policy_module(ethereal, 1.5.0) ######################################## # # Declarations # type ethereal_exec_t; application_executable_file(ethereal_exec_t) type tethereal_t; type tethereal_exec_t; application_domain(tethereal_t, tethereal_exec_t) type tethereal_tmp_t; files_tmp_file(tethereal_tmp_t) ######################################## # # Tethereal policy # allow tethereal_t tethereal_t : capability { dac_override dac_read_search setgid setuid net_raw }; allow tethereal_t self:unix_stream_socket create_stream_socket_perms; allow tethereal_t self:netlink_route_socket create_netlink_socket_perms; allow tethereal_t self:packet_socket create_socket_perms; allow tethereal_t self:tcp_socket create_socket_perms; allow tethereal_t self:udp_socket create_socket_perms; # Store temporary files manage_dirs_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t) manage_files_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t) files_tmp_filetrans(tethereal_t, tethereal_tmp_t, { dir file }) # /proc kernel_read_all_sysctls(tethereal_t) kernel_read_system_state(tethereal_t) # Read ethereal files in /usr files_read_usr_files(tethereal_t) # /etc/nsswitch.conf files_read_etc_files(tethereal_t) miscfiles_read_localization(tethereal_t) seutil_use_newrole_fds(tethereal_t) sysnet_dns_name_resolve(tethereal_t) optional_policy(` nscd_socket_use(tethereal_t) ')