selinux-policy/policy/modules/services/pads.te

policy_module(pads, 1.0.0)

########################################
#
# Declarations
#

type pads_t;
type pads_exec_t;
init_daemon_domain(pads_t, pads_exec_t)

type pads_initrc_exec_t;
init_script_file(pads_initrc_exec_t)

type pads_config_t;
files_config_file(pads_config_t)

type pads_var_run_t;
files_pid_file(pads_var_run_t)

########################################
#
# Declarations
#

allow pads_t self:capability { dac_override net_raw };
allow pads_t self:netlink_route_socket create_netlink_socket_perms;
allow pads_t self:packet_socket create_socket_perms;
allow pads_t self:udp_socket create_socket_perms;
allow pads_t self:unix_dgram_socket create_socket_perms;

allow pads_t pads_config_t:file manage_file_perms;
files_etc_filetrans(pads_t, pads_config_t, file)

allow pads_t pads_var_run_t:file manage_file_perms;
files_pid_filetrans(pads_t, pads_var_run_t, file)

kernel_read_sysctl(pads_t)

corecmd_search_bin(pads_t)

corenet_all_recvfrom_unlabeled(pads_t)
corenet_all_recvfrom_netlabel(pads_t)
corenet_tcp_sendrecv_generic_if(pads_t)
corenet_tcp_sendrecv_generic_node(pads_t)
corenet_tcp_connect_prelude_port(pads_t)

dev_read_rand(pads_t)
dev_read_urand(pads_t)

files_read_etc_files(pads_t)
files_search_spool(pads_t)

miscfiles_read_localization(pads_t)

logging_send_syslog_msg(pads_t)

sysnet_dns_name_resolve(pads_t)

optional_policy(`
	prelude_manage_spool(pads_t)
')
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-23 07:53:57 +00:00			`policy_module(pads, 1.0.0)`
trunk: pads from dan. 2009-06-30 15:03:20 +00:00
			`########################################`
			`#`
			`# Declarations`
			`#`

			`type pads_t;`
			`type pads_exec_t;`
			`init_daemon_domain(pads_t, pads_exec_t)`

			`type pads_initrc_exec_t;`
			`init_script_file(pads_initrc_exec_t)`

			`type pads_config_t;`
			`files_config_file(pads_config_t)`

			`type pads_var_run_t;`
			`files_pid_file(pads_var_run_t)`

			`########################################`
			`#`
			`# Declarations`
			`#`

			`allow pads_t self:capability { dac_override net_raw };`
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. 2010-09-23 07:57:42 +00:00			`allow pads_t self:netlink_route_socket create_netlink_socket_perms;`
			`allow pads_t self:packet_socket create_socket_perms;`
			`allow pads_t self:udp_socket create_socket_perms;`
			`allow pads_t self:unix_dgram_socket create_socket_perms;`
trunk: pads from dan. 2009-06-30 15:03:20 +00:00
			`allow pads_t pads_config_t:file manage_file_perms;`
			`files_etc_filetrans(pads_t, pads_config_t, file)`

			`allow pads_t pads_var_run_t:file manage_file_perms;`
			`files_pid_filetrans(pads_t, pads_var_run_t, file)`

			`kernel_read_sysctl(pads_t)`

			`corecmd_search_bin(pads_t)`

			`corenet_all_recvfrom_unlabeled(pads_t)`
			`corenet_all_recvfrom_netlabel(pads_t)`
			`corenet_tcp_sendrecv_generic_if(pads_t)`
			`corenet_tcp_sendrecv_generic_node(pads_t)`
			`corenet_tcp_connect_prelude_port(pads_t)`

			`dev_read_rand(pads_t)`
			`dev_read_urand(pads_t)`

			`files_read_etc_files(pads_t)`
			`files_search_spool(pads_t)`

			`miscfiles_read_localization(pads_t)`

			`logging_send_syslog_msg(pads_t)`

			`sysnet_dns_name_resolve(pads_t)`

			optional_policy(`
			`prelude_manage_spool(pads_t)`
			`')`