## Linux Target Framework Daemon.
#####################################
##
## Read and write tgtd semaphores.
##
##
##
## Domain allowed access.
##
##
#
interface(`tgtd_rw_semaphores',`
gen_require(`
type tgtd_t;
')
allow $1 tgtd_t:sem rw_sem_perms;
')
######################################
##
## Create, read, write, and delete
## tgtd sempaphores.
##
##
##
## Domain allowed access.
##
##
#
interface(`tgtd_manage_semaphores',`
gen_require(`
type tgtd_t;
')
allow $1 tgtd_t:sem create_sem_perms;
')
######################################
##
## Connect to tgtd with a unix
## domain stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`tgtd_stream_connect',`
gen_require(`
type tgtd_t, tgtd_var_run_t;
')
files_search_pids($1)
stream_connect_pattern($1, tgtd_var_run_t, tgtd_var_run_t, tgtd_t)
')
########################################
##
## All of the rules required to
## administrate an tgtd environment.
##
##
##
## Domain allowed access.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`tgtd_admin',`
gen_require(`
type tgtd_t, tgtd_initrc_exec_t, tgtd_var_lib_t;
type tgtd_var_run_t, tgtd_tmp_t, tgtd_tmpfs_t;
')
allow $1 tgtd_t:process { ptrace signal_perms };
ps_process_pattern($1, tgtd_t)
init_labeled_script_domtrans($1, tgtd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 tgtd_initrc_exec_t system_r;
allow $2 system_r;
files_search_var_lib($1)
admin_pattern($1, tgtd_var_lib_t)
files_search_pids($1)
admin_pattern($1, tgtd_var_run_t)
files_search_tmp($1)
admin_pattern($1, tgtd_tmp_t)
fs_search_tmpfs($1)
admin_pattern($1, tgtd_tmpfs_t)
')