selinux-policy/policy/modules/services/boinc.if

## <summary>policy for boinc</summary>

########################################
## <summary>
##	Execute a domain transition to run boinc.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`boinc_domtrans',`
	gen_require(`
		type boinc_t, boinc_exec_t;
	')

	domtrans_pattern($1, boinc_exec_t, boinc_t)
')

#######################################
## <summary>
##	Execute boinc server in the boinc domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`boinc_initrc_domtrans',`
	gen_require(`
		type boinc_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, boinc_initrc_exec_t)
')

########################################
## <summary>
##	Search boinc lib directories.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`boinc_search_lib',`
	gen_require(`
		type boinc_var_lib_t;
	')

	allow $1 boinc_var_lib_t:dir search_dir_perms;
	files_search_var_lib($1)
')

########################################
## <summary>
##	Read boinc lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`boinc_read_lib_files',`
	gen_require(`
		type boinc_var_lib_t;
	')

	files_search_var_lib($1)
	read_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
')

########################################
## <summary>
##	Create, read, write, and delete
##	boinc lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`boinc_manage_lib_files',`
	gen_require(`
		type boinc_var_lib_t;
	')

	files_search_var_lib($1)
	manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
')

########################################
## <summary>
##	Manage boinc var_lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`boinc_manage_var_lib',`
	gen_require(`
		type boinc_var_lib_t;
	')

	files_search_var_lib($1)
	manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
	manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
	manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
')

########################################
## <summary>
##	All of the rules required to administrate
##	an boinc environment.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`boinc_admin',`
	gen_require(`
		type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t;
	')

	allow $1 boinc_t:process { ptrace signal_perms };
	ps_process_pattern($1, boinc_t)

	boinc_initrc_domtrans($1)
	domain_system_change_exemption($1)
	role_transition $2 boinc_initrc_exec_t system_r;
	allow $2 system_r;

	files_list_var_lib($1)
	admin_pattern($1, boinc_var_lib_t)
')
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`## <summary>policy for boinc</summary>`

			`########################################`
			`## <summary>`
			`## Execute a domain transition to run boinc.`
			`## </summary>`
			`## <param name="domain">`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`## <summary>`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`## Domain allowed to transition.`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`## </summary>`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`## </param>`
			`#`
			interface(`boinc_domtrans',`
			gen_require(`
			`type boinc_t, boinc_exec_t;`
			`')`

			`domtrans_pattern($1, boinc_exec_t, boinc_t)`
			`')`

			`#######################################`
			`## <summary>`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`## Execute boinc server in the boinc domain.`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`## </summary>`
			`## <param name="domain">`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`## </param>`
			`#`
			interface(`boinc_initrc_domtrans',`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			gen_require(`
			`type boinc_initrc_exec_t;`
			`')`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`init_labeled_script_domtrans($1, boinc_initrc_exec_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Search boinc lib directories.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`boinc_search_lib',`
			gen_require(`
			`type boinc_var_lib_t;`
			`')`

			`allow $1 boinc_var_lib_t:dir search_dir_perms;`
			`files_search_var_lib($1)`
			`')`

			`########################################`
			`## <summary>`
			`## Read boinc lib files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`boinc_read_lib_files',`
			gen_require(`
			`type boinc_var_lib_t;`
			`')`

			`files_search_var_lib($1)`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`read_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Create, read, write, and delete`
			`## boinc lib files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`boinc_manage_lib_files',`
			gen_require(`
			`type boinc_var_lib_t;`
			`')`

			`files_search_var_lib($1)`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Manage boinc var_lib files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`boinc_manage_var_lib',`
			gen_require(`
			`type boinc_var_lib_t;`
			`')`

Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. Search parent directory to be able to interact with targets content. 2010-09-17 07:43:44 +00:00			`files_search_var_lib($1)`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00			`manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t)`
			`manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)`
			`manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`')`

			`########################################`
			`## <summary>`
			`## All of the rules required to administrate`
			`## an boinc environment.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`## <param name="role">`
			`## <summary>`
			`## Role allowed access.`
			`## </summary>`
			`## </param>`
			`## <rolecap/>`
			`#`
			interface(`boinc_admin',`
			gen_require(`
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. 2010-09-17 07:49:15 +00:00			`type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t;`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`')`

Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern. Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern. Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-09-15 08:20:36 +00:00			`allow $1 boinc_t:process { ptrace signal_perms };`
			`ps_process_pattern($1, boinc_t)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00
			`boinc_initrc_domtrans($1)`
			`domain_system_change_exemption($1)`
			`role_transition $2 boinc_initrc_exec_t system_r;`
			`allow $2 system_r;`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-17 06:54:12 +00:00
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			`files_list_var_lib($1)`
			`admin_pattern($1, boinc_var_lib_t)`
			`')`