selinux-policy/refpolicy/policy/modules/services/finger.if

45 lines
999 B
Plaintext

## <summary>Finger user information service.</summary>
########################################
## <summary>
## Execute fingerd in the fingerd domain.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`finger_domtrans',`
gen_require(`
type fingerd_t, fingerd_exec_t;
')
domain_auto_trans($1,fingerd_exec_t,fingerd_t)
allow $1 fingerd_t:fd use;
allow fingerd_t $1:fd use;
allow fingerd_t $1:fifo_file rw_file_perms;
allow fingerd_t $1:process sigchld;
')
########################################
## <summary>
## Allow the specified domain to connect to fingerd with a tcp socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`finger_tcp_connect',`
gen_require(`
type fingerd_t;
')
kernel_tcp_recvfrom($1)
allow $1 fingerd_t:tcp_socket { connectto recvfrom };
allow fingerd_t $1:tcp_socket { acceptfrom recvfrom };
')