selinux-policy/policy/modules/services/mock.if
Dominick Grift 1976ddda24 Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-20 18:15:28 +02:00

236 lines
4.2 KiB
Plaintext

## <summary>policy for mock</summary>
########################################
## <summary>
## Execute a domain transition to run mock.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`mock_domtrans',`
gen_require(`
type mock_t, mock_exec_t;
')
domtrans_pattern($1, mock_exec_t, mock_t)
')
########################################
## <summary>
## Search mock lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mock_search_lib',`
gen_require(`
type mock_var_lib_t;
')
allow $1 mock_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Read mock lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mock_read_lib_files',`
gen_require(`
type mock_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
## <summary>
## Create, read, write, and delete
## mock lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mock_manage_lib_files',`
gen_require(`
type mock_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
## <summary>
## Manage mock lib dirs files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mock_manage_lib_dirs',`
gen_require(`
type mock_var_lib_t;
')
files_search_var_lib($1)
manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
#########################################
## <summary>
## Manage mock lib symlinks.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mock_manage_lib_symlinks',`
gen_require(`
type mock_var_lib_t;
')
files_search_var_lib($1)
manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
## <summary>
## Manage mock lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mock_manage_lib_chr_files',`
gen_require(`
type mock_var_lib_t;
')
files_search_var_lib($1)
manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
## <summary>
## Execute mock in the mock domain, and
## allow the specified role the mock domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the mock domain.
## </summary>
## </param>
#
interface(`mock_run',`
gen_require(`
type mock_t;
')
mock_domtrans($1)
role $2 types mock_t;
')
########################################
## <summary>
## Role access for mock
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`mock_role',`
gen_require(`
type mock_t;
')
role $1 types mock_t;
mock_domtrans($2)
ps_process_pattern($2, mock_t)
allow $2 mock_t:process { ptrace signal_perms };
')
#######################################
## <summary>
## Send a generic signal to mock.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mock_signal',`
gen_require(`
type mock_t;
')
allow $1 mock_t:process signal;
')
########################################
## <summary>
## All of the rules required to administrate
## an mock environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mock_admin',`
gen_require(`
type mock_t;
type mock_var_lib_t;
')
allow $1 mock_t:process { ptrace signal_perms };
ps_process_pattern($1, mock_t)
files_search_var_lib($1)
admin_pattern($1, mock_var_lib_t)
')