selinux-policy/policy/modules/services/uucp.te
Dominick Grift 7d1f5642b0 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-24 12:44:39 +02:00

150 lines
3.3 KiB
Plaintext

policy_module(uucp, 1.11.0)
########################################
#
# Declarations
#
type uucpd_t;
type uucpd_exec_t;
inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
type uucpd_lock_t;
files_lock_file(uucpd_lock_t)
type uucpd_tmp_t;
files_tmp_file(uucpd_tmp_t)
type uucpd_var_run_t;
files_pid_file(uucpd_var_run_t)
type uucpd_rw_t;
files_type(uucpd_rw_t)
type uucpd_ro_t;
files_type(uucpd_ro_t)
type uucpd_spool_t;
files_type(uucpd_spool_t)
type uucpd_log_t;
logging_log_file(uucpd_log_t)
type uux_t;
type uux_exec_t;
application_domain(uux_t, uux_exec_t)
role system_r types uux_t;
########################################
#
# UUCPd Local policy
#
allow uucpd_t self:capability { setuid setgid };
allow uucpd_t self:process signal_perms;
allow uucpd_t self:fifo_file rw_fifo_file_perms;
allow uucpd_t self:tcp_socket connected_stream_socket_perms;
allow uucpd_t self:udp_socket create_socket_perms;
allow uucpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow uucpd_t uucpd_log_t:dir setattr;
manage_files_pattern(uucpd_t, uucpd_log_t, uucpd_log_t)
logging_log_filetrans(uucpd_t, uucpd_log_t, { file dir })
allow uucpd_t uucpd_ro_t:dir list_dir_perms;
read_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
read_lnk_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
manage_dirs_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
manage_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
manage_lnk_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
uucp_manage_spool(uucpd_t)
manage_dirs_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
manage_files_pattern(uucpd_t, uucpd_lock_t, uucpd_lock_t)
files_search_locks(uucpd_t)
manage_dirs_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
manage_files_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
files_tmp_filetrans(uucpd_t, uucpd_tmp_t, { file dir })
manage_files_pattern(uucpd_t, uucpd_var_run_t, uucpd_var_run_t)
files_pid_filetrans(uucpd_t, uucpd_var_run_t, file)
kernel_read_kernel_sysctls(uucpd_t)
kernel_read_system_state(uucpd_t)
kernel_read_network_state(uucpd_t)
corenet_all_recvfrom_unlabeled(uucpd_t)
corenet_all_recvfrom_netlabel(uucpd_t)
corenet_tcp_sendrecv_generic_if(uucpd_t)
corenet_udp_sendrecv_generic_if(uucpd_t)
corenet_tcp_sendrecv_generic_node(uucpd_t)
corenet_udp_sendrecv_generic_node(uucpd_t)
corenet_tcp_sendrecv_all_ports(uucpd_t)
corenet_udp_sendrecv_all_ports(uucpd_t)
corenet_tcp_connect_ssh_port(uucpd_t)
dev_read_urand(uucpd_t)
fs_getattr_xattr_fs(uucpd_t)
corecmd_exec_bin(uucpd_t)
corecmd_exec_shell(uucpd_t)
files_read_etc_files(uucpd_t)
files_search_home(uucpd_t)
files_search_spool(uucpd_t)
term_setattr_controlling_term(uucpd_t)
auth_use_nsswitch(uucpd_t)
logging_send_syslog_msg(uucpd_t)
miscfiles_read_localization(uucpd_t)
mta_send_mail(uucpd_t)
optional_policy(`
cron_system_entry(uucpd_t, uucpd_exec_t)
')
optional_policy(`
kerberos_use(uucpd_t)
')
optional_policy(`
ssh_exec(uucpd_t)
')
########################################
#
# UUX Local policy
#
allow uux_t self:capability { setuid setgid };
allow uux_t self:fifo_file write_fifo_file_perms;
uucp_append_log(uux_t)
uucp_manage_spool(uux_t)
corecmd_exec_bin(uux_t)
files_read_etc_files(uux_t)
fs_rw_anon_inodefs_files(uux_t)
logging_send_syslog_msg(uux_t)
miscfiles_read_localization(uux_t)
optional_policy(`
mta_send_mail(uux_t)
mta_read_queue(uux_t)
sendmail_dontaudit_rw_unix_stream_sockets(uux_t)
')
optional_policy(`
nscd_socket_use(uux_t)
')