[selinux-policy: 1386/3172] add imaze, bug 1528

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:05:15 UTC 2010 

commit 4d73bb4f970510bf7cdc3913e612ff0516597eb4
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Apr 25 15:33:44 2006 +0000

    add imaze, bug 1528

 refpolicy/Changelog                        |    1 +
 refpolicy/policy/modules/services/imaze.fc |    4 +
 refpolicy/policy/modules/services/imaze.if |    1 +
 refpolicy/policy/modules/services/imaze.te |  115 ++++++++++++++++++++++++++++
 4 files changed, 121 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index ed6534a..ab2c3d5 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -50,6 +50,7 @@
 	games
 	gatekeeper
 	gift
+	imaze
 	jabber
 	mozilla
 	mplayer
diff --git a/refpolicy/policy/modules/services/imaze.fc b/refpolicy/policy/modules/services/imaze.fc
new file mode 100644
index 0000000..a985d1f
--- /dev/null
+++ b/refpolicy/policy/modules/services/imaze.fc
@@ -0,0 +1,4 @@
+/usr/games/imazesrv		 --	gen_require(system_u:object_r:imazesrv_exec_t,s0)
+/usr/share/games/imaze(/.*)?		gen_require(system_u:object_r:imazesrv_data_t,s0)
+
+/var/log/imaze\.log		 --	gen_require(system_u:object_r:imazesrv_log_t,s0)
diff --git a/refpolicy/policy/modules/services/imaze.if b/refpolicy/policy/modules/services/imaze.if
new file mode 100644
index 0000000..8eb9ec3
--- /dev/null
+++ b/refpolicy/policy/modules/services/imaze.if
@@ -0,0 +1 @@
+## <summary>iMaze game server</summary>
diff --git a/refpolicy/policy/modules/services/imaze.te b/refpolicy/policy/modules/services/imaze.te
new file mode 100644
index 0000000..9612209
--- /dev/null
+++ b/refpolicy/policy/modules/services/imaze.te
@@ -0,0 +1,115 @@
+
+policy_module(imaze,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type imazesrv_t;
+type imazesrv_exec_t;
+init_daemon_domain(imazesrv_t,imazesrv_exec_t)
+
+type imazesrv_data_t;
+files_type(imazesrv_data_t)
+
+type imazesrv_data_labs_t;
+files_type(imazesrv_data_labs_t)
+
+type imazesrv_log_t;
+logging_log_file(imazesrv_log_t)
+
+type imazesrv_var_run_t;
+files_pid_file(imazesrv_var_run_t)
+
+########################################
+#
+# Local policy
+#
+
+dontaudit imazesrv_t self:capability sys_tty_config;
+allow imazesrv_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+allow imazesrv_t self:fd use;
+allow imazesrv_t self:fifo_file rw_file_perms;
+allow imazesrv_t self:unix_dgram_socket { create_socket_perms sendto };
+allow imazesrv_t self:unix_stream_socket { create_stream_socket_perms connectto };
+allow imazesrv_t self:shm create_shm_perms;
+allow imazesrv_t self:sem create_sem_perms;
+allow imazesrv_t self:msgq create_msgq_perms;
+allow imazesrv_t self:msg { send receive };
+allow imazesrv_t self:tcp_socket create_stream_socket_perms;
+allow imazesrv_t self:udp_socket create_socket_perms;
+
+allow imazesrv_t imazesrv_data_t:dir list_dir_perms;
+allow imazesrv_t imazesrv_data_t:file read_file_perms;
+allow imazesrv_t imazesrv_data_t:lnk_file { getattr read };
+
+allow imazesrv_t imazesrv_log_t:file manage_file_perms;
+allow imazesrv_t imazesrv_log_t:dir ra_dir_perms;
+logging_log_filetrans(imazesrv_t,imazesrv_log_t,file)
+
+allow imazesrv_t imazesrv_var_run_t:file manage_file_perms;
+allow imazesrv_t imazesrv_var_run_t:dir rw_dir_perms;
+files_pid_filetrans(imazesrv_t,imazesrv_var_run_t,file)
+
+kernel_read_kernel_sysctls(imazesrv_t)
+kernel_list_proc(imazesrv_t)
+kernel_read_proc_symlinks(imazesrv_t)
+
+corenet_tcp_sendrecv_generic_if(imazesrv_t)
+corenet_udp_sendrecv_generic_if(imazesrv_t)
+corenet_raw_sendrecv_generic_if(imazesrv_t)
+corenet_tcp_sendrecv_all_nodes(imazesrv_t)
+corenet_udp_sendrecv_all_nodes(imazesrv_t)
+corenet_raw_sendrecv_all_nodes(imazesrv_t)
+corenet_tcp_sendrecv_all_ports(imazesrv_t)
+corenet_udp_sendrecv_all_ports(imazesrv_t)
+corenet_non_ipsec_sendrecv(imazesrv_t)
+corenet_tcp_bind_all_nodes(imazesrv_t)
+corenet_udp_bind_all_nodes(imazesrv_t)
+corenet_tcp_bind_imaze_port(imazesrv_t)
+corenet_udp_bind_imaze_port(imazesrv_t)
+
+dev_read_sysfs(imazesrv_t)
+
+domain_use_interactive_fds(imazesrv_t)
+
+files_read_etc_files(imazesrv_t)
+
+fs_getattr_all_fs(imazesrv_t)
+fs_search_auto_mountpoints(imazesrv_t)
+
+term_dontaudit_use_console(imazesrv_t)
+
+init_use_fds(imazesrv_t)
+init_use_script_ptys(imazesrv_t)
+
+libs_use_ld_so(imazesrv_t)
+libs_use_shared_libs(imazesrv_t)
+
+logging_send_syslog_msg(imazesrv_t)
+
+miscfiles_read_localization(imazesrv_t)
+
+sysnet_read_config(imazesrv_t)
+
+userdom_use_unpriv_users_fds(imazesrv_t)
+userdom_dontaudit_search_sysadm_home_dirs(imazesrv_t)
+
+ifdef(`targeted_policy',`
+	term_dontaudit_use_unallocated_ttys(imazesrv_t)
+	term_dontaudit_use_generic_ptys(imazesrv_t)
+	files_dontaudit_read_root_files(imazesrv_t)
+')
+
+optional_policy(`
+	nis_use_ypbind(imazesrv_t)
+')
+
+optional_policy(`
+	seutil_sigchld_newrole(imazesrv_t)
+')
+
+optional_policy(`
+	udev_read_db(imazesrv_t)
+')

More information about the scm-commits mailing list