selinux-refpolicy/refpolicy/policy/modules/system/logging.if
2005-05-11 20:54:14 +00:00

144 lines
3.9 KiB
Plaintext

# Copyright (C) 2005 Tresys Technology, LLC
#######################################
#
# logging_make_log_file(domain)
#
define(`logging_make_log_file',`
requires_block_template(`$0'_depend)
files_make_file($1)
typeattribute $1 logfile;
')
define(`logging_make_log_file_depend',`
attribute logfile;
')
########################################
#
# logging_create_private_log(domain,privatetype,[class(es)])
#
define(`logging_create_private_log',`
requires_block_template(`$0'_depend)
allow $1 var_log_t:dir { getattr search read write add_name remove_name };
ifelse(`$3',`',`
type_transition $1 var_log_t:file $2;
',`
type_transition $1 var_log_t:$3 $2;
') dnl end ifelse
')
define(`logging_create_private_log_depend',`
type var_log_t;
class dir { getattr search read write add_name remove_name };
')
#######################################
#
# logging_send_system_log_message(domain)
#
define(`logging_send_system_log_message',`
requires_block_template(`$0'_depend)
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { ioctl read getattr lock write append };
# the type of socket depends on the syslog daemon
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
allow $1 self:unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
# cjp: this should most likely be removed:
terminal_use_console($1)
')
define(`logging_send_system_log_message_depend',`
type syslogd_t, devlog_t;
class sock_file { ioctl read getattr lock write append };
class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown sendto };
class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown connectto };
')
#######################################
#
# logging_search_system_log_directory(domain)
#
define(`logging_search_system_log_directory',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir search;
')
define(`logging_search_system_log_directory_depend',`
type var_log_t;
class dir search;
')
#######################################
#
# logging_append_all_logs(domain)
#
define(`logging_append_all_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 logfile:file { getattr append };
')
define(`logging_append_all_logs_depend',`
attribute logfile;
type var_log_t;
class dir { getattr search read };
class file { getattr append };
')
#######################################
#
# logging_read_all_logs(domain)
#
define(`logging_read_all_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 logfile:file { getattr read };
')
define(`logging_read_all_logs_depend',`
attribute logfile;
type var_log_t;
class dir { getattr search read };
class file { getattr read };
')
#######################################
#
# logging_read_system_logs(domain)
#
define(`logging_read_system_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 var_log_t:file { getattr read };
')
define(`logging_read_system_logs_depend',`
type var_log_t;
class dir { getattr search read };
class file { getattr read };
')
#######################################
#
# logging_modify_system_logs(domain)
#
define(`logging_modify_system_logs',`
requires_block_template(`$0'_depend)
files_search_system_state_data_directory($1)
allow $1 var_log_t:dir { getattr search read };
allow $1 var_log_t:file { getattr read write append };
')
define(`logging_modify_system_logs_depend',`
type var_log_t;
class dir { getattr search read };
class file { getattr read write append };
')