6bb4d401ee
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible.
168 lines
3.2 KiB
Plaintext
168 lines
3.2 KiB
Plaintext
## <summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute avahi server in the avahi domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`avahi_domtrans',`
|
|
gen_require(`
|
|
type avahi_exec_t, avahi_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, avahi_exec_t, avahi_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send avahi a signal
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`avahi_signal',`
|
|
gen_require(`
|
|
type avahi_t;
|
|
')
|
|
|
|
allow $1 avahi_t:process signal;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send avahi a kill signal.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`avahi_kill',`
|
|
gen_require(`
|
|
type avahi_t;
|
|
')
|
|
|
|
allow $1 avahi_t:process sigkill;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send avahi a signull
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`avahi_signull',`
|
|
gen_require(`
|
|
type avahi_t;
|
|
')
|
|
|
|
allow $1 avahi_t:process signull;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send and receive messages from
|
|
## avahi over dbus.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`avahi_dbus_chat',`
|
|
gen_require(`
|
|
type avahi_t;
|
|
class dbus send_msg;
|
|
')
|
|
|
|
allow avahi_t $1:file read;
|
|
allow $1 avahi_t:dbus send_msg;
|
|
allow avahi_t $1:dbus send_msg;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Connect to avahi using a unix domain stream socket.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`avahi_stream_connect',`
|
|
gen_require(`
|
|
type avahi_t, avahi_var_run_t;
|
|
')
|
|
|
|
files_search_pids($1)
|
|
stream_connect_pattern($1, avahi_var_run_t, avahi_var_run_t, avahi_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the avahi pid directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`avahi_dontaudit_search_pid',`
|
|
gen_require(`
|
|
type avahi_var_run_t;
|
|
')
|
|
|
|
dontaudit $1 avahi_var_run_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an avahi environment
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## The role to be allowed to manage the avahi domain.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`avahi_admin',`
|
|
gen_require(`
|
|
type avahi_t, avahi_var_run_t, avahi_initrc_exec_t;
|
|
')
|
|
|
|
allow $1 avahi_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, avahi_t)
|
|
|
|
init_labeled_script_domtrans($1, avahi_initrc_exec_t)
|
|
domain_system_change_exemption($1)
|
|
role_transition $2 avahi_initrc_exec_t system_r;
|
|
allow $2 system_r;
|
|
|
|
files_list_pids($1)
|
|
admin_pattern($1, avahi_var_run_t)
|
|
')
|