Tree - rpms/selinux-policy - src.fedoraproject.org

psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago

Blame polipo.if

Blob History Raw

Dominick Grift	8b64090	`## <summary>Lightweight forwarding and caching proxy server.</summary>`
Dominick Grift	8b64090
Dominick Grift	8b64090	`########################################`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## Role access for Polipo session.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## <param name="role">`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## Role allowed access.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## </param>`
Dominick Grift	8b64090	`## <param name="domain">`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## User domain for the role.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## </param>`
Dominick Grift	8b64090	`#`
Dominick Grift	8b64090	template(`polipo_role',`
Dominick Grift	8b64090	gen_require(`
Dominick Grift	8b64090	`type polipo_session_t, polipo_exec_t, polipo_config_home_t;`
Dominick Grift	8b64090	`type polipo_cache_home_t;`
Dominick Grift	8b64090	`')`
Dominick Grift	8b64090
Dominick Grift	8b64090	`########################################`
Dominick Grift	8b64090	`#`
Dominick Grift	8b64090	`# Declarations`
Dominick Grift	8b64090	`#`
Dominick Grift	8b64090
Dominick Grift	8b64090	`role $1 types polipo_session_t;`
Dominick Grift	8b64090
Dominick Grift	8b64090	`########################################`
Dominick Grift	8b64090	`#`
Dominick Grift	8b64090	`# Policy`
Dominick Grift	8b64090	`#`
Dominick Grift	8b64090
Dominick Grift	8b64090	`manage_dirs_pattern($2, polipo_cache_home_t, polipo_cache_home_t)`
Dominick Grift	8b64090	`relabel_dirs_pattern($2, polipo_cache_home_t, polipo_cache_home_t)`
Dominick Grift	8b64090
Dominick Grift	8b64090	`userdom_user_home_dir_filetrans($2, polipo_cache_home_t, dir, ".polipo-cache")`
Dominick Grift	8b64090
Dominick Grift	8b64090	`manage_files_pattern($2, { polipo_cache_home_t polipo_config_home_t }, { polipo_cache_home_t polipo_config_home_t })`
Dominick Grift	8b64090	`relabel_files_pattern($2, { polipo_cache_home_t polipo_config_home_t }, { polipo_cache_home_t polipo_config_home_t })`
Dominick Grift	8b64090
Dominick Grift	befe661	`userdom_user_home_dir_filetrans($2, polipo_config_home_t, file, ".forbidden")`
Dominick Grift	8b64090	`userdom_user_home_dir_filetrans($2, polipo_config_home_t, file, ".polipo")`
Dominick Grift	8b64090
Dominick Grift	8b64090	`allow $2 polipo_session_t:process { ptrace signal_perms };`
Dominick Grift	8b64090	`ps_process_pattern($2, polipo_session_t)`
Dominick Grift	8b64090
Dominick Grift	8b64090	tunable_policy(`polipo_session_users',`
Dominick Grift	8b64090	`domtrans_pattern($2, polipo_exec_t, polipo_session_t)`
Dominick Grift	8b64090	',`
Dominick Grift	8b64090	`can_exec($2, polipo_exec_t)`
Dominick Grift	8b64090	`')`
Dominick Grift	8b64090	`')`
Dominick Grift	8b64090
Dominick Grift	8b64090	`########################################`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## Execute Polipo in the Polipo`
Dominick Grift	8b64090	`## system domain.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## <param name="domain">`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## Domain allowed to transition.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## </param>`
Dominick Grift	8b64090	`#`
Dominick Grift	8b64090	interface(`polipo_initrc_domtrans',`
Dominick Grift	8b64090	gen_require(`
Dominick Grift	8b64090	`type polipo_initrc_exec_t;`
Dominick Grift	8b64090	`')`
Dominick Grift	8b64090
Dominick Grift	8b64090	`init_labeled_script_domtrans($1, polipo_initrc_exec_t)`
Dominick Grift	8b64090	`')`
Dominick Grift	8b64090
Dominick Grift	8b64090	`########################################`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## All of the rules required to`
Dominick Grift	8b64090	`## administrate an polipo environment.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## <param name="domain">`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## Domain allowed access.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## </param>`
Dominick Grift	8b64090	`## <param name="role">`
Dominick Grift	8b64090	`## <summary>`
Dominick Grift	8b64090	`## Role allowed access.`
Dominick Grift	8b64090	`## </summary>`
Dominick Grift	8b64090	`## </param>`
Dominick Grift	8b64090	`## <rolecap/>`
Dominick Grift	8b64090	`#`
Dominick Grift	8b64090	interface(`polipo_admin',`
Dominick Grift	8b64090	gen_require(`
Dominick Grift	8b64090	`type polipo_system_t, polipo_initrc_exec_t, polipo_cache_t;`
Dominick Grift	8b64090	`type polipo_conf_t, polipo_log_t, polipo_var_run_t;`
Dominick Grift	8b64090	`')`
Dominick Grift	8b64090
Dominick Grift	8b64090	`allow $1 polipo_system_t:process { ptrace signal_perms };`
Dominick Grift	8b64090	`ps_process_pattern($1, polipo_system_t)`
Dominick Grift	8b64090
Dominick Grift	8b64090	`polipo_initrc_domtrans($1)`
Dominick Grift	8b64090	`domain_system_change_exemption($1)`
Dominick Grift	8b64090	`role_transition $2 polipo_initrc_exec_t system_r;`
Dominick Grift	8b64090	`allow $2 system_r;`
Dominick Grift	8b64090
Dominick Grift	8b64090	`files_search_var($1)`
Dominick Grift	8b64090	`admin_pattern($1, polipo_cache_t)`
Dominick Grift	8b64090
Dominick Grift	8b64090	`files_search_etc($1)`
Dominick Grift	8b64090	`admin_pattern($1, polipo_conf_t)`
Dominick Grift	8b64090
Dominick Grift	8b64090	`logging_search_logs($1)`
Dominick Grift	8b64090	`admin_pattern($1, polipo_log_t)`
Dominick Grift	8b64090
Dominick Grift	8b64090	`files_search_pids($1)`
Dominick Grift	8b64090	`admin_pattern($1, polipo_var_run_t)`
Dominick Grift	8b64090	`')`

psss / rpms / selinux-policy

Source Code

Blame polipo.if