|
Chris PeBenito |
9401ae1 |
## <summary>ucspitcp policy</summary>
|
|
Chris PeBenito |
9401ae1 |
## <desc>
|
|
Chris PeBenito |
9401ae1 |
##
|
|
Chris PeBenito |
9401ae1 |
## Policy for DJB's ucspi-tcpd
|
|
Chris PeBenito |
9401ae1 |
##
|
|
Chris PeBenito |
9401ae1 |
## </desc>
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
########################################
|
|
Chris PeBenito |
9401ae1 |
## <summary>
|
|
Chris PeBenito |
9401ae1 |
## Define a specified domain as a ucspitcp service.
|
|
Chris PeBenito |
9401ae1 |
## </summary>
|
|
Chris PeBenito |
9401ae1 |
## <param name="domain">
|
|
Chris PeBenito |
9401ae1 |
## <summary>
|
|
Chris PeBenito |
9401ae1 |
## Domain allowed access.
|
|
Chris PeBenito |
9401ae1 |
## </summary>
|
|
Chris PeBenito |
9401ae1 |
## </param>
|
|
Chris PeBenito |
9401ae1 |
## <param name="entrypoint">
|
|
Chris PeBenito |
9401ae1 |
## <summary>
|
|
Chris PeBenito |
9401ae1 |
## The type associated with the process program.
|
|
Chris PeBenito |
9401ae1 |
## </summary>
|
|
Chris PeBenito |
9401ae1 |
## </param>
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
interface(`ucspitcp_service_domain', `
|
|
Chris PeBenito |
9401ae1 |
gen_require(`
|
|
Chris PeBenito |
9401ae1 |
type ucspitcp_t;
|
|
Chris PeBenito |
9401ae1 |
role system_r;
|
|
Chris PeBenito |
9401ae1 |
')
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
domain_type($1)
|
|
Chris PeBenito |
9401ae1 |
domain_entry_file($1, $2)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
role system_r types $1;
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
domain_auto_trans(ucspitcp_t, $2, $1)
|
|
Chris PeBenito |
9401ae1 |
allow $1 ucspitcp_t:fd use;
|
|
Chris PeBenito |
9401ae1 |
allow $1 ucspitcp_t:process sigchld;
|
|
Chris PeBenito |
9401ae1 |
allow $1 ucspitcp_t:tcp_socket rw_stream_socket_perms;
|
|
Chris PeBenito |
9401ae1 |
')
|