selinux-policy/policy/modules/system/miscfiles.if

## <summary>Miscelaneous files.</summary>

########################################
## <summary>
##	Read system SSL certificates.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_certs',`
	gen_require(`
		type cert_t;
	')

	allow $1 cert_t:dir r_dir_perms;
	allow $1 cert_t:file r_file_perms;
	allow $1 cert_t:lnk_file { getattr read };
')

########################################
## <summary>
##	Read fonts.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_fonts',`
	gen_require(`
		type fonts_t;
	')

	# cjp: fonts can be in either of these dirs
	files_search_usr($1)
	libs_search_lib($1)

	allow $1 fonts_t:dir r_dir_perms;
	allow $1 fonts_t:file r_file_perms;
	allow $1 fonts_t:lnk_file { getattr read };
')

########################################
## <summary>
##	Create, read, write, and delete fonts.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_manage_fonts',`
	gen_require(`
		type fonts_t;
	')

	# cjp: fonts can be in either of these dirs
	files_search_usr($1)
	libs_search_lib($1)

	allow $1 fonts_t:dir create_dir_perms;
	allow $1 fonts_t:file create_file_perms;
	allow $1 fonts_t:lnk_file create_lnk_perms;
')

########################################
## <summary>
##	Read hardware identification data.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_hwdata',`
	gen_require(`
		type hwdata_t;
	')

	allow $1 hwdata_t:dir r_dir_perms;
	allow $1 hwdata_t:file r_file_perms;
	allow $1 hwdata_t:lnk_file { getattr read };
')

########################################
## <summary>
##	Allow process to read localization info
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_localization',`
	gen_require(`
		type locale_t;
	')

	files_search_etc($1)
	# FIXME: $1 read etc_t:lnk_file here
	files_search_usr($1)
	allow $1 locale_t:dir r_dir_perms;
	allow $1 locale_t:lnk_file r_file_perms;
	allow $1 locale_t:file r_file_perms;

	# why?
	libs_read_lib_files($1)
')

########################################
## <summary>
##	Allow process to read legacy time localization info
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_legacy_read_localization',`
	gen_require(`
		type locale_t;
	')

	miscfiles_read_localization($1)
	allow $1 locale_t:file execute;
')

########################################
## <summary>
##	Do not audit attempts to search man pages.
## </summary>
## <param name="domain">
##	<summary>
##	Domain to not audit.
##	</summary>
## </param>
#
interface(`miscfiles_dontaudit_search_man_pages',`
	gen_require(`
		type man_t;
	')

	dontaudit $1 man_t:dir search;
')

########################################
## <summary>
##	Read man pages
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_man_pages',`
	gen_require(`
		type man_t;
	')

	files_search_usr($1)
	allow $1 man_t:dir r_dir_perms;
	allow $1 man_t:file r_file_perms;
	allow $1 man_t:lnk_file r_file_perms;
')

########################################
## <summary>
##	Delete man pages
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
# cjp: added for tmpreaper
#
interface(`miscfiles_delete_man_pages',`
	gen_require(`
		type man_t;
	')

	files_search_usr($1)
	allow $1 man_t:dir { setattr rw_dir_perms rmdir };
	allow $1 man_t:file { getattr unlink };
	allow $1 man_t:lnk_file { getattr unlink };
')

########################################
## <summary>
##	Create, read, write, and delete man pages
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_manage_man_pages',`
	gen_require(`
		type man_t;
	')

	files_search_usr($1)
	allow $1 man_t:dir create_dir_perms;
	allow $1 man_t:file create_file_perms;
	allow $1 man_t:lnk_file r_file_perms;
')

########################################
## <summary>
##	Read public files used for file
##	transfer services.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_public_files',`
	gen_require(`
		type public_content_t, public_content_rw_t;
	')

	allow $1 { public_content_t public_content_rw_t }:dir r_dir_perms;
	allow $1 { public_content_t public_content_rw_t }:file r_file_perms;
	allow $1 { public_content_t public_content_rw_t }:lnk_file { getattr read };
')

########################################
## <summary>
##	Create, read, write, and delete public files
##	and directories used for file transfer services.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_manage_public_files',`
	gen_require(`
		type public_content_rw_t;
	')

	allow $1 public_content_rw_t:dir create_dir_perms;
	allow $1 public_content_rw_t:file create_file_perms;
	allow $1 public_content_rw_t:lnk_file create_lnk_perms;
')

########################################
## <summary>
##	Read TeX data
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_tetex_data',`
	gen_require(`
		type tetex_data_t;
	')

	files_search_var($1)
	files_search_var_lib($1)

