|
|
|
2020-06-27 21:11:48 +00:00
|
|
|
files_search_runtime($1)
|
2018-06-23 13:00:56 +00:00
|
|
|
stream_connect_pattern($1, likewise_var_lib_t, lsassd_var_socket_t, lsassd_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## All of the rules required to
|
|
|
|
## administrate an likewise environment.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## Role allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`likewise_admin',`
|
|
|
|
gen_require(`
|
|
|
|
attribute likewise_domains;
|
|
|
|
type likewise_initrc_exec_t, likewise_etc_t, likewise_pstore_lock_t;
|
|
|
|
type likewise_krb5_ad_t, likewise_var_lib_t, eventlogd_var_socket_t;
|
|
|
|
type lsassd_var_socket_t, lwiod_var_socket_t, lwregd_var_socket_t;
|
|
|
|
type lwsmd_var_socket_t, lwsmd_var_lib_t, netlogond_var_socket_t;
|
|
|
|
type netlogond_var_lib_t, lsassd_var_lib_t, lwregd_var_lib_t;
|
|
|
|
type eventlogd_var_lib_t, dcerpcd_var_lib_t, lsassd_tmp_t;
|
2019-09-08 20:55:02 +00:00
|
|
|
type eventlogd_runtime_t, lsassd_runtime_t, lwiod_runtime_t;
|
|
|
|
type lwregd_runtime_t, netlogond_runtime_t, srvsvcd_runtime_t;
|
2018-06-23 13:00:56 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
allow $1 likewise_domains:process { ptrace signal_perms };
|
|
|
|
ps_process_pattern($1, likewise_domains)
|
|
|
|
|
|
|
|
init_startstop_service($1, $2, likewise_domains, likewise_initrc_exec_t)
|
|
|
|
|
|
|
|
files_list_etc($1)
|
|
|
|
admin_pattern($1, { likewise_etc_t likewise_pstore_lock_t likewise_krb5_ad_t })
|
|
|
|
|
|
|
|
files_search_var_lib($1)
|
|
|
|
admin_pattern($1, { likewise_var_lib_t eventlogd_var_socket_t lsassd_var_socket_t })
|
|
|
|
admin_pattern($1, { lwiod_var_socket_t lwregd_var_socket_t lwsmd_var_socket_t })
|
|
|
|
admin_pattern($1, { lwsmd_var_lib_t netlogond_var_socket_t netlogond_var_lib_t })
|
|
|
|
admin_pattern($1, { lsassd_var_lib_t lwregd_var_lib_t eventlogd_var_lib_t })
|
|
|
|
admin_pattern($1, dcerpcd_var_lib_t)
|
|
|
|
|
|
|
|
files_list_tmp($1)
|
|
|
|
admin_pattern($1, lsassd_tmp_t)
|
|
|
|
|
2020-06-27 21:11:48 +00:00
|
|
|
files_list_runtime($1)
|
2019-09-08 20:55:02 +00:00
|
|
|
admin_pattern($1, { eventlogd_runtime_t lsassd_runtime_t lwiod_runtime_t })
|
|
|
|
admin_pattern($1, { lwregd_runtime_t netlogond_runtime_t srvsvcd_runtime_t })
|
2018-06-23 13:00:56 +00:00
|
|
|
')
|