0f7c400223
Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible. Use permission sets where possible.
63 lines
1.4 KiB
Plaintext
63 lines
1.4 KiB
Plaintext
policy_module(pads, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type pads_t;
|
|
type pads_exec_t;
|
|
init_daemon_domain(pads_t, pads_exec_t)
|
|
|
|
type pads_initrc_exec_t;
|
|
init_script_file(pads_initrc_exec_t)
|
|
|
|
type pads_config_t;
|
|
files_config_file(pads_config_t)
|
|
|
|
type pads_var_run_t;
|
|
files_pid_file(pads_var_run_t)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
allow pads_t self:capability { dac_override net_raw };
|
|
allow pads_t self:netlink_route_socket create_netlink_socket_perms;
|
|
allow pads_t self:packet_socket create_socket_perms;
|
|
allow pads_t self:udp_socket create_socket_perms;
|
|
allow pads_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
allow pads_t pads_config_t:file manage_file_perms;
|
|
files_etc_filetrans(pads_t, pads_config_t, file)
|
|
|
|
allow pads_t pads_var_run_t:file manage_file_perms;
|
|
files_pid_filetrans(pads_t, pads_var_run_t, file)
|
|
|
|
kernel_read_sysctl(pads_t)
|
|
|
|
corecmd_search_bin(pads_t)
|
|
|
|
corenet_all_recvfrom_unlabeled(pads_t)
|
|
corenet_all_recvfrom_netlabel(pads_t)
|
|
corenet_tcp_sendrecv_generic_if(pads_t)
|
|
corenet_tcp_sendrecv_generic_node(pads_t)
|
|
corenet_tcp_connect_prelude_port(pads_t)
|
|
|
|
dev_read_rand(pads_t)
|
|
dev_read_urand(pads_t)
|
|
|
|
files_read_etc_files(pads_t)
|
|
files_search_spool(pads_t)
|
|
|
|
miscfiles_read_localization(pads_t)
|
|
|
|
logging_send_syslog_msg(pads_t)
|
|
|
|
sysnet_dns_name_resolve(pads_t)
|
|
|
|
optional_policy(`
|
|
prelude_manage_spool(pads_t)
|
|
')
|