selinux-policy/policy/modules/services/ftp.if

206 lines
3.9 KiB
Plaintext
Raw Normal View History

2005-10-05 19:52:53 +00:00
## <summary>File transfer protocol service</summary>
2010-04-26 19:15:23 +00:00
#######################################
## <summary>
## Allow domain dyntransition to sftpd_anon domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
2010-04-26 19:15:23 +00:00
## </summary>
## </param>
#
interface(`ftp_dyntrans_anon_sftpd',`
gen_require(`
type anon_sftpd_t;
')
dyntrans_pattern($1, anon_sftpd_t);
')
2005-10-05 19:52:53 +00:00
########################################
## <summary>
2008-12-03 19:16:20 +00:00
## Use ftp by connecting over TCP. (Deprecated)
2005-10-05 19:52:53 +00:00
## </summary>
## <param name="domain">
## <summary>
2008-12-03 19:16:20 +00:00
## Domain allowed access.
## </summary>
2005-10-05 19:52:53 +00:00
## </param>
#
interface(`ftp_tcp_connect',`
2006-08-15 20:00:58 +00:00
refpolicywarn(`$0($*) has been deprecated.')
2005-10-05 19:52:53 +00:00
')
########################################
## <summary>
2008-12-03 19:16:20 +00:00
## Read ftpd etc files
2005-10-05 19:52:53 +00:00
## </summary>
## <param name="domain">
## <summary>
2008-12-03 19:16:20 +00:00
## Domain allowed access.
## </summary>
2005-10-05 19:52:53 +00:00
## </param>
#
interface(`ftp_read_config',`
gen_require(`
type ftpd_etc_t;
')
files_search_etc($1)
2008-10-20 16:10:42 +00:00
allow $1 ftpd_etc_t:file read_file_perms;
2005-10-05 19:52:53 +00:00
')
########################################
## <summary>
2008-12-03 19:16:20 +00:00
## Execute FTP daemon entry point programs.
2005-10-05 19:52:53 +00:00
## </summary>
## <param name="domain">
## <summary>
2008-12-03 19:16:20 +00:00
## Domain allowed access.
## </summary>
2005-10-05 19:52:53 +00:00
## </param>
#
interface(`ftp_check_exec',`
gen_require(`
type ftpd_exec_t;
')
2007-03-23 23:24:59 +00:00
corecmd_search_bin($1)
2010-09-17 10:36:31 +00:00
can_exec($1, ftpd_exec_t)
2005-10-05 19:52:53 +00:00
')
########################################
## <summary>
2008-12-03 19:16:20 +00:00
## Read FTP transfer logs
2005-10-05 19:52:53 +00:00
## </summary>
## <param name="domain">
## <summary>
2008-12-03 19:16:20 +00:00
## Domain allowed access.
## </summary>
2005-10-05 19:52:53 +00:00
## </param>
#
interface(`ftp_read_log',`
gen_require(`
type xferlog_t;
')
logging_search_logs($1)
2006-12-12 20:08:08 +00:00
allow $1 xferlog_t:file read_file_perms;
2005-10-05 19:52:53 +00:00
')
2006-06-13 18:17:34 +00:00
########################################
## <summary>
2008-12-03 19:16:20 +00:00
## Execute the ftpdctl program in the ftpdctl domain.
2006-06-13 18:17:34 +00:00
## </summary>
## <param name="domain">
2008-12-03 19:16:20 +00:00
## <summary>
## Domain allowed to transition.
2008-12-03 19:16:20 +00:00
## </summary>
2006-06-13 18:17:34 +00:00
## </param>
#
interface(`ftp_domtrans_ftpdctl',`
gen_require(`
type ftpdctl_t, ftpdctl_exec_t;
')
corecmd_search_bin($1)
2006-12-12 20:08:08 +00:00
domtrans_pattern($1, ftpdctl_exec_t, ftpdctl_t)
2006-06-13 18:17:34 +00:00
')
########################################
## <summary>
## Execute the ftpdctl program in the ftpdctl domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to allow the ftpdctl domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`ftp_run_ftpdctl',`
gen_require(`
type ftpdctl_t;
')
ftp_domtrans_ftpdctl($1)
role $2 types ftpdctl_t;
')
2008-10-08 20:03:24 +00:00
2010-04-26 19:15:23 +00:00
#######################################
## <summary>
## Allow domain dyntransition to sftpd domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
2010-04-26 19:15:23 +00:00
## </summary>
## </param>
#
interface(`ftp_dyntrans_sftpd',`
gen_require(`
type sftpd_t;
')
dyntrans_pattern($1, sftpd_t);
')
2008-10-08 20:03:24 +00:00
########################################
## <summary>
2010-04-26 19:15:23 +00:00
## All of the rules required to administrate
2008-10-08 20:03:24 +00:00
## an ftp environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the ftp domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`ftp_admin',`
gen_require(`
type ftpd_t, ftpdctl_t, ftpd_tmp_t;
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible.
2010-09-17 07:49:15 +00:00
type ftpd_etc_t, ftpd_lock_t, ftpd_initrc_exec_t;
2008-10-08 20:03:24 +00:00
type ftpd_var_run_t, xferlog_t;
')
allow $1 ftpd_t:process { ptrace signal_perms };
ps_process_pattern($1, ftpd_t)
init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 ftpd_initrc_exec_t system_r;
allow $2 system_r;
ps_process_pattern($1, ftpdctl_t)
2008-11-05 16:10:46 +00:00
ftp_run_ftpdctl($1, $2)
2008-10-08 20:03:24 +00:00
miscfiles_manage_public_files($1)
files_list_tmp($1)
admin_pattern($1, ftpd_tmp_t)
files_list_etc($1)
admin_pattern($1, ftpd_etc_t)
files_list_var($1)
admin_pattern($1, ftpd_lock_t)
files_list_pids($1)
admin_pattern($1, ftpd_var_run_t)
logging_list_logs($1)
admin_pattern($1, xferlog_t)
')