root/policy/modules/services/abrt.if

Revision e3a90e358afbc7dd9cf9687622396395848ef734, 2.4 kB (checked in by Chris PeBenito <cpebenito@tresys.com>, 1 year ago)

add abrt from dan.

  • Property mode set to 100644
Line 
1 ## <summary>ABRT - automated bug-reporting tool</summary>
2
3 ######################################
4 ## <summary>
5 ##      Execute abrt in the abrt domain.
6 ## </summary>
7 ## <param name="domain">
8 ##      <summary>
9 ##      The type of the process performing this action.
10 ##      </summary>
11 ## </param>
12 #
13 interface(`abrt_domtrans',`
14         gen_require(`
15                 type abrt_t, abrt_exec_t;
16         ')
17
18         corecmd_search_bin($1)
19         domtrans_pattern($1, abrt_exec_t, abrt_t)
20 ')
21
22 ######################################
23 ## <summary>
24 ##      Execute abrt
25 ## </summary>
26 ## <param name="domain">
27 ##      <summary>
28 ##      The type of the process performing this action.
29 ##      </summary>
30 ## </param>
31 #
32 interface(`abrt_exec',`
33         gen_require(`
34                 type abrt_exec_t;
35         ')
36
37         can_exec($1, abrt_exec_t)
38 ')
39
40 ####################################
41 ## <summary>
42 ##      Read abrt configuration file.
43 ## </summary>
44 ## <param name="domain">
45 ##      <summary>
46 ##      Domain allowed access.
47 ##      </summary>
48 ## </param>
49 #
50 interface(`abrt_read_config',`
51         gen_require(`
52                 type abrt_etc_t;
53         ')
54
55         files_search_etc($1)
56         read_files_pattern($1, abrt_etc_t, abrt_etc_t)
57 ')
58
59 ######################################
60 ## <summary>
61 ##      Read abrt logs.
62 ## </summary>
63 ## <param name="domain">
64 ##      <summary>
65 ##      Domain allowed access.
66 ##      </summary>
67 ## </param>
68 #
69 interface(`abrt_read_log',`
70         gen_require(`
71                 type abrt_var_log_t;
72         ')
73
74         logging_search_logs($1)
75         read_files_pattern($1, abrt_var_log_t, abrt_var_log_t)
76 ')
77
78 #####################################
79 ## <summary>
80 ##      All of the rules required to administrate
81 ##      an abrt environment
82 ## </summary>
83 ## <param name="domain">
84 ##      <summary>
85 ##      Domain allowed access.
86 ##      </summary>
87 ## </param>
88 ## <param name="role">
89 ##      <summary>
90 ##      The role to be allowed to manage the abrt domain.
91 ##      </summary>
92 ## </param>
93 ## <rolecap/>
94 #
95 interface(`abrt_admin',`
96         gen_require(`
97                 type abrt_t, abrt_etc_t;
98                 type abrt_var_cache_t, abrt_var_log_t;
99                 type abrt_var_run_t, abrt_tmp_t;
100                 type abrt_initrc_exec_t;
101         ')
102
103         allow $1 abrt_t:process { ptrace signal_perms };
104         ps_process_pattern($1, abrt_t)
105
106         init_labeled_script_domtrans($1, abrt_initrc_exec_t)
107         domain_system_change_exemption($1)
108         role_transition $2 abrt_initrc_exec_t system_r;
109         allow $2 system_r;
110
111         files_search_etc($1)
112         admin_pattern($1, abrt_etc_t)
113
114         logging_search_logs($1)
115         admin_pattern($1, abrt_var_log_t)       
116
117         files_search_var($1)
118         admin_pattern($1, abrt_var_cache_t)
119
120         files_search_pids($1)
121         admin_pattern($1, abrt_var_run_t)
122
123         files_search_tmp($1)
124         admin_pattern($1, abrt_tmp_t)
125 ')
Note: See TracBrowser for help on using the browser.