## Ethereal packet capture tool.
########################################
##
## Role access for ethereal
##
##
##
## Role allowed access
##
##
##
##
## User domain for the role
##
##
#
interface(`ethereal_role',`
gen_require(`
type ethereal_t, ethereal_exec_t, ethereal_home_t;
')
role $1 types ethereal_t;
domain_auto_trans($2, ethereal_exec_t, ethereal_t)
allow ethereal_t $2:fd use;
allow ethereal_t $2:process sigchld;
manage_dirs_pattern($2, ethereal_home_t, ethereal_home_t)
manage_files_pattern($2, ethereal_home_t, ethereal_home_t)
manage_lnk_files_pattern($2, ethereal_home_t, ethereal_home_t)
relabel_dirs_pattern($2, ethereal_home_t, ethereal_home_t)
relabel_files_pattern($2, ethereal_home_t, ethereal_home_t)
relabel_lnk_files_pattern($2, ethereal_home_t, ethereal_home_t)
')
########################################
##
## Run ethereal in ethereal domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`ethereal_domtrans',`
gen_require(`
type ethereal_t, ethereal_exec_t;
')
domtrans_pattern($1, ethereal_exec_t, ethereal_t)
')
########################################
##
## Run tethereal in the tethereal domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`ethereal_domtrans_tethereal',`
gen_require(`
type tethereal_t, tethereal_exec_t;
')
domtrans_pattern($1, tethereal_exec_t, tethereal_t)
')
########################################
##
## Execute tethereal in the tethereal domain, and
## allow the specified role the tethereal domain.
##
##
##
## Domain allowed access.
##
##
##
##
## The role to be allowed the tethereal domain.
##
##
#
interface(`ethereal_run_tethereal',`
gen_require(`
type tethereal_t;
')
ethereal_domtrans_tethereal($1)
role $2 types tethereal_t;
')