You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

starwels.te 2.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. policy_module(starwels, 1.100.1)
  2. ########################################
  3. #
  4. # Declarations
  5. #
  6. type starwels_t;
  7. type starwels_exec_t;
  8. init_daemon_domain(starwels_t, starwels_exec_t)
  9. permissive starwels_t;
  10. type starwels_initrc_exec_t;
  11. init_script_file(starwels_initrc_exec_t)
  12. type starwels_conf_t;
  13. files_type(starwels_conf_t)
  14. type starwels_var_lib_t;
  15. files_type(starwels_var_lib_t)
  16. type starwels_var_run_t;
  17. files_type(starwels_var_run_t)
  18. type starwels_port_t;
  19. corenet_port(starwels_port_t)
  20. ########################################
  21. #
  22. # starwels local policy
  23. #
  24. allow starwels_t self:process { fork };
  25. allow starwels_t self:fifo_file rw_fifo_file_perms;
  26. allow starwels_t self:unix_stream_socket create_stream_socket_perms;
  27. manage_dirs_pattern(starwels_t, starwels_conf_t, starwels_conf_t)
  28. manage_files_pattern(starwels_t, starwels_conf_t, starwels_conf_t)
  29. manage_dirs_pattern(starwels_t, starwels_var_lib_t, starwels_var_lib_t)
  30. manage_files_pattern(starwels_t, starwels_var_lib_t, starwels_var_lib_t)
  31. files_var_lib_filetrans(starwels_t, starwels_var_lib_t, { dir file })
  32. manage_dirs_pattern(starwels_t, starwels_var_run_t, starwels_var_run_t)
  33. manage_files_pattern(starwels_t, starwels_var_run_t, starwels_var_run_t)
  34. sysnet_dns_name_resolve(starwels_t)
  35. corenet_all_recvfrom_unlabeled(starwels_t)
  36. allow starwels_t self:tcp_socket create_stream_socket_perms;
  37. corenet_tcp_sendrecv_generic_if(starwels_t)
  38. corenet_tcp_sendrecv_generic_node(starwels_t)
  39. corenet_tcp_sendrecv_all_ports(starwels_t)
  40. corenet_tcp_bind_generic_node(starwels_t)
  41. gen_require(`
  42. type starwels_port_t;
  43. ')
  44. allow starwels_t starwels_port_t:tcp_socket name_bind;
  45. gen_require(`
  46. type starwels_port_t;
  47. ')
  48. allow starwels_t starwels_port_t:tcp_socket name_connect;
  49. domain_use_interactive_fds(starwels_t)
  50. files_read_etc_files(starwels_t)
  51. miscfiles_read_localization(starwels_t)
  52. sysnet_dns_name_resolve(starwels_t)
  53. allow starwels_t starwels_exec_t:file execute_no_trans;
  54. allow starwels_t self:process setsched;
  55. corecmd_exec_ls(starwels_t)
  56. corenet_tcp_connect_http_port(starwels_t)
  57. dev_read_urand(starwels_t)
  58. fs_getattr_xattr_fs(starwels_t)
  59. kernel_read_system_state(starwels_t)