selinux-policy/strict/domains/program/ethereal.te
2005-10-13 14:09:28 +00:00

49 lines
1.1 KiB
Plaintext

# DESC - Ethereal
#
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
#
# Type for executables
type tethereal_exec_t, file_type, exec_type, sysadmfile;
type ethereal_exec_t, file_type, exec_type, sysadmfile;
########################################################
# Tethereal
#
# Type for program
type tethereal_t, domain, nscd_client_domain;
# Transition from sysadm type
domain_auto_trans(sysadm_t, tethereal_exec_t, tethereal_t)
role sysadm_r types tethereal_t;
uses_shlib(tethereal_t)
read_locale(tethereal_t)
# Terminal output
access_terminal(tethereal_t, sysadm)
# /proc
read_sysctl(tethereal_t)
allow tethereal_t { self proc_t }:dir { read search getattr };
allow tethereal_t { self proc_t }:{ file lnk_file } { read getattr };
# Access root
allow tethereal_t root_t:dir search;
# Read ethereal files in /usr
allow tethereal_t usr_t:file { read getattr };
# /etc/nsswitch.conf
allow tethereal_t etc_t:file { read getattr };
# Ethereal sysadm rules
ethereal_networking(tethereal)
# FIXME: policy is incomplete
#####################################
# Ethereal (GNOME) policy can be found
# in ethereal_macros.te