8340621920
This is based on Fedoras' miscfiles_cert_type implementation. The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates. Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces. Signed-off-by: Dominick Grift <domg472@gmail.com>
63 lines
971 B
Plaintext
63 lines
971 B
Plaintext
policy_module(miscfiles, 1.8.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
attribute cert_type;
|
|
|
|
#
|
|
# cert_t is the type of files in the system certs directories.
|
|
#
|
|
type cert_t;
|
|
miscfiles_cert_type(cert_t)
|
|
#
|
|
# fonts_t is the type of various font
|
|
# files in /usr
|
|
#
|
|
type fonts_t;
|
|
files_type(fonts_t)
|
|
|
|
type fonts_cache_t;
|
|
files_type(fonts_cache_t)
|
|
|
|
#
|
|
# type for /usr/share/hwdata
|
|
#
|
|
type hwdata_t;
|
|
files_type(hwdata_t)
|
|
|
|
#
|
|
# locale_t is the type for system localization
|
|
#
|
|
type locale_t;
|
|
files_type(locale_t)
|
|
|
|
#
|
|
# man_t is the type for the man directories.
|
|
#
|
|
type man_t alias catman_t;
|
|
files_type(man_t)
|
|
|
|
#
|
|
# Types for public content
|
|
#
|
|
type public_content_t; #, customizable;
|
|
files_type(public_content_t)
|
|
|
|
type public_content_rw_t; #, customizable;
|
|
files_type(public_content_rw_t)
|
|
|
|
#
|
|
# Base type for the tests directory.
|
|
#
|
|
type test_file_t;
|
|
files_type(test_file_t)
|
|
|
|
#
|
|
# for /var/{spool,lib}/texmf index files
|
|
#
|
|
type tetex_data_t;
|
|
files_tmp_file(tetex_data_t)
|