selinux-policy/refpolicy/policy/modules/system/miscfiles.if

126 lines
3.0 KiB
Plaintext
Raw Normal View History

## <module name="miscfiles">
2005-06-07 22:36:07 +00:00
## <summary>Miscelaneous files.</summary>
2005-04-20 19:07:16 +00:00
2005-05-11 19:05:15 +00:00
########################################
2005-06-13 17:35:46 +00:00
## <interface name="miscfiles_rw_man_cache">
2005-06-23 16:00:05 +00:00
## <desc>
2005-06-07 22:36:07 +00:00
## Allow process to create files and dirs in /var/cache/man
## and /var/catman/
2005-06-23 16:00:05 +00:00
## </desc>
## <param name="domain">
2005-06-07 22:36:07 +00:00
## Type type of the process performing this action.
2005-06-23 16:00:05 +00:00
## </param>
2005-06-07 22:36:07 +00:00
## </interface>
2005-05-11 19:05:15 +00:00
#
interface(`miscfiles_rw_man_cache',`
2005-06-17 17:59:26 +00:00
gen_require(`
type catman_t;
class dir create_dir_perms;
class file create_file_perms;
')
2005-06-17 17:59:26 +00:00
files_search_var($1)
allow $1 catman_t:dir create_dir_perms;
allow $1 catman_t:file create_file_perms;
2005-05-11 19:05:15 +00:00
')
2005-05-05 21:36:53 +00:00
########################################
2005-06-07 22:36:07 +00:00
## <interface name="miscfiles_read_fonts">
2005-06-23 16:00:05 +00:00
## <desc>
2005-06-07 22:36:07 +00:00
## Allow process to read fonts files
2005-06-23 16:00:05 +00:00
## </desc>
## <param name="domain">
2005-06-07 22:36:07 +00:00
## Type type of the process performing this action.
2005-06-23 16:00:05 +00:00
## </param>
2005-06-07 22:36:07 +00:00
## </interface>
2005-05-05 21:36:53 +00:00
#
interface(`miscfiles_read_fonts',`
2005-06-17 17:59:26 +00:00
gen_require(`
type fonts_t;
class dir r_dir_perms;
class file r_file_perms;
')
files_search_usr($1)
libs_search_lib($1)
# cjp: fonts can be in either of the above dirs
2005-06-09 14:26:05 +00:00
allow $1 fonts_t:dir r_dir_perms;
allow $1 fonts_t:file r_file_perms;
2005-05-05 21:36:53 +00:00
')
2005-04-14 20:18:17 +00:00
########################################
2005-06-07 22:36:07 +00:00
## <interface name="miscfiles_read_localization">
2005-06-23 16:00:05 +00:00
## <desc>
2005-06-07 22:36:07 +00:00
## Allow process to read localization info
2005-06-23 16:00:05 +00:00
## </desc>
## <param name="domain">
2005-06-07 22:36:07 +00:00
## Type type of the process performing this action.
2005-06-23 16:00:05 +00:00
## </param>
2005-06-07 22:36:07 +00:00
## </interface>
2005-04-14 20:18:17 +00:00
#
interface(`miscfiles_read_localization',`
2005-06-17 17:59:26 +00:00
gen_require(`
type locale_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
class file r_file_perms;
')
files_search_etc($1)
# FIXME: $1 read etc_t:lnk_file here
2005-06-17 17:59:26 +00:00
files_search_usr($1)
2005-06-09 14:26:05 +00:00
allow $1 locale_t:dir r_dir_perms;
allow $1 locale_t:lnk_file r_file_perms;
allow $1 locale_t:file r_file_perms;
2005-05-11 15:46:51 +00:00
# why?
2005-06-13 17:35:46 +00:00
libs_read_lib($1)
2005-04-14 20:18:17 +00:00
')
2005-05-05 20:33:35 +00:00
########################################
2005-06-07 22:36:07 +00:00
## <interface name="miscfiles_legacy_read_localization">
2005-06-23 16:00:05 +00:00
## <desc>
2005-06-07 22:36:07 +00:00
## Allow process to read legacy time localization info
2005-06-23 16:00:05 +00:00
## </desc>
## <param name="domain">
2005-06-07 22:36:07 +00:00
## Type type of the process performing this action.
2005-06-23 16:00:05 +00:00
## </param>
2005-06-07 22:36:07 +00:00
## </interface>
2005-05-05 20:33:35 +00:00
#
interface(`miscfiles_legacy_read_localization',`
2005-06-17 17:59:26 +00:00
gen_require(`
type locale_t;
class file execute;
')
miscfiles_read_localization($1)
allow $1 locale_t:file execute;
2005-05-05 20:33:35 +00:00
')
2005-05-11 19:05:15 +00:00
########################################
2005-06-07 22:36:07 +00:00
## <interface name="miscfiles_read_man_pages">
2005-06-23 16:00:05 +00:00
## <desc>
2005-06-07 22:36:07 +00:00
## Allow process to read manpages
2005-06-23 16:00:05 +00:00
## </desc>
## <param name="domain">
2005-06-07 22:36:07 +00:00
## Type type of the process performing this action.
2005-06-23 16:00:05 +00:00
## </param>
2005-06-07 22:36:07 +00:00
## </interface>
2005-05-11 19:05:15 +00:00
#
interface(`miscfiles_read_man_pages',`
2005-06-17 17:59:26 +00:00
gen_require(`
type man_t;
class dir r_dir_perms;
class file r_file_perms;
class lnk_file r_file_perms;
')
files_search_usr($1)
2005-06-09 14:26:05 +00:00
allow $1 man_t:dir r_dir_perms;
allow $1 man_t:file r_file_perms;
allow $1 man_t:lnk_file r_file_perms;
2005-05-11 19:05:15 +00:00
')
2005-06-07 22:36:07 +00:00
## </module>