oreonproject/Oreon-Lime-R2
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/apcupsd.if

244 lines
4.9 KiB
Text
Raw Normal View History

extract all compressed files to make viewing source code easier and updated oreon-backgrounds and oreon-release packages
2024-07-03 21:20:34 -07:00
## <summary>APC UPS monitoring daemon.</summary>
########################################
## <summary>
## Execute a domain transition to
## run apcupsd.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`apcupsd_domtrans',`
gen_require(`
type apcupsd_t, apcupsd_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, apcupsd_exec_t, apcupsd_t)
')
########################################
## <summary>
## Execute apcupsd server in the
## apcupsd domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`apcupsd_initrc_domtrans',`
gen_require(`
type apcupsd_initrc_exec_t;
')
init_labeled_script_domtrans($1, apcupsd_initrc_exec_t)
')
########################################
## <summary>
## Read apcupsd PID files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`apcupsd_read_pid_files',`
gen_require(`
type apcupsd_var_run_t;
')
files_search_pids($1)
allow $1 apcupsd_var_run_t:file read_file_perms;
')
########################################
## <summary>
## Read apcupsd power files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`apcupsd_read_power_files',`
gen_require(`
type apcupsd_power_t;
')
allow $1 apcupsd_power_t:file read_file_perms;
')
########################################
## <summary>
## Read apcupsd log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`apcupsd_read_log',`
gen_require(`
type apcupsd_log_t;
')
logging_search_logs($1)
allow $1 apcupsd_log_t:dir list_dir_perms;
allow $1 apcupsd_log_t:file read_file_perms;
')
########################################
## <summary>
## Append apcupsd log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`apcupsd_append_log',`
gen_require(`
type apcupsd_log_t;
')
logging_search_logs($1)
allow $1 apcupsd_log_t:dir list_dir_perms;
allow $1 apcupsd_log_t:file append_file_perms;
')
########################################
## <summary>
## Execute a domain transition to
## run apcupsd_cgi_script.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`apcupsd_cgi_script_domtrans',`
gen_require(`
type apcupsd_cgi_script_t, apcupsd_cgi_script_exec_t;
')
files_search_var($1)
domtrans_pattern($1, apcupsd_cgi_script_exec_t, apcupsd_cgi_script_t)
optional_policy(`
apache_search_sys_content($1)
')
')
########################################
## <summary>
## Execute apcupsd server in the apcupsd domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`apcupsd_systemctl',`
gen_require(`
type apcupsd_t;
type apcupsd_unit_file_t;
')
systemd_exec_systemctl($1)
init_reload_services($1)
allow $1 apcupsd_unit_file_t:file read_file_perms;
allow $1 apcupsd_unit_file_t:service manage_service_perms;
ps_process_pattern($1, apcupsd_t)
')
########################################
## <summary>
## Create configuration files in /var/lock
## with a named file type transition.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`apcupsd_filetrans_named_content',`
gen_require(`
type apcupsd_lock_t;
')
files_lock_filetrans($1, apcupsd_lock_t, file, "apcupsd")
files_lock_filetrans($1, apcupsd_lock_t, file, "LCK..")
')
########################################
## <summary>
## All of the rules required to
## administrate an apcupsd environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`apcupsd_admin',`
gen_require(`
type apcupsd_t, apcupsd_tmp_t, apcupsd_log_t;
type apcupsd_var_run_t, apcupsd_initrc_exec_t, apcupsd_lock_t;
type apcupsd_unit_file_t;
type apcupsd_power_t;
')
allow $1 apcupsd_t:process signal_perms;
ps_process_pattern($1, apcupsd_t)
tunable_policy(`deny_ptrace',`',`
allow $1 apcupsd_t:process ptrace;
')
apcupsd_initrc_domtrans($1, apcupsd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 apcupsd_initrc_exec_t system_r;
allow $2 system_r;
files_list_var($1)
admin_pattern($1, apcupsd_lock_t)
logging_list_logs($1)
admin_pattern($1, apcupsd_log_t)
files_list_tmp($1)
admin_pattern($1, apcupsd_tmp_t)
files_list_pids($1)
admin_pattern($1, apcupsd_var_run_t)
apcupsd_systemctl($1)
admin_pattern($1, apcupsd_unit_file_t)
allow $1 apcupsd_unit_file_t:service all_service_perms;
manage_files_pattern($1, apcupsd_power_t, apcupsd_power_t)
files_etc_filetrans(apcupsd_t, apcupsd_power_t, file, "powerfail")
')
Reference in a new issue Copy permalink