Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/motion.te

policy_module(motion, 1.0.0)

########################################
#
# Declarations
#

type motion_t;
type motion_exec_t;
init_daemon_domain(motion_t, motion_exec_t)

type motion_log_t;
logging_log_file(motion_log_t)

type motion_unit_file_t;
systemd_unit_file(motion_unit_file_t)

type motion_var_run_t;
files_pid_file(motion_var_run_t)

type motion_data_t;
files_type(motion_data_t)

########################################
#
# motion local policy
#
allow motion_t self:udp_socket { create connect getattr };
allow motion_t self:tcp_socket create_stream_socket_perms;
allow motion_t self:netlink_route_socket r_netlink_socket_perms;

manage_dirs_pattern(motion_t, motion_log_t, motion_log_t)
manage_files_pattern(motion_t, motion_log_t, motion_log_t)
logging_log_filetrans(motion_t, motion_log_t, { dir file })

manage_dirs_pattern(motion_t, motion_var_run_t, motion_var_run_t)
manage_files_pattern(motion_t, motion_var_run_t, motion_var_run_t)
files_pid_filetrans(motion_t, motion_var_run_t, { dir file })

manage_dirs_pattern(motion_t, motion_data_t, motion_data_t)
manage_files_pattern(motion_t, motion_data_t, motion_data_t)
files_var_filetrans(motion_t, motion_data_t, { dir file })

corenet_tcp_bind_http_cache_port(motion_t)
corenet_tcp_bind_transproxy_port(motion_t)
corenet_tcp_bind_us_cli_port(motion_t)
corenet_tcp_connect_http_port(motion_t)
corenet_tcp_bind_generic_node(motion_t)

dev_read_video_dev(motion_t)
dev_write_video_dev(motion_t)
dev_map_video_dev(motion_t)
dev_list_sysfs(motion_t)
dev_read_sysfs(motion_t)

domain_use_interactive_fds(motion_t)

logging_send_syslog_msg(motion_t)

sysnet_read_config(motion_t)

userdom_home_manager(motion_t)

optional_policy(`
    zoneminder_domtrans(motion_t)
    zoneminder_manage_lib_files(motion_t)
')
extract all compressed files to make viewing source code easier and updated oreon-backgrounds and oreon-release packages 2024-07-03 21:20:34 -07:00			`policy_module(motion, 1.0.0)`

			`########################################`
			`#`
			`# Declarations`
			`#`

			`type motion_t;`
			`type motion_exec_t;`
			`init_daemon_domain(motion_t, motion_exec_t)`

			`type motion_log_t;`
			`logging_log_file(motion_log_t)`

			`type motion_unit_file_t;`
			`systemd_unit_file(motion_unit_file_t)`

			`type motion_var_run_t;`
			`files_pid_file(motion_var_run_t)`

			`type motion_data_t;`
			`files_type(motion_data_t)`

			`########################################`
			`#`
			`# motion local policy`
			`#`
			`allow motion_t self:udp_socket { create connect getattr };`
			`allow motion_t self:tcp_socket create_stream_socket_perms;`
			`allow motion_t self:netlink_route_socket r_netlink_socket_perms;`

			`manage_dirs_pattern(motion_t, motion_log_t, motion_log_t)`
			`manage_files_pattern(motion_t, motion_log_t, motion_log_t)`
			`logging_log_filetrans(motion_t, motion_log_t, { dir file })`

			`manage_dirs_pattern(motion_t, motion_var_run_t, motion_var_run_t)`
			`manage_files_pattern(motion_t, motion_var_run_t, motion_var_run_t)`
			`files_pid_filetrans(motion_t, motion_var_run_t, { dir file })`

			`manage_dirs_pattern(motion_t, motion_data_t, motion_data_t)`
			`manage_files_pattern(motion_t, motion_data_t, motion_data_t)`
			`files_var_filetrans(motion_t, motion_data_t, { dir file })`

			`corenet_tcp_bind_http_cache_port(motion_t)`
			`corenet_tcp_bind_transproxy_port(motion_t)`
			`corenet_tcp_bind_us_cli_port(motion_t)`
			`corenet_tcp_connect_http_port(motion_t)`
			`corenet_tcp_bind_generic_node(motion_t)`

			`dev_read_video_dev(motion_t)`
			`dev_write_video_dev(motion_t)`
			`dev_map_video_dev(motion_t)`
			`dev_list_sysfs(motion_t)`
			`dev_read_sysfs(motion_t)`

			`domain_use_interactive_fds(motion_t)`

			`logging_send_syslog_msg(motion_t)`

			`sysnet_read_config(motion_t)`

			`userdom_home_manager(motion_t)`

			optional_policy(`
			`zoneminder_domtrans(motion_t)`
			`zoneminder_manage_lib_files(motion_t)`
			`')`