Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/contrib/snapper.if

100 lines
1.9 KiB
Text
Raw Permalink Normal View History

## <summary>policy for snapperd</summary>
########################################
## <summary>
## Execute TEMPLATE in the snapperd domin.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`snapper_domtrans',`
gen_require(`
type snapperd_t, snapperd_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, snapperd_exec_t, snapperd_t)
')
########################################
## <summary>
## Send and receive messages from
## snapperd over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snapper_dbus_chat',`
gen_require(`
type snapperd_t;
class dbus send_msg;
')
allow $1 snapperd_t:dbus send_msg;
allow snapperd_t $1:dbus send_msg;
')
########################################
## <summary>
## Allow a domain to read inherited snapper pipe.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snapper_read_inherited_pipe',`
gen_require(`
type snapperd_t;
')
allow $1 snapperd_t:fifo_file read_inherited_file_perms;
')
########################################
## <summary>
## Allow a domain to relabel snapshots to snapperd_data_t
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snapper_relabel_snapshots',`
gen_require(`
type snapperd_data_t;
')
kernel_relabelfrom_unlabeled_dirs($1)
allow $1 snapperd_data_t:dir relabelto;
')
#######################################
## <summary>
## Allow domain to create .smapshot
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snapper_filetrans_named_content',`
gen_require(`
type snapperd_data_t;
')
files_mountpoint_filetrans($1, snapperd_data_t, dir, ".snapshots")
')