|
|
4d4ae9f |
|
|
|
4d4ae9f |
## <summary>policy for httpd_mythtv_script</summary>
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
########################################
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Execute TEMPLATE in the httpd_mythtv_script domin.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## <param name="domain">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Domain allowed to transition.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
#
|
|
|
4d4ae9f |
interface(`httpd_mythtv_script_domtrans',`
|
|
|
4d4ae9f |
gen_require(`
|
|
|
4d4ae9f |
type httpd_mythtv_script_t, httpd_mythtv_script_exec_t;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
corecmd_search_bin($1)
|
|
|
4d4ae9f |
domtrans_pattern($1, httpd_mythtv_script_exec_t, httpd_mythtv_script_t)
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
#######################################
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## read mythtv libs.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## <param name="domain">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Domain allowed access.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
#
|
|
|
4d4ae9f |
interface(`mythtv_read_lib',`
|
|
|
4d4ae9f |
gen_require(`
|
|
|
4d4ae9f |
type mythtv_var_lib_t;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
read_files_pattern($1, mythtv_var_lib_t, mythtv_var_lib_t)
|
|
|
4d4ae9f |
files_list_var_lib($1)
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
#######################################
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Create, read, write, and delete
|
|
|
4d4ae9f |
## mythtv lib content.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## <param name="domain">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Domain allowed access.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
#
|
|
|
4d4ae9f |
interface(`mythtv_manage_lib',`
|
|
|
4d4ae9f |
gen_require(`
|
|
|
4d4ae9f |
type mythtv_var_lib_t;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
manage_files_pattern($1, mythtv_var_lib_t, mythtv_var_lib_t)
|
|
|
4d4ae9f |
manage_lnk_files_pattern($1, mythtv_var_lib_t, mythtv_var_lib_t)
|
|
|
4d4ae9f |
files_list_var_lib($1)
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
#######################################
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## read mythtv logs.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## <param name="domain">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Domain allowed access.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
#
|
|
|
4d4ae9f |
interface(`mythtv_read_log',`
|
|
|
4d4ae9f |
gen_require(`
|
|
|
4d4ae9f |
type mythtv_var_log_t;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
read_files_pattern($1, mythtv_var_log_t, mythtv_var_log_t)
|
|
|
4d4ae9f |
logging_search_logs($1)
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
#######################################
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Append mythtv log files.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## <param name="domain">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Domain allowed access.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
#
|
|
|
4d4ae9f |
interface(`mythtv_append_log',`
|
|
|
4d4ae9f |
gen_require(`
|
|
|
4d4ae9f |
type mythtv_var_log_t;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
append_files_pattern($1, mythtv_var_log_t, mythtv_var_log_t)
|
|
|
4d4ae9f |
logging_search_logs($1)
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
#######################################
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Create, read, write, and delete
|
|
|
4d4ae9f |
## mythtv log content.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## <param name="domain">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Domain allowed access.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
#
|
|
|
4d4ae9f |
interface(`mythtv_manage_log',`
|
|
|
4d4ae9f |
gen_require(`
|
|
|
4d4ae9f |
type mythtv_var_log_t;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
manage_files_pattern($1, mythtv_var_log_t, mythtv_var_log_t)
|
|
|
4d4ae9f |
manage_lnk_files_pattern($1, mythtv_var_log_t, mythtv_var_log_t)
|
|
|
4d4ae9f |
logging_search_logs($1)
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
########################################
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## All of the rules required to
|
|
|
4d4ae9f |
## administrate an mythtv environment.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## <param name="domain">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Domain allowed access.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
## <param name="role">
|
|
|
4d4ae9f |
## <summary>
|
|
|
4d4ae9f |
## Role allowed access.
|
|
|
4d4ae9f |
## </summary>
|
|
|
4d4ae9f |
## </param>
|
|
|
4d4ae9f |
## <rolecap/>
|
|
|
4d4ae9f |
#
|
|
|
4d4ae9f |
interface(`mythtv_admin',`
|
|
|
4d4ae9f |
gen_require(`
|
|
|
4d4ae9f |
type httpd_mythtv_script_t, mythtv_var_lib_t;
|
|
|
4d4ae9f |
type mythtv_var_log_t;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
allow $1 httpd_mythtv_script_t:process signal_perms;
|
|
|
4d4ae9f |
ps_process_pattern($1, httpd_mythtv_script_t)
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
tunable_policy(`deny_ptrace',`',`
|
|
|
4d4ae9f |
allow $1 httpd_mythtv_script_t:process ptrace;
|
|
|
4d4ae9f |
')
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
logging_list_logs($1)
|
|
|
4d4ae9f |
admin_pattern($1, mythtv_var_log_t)
|
|
|
4d4ae9f |
|
|
|
4d4ae9f |
files_list_var_lib($1)
|
|
|
4d4ae9f |
admin_pattern($1, mythtv_var_lib_t)
|
|
|
4d4ae9f |
')
|