selinux-refpolicy/refpolicy/policy/modules/system/logging.if
Chris PeBenito b16c6b8c32 start adding user domains. fix ttynode and ptynode handling, as they're
more then user terminals (at least ptynode is).  start adding XML comments
2005-05-16 21:10:33 +00:00

158 lines
4.2 KiB
Plaintext

# Copyright (C) 2005 Tresys Technology, LLC
#######################################
#
# logging_make_log_file(domain)
#
define(`logging_make_log_file',`
requires_block_template(`$0'_depend)
files_make_file($1)
typeattribute $1 logfile;
')
define(`logging_make_log_file_depend',`
attribute logfile;
')
########################################
#
# logging_create_private_log(domain,privatetype,[class(es)])
#
define(`logging_create_private_log',`
requires_block_template(`$0'_depend)
allow $1 var_log_t:dir { getattr search read write add_name remove_name };
ifelse(`$3',`',`
type_transition $1 var_log_t:file $2;
',`
type_transition $1 var_log_t:$3 $2;
') dnl end ifelse
')
define(`logging_create_private_log_depend',`
type var_log_t;
class dir { getattr search read write add_name remove_name };
')
#######################################
#
# logging_send_system_log_message(domain)
#
define(`logging_send_system_log_message',`
requires_block_template(`$0'_depend)
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { ioctl read getattr lock write append };
# the type of socket depends on the syslog daemon
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
allow $1 self:unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
# cjp: this should most likely be removed:
terminal_use_console($1)
')
define(`logging_send_system_log_message_depend',`
type syslogd_t, devlog_t;
class sock_file { ioctl read getattr lock write append };
class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown sendto };
class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown connectto };
')
#######################################
#
# logging_search_system_log_directory(domain)
#
define(`logging_search_system_log_directory',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir search;
')
define(`logging_search_system_log_directory_depend',`
type var_log_t;
class dir search;
')
#######################################
#
# logging_ignore_get_all_logs_attributes(domain)
#
define(`logging_ignore_get_all_logs_attributes',`
requires_block_template(`$0'_depend)
dontaudit $1 logfile:file getattr;
')
define(`logging_ignore_get_all_logs_attributes_depend',`
attribute logfile;
class file getattr;
')
#######################################
#
# logging_append_all_logs(domain)
#
define(`logging_append_all_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 logfile:file { getattr append };
')
define(`logging_append_all_logs_depend',`
attribute logfile;
type var_log_t;
class dir { getattr search read };
class file { getattr append };
')
#######################################
#
# logging_read_all_logs(domain)
#
define(`logging_read_all_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 logfile:file { getattr read };
')
define(`logging_read_all_logs_depend',`
attribute logfile;
type var_log_t;
class dir { getattr search read };
class file { getattr read };
')
#######################################
#
# logging_read_system_logs(domain)
#
define(`logging_read_system_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 var_log_t:file { getattr read };
')
define(`logging_read_system_logs_depend',`
type var_log_t;
class dir { getattr search read };
class file { getattr read };
')
#######################################
#
# logging_modify_system_logs(domain)
#
define(`logging_modify_system_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 var_log_t:file { getattr read write append };
')
define(`logging_modify_system_logs_depend',`
type var_log_t;
class dir { getattr search read };
class file { getattr read write append };
')