## watchdog multiplexing daemon
########################################
##
## Execute a domain transition to run wdmd.
##
##
##
## Domain allowed access.
##
##
#
interface(`wdmd_domtrans',`
gen_require(`
type wdmd_t, wdmd_exec_t;
')
domtrans_pattern($1, wdmd_exec_t, wdmd_t)
')
########################################
##
## Execute wdmd server in the wdmd domain.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`wdmd_initrc_domtrans',`
gen_require(`
type wdmd_initrc_exec_t;
')
init_labeled_script_domtrans($1, wdmd_initrc_exec_t)
')
########################################
##
## All of the rules required to administrate
## an wdmd environment
##
##
##
## Domain allowed access.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`wdmd_admin',`
gen_require(`
type wdmd_t;
type wdmd_initrc_exec_t;
')
allow $1 wdmd_t:process signal_perms;
ps_process_pattern($1, wdmd_t)
tunable_policy(`deny_ptrace',`',`
allow $1 wdmd_t:process ptrace;
')
wdmd_initrc_domtrans($1)
domain_system_change_exemption($1)
role_transition $2 wdmd_initrc_exec_t system_r;
allow $2 system_r;
')
######################################
##
## Create, read, write, and delete wdmd PID files.
##
##
##
## Domain allowed access.
##
##
#
interface(`wdmd_manage_pid_files',`
gen_require(`
type wdmd_var_run_t;
')
files_search_pids($1)
manage_files_pattern($1, wdmd_var_run_t, wdmd_var_run_t)
')
########################################
##
## Connect to wdmd over a unix stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`wdmd_stream_connect',`
gen_require(`
type wdmd_t, wdmd_var_run_t;
')
files_search_pids($1)
stream_connect_pattern($1, wdmd_var_run_t, wdmd_var_run_t, wdmd_t)
')
####################################
##
## Allow the specified domain to read/write wdmd's tmpfs files.
##
##
##
## Domain allowed access.
##
##
#
interface(`wdmd_rw_tmpfs',`
gen_require(`
type wdmd_tmpfs_t;
')
rw_files_pattern($1, wdmd_tmpfs_t, wdmd_tmpfs_t)
')