|
 |
1ec3d1a |
## <summary>Digital Certificate Tracking</summary>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain transition to certwatch.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`certwatch_domtrans',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type certwatch_exec_t, certwatch_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
files_search_usr($1)
|
|
|
1ec3d1a |
corecmd_search_bin($1)
|
|
|
1ec3d1a |
domtrans_pattern($1, certwatch_exec_t, certwatch_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute certwatch in the certwatch domain, and
|
|
|
1ec3d1a |
## allow the specified role the certwatch domain,
|
|
|
1ec3d1a |
## and use the caller's terminal. Has a sigchld
|
|
|
1ec3d1a |
## backchannel.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <rolecap/>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`certwatch_run',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type certwatch_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
certwatch_domtrans($1)
|
|
|
1ec3d1a |
role $2 types certwatch_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Execute certwatch in the certwatch domain, and
|
|
|
1ec3d1a |
## allow the specified role the certwatch domain,
|
|
|
1ec3d1a |
## and use the caller's terminal. Has a sigchld
|
|
|
1ec3d1a |
## backchannel. (Deprecated)
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed to transition.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="role">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Role allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <param name="terminal">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## The type of the terminal allow the certwatch domain to use.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
## <rolecap/>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`certwatach_run',`
|
|
|
1ec3d1a |
refpolicywarn(`$0($*) has been deprecated, please use certwatch_run() instead.')
|
|
|
1ec3d1a |
certwatch_run($*)
|
|
|
1ec3d1a |
')
|