## USB multiplexing daemon for communicating with Apple iPod Touch and iPhone
########################################
##
## Execute a domain transition to run usbmuxd.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`usbmuxd_domtrans',`
gen_require(`
type usbmuxd_t, usbmuxd_exec_t;
')
domtrans_pattern($1, usbmuxd_exec_t, usbmuxd_t)
')
#####################################
##
## Connect to usbmuxd over a unix domain
## stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`usbmuxd_stream_connect',`
gen_require(`
type usbmuxd_t, usbmuxd_var_run_t;
')
files_search_pids($1)
stream_connect_pattern($1, usbmuxd_var_run_t, usbmuxd_var_run_t, usbmuxd_t)
')
########################################
##
## Execute usbmuxd server in the usbmuxd domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`usbmuxd_systemctl',`
gen_require(`
type usbmuxd_t;
type usbmuxd_unit_file_t;
')
systemd_exec_systemctl($1)
allow $1 usbmuxd_unit_file_t:file read_file_perms;
allow $1 usbmuxd_unit_file_t:service manage_service_perms;
ps_process_pattern($1, usbmuxd_t)
')
#####################################
##
## All of the rules required to administrate
## an usbmuxd environment
##
##
##
## Domain allowed access.
##
##
##
##
## The role to be allowed to manage the usbmuxd domain.
##
##
##
#
interface(`usbmuxd_admin',`
gen_require(`
type usbmuxd_t,usbmuxd_var_run_t;
type usbmuxd_unit_file_t;
')
allow $1 usbmuxd_t:process { signal_perms };
ps_process_pattern($1, usbmuxd_t)
tunable_policy(`deny_ptrace',`',`
allow $1 usbmuxd_t:process ptrace;
')
allow $2 system_r;
files_list_pids($1)
admin_pattern($1, usbmuxd_var_run_t)
usbmuxd_systemctl($1)
admin_pattern($1, usbmuxd_unit_file_t)
allow $1 usbmuxd_unit_file_t:service all_service_perms;
')