Hardware abstraction layer

######################################## ##

## Execute hal in the hal domain. ##

## ##

## Domain allowed access. ##

## # interface(`hal_domtrans',` gen_require(` type hald_t, hald_exec_t; ') domtrans_pattern($1,hald_exec_t,hald_t) ') ######################################## ##

## Do not audit attempts to use file descriptors from hal. ##

## ##

## Domain to not audit. ##

## # interface(`hal_dontaudit_use_fds',` gen_require(` type hald_t; ') dontaudit $1 hald_t:fd use; ') ######################################## ##

## Do not audit attempts to read and write to ## hald unnamed pipes. ##

## ##

## Domain to not audit. ##

## # interface(`hal_dontaudit_rw_pipes',` gen_require(` type hald_t; ') dontaudit $1 hald_t:fifo_file rw_fifo_file_perms; ') ######################################## ##

## Send to hal over a unix domain ## datagram socket. ##

## ##

## Domain allowed access. ##

## # interface(`hal_dgram_send',` gen_require(` type hald_t; ') allow $1 hald_t:unix_dgram_socket sendto; ') ######################################## ##

## Send to hal over a unix domain ## stream socket. ##

## ##

## Domain allowed access. ##

## # interface(`hal_stream_connect',` gen_require(` type hald_t; ') allow $1 hald_t:unix_stream_socket connectto; ') ######################################## ##

## Send a dbus message to hal. ##

## ##

## Domain allowed access. ##

## # interface(`hal_dbus_send',` gen_require(` type hald_t; class dbus send_msg; ') allow $1 hald_t:dbus send_msg; ') ######################################## ##

## Send and receive messages from ## hal over dbus. ##

## ##

## Domain allowed access. ##

## # interface(`hal_dbus_chat',` gen_require(` type hald_t; class dbus send_msg; ') allow $1 hald_t:dbus send_msg; allow hald_t $1:dbus send_msg; ') ######################################## ##

## Read hald tmp files. ##

## ##

## Domain allowed access. ##

## # interface(`hal_read_tmp_files',` gen_require(` type hald_tmp_t; ') allow $1 hald_tmp_t:file read_file_perms; ') ######################################## ##

## Do not audit attempts to read or write ## HAL libraries files ##

## ##

## Domain allowed access. ##

## # interface(`hal_dontaudit_append_lib_files',` gen_require(` type hald_var_lib_t; ') dontaudit $1 hald_var_lib_t:file { read_file_perms append_file_perms }; ') ######################################## ##

## Read hald PID files. ##

## ##

## Domain allowed access. ##

## # interface(`hal_read_pid_files',` gen_require(` type hald_var_run_t; ') files_search_pids($1) allow $1 hald_var_run_t:file read_file_perms; ') ######################################## ##

## Read/Write hald PID files. ##

## ##

## Domain allowed access. ##

## # interface(`hal_rw_pid_files',` gen_require(` type hald_var_run_t; ') files_search_pids($1) allow $1 hald_var_run_t:file rw_file_perms; ')