selinux-policy/policy/modules/services/ulogd.te

policy_module(ulogd, 1.1.0)

########################################
#
# Declarations
#

type ulogd_t;
type ulogd_exec_t;
init_daemon_domain(ulogd_t, ulogd_exec_t)

# config files
type ulogd_etc_t;
files_type(ulogd_etc_t)

type ulogd_initrc_exec_t;
init_script_file(ulogd_initrc_exec_t)

# /usr/lib files
type ulogd_modules_t;
files_type(ulogd_modules_t)

# log files
type ulogd_var_log_t;
logging_log_file(ulogd_var_log_t)

########################################
#
# ulogd local policy
#

allow ulogd_t self:capability net_admin;
allow ulogd_t self:netlink_nflog_socket create_socket_perms;
allow ulogd_t self:netlink_route_socket r_netlink_socket_perms;
allow ulogd_t self:tcp_socket { create_stream_socket_perms connect };
allow ulogd_t self:udp_socket create_socket_perms;

# config files
read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)

# modules for ulogd
list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)

# log files
manage_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
logging_log_filetrans(ulogd_t, ulogd_var_log_t, file)

files_read_etc_files(ulogd_t)
files_read_usr_files(ulogd_t)

miscfiles_read_localization(ulogd_t)

sysnet_dns_name_resolve(ulogd_t)

optional_policy(`
	mysql_stream_connect(ulogd_t)
')

optional_policy(`
	postgresql_stream_connect(ulogd_t)
	postgresql_tcp_connect(ulogd_t)
')