|
|
1ec3d1a |
## <summary>Linux Target Framework Daemon.</summary>
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#####################################
|
|
|
1ec3d1a |
## <summary>
|
|
Dominick Grift |
e38bdef |
## Read and write tgtd semaphores.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`tgtd_rw_semaphores',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type tgtd_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 tgtd_t:sem rw_sem_perms;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
######################################
|
|
|
1ec3d1a |
## <summary>
|
|
Dominick Grift |
e38bdef |
## Create, read, write, and delete
|
|
Dominick Grift |
e38bdef |
## tgtd sempaphores.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## <param name="domain">
|
|
|
1ec3d1a |
## <summary>
|
|
|
1ec3d1a |
## Domain allowed access.
|
|
|
1ec3d1a |
## </summary>
|
|
|
1ec3d1a |
## </param>
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
interface(`tgtd_manage_semaphores',`
|
|
|
1ec3d1a |
gen_require(`
|
|
|
1ec3d1a |
type tgtd_t;
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow $1 tgtd_t:sem create_sem_perms;
|
|
|
1ec3d1a |
')
|
|
|
2a60aeb |
|
|
|
2a60aeb |
######################################
|
|
|
2a60aeb |
## <summary>
|
|
Dominick Grift |
e38bdef |
## Connect to tgtd with a unix
|
|
Dominick Grift |
e38bdef |
## domain stream socket.
|
|
Dominick Grift |
e38bdef |
## </summary>
|
|
Dominick Grift |
e38bdef |
## <param name="domain">
|
|
Dominick Grift |
e38bdef |
## <summary>
|
|
Dominick Grift |
e38bdef |
## Domain allowed access.
|
|
Dominick Grift |
e38bdef |
## </summary>
|
|
Dominick Grift |
e38bdef |
## </param>
|
|
Dominick Grift |
e38bdef |
#
|
|
Dominick Grift |
e38bdef |
interface(`tgtd_stream_connect',`
|
|
Dominick Grift |
e38bdef |
gen_require(`
|
|
Dominick Grift |
e38bdef |
type tgtd_t, tgtd_var_run_t;
|
|
Dominick Grift |
e38bdef |
')
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
files_search_pids($1)
|
|
Dominick Grift |
e38bdef |
stream_connect_pattern($1, tgtd_var_run_t, tgtd_var_run_t, tgtd_t)
|
|
Dominick Grift |
e38bdef |
')
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
########################################
|
|
Dominick Grift |
e38bdef |
## <summary>
|
|
Dominick Grift |
e38bdef |
## All of the rules required to
|
|
Dominick Grift |
e38bdef |
## administrate an tgtd environment.
|
|
Dominick Grift |
e38bdef |
## </summary>
|
|
Dominick Grift |
e38bdef |
## <param name="domain">
|
|
Dominick Grift |
e38bdef |
## <summary>
|
|
Dominick Grift |
e38bdef |
## Domain allowed access.
|
|
Dominick Grift |
e38bdef |
## </summary>
|
|
Dominick Grift |
e38bdef |
## </param>
|
|
Dominick Grift |
e38bdef |
## <param name="role">
|
|
Dominick Grift |
e38bdef |
## <summary>
|
|
Dominick Grift |
e38bdef |
## Role allowed access.
|
|
Dominick Grift |
e38bdef |
## </summary>
|
|
Dominick Grift |
e38bdef |
## </param>
|
|
Dominick Grift |
e38bdef |
## <rolecap/>
|
|
Dominick Grift |
e38bdef |
#
|
|
Dominick Grift |
e38bdef |
interface(`tgtd_admin',`
|
|
Dominick Grift |
e38bdef |
gen_require(`
|
|
Dominick Grift |
e38bdef |
type tgtd_t, tgtd_initrc_exec_t, tgtd_var_lib_t;
|
|
Dominick Grift |
e38bdef |
type tgtd_var_run_t, tgtd_tmp_t, tgtd_tmpfs_t;
|
|
Dominick Grift |
e38bdef |
')
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
allow $1 tgtd_t:process { ptrace signal_perms };
|
|
Dominick Grift |
e38bdef |
ps_process_pattern($1, tgtd_t)
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
init_labeled_script_domtrans($1, tgtd_initrc_exec_t)
|
|
Dominick Grift |
e38bdef |
domain_system_change_exemption($1)
|
|
Dominick Grift |
e38bdef |
role_transition $2 tgtd_initrc_exec_t system_r;
|
|
Dominick Grift |
e38bdef |
allow $2 system_r;
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
files_search_var_lib($1)
|
|
Dominick Grift |
e38bdef |
admin_pattern($1, tgtd_var_lib_t)
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
files_search_pids($1)
|
|
Dominick Grift |
e38bdef |
admin_pattern($1, tgtd_var_run_t)
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
files_search_tmp($1)
|
|
Dominick Grift |
e38bdef |
admin_pattern($1, tgtd_tmp_t)
|
|
Dominick Grift |
e38bdef |
|
|
Dominick Grift |
e38bdef |
files_search_tmpfs($1)
|
|
Dominick Grift |
e38bdef |
admin_pattern($1, tgtd_tmpfs_t)
|
|
|
2a60aeb |
')
|