selinux-policy/policy/modules/services/likewise.if
2010-03-17 09:28:18 -04:00

106 lines
2.4 KiB
Plaintext

## <summary>Likewise Active Directory support for UNIX.</summary>
## <desc>
## <p>
## Likewise Open is a free, open source application that joins Linux, Unix,
## and Mac machines to Microsoft Active Directory to securely authenticate
## users with their domain credentials.
## </p>
## </desc>
#######################################
## <summary>
## The template to define a likewise domain.
## </summary>
## <desc>
## <p>
## This template creates a domain to be used for
## a new likewise daemon.
## </p>
## </desc>
## <param name="userdomain_prefix">
## <summary>
## The type of daemon to be used.
## </summary>
## </param>
#
template(`likewise_domain_template',`
gen_require(`
attribute likewise_domains;
type likewise_var_lib_t;
')
########################################
#
# Declarations
#
type $1_t;
type $1_exec_t;
init_daemon_domain($1_t, $1_exec_t)
domain_use_interactive_fds($1_t)
typeattribute $1_t likewise_domains;
type $1_var_run_t;
files_pid_file($1_var_run_t)
type $1_var_socket_t;
files_type($1_var_socket_t)
type $1_var_lib_t;
files_type($1_var_lib_t)
####################################
#
# Local Policy
#
allow $1_t self:process { signal_perms getsched setsched };
allow $1_t self:fifo_file rw_fifo_file_perms;
allow $1_t self:unix_dgram_socket create_socket_perms;
allow $1_t self:unix_stream_socket create_stream_socket_perms;
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:udp_socket create_socket_perms;
allow $1_t likewise_var_lib_t:dir setattr;
manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
files_pid_filetrans($1_t, $1_var_run_t, file)
manage_files_pattern($1_t, likewise_var_lib_t, $1_var_lib_t)
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_lib_t, file)
manage_sock_files_pattern($1_t, likewise_var_lib_t, $1_var_socket_t)
filetrans_pattern($1_t, likewise_var_lib_t, $1_var_socket_t, sock_file)
dev_read_rand($1_t)
dev_read_urand($1_t)
files_read_etc_files($1_t)
files_search_var_lib($1_t)
logging_send_syslog_msg($1_t)
miscfiles_read_localization($1_t)
')
########################################
## <summary>
## Connect to lsassd.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`likewise_stream_connect_lsassd',`
gen_require(`
type likewise_var_lib_t, lsassd_var_socket_t, lsassd_t;
')
files_search_pids($1)
stream_connect_pattern($1, likewise_var_lib_t, lsassd_var_socket_t, lsassd_t)
')