	# cjp: TeX data can be in either of the above dirs
	allow $1 tetex_data_t:dir r_dir_perms;
	allow $1 tetex_data_t:file r_file_perms;
	allow $1 tetex_data_t:lnk_file r_file_perms;
')

########################################
## <summary>
##	Execute TeX data programs in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_exec_tetex_data',`
	gen_require(`
		type fonts_t;
	')

	files_search_var($1)
	files_search_var_lib($1)

	# cjp: TeX data can be in either of the above dirs
	allow $1 tetex_data_t:dir r_dir_perms;
	can_exec($1,tetex_data_t)
')

########################################
## <summary>
##	Let test files be an entry point for
##	a specified domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain to be entered.
##	</summary>
## </param>
#
interface(`miscfiles_domain_entry_test_files',`
	gen_require(`
		type test_file_t;
	')

	domain_entry_file($1, test_file_t)
')

########################################
## <summary>
##	Read test files and directories.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_read_test_files',`
	gen_require(`
		type test_file_t;
	')

	allow $1 test_file_t:dir r_dir_perms;
	allow $1 test_file_t:file r_file_perms;
	allow $1 test_file_t:lnk_file r_file_perms;
')

########################################
## <summary>
##	Execute test files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`miscfiles_exec_test_files',`
	gen_require(`
		type test_file_t;
	')

	allow $1 test_file_t:dir r_dir_perms;
	allow $1 test_file_t:lnk_file r_file_perms;
	can_exec($1, test_file_t)
')
add xml 2005-06-07 22:36:07 +00:00			`## <summary>Miscelaneous files.</summary>`
add copyright statement 2005-04-20 19:07:16 +00:00
add read fonts 2005-05-05 21:36:53 +00:00			`########################################`
more cleanup 2005-07-19 18:40:31 +00:00			`## <summary>`
more apache work 2005-10-05 21:17:22 +00:00			`## Read system SSL certificates.`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more apache work 2005-10-05 21:17:22 +00:00			`## </param>`
			`#`
			interface(`miscfiles_read_certs',`
			gen_require(`
			`type cert_t;`
			`')`

			`allow $1 cert_t:dir r_dir_perms;`
			`allow $1 cert_t:file r_file_perms;`
obj class typo for certs 2005-10-20 19:28:27 +00:00			`allow $1 cert_t:lnk_file { getattr read };`
more apache work 2005-10-05 21:17:22 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Read fonts.`
more cleanup 2005-07-19 18:40:31 +00:00			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more cleanup 2005-07-19 18:40:31 +00:00			`## </param>`
add read fonts 2005-05-05 21:36:53 +00:00			`#`
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			interface(`miscfiles_read_fonts',`
review of system interfaces 2005-06-17 17:59:26 +00:00			gen_require(`
			`type fonts_t;`
			`')`

add xfs 2005-11-25 19:09:08 +00:00			`# cjp: fonts can be in either of these dirs`
review of system interfaces 2005-06-17 17:59:26 +00:00			`files_search_usr($1)`
			`libs_search_lib($1)`
change over to some perm set macros. add indentation 2005-06-03 12:25:14 +00:00
aliases 2005-06-09 14:26:05 +00:00			`allow $1 fonts_t:dir r_dir_perms;`
			`allow $1 fonts_t:file r_file_perms;`
pile o fixes 2005-10-26 16:00:13 +00:00			`allow $1 fonts_t:lnk_file { getattr read };`
add read fonts 2005-05-05 21:36:53 +00:00			`')`

add xfs 2005-11-25 19:09:08 +00:00			`########################################`
			`## <summary>`
			`## Create, read, write, and delete fonts.`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
add xfs 2005-11-25 19:09:08 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
add xfs 2005-11-25 19:09:08 +00:00			`## </param>`
			`#`
			interface(`miscfiles_manage_fonts',`
			gen_require(`
			`type fonts_t;`
			`')`

			`# cjp: fonts can be in either of these dirs`
			`files_search_usr($1)`
			`libs_search_lib($1)`

			`allow $1 fonts_t:dir create_dir_perms;`
			`allow $1 fonts_t:file create_file_perms;`
			`allow $1 fonts_t:lnk_file create_lnk_perms;`
			`')`

add interfaces used in old anonymous_domain() 2005-10-05 19:09:42 +00:00			`########################################`
			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Read hardware identification data.`
add interfaces used in old anonymous_domain() 2005-10-05 19:09:42 +00:00			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
add interfaces used in old anonymous_domain() 2005-10-05 19:09:42 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
add interfaces used in old anonymous_domain() 2005-10-05 19:09:42 +00:00			`## </param>`
			`#`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			interface(`miscfiles_read_hwdata',`
add interfaces used in old anonymous_domain() 2005-10-05 19:09:42 +00:00			gen_require(`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`type hwdata_t;`
add interfaces used in old anonymous_domain() 2005-10-05 19:09:42 +00:00			`')`

partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`allow $1 hwdata_t:dir r_dir_perms;`
			`allow $1 hwdata_t:file r_file_perms;`
more of the same 2005-10-31 22:44:03 +00:00			`allow $1 hwdata_t:lnk_file { getattr read };`
add interfaces used in old anonymous_domain() 2005-10-05 19:09:42 +00:00			`')`

initial commit 2005-04-14 20:18:17 +00:00			`########################################`
more cleanup 2005-07-19 18:40:31 +00:00			`## <summary>`
			`## Allow process to read localization info`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more cleanup 2005-07-19 18:40:31 +00:00			`## </param>`
initial commit 2005-04-14 20:18:17 +00:00			`#`
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			interface(`miscfiles_read_localization',`
review of system interfaces 2005-06-17 17:59:26 +00:00			gen_require(`
			`type locale_t;`
			`')`

			`files_search_etc($1)`
change over to some perm set macros. add indentation 2005-06-03 12:25:14 +00:00			`# FIXME: $1 read etc_t:lnk_file here`
review of system interfaces 2005-06-17 17:59:26 +00:00			`files_search_usr($1)`
aliases 2005-06-09 14:26:05 +00:00			`allow $1 locale_t:dir r_dir_perms;`
			`allow $1 locale_t:lnk_file r_file_perms;`
			`allow $1 locale_t:file r_file_perms;`
make a reasonable lib_t interface 2005-05-11 15:46:51 +00:00
change over to some perm set macros. add indentation 2005-06-03 12:25:14 +00:00			`# why?`
another slew of renaming 2006-02-02 21:08:12 +00:00			`libs_read_lib_files($1)`
initial commit 2005-04-14 20:18:17 +00:00			`')`

add legacy read locale 2005-05-05 20:33:35 +00:00			`########################################`
more cleanup 2005-07-19 18:40:31 +00:00			`## <summary>`
			`## Allow process to read legacy time localization info`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more cleanup 2005-07-19 18:40:31 +00:00			`## </param>`
add legacy read locale 2005-05-05 20:33:35 +00:00			`#`
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			interface(`miscfiles_legacy_read_localization',`
review of system interfaces 2005-06-17 17:59:26 +00:00			gen_require(`
			`type locale_t;`
			`')`
change over to some perm set macros. add indentation 2005-06-03 12:25:14 +00:00
			`miscfiles_read_localization($1)`
			`allow $1 locale_t:file execute;`
add legacy read locale 2005-05-05 20:33:35 +00:00			`')`

add postfix 2005-10-23 20:18:36 +00:00			`########################################`
			`## <summary>`
			`## Do not audit attempts to search man pages.`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
add postfix 2005-10-23 20:18:36 +00:00			`## Domain to not audit.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
add postfix 2005-10-23 20:18:36 +00:00			`## </param>`
			`#`
			interface(`miscfiles_dontaudit_search_man_pages',`
			gen_require(`
			`type man_t;`
			`')`

			`dontaudit $1 man_t:dir search;`
			`')`

updates needed for cron 2005-05-11 19:05:15 +00:00			`########################################`
more cleanup 2005-07-19 18:40:31 +00:00			`## <summary>`
more upstream merging 2005-09-16 21:20:37 +00:00			`## Read man pages`
more cleanup 2005-07-19 18:40:31 +00:00			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
more upstream merging 2005-09-16 21:20:37 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more cleanup 2005-07-19 18:40:31 +00:00			`## </param>`
updates needed for cron 2005-05-11 19:05:15 +00:00			`#`
move all interfaces over to the interface macro. add traceback debugging info 2005-06-22 19:21:31 +00:00			interface(`miscfiles_read_man_pages',`
review of system interfaces 2005-06-17 17:59:26 +00:00			gen_require(`
			`type man_t;`
			`')`

			`files_search_usr($1)`
aliases 2005-06-09 14:26:05 +00:00			`allow $1 man_t:dir r_dir_perms;`
			`allow $1 man_t:file r_file_perms;`
			`allow $1 man_t:lnk_file r_file_perms;`
updates needed for cron 2005-05-11 19:05:15 +00:00			`')`

more cleanup 2005-07-19 18:40:31 +00:00			`########################################`
more upstream merging 2005-09-16 21:20:37 +00:00			`## <summary>`
			`## Delete man pages`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
more upstream merging 2005-09-16 21:20:37 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more upstream merging 2005-09-16 21:20:37 +00:00			`## </param>`
			`# cjp: added for tmpreaper`
			`#`
			interface(`miscfiles_delete_man_pages',`
			gen_require(`
			`type man_t;`
			`')`

