## <summary>Miscelaneous files.</summary> ######################################## ## <summary> ## Read system SSL certificates. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`miscfiles_read_certs',` gen_require(` type cert_t; ') allow $1 cert_t:dir list_dir_perms; read_files_pattern($1,cert_t,cert_t) read_lnk_files_pattern($1,cert_t,cert_t) ') ######################################## ## <summary> ## Read fonts. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`miscfiles_read_fonts',` gen_require(` type fonts_t; ') # cjp: fonts can be in either of these dirs files_search_usr($1) libs_search_lib($1) allow $1 fonts_t:dir list_dir_perms; read_files_pattern($1,fonts_t,fonts_t) read_lnk_files_pattern($1,fonts_t,fonts_t) ') ######################################## ## <summary> ## Create, read, write, and delete fonts. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`miscfiles_manage_fonts',` gen_require(` type fonts_t; ') # cjp: fonts can be in either of these dirs files_search_usr($1) libs_search_lib($1) manage_dirs_pattern($1,fonts_t,fonts_t) manage_files_pattern($1,fonts_t,fonts_t) manage_lnk_files_pattern($1,fonts_t,fonts_t) ') ######################################## ## <summary> ## Read hardware identification data. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_read_hwdata',` gen_require(` type hwdata_t; ') allow $1 hwdata_t:dir list_dir_perms; read_files_pattern($1,hwdata_t,hwdata_t) read_lnk_files_pattern($1,hwdata_t,hwdata_t) ') ######################################## ## <summary> ## Allow process to setattr localization info ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_setattr_localization',` gen_require(` type locale_t; ') files_search_usr($1) allow $1 locale_t:dir list_dir_perms; allow $1 locale_t:file setattr; ') ######################################## ## <summary> ## Allow process to read localization info ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_read_localization',` gen_require(` type locale_t; ') files_read_etc_symlinks($1) files_search_usr($1) allow $1 locale_t:dir list_dir_perms; read_files_pattern($1,locale_t,locale_t) read_lnk_files_pattern($1,locale_t,locale_t) # why? libs_read_lib_files($1) ') ######################################## ## <summary> ## Allow process to write localization info ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_rw_localization',` gen_require(` type locale_t; ') files_search_usr($1) allow $1 locale_t:dir list_dir_perms; rw_files_pattern($1,locale_t,locale_t) ') ######################################## ## <summary> ## Allow process to relabel localization info ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_relabel_localization',` gen_require(` type locale_t; ') files_search_usr($1) relabel_files_pattern($1,locale_t,locale_t) ') ######################################## ## <summary> ## Allow process to read legacy time localization info ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_legacy_read_localization',` gen_require(` type locale_t; ') miscfiles_read_localization($1) allow $1 locale_t:file execute; ') ######################################## ## <summary> ## Do not audit attempts to search man pages. ## </summary> ## <param name="domain"> ## <summary> ## Domain to not audit. ## </summary> ## </param> # interface(`miscfiles_dontaudit_search_man_pages',` gen_require(` type man_t; ') dontaudit $1 man_t:dir search; ') ######################################## ## <summary> ## Read man pages ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`miscfiles_read_man_pages',` gen_require(` type man_t; ') files_search_usr($1) allow $1 man_t:dir list_dir_perms; read_files_pattern($1,man_t,man_t) read_lnk_files_pattern($1,man_t,man_t) ') ######################################## ## <summary> ## Delete man pages ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # cjp: added for tmpreaper # interface(`miscfiles_delete_man_pages',` gen_require(` type man_t; ') files_search_usr($1) allow $1 man_t:dir setattr; delete_dirs_pattern($1,man_t,man_t) delete_files_pattern($1,man_t,man_t) delete_lnk_files_pattern($1,man_t,man_t) ') ######################################## ## <summary> ## Create, read, write, and delete man pages ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_manage_man_pages',` gen_require(` type man_t; ') files_search_usr($1) manage_dirs_pattern($1,man_t,man_t) manage_files_pattern($1,man_t,man_t) read_lnk_files_pattern($1,man_t,man_t) ') ######################################## ## <summary> ## Read public files used for file ## transfer services. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`miscfiles_read_public_files',` gen_require(` type public_content_t, public_content_rw_t; ') allow $1 { public_content_t public_content_rw_t }:dir list_dir_perms; read_files_pattern($1,{ public_content_t public_content_rw_t },{ public_content_t public_content_rw_t }) read_lnk_files_pattern($1,{ public_content_t public_content_rw_t },{ public_content_t public_content_rw_t }) ') ######################################## ## <summary> ## Create, read, write, and delete public files ## and directories used for file transfer services. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`miscfiles_manage_public_files',` gen_require(` type public_content_rw_t; ') manage_dirs_pattern($1,public_content_rw_t,public_content_rw_t) manage_files_pattern($1,public_content_rw_t,public_content_rw_t) manage_lnk_files_pattern($1,public_content_rw_t,public_content_rw_t) ') ######################################## ## <summary> ## Read TeX data ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_read_tetex_data',` gen_require(` type tetex_data_t; ') files_search_var($1) files_search_var_lib($1) # cjp: TeX data can be in either of the above dirs allow $1 tetex_data_t:dir list_dir_perms; read_files_pattern($1,tetex_data_t,tetex_data_t) read_lnk_files_pattern($1,tetex_data_t,tetex_data_t) ') ######################################## ## <summary> ## Execute TeX data programs in the caller domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_exec_tetex_data',` gen_require(` type fonts_t; ') files_search_var($1) files_search_var_lib($1) # cjp: TeX data can be in either of the above dirs allow $1 tetex_data_t:dir list_dir_perms; exec_files_pattern($1,tetex_data_t,tetex_data_t) ') ######################################## ## <summary> ## Let test files be an entry point for ## a specified domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain to be entered. ## </summary> ## </param> # interface(`miscfiles_domain_entry_test_files',` gen_require(` type test_file_t; ') domain_entry_file($1, test_file_t) ') ######################################## ## <summary> ## Read test files and directories. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_read_test_files',` gen_require(` type test_file_t; ') read_files_pattern($1,test_file_t,test_file_t) read_lnk_files_pattern($1,test_file_t,test_file_t) ') ######################################## ## <summary> ## Execute test files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_exec_test_files',` gen_require(` type test_file_t; ') exec_files_pattern($1,test_file_t,test_file_t) read_lnk_files_pattern($1,test_file_t,test_file_t) ') ######################################## ## <summary> ## Execute test files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`miscfiles_etc_filetrans_localization',` gen_require(` type locale_t; ') files_etc_filetrans($1, locale_t, file) ') ######################################## ## <summary> ## Create, read, write, and delete localization ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`miscfiles_manage_localization',` gen_require(` type locale_t; ') manage_dirs_pattern($1,locale_t,locale_t) manage_files_pattern($1,locale_t,locale_t) manage_lnk_files_pattern($1,locale_t,locale_t) ')