## <summary>Tripwire file integrity checker.</summary> ## <desc> ## <p> ## Tripwire file integrity checker. ## </p> ## <p> ## NOTE: Tripwire creates temp file in its current working directory. ## This policy does not allow write access to home directories, so ## users will need to either cd to a directory where they have write ## permission, or set the TEMPDIRECTORY variable in the tripwire config ## file. The latter is preferable, as then the file_type_auto_trans ## rules will kick in and label the files as private to tripwire. ## </p> ## </desc> ######################################## ## <summary> ## Execute tripwire in the tripwire domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`tripwire_domtrans_tripwire',` gen_require(` type tripwire_t, tripwire_exec_t; ') domain_auto_trans($1,tripwire_exec_t,tripwire_t) allow tripwire_t $1:fd use; allow tripwire_t $1:fifo_file rw_file_perms; allow tripwire_t $1:process sigchld; ') ######################################## ## <summary> ## Execute tripwire in the tripwire domain, and ## allow the specified role the tripwire domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <param name="role"> ## <summary> ## The role to be allowed the tripwire domain. ## </summary> ## </param> ## <param name="terminal"> ## <summary> ## The type of the terminal allow the tripwire domain to use. ## </summary> ## </param> # interface(`tripwire_run_tripwire',` gen_require(` type tripwire_t; ') tripwire_domtrans_tripwire($1) role $2 types tripwire_t; allow tripwire_t $3:chr_file rw_term_perms; ') ######################################## ## <summary> ## Execute twadmin in the twadmin domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`tripwire_domtrans_twadmin',` gen_require(` type twadmin_t, twadmin_exec_t; ') domain_auto_trans($1,twadmin_exec_t,twadmin_t) allow twadmin_t $1:fd use; allow twadmin_t $1:fifo_file rw_file_perms; allow twadmin_t $1:process sigchld; ') ######################################## ## <summary> ## Execute twadmin in the twadmin domain, and ## allow the specified role the twadmin domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <param name="role"> ## <summary> ## The role to be allowed the twadmin domain. ## </summary> ## </param> ## <param name="terminal"> ## <summary> ## The type of the terminal allow the twadmin domain to use. ## </summary> ## </param> # interface(`tripwire_run_twadmin',` gen_require(` type twadmin_t; ') tripwire_domtrans_twadmin($1) role $2 types twadmin_t; allow twadmin_t $3:chr_file rw_term_perms; ') ######################################## ## <summary> ## Execute twprint in the twprint domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`tripwire_domtrans_twprint',` gen_require(` type twprint_t, twprint_exec_t; ') domain_auto_trans($1,twprint_exec_t,twprint_t) allow twprint_t $1:fd use; allow twprint_t $1:fifo_file rw_file_perms; allow twprint_t $1:process sigchld; ') ######################################## ## <summary> ## Execute twprint in the twprint domain, and ## allow the specified role the twprint domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <param name="role"> ## <summary> ## The role to be allowed the twprint domain. ## </summary> ## </param> ## <param name="terminal"> ## <summary> ## The type of the terminal allow the twprint domain to use. ## </summary> ## </param> # interface(`tripwire_run_twprint',` gen_require(` type twprint_t; ') tripwire_domtrans_twprint($1) role $2 types twprint_t; allow twprint_t $3:chr_file rw_term_perms; ') ######################################## ## <summary> ## Execute siggen in the siggen domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`tripwire_domtrans_siggen',` gen_require(` type siggen_t, siggen_exec_t; ') domain_auto_trans($1,siggen_exec_t,siggen_t) allow siggen_t $1:fd use; allow siggen_t $1:fifo_file rw_file_perms; allow siggen_t $1:process sigchld; ') ######################################## ## <summary> ## Execute siggen in the siggen domain, and ## allow the specified role the siggen domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <param name="role"> ## <summary> ## The role to be allowed the siggen domain. ## </summary> ## </param> ## <param name="terminal"> ## <summary> ## The type of the terminal allow the siggen domain to use. ## </summary> ## </param> # interface(`tripwire_run_siggen',` gen_require(` type siggen_t; ') tripwire_domtrans_siggen($1) role $2 types siggen_t; allow siggen_t $3:chr_file rw_term_perms; ')