selinux-refpolicy/policy/modules/services/w3c.te
Dominick Grift 8340621920 Implement miscfiles_cert_type().
This is based on Fedoras' miscfiles_cert_type implementation.
The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.

Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-10 11:05:46 -04:00

25 lines
677 B
Plaintext

policy_module(w3c, 1.0.0)
########################################
#
# Declarations
#
apache_content_template(w3c_validator)
########################################
#
# Local policy
#
corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t)
corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t)
corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t)
miscfiles_read_generic_certs(httpd_w3c_validator_script_t)
sysnet_dns_name_resolve(httpd_w3c_validator_script_t)