selinux-refpolicy/policy/modules/services/kerneloops.if
2018-06-23 10:38:58 -04:00

116 lines
2.3 KiB
Plaintext

## <summary>Service for reporting kernel oopses to kerneloops.org.</summary>
########################################
## <summary>
## Execute a domain transition to run kerneloops.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`kerneloops_domtrans',`
gen_require(`
type kerneloops_t, kerneloops_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, kerneloops_exec_t, kerneloops_t)
')
########################################
## <summary>
## Send and receive messages from
## kerneloops over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kerneloops_dbus_chat',`
gen_require(`
type kerneloops_t;
class dbus send_msg;
')
allow $1 kerneloops_t:dbus send_msg;
allow kerneloops_t $1:dbus send_msg;
')
########################################
## <summary>
## Do not audit attempts to Send and
## receive messages from kerneloops
## over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kerneloops_dontaudit_dbus_chat',`
gen_require(`
type kerneloops_t;
class dbus send_msg;
')
dontaudit $1 kerneloops_t:dbus send_msg;
dontaudit kerneloops_t $1:dbus send_msg;
')
########################################
## <summary>
## Create, read, write, and delete
## kerneloops temporary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kerneloops_manage_tmp_files',`
gen_require(`
type kerneloops_tmp_t;
')
files_search_tmp($1)
allow $1 kerneloops_tmp_t:file manage_file_perms;
')
########################################
## <summary>
## All of the rules required to
## administrate an kerneloops environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kerneloops_admin',`
gen_require(`
type kerneloops_t, kerneloops_initrc_exec_t;
type kerneloops_tmp_t;
')
allow $1 kerneloops_t:process { ptrace signal_perms };
ps_process_pattern($1, kerneloops_t)
init_startstop_service($1, $2, kerneloops_t, kerneloops_initrc_exec_t)
files_search_tmp($1)
admin_pattern($1, kerneloops_tmp_t)
')