62 lines
1.2 KiB
Text
62 lines
1.2 KiB
Text
## <summary>Library for locking devices.</summary>
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## lockdev lock files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`lockdev_manage_files',`
|
|
gen_require(`
|
|
type lockdev_lock_t;
|
|
')
|
|
|
|
files_search_var_lib($1)
|
|
manage_files_pattern($1, lockdev_lock_t, lockdev_lock_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Role access for lockdev.
|
|
## </summary>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## User domain for the role.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`lockdev_role',`
|
|
gen_require(`
|
|
attribute_role lockdev_roles;
|
|
type lockdev_t, lockdev_exec_t;
|
|
')
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
roleattribute $1 lockdev_roles;
|
|
|
|
########################################
|
|
#
|
|
# Policy
|
|
#
|
|
|
|
domtrans_pattern($2, lockdev_exec_t, lockdev_t)
|
|
|
|
allow $2 lockdev_t:process { ptrace signal_perms };
|
|
ps_process_pattern($2, lockdev_t)
|
|
|
|
allow lockdev_t $2:process signull;
|
|
')
|