[selinux-policy: 17/3172] add interface to send syslog messages

[Daniel J Walsh]

commit 8c77177b756349f6d7065bcaa072200e1dfdc051
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Apr 19 20:44:07 2005 +0000

    add interface to send syslog messages

 refpolicy/policy/modules/system/logging.if |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index 480d069..d5a4991 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -15,6 +15,27 @@ files_make_file_depend
 
 #######################################
 #
+# logging_send_system_log_message(type,[`optional'])
+#
+define(`logging_send_system_log_message',`
+requires_block_template(logging_send_system_log_message_depend,$2)
+allow $1 devlog_t:sock_file { ioctl read getattr lock write append };
+# the type of socket depends on the syslog daemon
+allow $1 syslogd_t:unix_dgram_socket sendto;
+allow $1 syslogd_t:unix_stream_socket connectto;
+allow $1 self:unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
+allow $1 self:unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
+')
+
+define(`logging_send_system_log_message_depend',`
+type syslogd_t, devlog_t;
+class sock_file { ioctl read getattr lock write append };
+class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown sendto };
+class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown connectto };
+')
+
+#######################################
+#
 # logging_append_all_logs(type,[`optional'])
 #
 define(`logging_append_all_logs',`