9127219358
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.
param with one space
and content inside with one tab
This was done with:
sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
s/^##[[:space:]]*/##\t/;
s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
144 lines
3.0 KiB
Plaintext
144 lines
3.0 KiB
Plaintext
## <summary>Remote certificate distribution framework.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run certmaster.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`certmaster_domtrans',`
|
|
gen_require(`
|
|
type certmaster_t, certmaster_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, certmaster_exec_t, certmaster_t)
|
|
')
|
|
|
|
####################################
|
|
## <summary>
|
|
## Execute certmaster in the caller domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`certmaster_exec',`
|
|
gen_require(`
|
|
type certmaster_exec_t;
|
|
')
|
|
|
|
can_exec($1, certmaster_exec_t)
|
|
corecmd_search_bin($1)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## read certmaster logs.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`certmaster_read_log',`
|
|
gen_require(`
|
|
type certmaster_var_log_t;
|
|
')
|
|
|
|
read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Append certmaster log files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`certmaster_append_log',`
|
|
gen_require(`
|
|
type certmaster_var_log_t;
|
|
')
|
|
|
|
append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## certmaster log content.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`certmaster_manage_log',`
|
|
gen_require(`
|
|
type certmaster_var_log_t;
|
|
')
|
|
|
|
manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
|
|
manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to
|
|
## administrate an certmaster environment.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`certmaster_admin',`
|
|
gen_require(`
|
|
type certmaster_t, certmaster_runtime_t, certmaster_var_lib_t;
|
|
type certmaster_etc_rw_t, certmaster_var_log_t;
|
|
type certmaster_initrc_exec_t;
|
|
')
|
|
|
|
allow $1 certmaster_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, certmaster_t)
|
|
|
|
init_startstop_service($1, $2, certmaster_t, certmaster_initrc_exec_t)
|
|
|
|
files_list_etc($1)
|
|
miscfiles_manage_generic_cert_dirs($1)
|
|
miscfiles_manage_generic_cert_files($1)
|
|
|
|
admin_pattern($1, certmaster_etc_rw_t)
|
|
|
|
files_list_runtime($1)
|
|
admin_pattern($1, certmaster_runtime_t)
|
|
|
|
logging_list_logs($1)
|
|
admin_pattern($1, certmaster_var_log_t)
|
|
|
|
files_list_var_lib($1)
|
|
admin_pattern($1, certmaster_var_lib_t)
|
|
')
|