selinux-policy/policy/modules/services/tuned.if

## <summary>Dynamic adaptive system tuning daemon</summary>

########################################
## <summary>
##	Execute a domain transition to run tuned.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`tuned_domtrans',`
	gen_require(`
		type tuned_t, tuned_exec_t;
	')

	domtrans_pattern($1, tuned_exec_t, tuned_t)
')

#######################################
## <summary>
##	Execute tuned in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`tuned_exec',`
	gen_require(`
		type tuned_exec_t;
	')

	corecmd_search_bin($1)
	can_exec($1, tuned_exec_t)
')

######################################
## <summary>
##	Read tuned PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`tuned_read_pid_files',`
	gen_require(`
		type tuned_var_run_t;
	')

	files_search_pids($1)
	read_files_pattern($1, tuned_var_run_t, tuned_var_run_t)
')

#######################################
## <summary>
##	Manage tuned PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`tuned_manage_pid_files',`
	gen_require(`
		type tuned_var_run_t;
	')

	files_search_pids($1)
	manage_files_pattern($1, tuned_var_run_t, tuned_var_run_t)
')

########################################
## <summary>
##	Execute tuned server in the tuned domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`tuned_initrc_domtrans',`
	gen_require(`
		type tuned_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, tuned_initrc_exec_t)
')

########################################
## <summary>
##	All of the rules required to administrate 
##	an tuned environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`tuned_admin',`
	gen_require(`
		type tuned_t, tuned_var_run_t, tuned_initrc_exec_t;
	')

	allow $1 tuned_t:process { ptrace signal_perms };
	ps_process_pattern($1, tuned_t)

	tuned_initrc_domtrans($1)
	domain_system_change_exemption($1)
	role_transition $2 tuned_initrc_exec_t system_r;
	allow $2 system_r;

	files_search_pids($1)
	admin_pattern($1, tuned_var_run_t)
')
add tuned from miroslav grepl. 2009-10-26 13:42:11 +00:00			`## <summary>Dynamic adaptive system tuning daemon</summary>`

			`########################################`
			`## <summary>`
			`## Execute a domain transition to run tuned.`
			`## </summary>`
			`## <param name="domain">`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Signed-off-by: Dominick Grift <domg472@gmail.com> Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-16 06:24:26 +00:00			`## <summary>`
add tuned from miroslav grepl. 2009-10-26 13:42:11 +00:00			`## Domain allowed to transition.`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Signed-off-by: Dominick Grift <domg472@gmail.com> Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. 2010-09-16 06:24:26 +00:00			`## </summary>`
add tuned from miroslav grepl. 2009-10-26 13:42:11 +00:00			`## </param>`
			`#`
			interface(`tuned_domtrans',`
			gen_require(`
			`type tuned_t, tuned_exec_t;`
			`')`

			`domtrans_pattern($1, tuned_exec_t, tuned_t)`
			`')`

			`#######################################`
			`## <summary>`
			`## Execute tuned in the caller domain.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`tuned_exec',`
			gen_require(`
			`type tuned_exec_t;`
			`')`

			`corecmd_search_bin($1)`
			`can_exec($1, tuned_exec_t)`
			`')`

			`######################################`
			`## <summary>`
			`## Read tuned PID files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`tuned_read_pid_files',`
			gen_require(`
			`type tuned_var_run_t;`
			`')`

			`files_search_pids($1)`
			`read_files_pattern($1, tuned_var_run_t, tuned_var_run_t)`
			`')`

			`#######################################`
			`## <summary>`
			`## Manage tuned PID files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`tuned_manage_pid_files',`
			gen_require(`
			`type tuned_var_run_t;`
			`')`

			`files_search_pids($1)`
			`manage_files_pattern($1, tuned_var_run_t, tuned_var_run_t)`
			`')`

			`########################################`
			`## <summary>`
			`## Execute tuned server in the tuned domain.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
Interface documentation standardization patch from Dan Walsh. 2010-08-02 13:22:09 +00:00			`## Domain allowed access.`
add tuned from miroslav grepl. 2009-10-26 13:42:11 +00:00			`## </summary>`
			`## </param>`
			`#`
			interface(`tuned_initrc_domtrans',`
			gen_require(`
			`type tuned_initrc_exec_t;`
			`')`

			`init_labeled_script_domtrans($1, tuned_initrc_exec_t)`
			`')`

			`########################################`
			`## <summary>`
			`## All of the rules required to administrate`
			`## an tuned environment`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`## <param name="role">`
			`## <summary>`
			`## Role allowed access.`
			`## </summary>`
			`## </param>`
			`## <rolecap/>`
			`#`
			interface(`tuned_admin',`
			gen_require(`
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Signed-off-by: Dominick Grift <domg472@gmail.com> Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. 2010-09-15 20:19:38 +00:00			`type tuned_t, tuned_var_run_t, tuned_initrc_exec_t;`
add tuned from miroslav grepl. 2009-10-26 13:42:11 +00:00			`')`

			`allow $1 tuned_t:process { ptrace signal_perms };`
			`ps_process_pattern($1, tuned_t)`

			`tuned_initrc_domtrans($1)`
			`domain_system_change_exemption($1)`
			`role_transition $2 tuned_initrc_exec_t system_r;`
			`allow $2 system_r;`

			`files_search_pids($1)`
			`admin_pattern($1, tuned_var_run_t)`
			`')`