2006-09-28 14:37:29 +00:00
|
|
|
## <summary>
|
|
|
|
## Oddjob provides a mechanism by which unprivileged applications can
|
|
|
|
## request that specified privileged operations be performed on their
|
|
|
|
## behalf.
|
|
|
|
## </summary>
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute a domain transition to run oddjob.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## <summary>
|
2006-09-28 14:37:29 +00:00
|
|
|
## Domain allowed to transition.
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## </summary>
|
2006-09-28 14:37:29 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`oddjob_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type oddjob_t, oddjob_exec_t;
|
|
|
|
')
|
|
|
|
|
2008-07-23 21:38:39 +00:00
|
|
|
domtrans_pattern($1, oddjob_exec_t, oddjob_t)
|
2006-09-28 14:37:29 +00:00
|
|
|
')
|
|
|
|
|
2010-08-26 13:41:21 +00:00
|
|
|
#####################################
|
|
|
|
## <summary>
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## Do not audit attempts to read and write
|
|
|
|
## oddjob fifo file.
|
2010-08-26 13:41:21 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## <summary>
|
|
|
|
## Domain to not audit.
|
|
|
|
## </summary>
|
2010-08-26 13:41:21 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`oddjob_dontaudit_rw_fifo_file',`
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
gen_require(`
|
|
|
|
type shutdown_t;
|
|
|
|
')
|
2010-08-26 13:41:21 +00:00
|
|
|
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
|
2010-08-26 13:41:21 +00:00
|
|
|
')
|
|
|
|
|
2006-09-28 14:37:29 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make the specified program domain accessable
|
|
|
|
## from the oddjob.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## The type of the process to transition to.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="entrypoint">
|
|
|
|
## <summary>
|
|
|
|
## The type of the file used as an entrypoint to this domain.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`oddjob_system_entry',`
|
|
|
|
gen_require(`
|
|
|
|
type oddjob_t;
|
|
|
|
')
|
|
|
|
|
2006-12-12 20:08:08 +00:00
|
|
|
domtrans_pattern(oddjob_t, $2, $1)
|
2010-08-26 13:41:21 +00:00
|
|
|
domain_user_exemption_target($1)
|
2006-09-28 14:37:29 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Send and receive messages from
|
|
|
|
## oddjob over dbus.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`oddjob_dbus_chat',`
|
|
|
|
gen_require(`
|
|
|
|
type oddjob_t;
|
|
|
|
class dbus send_msg;
|
|
|
|
')
|
|
|
|
|
|
|
|
allow $1 oddjob_t:dbus send_msg;
|
|
|
|
allow oddjob_t $1:dbus send_msg;
|
|
|
|
')
|
|
|
|
|
2010-08-26 13:41:21 +00:00
|
|
|
######################################
|
|
|
|
## <summary>
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## Send a SIGCHLD signal to oddjob.
|
2010-08-26 13:41:21 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
2010-08-26 13:41:21 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`oddjob_sigchld',`
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
gen_require(`
|
|
|
|
type oddjob_t;
|
|
|
|
')
|
2010-08-26 13:41:21 +00:00
|
|
|
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-20 09:48:51 +00:00
|
|
|
allow $1 oddjob_t:process sigchld;
|
2010-08-26 13:41:21 +00:00
|
|
|
')
|
|
|
|
|
2006-09-28 14:37:29 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute a domain transition to run oddjob_mkhomedir.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed to transition.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`oddjob_domtrans_mkhomedir',`
|
|
|
|
gen_require(`
|
|
|
|
type oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t;
|
|
|
|
')
|
|
|
|
|
2008-07-23 21:38:39 +00:00
|
|
|
domtrans_pattern($1, oddjob_mkhomedir_exec_t, oddjob_mkhomedir_t)
|
2006-09-28 14:37:29 +00:00
|
|
|
')
|
2009-07-27 14:52:20 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
2010-08-05 13:03:19 +00:00
|
|
|
## Domain allowed to transition.
|
2009-07-27 14:52:20 +00:00
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## Role allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`oddjob_run_mkhomedir',`
|
|
|
|
gen_require(`
|
|
|
|
type oddjob_mkhomedir_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
oddjob_domtrans_mkhomedir($1)
|
|
|
|
role $2 types oddjob_mkhomedir_t;
|
|
|
|
')
|