starwels
/
starwels


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
							
## <summary>policy for starwels</summary>


########################################
## <summary>
##	Transition to starwels.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`starwels_domtrans',`
	gen_require(`
		type starwels_t, starwels_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, starwels_exec_t, starwels_t)
')


########################################
## <summary>
##	Execute starwels server in the starwels domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`starwels_initrc_domtrans',`
	gen_require(`
		type starwels_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, starwels_initrc_exec_t)
')


########################################
## <summary>
##	Search starwels lib directories.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`starwels_search_lib',`
	gen_require(`
		type starwels_var_lib_t;
	')

	allow $1 starwels_var_lib_t:dir search_dir_perms;
	files_search_var_lib($1)
')

########################################
## <summary>
##	Read starwels lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`starwels_read_lib_files',`
	gen_require(`
		type starwels_var_lib_t;
	')

	files_search_var_lib($1)
	read_files_pattern($1, starwels_var_lib_t, starwels_var_lib_t)
')

########################################
## <summary>
##	Manage starwels lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`starwels_manage_lib_files',`
	gen_require(`
		type starwels_var_lib_t;
	')

	files_search_var_lib($1)
	manage_files_pattern($1, starwels_var_lib_t, starwels_var_lib_t)
')

########################################
## <summary>
##	Manage starwels lib directories.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`starwels_manage_lib_dirs',`
	gen_require(`
		type starwels_var_lib_t;
	')

	files_search_var_lib($1)
	manage_dirs_pattern($1, starwels_var_lib_t, starwels_var_lib_t)
')


########################################
## <summary>
##	All of the rules required to administrate
##	a starwels environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`starwels_admin',`
	gen_require(`
		type starwels_t;
		type starwels_initrc_exec_t;
		type starwels_var_lib_t;
	')

	allow $1 starwels_t:process { ptrace signal_perms };
	ps_process_pattern($1, starwels_t)

	starwels_initrc_domtrans($1)
	domain_system_change_exemption($1)
	role_transition $2 starwels_initrc_exec_t system_r;
	allow $2 system_r;

	files_search_var_lib($1)
	admin_pattern($1, starwels_var_lib_t)

')