[selinux-policy: 1751/3172] trunk: add amtu from dan
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:36:19 UTC 2010
commit a74d1ad7cdcdb616b018567689fb806f5f5fa61c
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Jun 12 18:58:36 2007 +0000
trunk: add amtu from dan
Changelog | 1 +
policy/modules/admin/amtu.fc | 1 +
policy/modules/admin/amtu.if | 51 ++++++++++++++++++++++++++++++++++++++++++
policy/modules/admin/amtu.te | 35 ++++++++++++++++++++++++++++
4 files changed, 88 insertions(+), 0 deletions(-)
---
diff --git a/Changelog b/Changelog
index c22e117..d53c468 100644
--- a/Changelog
+++ b/Changelog
@@ -21,6 +21,7 @@
- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
template instead of an interface.
- Added modules:
+ amtu (Dan Walsh)
apcupsd (Dan Walsh)
rwho (Nalin Dahyabhai)
diff --git a/policy/modules/admin/amtu.fc b/policy/modules/admin/amtu.fc
new file mode 100644
index 0000000..809f774
--- /dev/null
+++ b/policy/modules/admin/amtu.fc
@@ -0,0 +1 @@
+/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
diff --git a/policy/modules/admin/amtu.if b/policy/modules/admin/amtu.if
new file mode 100644
index 0000000..02559be
--- /dev/null
+++ b/policy/modules/admin/amtu.if
@@ -0,0 +1,51 @@
+## <summary>Abstract Machine Test Utility</summary>
+
+########################################
+## <summary>
+## Execute amtu in the amtu domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`amtu_domtrans',`
+ gen_require(`
+ type amtu_t, amtu_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1,amtu_exec_t,amtu_t)
+')
+
+########################################
+## <summary>
+## Execute amtu in the amtu domain, and
+## allow the specified role the amtu domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## The role to be allowed the amtu domain.
+## </summary>
+## </param>
+## <param name="terminal">
+## <summary>
+## The type of the terminal allow the amtu domain to use.
+## </summary>
+## </param>
+#
+interface(`amtu_run',`
+ gen_require(`
+ type amtu_t;
+ ')
+
+ amtu_domtrans($1)
+ role $2 types amtu_t;
+ allow amtu_t $3:chr_file rw_term_perms;
+')
diff --git a/policy/modules/admin/amtu.te b/policy/modules/admin/amtu.te
new file mode 100644
index 0000000..ac7c3d8
--- /dev/null
+++ b/policy/modules/admin/amtu.te
@@ -0,0 +1,35 @@
+policy_module(amtu,1.0.23)
+
+########################################
+#
+# Declarations
+#
+
+type amtu_t;
+type amtu_exec_t;
+domain_type(amtu_t)
+domain_entry_file(amtu_t, amtu_exec_t)
+
+########################################
+#
+# amtu local policy
+#
+
+kernel_read_system_state(amtu_t)
+
+files_manage_boot_files(amtu_t)
+files_read_etc_runtime_files(amtu_t)
+files_read_etc_files(amtu_t)
+
+libs_use_ld_so(amtu_t)
+libs_use_shared_libs(amtu_t)
+
+logging_send_audit_msgs(amtu_t)
+
+optional_policy(`
+ nscd_dontaudit_search_pid(amtu_t)
+')
+
+optional_policy(`
+ seutil_use_newrole_fds(amtu_t)
+')
More information about the scm-commits
mailing list