			`files_search_usr($1)`
			`allow $1 man_t:dir { setattr rw_dir_perms rmdir };`
			`allow $1 man_t:file { getattr unlink };`
			`allow $1 man_t:lnk_file { getattr unlink };`
			`')`

			`########################################`
			`## <summary>`
			`## Create, read, write, and delete man pages`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
more upstream merging 2005-09-16 21:20:37 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more upstream merging 2005-09-16 21:20:37 +00:00			`## </param>`
			`#`
			interface(`miscfiles_manage_man_pages',`
			gen_require(`
			`type man_t;`
			`')`

			`files_search_usr($1)`
			`allow $1 man_t:dir create_dir_perms;`
			`allow $1 man_t:file create_file_perms;`
			`allow $1 man_t:lnk_file r_file_perms;`
			`')`

partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`########################################`
			`## <summary>`
			`## Read public files used for file`
			`## transfer services.`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## </param>`
			`#`
			interface(`miscfiles_read_public_files',`
			gen_require(`
fix most of samba 2005-10-24 21:33:46 +00:00			`type public_content_t, public_content_rw_t;`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`')`

fix most of samba 2005-10-24 21:33:46 +00:00			`allow $1 { public_content_t public_content_rw_t }:dir r_dir_perms;`
			`allow $1 { public_content_t public_content_rw_t }:file r_file_perms;`
			`allow $1 { public_content_t public_content_rw_t }:lnk_file { getattr read };`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Create, read, write, and delete public files`
			`## and directories used for file transfer services.`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## </param>`
			`#`
			interface(`miscfiles_manage_public_files',`
			gen_require(`
			`type public_content_rw_t;`
			`')`

			`allow $1 public_content_rw_t:dir create_dir_perms;`
			`allow $1 public_content_rw_t:file create_file_perms;`
			`allow $1 public_content_rw_t:lnk_file create_lnk_perms;`
			`')`

more upstream merging 2005-09-16 21:20:37 +00:00			`########################################`
more cleanup 2005-07-19 18:40:31 +00:00			`## <summary>`
			`## Read TeX data`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more cleanup 2005-07-19 18:40:31 +00:00			`## </param>`
			`#`
			interface(`miscfiles_read_tetex_data',`
			gen_require(`
			`type tetex_data_t;`
			`')`

			`files_search_var($1)`
			`files_search_var_lib($1)`

			`# cjp: TeX data can be in either of the above dirs`
			`allow $1 tetex_data_t:dir r_dir_perms;`
			`allow $1 tetex_data_t:file r_file_perms;`
			`allow $1 tetex_data_t:lnk_file r_file_perms;`
			`')`

			`########################################`
			`## <summary>`
			`## Execute TeX data programs in the caller domain.`
			`## </summary>`
			`## <param name="domain">`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## <summary>`
partial (most of it) merge of selinux-policy-strict-sources-1.27.1-15 2005-10-13 20:59:36 +00:00			`## Domain allowed access.`
xml building changes, add desc tag to booleans, add summary tag to bools 2006-02-10 18:41:53 +00:00			`## </summary>`
more cleanup 2005-07-19 18:40:31 +00:00			`## </param>`
			`#`
			interface(`miscfiles_exec_tetex_data',`
			gen_require(`
			`type fonts_t;`
			`')`

			`files_search_var($1)`
			`files_search_var_lib($1)`

			`# cjp: TeX data can be in either of the above dirs`
			`allow $1 tetex_data_t:dir r_dir_perms;`
			`can_exec($1,tetex_data_t)`
			`')`
Additional interfaces in corecommands, miscfiles, and userdomain from Joy Latten. 2006-03-24 18:59:51 +00:00
			`########################################`
			`## <summary>`
			`## Let test files be an entry point for`
			`## a specified domain.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain to be entered.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`miscfiles_domain_entry_test_files',`
			gen_require(`
			`type test_file_t;`
			`')`

			`domain_entry_file($1, test_file_t)`
			`')`

			`########################################`
			`## <summary>`
			`## Read test files and directories.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`miscfiles_read_test_files',`
			gen_require(`
			`type test_file_t;`
			`')`

			`allow $1 test_file_t:dir r_dir_perms;`
			`allow $1 test_file_t:file r_file_perms;`
			`allow $1 test_file_t:lnk_file r_file_perms;`
			`')`

			`########################################`
			`## <summary>`
			`## Execute test files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`miscfiles_exec_test_files',`
			gen_require(`
			`type test_file_t;`
			`')`

			`allow $1 test_file_t:dir r_dir_perms;`
			`allow $1 test_file_t:lnk_file r_file_perms;`
			`can_exec($1, test_file_t)`
			`')`