← Back to branch summary

~ubuntu-branches/ubuntu/dapper/selinux-policy-default/dapper

« back to all changes in this revision

Viewing changes to domains/program/unused/scannerdaemon.te

  • Committer: Bazaar Package Importer
  • Author(s): Russell Coker
  • Date: 2004-06-10 18:08:00 UTC
  • Revision ID: james.westby@ubuntu.com-20040610180800-gagxr0cdovi7mv2i
Tags: upstream-1.12
ImportĀ upstreamĀ versionĀ 1.12

Show diffs side-by-side

added added

removed removed

Lines of Context:
domains/program/unused/scannerdaemon.te
 
1
#DESC Scannerdaemon - Virus scanner daemon
 
2
#
 
3
# Author:  Brian May <bam@snoopy.apana.org.au>
 
4
# X-Debian-Packages:
 
5
#
 
6
 
 
7
#################################
 
8
#
 
9
# Rules for the scannerdaemon_t domain.
 
10
#
 
11
type scannerdaemon_etc_t, file_type, sysadmfile;
 
12
 
 
13
#networking
 
14
daemon_domain(scannerdaemon)
 
15
can_network(scannerdaemon_t)
 
16
ifdef(`postfix.te',
 
17
`can_tcp_connect(postfix_bounce_t,scannerdaemon_t);')
 
18
 
 
19
# for testing
 
20
can_tcp_connect(sysadm_t,scannerdaemon_t)
 
21
 
 
22
# Can create unix sockets
 
23
allow scannerdaemon_t self:unix_stream_socket create_stream_socket_perms;
 
24
 
 
25
# Access config files (libc6).
 
26
allow scannerdaemon_t etc_t:file r_file_perms;
 
27
allow scannerdaemon_t etc_t:lnk_file r_file_perms;
 
28
allow scannerdaemon_t proc_t:file r_file_perms;
 
29
allow scannerdaemon_t etc_runtime_t:file r_file_perms;
 
30
 
 
31
# Access config files (scannerdaemon).
 
32
allow scannerdaemon_t scannerdaemon_etc_t:file r_file_perms;
 
33
 
 
34
# Access signature files.
 
35
ifdef(`oav-update.te',`
 
36
allow scannerdaemon_t oav_update_var_lib_t:dir r_dir_perms;
 
37
allow scannerdaemon_t oav_update_var_lib_t:file r_file_perms;
 
38
')
 
39
 
 
40
log_domain(scannerdaemon)
 
41
ifdef(`logrotate.te', `
 
42
allow logrotate_t scannerdaemon_log_t:file create_file_perms;
 
43
')
 
44
 
 
45
# Can run kaffe
 
46
# Run helper programs.
 
47
can_exec_any(scannerdaemon_t)
 
48
allow scannerdaemon_t var_lib_t:dir search;
 
49
allow scannerdaemon_t { sbin_t bin_t }:dir search;
 
50
allow scannerdaemon_t bin_t:lnk_file read;
 
51
 
 
52
# unknown stuff
 
53
allow scannerdaemon_t self:fifo_file { read write };
 
54
 
 
55
# broken stuff
 
56
dontaudit scannerdaemon_t sysadm_home_dir_t:dir search;
 
57
dontaudit scannerdaemon_t devtty_t:chr_file { read write };
 
58
dontaudit scannerdaemon_t shadow_t:file { read getattr };