selinux-policy/policy/modules/services/ddclient.if

## <summary>Update dynamic IP address at DynDNS.org</summary>

#######################################
## <summary>
##	Execute ddclient in the ddclient domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`ddclient_domtrans',`
	gen_require(`
		type ddclient_t, ddclient_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, ddclient_exec_t, ddclient_t)
')

########################################
## <summary>
##	 Execute ddclient daemon on behalf of a user or staff type.
## </summary>
## <param name="domain">
##	<summary>
##	 Domain allowed to transition.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`ddclient_run',`
	gen_require(`
		type ddclient_t;
	')

	ddclient_domtrans($1)
	role $2 types ddclient_t;
')

########################################
## <summary>
##	All of the rules required to administrate
##	an ddclient environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed to manage the ddclient domain.
##	</summary>
## </param>
## <rolecap/>
#
interface(`ddclient_admin',`
	gen_require(`
		type ddclient_t, ddclient_etc_t, ddclient_log_t;
		type ddclient_var_t, ddclient_var_lib_t, ddclient_initrc_exec_t;
		type ddclient_var_run_t;
	')

	allow $1 ddclient_t:process { ptrace signal_perms };
	ps_process_pattern($1, ddclient_t)

	init_labeled_script_domtrans($1, ddclient_initrc_exec_t)
	domain_system_change_exemption($1)
	role_transition $2 ddclient_initrc_exec_t system_r;
	allow $2 system_r;

	files_list_etc($1)
	admin_pattern($1, ddclient_etc_t)

	logging_list_logs($1)
	admin_pattern($1, ddclient_log_t)

	files_list_var($1)
	admin_pattern($1, ddclient_var_t)

	files_list_var_lib($1)
	admin_pattern($1, ddclient_var_lib_t)

	files_list_pids($1)
	admin_pattern($1, ddclient_var_run_t)
')
add ddclient, bug 1523 2006-04-25 17:50:31 +00:00			`## <summary>Update dynamic IP address at DynDNS.org</summary>`

			`#######################################`
			`## <summary>`
			`## Execute ddclient in the ddclient domain.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
Services layer xml files. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-08-05 13:03:19 +00:00			`## Domain allowed to transition.`
add ddclient, bug 1523 2006-04-25 17:50:31 +00:00			`## </summary>`
			`## </param>`
			`#`
			interface(`ddclient_domtrans',`
			gen_require(`
			`type ddclient_t, ddclient_exec_t;`
			`')`

Merge sbin_t and ls_exec_t into bin_t. 2007-03-23 23:24:59 +00:00			`corecmd_search_bin($1)`
merge policy patterns to trunk 2006-12-12 20:08:08 +00:00			`domtrans_pattern($1, ddclient_exec_t, ddclient_t)`
add ddclient, bug 1523 2006-04-25 17:50:31 +00:00			`')`
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00
			`########################################`
			`## <summary>`
Ddclient patch from Dan Walsh. 2010-01-07 16:50:35 +00:00			`## Execute ddclient daemon on behalf of a user or staff type.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
Services layer xml files. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-08-05 13:03:19 +00:00			`## Domain allowed to transition.`
Ddclient patch from Dan Walsh. 2010-01-07 16:50:35 +00:00			`## </summary>`
			`## </param>`
			`## <param name="role">`
			`## <summary>`
			`## Role allowed access.`
			`## </summary>`
			`## </param>`
			`## <rolecap/>`
			`#`
			interface(`ddclient_run',`
			gen_require(`
			`type ddclient_t;`
			`')`

			`ddclient_domtrans($1)`
			`role $2 types ddclient_t;`
			`')`

			`########################################`
			`## <summary>`
			`## All of the rules required to administrate`
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`## an ddclient environment`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`## <param name="role">`
			`## <summary>`
			`## The role to be allowed to manage the ddclient domain.`
			`## </summary>`
			`## </param>`
			`## <rolecap/>`
			`#`
			interface(`ddclient_admin',`
			gen_require(`
			`type ddclient_t, ddclient_etc_t, ddclient_log_t;`
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. 2010-09-17 07:49:15 +00:00			`type ddclient_var_t, ddclient_var_lib_t, ddclient_initrc_exec_t;`
			`type ddclient_var_run_t;`
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`')`

			`allow $1 ddclient_t:process { ptrace signal_perms };`
			`ps_process_pattern($1, ddclient_t)`

			`init_labeled_script_domtrans($1, ddclient_initrc_exec_t)`
			`domain_system_change_exemption($1)`
			`role_transition $2 ddclient_initrc_exec_t system_r;`
			`allow $2 system_r;`

			`files_list_etc($1)`
			`admin_pattern($1, ddclient_etc_t)`

			`logging_list_logs($1)`
			`admin_pattern($1, ddclient_log_t)`

			`files_list_var($1)`
			`admin_pattern($1, ddclient_var_t)`

			`files_list_var_lib($1)`
			`admin_pattern($1, ddclient_var_lib_t)`

			`files_list_pids($1)`
			`admin_pattern($1, ddclient_var_run_t)`
			`')`