policy_module(smsd, 1.0.0) ######################################## # # Declarations # type smsd_t; type smsd_exec_t; init_daemon_domain(smsd_t, smsd_exec_t) type smsd_initrc_exec_t; init_script_file(smsd_initrc_exec_t) type smsd_log_t; logging_log_file(smsd_log_t) type smsd_var_lib_t; files_type(smsd_var_lib_t) type smsd_var_run_t; files_pid_file(smsd_var_run_t) type smsd_spool_t; files_type(smsd_spool_t) type smsd_tmp_t; files_tmp_file(smsd_tmp_t) ######################################## # # smsd local policy # allow smsd_t self:capability { kill setgid setuid }; allow smsd_t self:process { fork signal }; allow smsd_t self:fifo_file rw_fifo_file_perms; allow smsd_t self:unix_stream_socket create_stream_socket_perms; manage_dirs_pattern(smsd_t, smsd_log_t, smsd_log_t) manage_files_pattern(smsd_t, smsd_log_t, smsd_log_t) manage_lnk_files_pattern(smsd_t, smsd_log_t, smsd_log_t) logging_log_filetrans(smsd_t, smsd_log_t, { dir }) manage_dirs_pattern(smsd_t, smsd_var_lib_t, smsd_var_lib_t) manage_files_pattern(smsd_t, smsd_var_lib_t, smsd_var_lib_t) manage_lnk_files_pattern(smsd_t, smsd_var_lib_t, smsd_var_lib_t) manage_dirs_pattern(smsd_t, smsd_var_run_t, smsd_var_run_t) manage_files_pattern(smsd_t, smsd_var_run_t, smsd_var_run_t) manage_lnk_files_pattern(smsd_t, smsd_var_run_t, smsd_var_run_t) files_pid_filetrans(smsd_t, smsd_var_run_t, { dir }) manage_dirs_pattern(smsd_t, smsd_spool_t, smsd_spool_t) manage_files_pattern(smsd_t, smsd_spool_t, smsd_spool_t) manage_lnk_files_pattern(smsd_t, smsd_spool_t, smsd_spool_t) files_spool_filetrans(smsd_t, smsd_spool_t, { dir }) can_exec(smsd_t, smsd_spool_t) manage_dirs_pattern(smsd_t, smsd_tmp_t, smsd_tmp_t) manage_files_pattern(smsd_t, smsd_tmp_t, smsd_tmp_t) files_tmp_filetrans(smsd_t, smsd_tmp_t, { file dir }) kernel_read_system_state(smsd_t) kernel_read_kernel_sysctls(smsd_t) corecmd_exec_shell(smsd_t) auth_use_nsswitch(smsd_t) logging_send_syslog_msg(smsd_t) sysnet_dns_name_resolve(smsd_t) term_use_usb_ttys(smsd_t)