2010-05-24 19:32:01 +00:00
|
|
|
policy_module(ntop, 1.9.0)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
type ntop_t;
|
|
|
|
type ntop_exec_t;
|
2008-07-23 21:38:39 +00:00
|
|
|
init_daemon_domain(ntop_t, ntop_exec_t)
|
|
|
|
application_domain(ntop_t, ntop_exec_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
2010-04-08 14:28:53 +00:00
|
|
|
type ntop_initrc_exec_t;
|
|
|
|
init_script_file(ntop_initrc_exec_t)
|
|
|
|
|
2006-04-18 13:44:07 +00:00
|
|
|
type ntop_etc_t;
|
|
|
|
files_config_file(ntop_etc_t)
|
|
|
|
|
|
|
|
type ntop_tmp_t;
|
|
|
|
files_tmp_file(ntop_tmp_t)
|
|
|
|
|
|
|
|
type ntop_var_lib_t;
|
|
|
|
files_type(ntop_var_lib_t)
|
|
|
|
|
|
|
|
type ntop_var_run_t;
|
|
|
|
files_pid_file(ntop_var_run_t)
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Local Policy
|
|
|
|
#
|
|
|
|
|
|
|
|
allow ntop_t self:capability { net_raw setgid setuid sys_admin net_admin };
|
|
|
|
dontaudit ntop_t self:capability sys_tty_config;
|
|
|
|
allow ntop_t self:process signal_perms;
|
2008-10-16 16:09:20 +00:00
|
|
|
allow ntop_t self:fifo_file rw_fifo_file_perms;
|
2006-04-18 13:44:07 +00:00
|
|
|
allow ntop_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
allow ntop_t self:udp_socket create_socket_perms;
|
2010-04-08 14:28:53 +00:00
|
|
|
allow ntop_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
allow ntop_t self:unix_stream_socket create_stream_socket_perms;
|
2006-04-18 13:44:07 +00:00
|
|
|
allow ntop_t self:packet_socket create_socket_perms;
|
2010-04-08 14:28:53 +00:00
|
|
|
allow ntop_t self:socket create_socket_perms;
|
2006-04-18 13:44:07 +00:00
|
|
|
|
2006-12-12 20:08:08 +00:00
|
|
|
allow ntop_t ntop_etc_t:dir list_dir_perms;
|
2008-07-23 21:38:39 +00:00
|
|
|
read_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
|
|
|
|
read_lnk_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
2008-07-23 21:38:39 +00:00
|
|
|
manage_dirs_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
|
|
|
|
manage_files_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
files_tmp_filetrans(ntop_t, ntop_tmp_t, { file dir })
|
|
|
|
|
2010-04-12 19:31:43 +00:00
|
|
|
manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
|
|
|
|
manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-23 07:53:57 +00:00
|
|
|
files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir })
|
2006-04-18 13:44:07 +00:00
|
|
|
|
2008-07-23 21:38:39 +00:00
|
|
|
manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
|
|
|
|
files_pid_filetrans(ntop_t, ntop_var_run_t, file)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
2010-04-08 14:28:53 +00:00
|
|
|
kernel_request_load_module(ntop_t)
|
|
|
|
kernel_read_system_state(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
kernel_read_network_state(ntop_t)
|
|
|
|
kernel_read_kernel_sysctls(ntop_t)
|
|
|
|
kernel_list_proc(ntop_t)
|
|
|
|
kernel_read_proc_symlinks(ntop_t)
|
|
|
|
|
2007-06-27 15:23:21 +00:00
|
|
|
corenet_all_recvfrom_unlabeled(ntop_t)
|
|
|
|
corenet_all_recvfrom_netlabel(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
corenet_tcp_sendrecv_generic_if(ntop_t)
|
|
|
|
corenet_udp_sendrecv_generic_if(ntop_t)
|
|
|
|
corenet_raw_sendrecv_generic_if(ntop_t)
|
2009-01-09 19:48:02 +00:00
|
|
|
corenet_tcp_sendrecv_generic_node(ntop_t)
|
|
|
|
corenet_udp_sendrecv_generic_node(ntop_t)
|
|
|
|
corenet_raw_sendrecv_generic_node(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
corenet_tcp_sendrecv_all_ports(ntop_t)
|
|
|
|
corenet_udp_sendrecv_all_ports(ntop_t)
|
2010-04-08 14:28:53 +00:00
|
|
|
corenet_tcp_bind_ntop_port(ntop_t)
|
|
|
|
corenet_tcp_connect_ntop_port(ntop_t)
|
|
|
|
corenet_tcp_connect_http_port(ntop_t)
|
2010-04-27 13:31:30 +00:00
|
|
|
corenet_sendrecv_http_client_packets(ntop_t)
|
|
|
|
corenet_sendrecv_ntop_client_packets(ntop_t)
|
|
|
|
corenet_sendrecv_ntop_server_packets(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
|
|
|
dev_read_sysfs(ntop_t)
|
2010-04-08 14:28:53 +00:00
|
|
|
dev_rw_generic_usb_dev(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
|
|
|
domain_use_interactive_fds(ntop_t)
|
|
|
|
|
|
|
|
files_read_etc_files(ntop_t)
|
2010-04-08 14:28:53 +00:00
|
|
|
files_read_usr_files(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
|
|
|
fs_getattr_all_fs(ntop_t)
|
|
|
|
fs_search_auto_mountpoints(ntop_t)
|
|
|
|
|
2010-04-08 14:28:53 +00:00
|
|
|
auth_use_nsswitch(ntop_t)
|
|
|
|
|
2006-04-18 13:44:07 +00:00
|
|
|
logging_send_syslog_msg(ntop_t)
|
|
|
|
|
|
|
|
miscfiles_read_localization(ntop_t)
|
2010-04-08 14:28:53 +00:00
|
|
|
miscfiles_read_fonts(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
|
|
|
userdom_dontaudit_use_unpriv_user_fds(ntop_t)
|
2008-11-05 16:10:46 +00:00
|
|
|
userdom_dontaudit_search_user_home_dirs(ntop_t)
|
2006-04-18 13:44:07 +00:00
|
|
|
|
2010-04-08 14:28:53 +00:00
|
|
|
optional_policy(`
|
|
|
|
apache_read_sys_content(ntop_t)
|
|
|
|
')
|
|
|
|
|
2006-04-18 13:44:07 +00:00
|
|
|
optional_policy(`
|
|
|
|
seutil_sigchld_newrole(ntop_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
udev_read_db(ntop_t)
|
|
|
|
')
|