← Back to branch summary

~ubuntu-branches/ubuntu/maverick/refpolicy-ubuntu/maverick

« back to all changes in this revision

Viewing changes to policy/modules/services/rwho.if

  • Committer: Bazaar Package Importer
  • Author(s): Marshall Miller
  • Date: 2009-03-24 02:17:01 UTC
  • Revision ID: james.westby@ubuntu.com-20090324021701-ost9gewrbluclm5r
Tags: upstream-0.2.20090324
ImportĀ upstreamĀ versionĀ 0.2.20090324

Show diffs side-by-side

added added

removed removed

Lines of Context:
policy/modules/services/rwho.if
 
1
## <summary>Who is logged in on other machines?</summary>
 
2
 
 
3
########################################
 
4
## <summary>
 
5
##      Execute a domain transition to run rwho.
 
6
## </summary>
 
7
## <param name="domain">
 
8
## <summary>
 
9
##      Domain allowed to transition.
 
10
## </summary>
 
11
## </param>
 
12
#
 
13
interface(`rwho_domtrans',`
 
14
        gen_require(`
 
15
                type rwho_t, rwho_exec_t;
 
16
        ')
 
17
 
 
18
        domtrans_pattern($1, rwho_exec_t, rwho_t)
 
19
')
 
20
 
 
21
########################################
 
22
## <summary>
 
23
##      Search rwho log directories.
 
24
## </summary>
 
25
## <param name="domain">
 
26
##      <summary>
 
27
##      Domain allowed access.
 
28
##      </summary>
 
29
## </param>
 
30
#
 
31
interface(`rwho_search_log',`
 
32
        gen_require(`
 
33
                type rwho_log_t;
 
34
        ')
 
35
 
 
36
        allow $1 rwho_log_t:dir search_dir_perms;
 
37
        logging_search_logs($1)
 
38
')
 
39
 
 
40
########################################
 
41
## <summary>
 
42
##      Read rwho log files.
 
43
## </summary>
 
44
## <param name="domain">
 
45
##      <summary>
 
46
##      Domain allowed access.
 
47
##      </summary>
 
48
## </param>
 
49
#
 
50
interface(`rwho_read_log_files',`
 
51
        gen_require(`
 
52
                type rwho_log_t;
 
53
        ')
 
54
 
 
55
        allow $1 rwho_log_t:file read_file_perms;
 
56
        allow $1 rwho_log_t:dir list_dir_perms;
 
57
        logging_search_logs($1)
 
58
')
 
59
 
 
60
########################################
 
61
## <summary>
 
62
##      Search rwho spool directories.
 
63
## </summary>
 
64
## <param name="domain">
 
65
##      <summary>
 
66
##      Domain allowed access.
 
67
##      </summary>
 
68
## </param>
 
69
#
 
70
interface(`rwho_search_spool',`
 
71
        gen_require(`
 
72
                type rwho_spool_t;
 
73
        ')
 
74
 
 
75
        allow $1 rwho_spool_t:dir search_dir_perms;
 
76
        files_search_spool($1)
 
77
')
 
78
 
 
79
########################################
 
80
## <summary>
 
81
##      Read rwho spool files.
 
82
## </summary>
 
83
## <param name="domain">
 
84
##      <summary>
 
85
##      Domain allowed access.
 
86
##      </summary>
 
87
## </param>
 
88
#
 
89
interface(`rwho_read_spool_files',`
 
90
        gen_require(`
 
91
                type rwho_spool_t;
 
92
        ')
 
93
 
 
94
        read_files_pattern($1, rwho_spool_t, rwho_spool_t)
 
95
        files_search_spool($1)
 
96
')
 
97
 
 
98
########################################
 
99
## <summary>
 
100
##      Create, read, write, and delete
 
101
##      rwho spool files.
 
102
## </summary>
 
103
## <param name="domain">
 
104
##      <summary>
 
105
##      Domain allowed access.
 
106
##      </summary>
 
107
## </param>
 
108
#
 
109
interface(`rwho_manage_spool_files',`
 
110
        gen_require(`
 
111
                type rwho_spool_t;
 
112
        ')
 
113
 
 
114
        manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
 
115
        files_search_spool($1)
 
116
')
 
117
 
 
118
########################################
 
119
## <summary>
 
120
##      All of the rules required to administrate 
 
121
##      an rwho environment
 
122
## </summary>
 
123
## <param name="domain">
 
124
##      <summary>
 
125
##      Domain allowed access.
 
126
##      </summary>
 
127
## </param>
 
128
## <param name="role">
 
129
##      <summary>
 
130
##      The role allowed access.
 
131
##      </summary>
 
132
## </param>
 
133
## <rolecap/>
 
134
#
 
135
interface(`rwho_admin',`
 
136
        gen_require(`
 
137
                type rwho_t, rwho_log_t, rwho_spool_t;
 
138
                type rwho_initrc_exec_t;
 
139
        ')
 
140
 
 
141
        allow $1 rwho_t:process { ptrace signal_perms };
 
142
        ps_process_pattern($1, rwho_t)
 
143
 
 
144
        init_labeled_script_domtrans($1, rwho_initrc_exec_t)
 
145
        domain_system_change_exemption($1)
 
146
        role_transition $2 rwho_initrc_exec_t system_r;
 
147
        allow $2 system_r;
 
148
 
 
149
        logging_list_logs($1)
 
150
        admin_pattern($1, rwho_log_t)
 
151
 
 
152
        files_list_spool($1)
 
153
        admin_pattern($1, rwho_spool_t)
 
154
')