9a0f7994cb
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
72 lines
1.9 KiB
Plaintext
72 lines
1.9 KiB
Plaintext
policy_module(aiccu, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type aiccu_t;
|
|
type aiccu_exec_t;
|
|
init_daemon_domain(aiccu_t, aiccu_exec_t)
|
|
|
|
type aiccu_initrc_exec_t;
|
|
init_script_file(aiccu_initrc_exec_t)
|
|
|
|
type aiccu_etc_t;
|
|
files_config_file(aiccu_etc_t)
|
|
|
|
type aiccu_var_run_t;
|
|
files_pid_file(aiccu_var_run_t)
|
|
|
|
########################################
|
|
#
|
|
# aiccu local policy
|
|
#
|
|
|
|
allow aiccu_t self:capability { kill net_admin net_raw };
|
|
dontaudit aiccu_t self:capability sys_tty_config;
|
|
allow aiccu_t self:process signal;
|
|
allow aiccu_t self:fifo_file rw_fifo_file_perms;
|
|
allow aiccu_t self:netlink_route_socket create_netlink_socket_perms;
|
|
allow aiccu_t self:tcp_socket create_stream_socket_perms;
|
|
allow aiccu_t self:tun_socket create_socket_perms;
|
|
allow aiccu_t self:udp_socket create_stream_socket_perms;
|
|
allow aiccu_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
|
allow aiccu_t aiccu_etc_t:file read_file_perms;
|
|
|
|
manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
|
|
manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
|
|
files_pid_filetrans(aiccu_t, aiccu_var_run_t, { file dir })
|
|
|
|
kernel_read_system_state(aiccu_t)
|
|
|
|
corecmd_exec_shell(aiccu_t)
|
|
|
|
corenet_all_recvfrom_netlabel(aiccu_t)
|
|
corenet_all_recvfrom_unlabeled(aiccu_t)
|
|
corenet_tcp_bind_generic_node(aiccu_t)
|
|
corenet_tcp_sendrecv_generic_if(aiccu_t)
|
|
corenet_tcp_sendrecv_generic_node(aiccu_t)
|
|
corenet_tcp_sendrecv_generic_port(aiccu_t)
|
|
corenet_sendrecv_sixxsconfig_client_packets(aiccu_t)
|
|
corenet_tcp_sendrecv_sixxsconfig_port(aiccu_t)
|
|
corenet_tcp_connect_sixxsconfig_port(aiccu_t)
|
|
corenet_rw_tun_tap_dev(aiccu_t)
|
|
|
|
domain_use_interactive_fds(aiccu_t)
|
|
|
|
dev_read_rand(aiccu_t)
|
|
dev_read_urand(aiccu_t)
|
|
|
|
files_read_etc_files(aiccu_t)
|
|
|
|
logging_send_syslog_msg(aiccu_t)
|
|
|
|
miscfiles_read_localization(aiccu_t)
|
|
|
|
modutils_domtrans_insmod(aiccu_t)
|
|
|
|
sysnet_domtrans_ifconfig(aiccu_t)
|
|
sysnet_dns_name_resolve(aiccu_t)
|