Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/hal.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/hal.if')
-rw-r--r--policy/modules/contrib/hal.if440
1 files changed, 0 insertions, 440 deletions
diff --git a/policy/modules/contrib/hal.if b/policy/modules/contrib/hal.if
deleted file mode 100644
index 5e94c213..00000000
--- a/policy/modules/contrib/hal.if
+++ /dev/null
@@ -1,440 +0,0 @@
-## <summary>Hardware abstraction layer.</summary>
-
-########################################
-## <summary>
-## Execute hal in the hal domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`hal_domtrans',`
- gen_require(`
- type hald_t, hald_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, hald_exec_t, hald_t)
-')
-
-########################################
-## <summary>
-## Get attributes of hald processes.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_getattr',`
- gen_require(`
- type hald_t;
- ')
-
- allow $1 hald_t:process getattr;
-')
-
-########################################
-## <summary>
-## Read hal process state files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_read_state',`
- gen_require(`
- type hald_t;
- ')
-
- ps_process_pattern($1, hald_t)
-')
-
-########################################
-## <summary>
-## Trace hald processes.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_ptrace',`
- gen_require(`
- type hald_t;
- ')
-
- allow $1 hald_t:process ptrace;
-')
-
-########################################
-## <summary>
-## Inherit and use hald file descriptors.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_use_fds',`
- gen_require(`
- type hald_t;
- ')
-
- allow $1 hald_t:fd use;
-')
-
-########################################
-## <summary>
-## Do not audit attempts to inherited
-## and use hald file descriptors.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`hal_dontaudit_use_fds',`
- gen_require(`
- type hald_t;
- ')
-
- dontaudit $1 hald_t:fd use;
-')
-
-########################################
-## <summary>
-## Read and write hald unnamed pipes.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_rw_pipes',`
- gen_require(`
- type hald_t;
- ')
-
- allow $1 hald_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-## Do not audit attempts to read and
-## write hald unnamed pipes.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`hal_dontaudit_rw_pipes',`
- gen_require(`
- type hald_t;
- ')
-
- dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
-')
-
-########################################
-## <summary>
-## Send to hald over a unix domain
-## datagram socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_dgram_send',`
- gen_require(`
- type hald_t, hald_var_lib_t;
- ')
-
- files_search_var_lib($1)
- dgram_send_pattern($1, hald_var_lib_t, hald_var_lib_t, hald_t)
-')
-
-########################################
-## <summary>
-## Send to hald over a unix domain
-## stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_stream_connect',`
- gen_require(`
- type hald_t, hald_var_lib_t;
- ')
-
- files_search_var_lib($1)
- stream_connect_pattern($1, hald_var_lib_t, hald_var_lib_t, hald_t)
-')
-
-########################################
-## <summary>
-## Do not audit attempts to read and
-## write hald unix datagram sockets.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`hal_dontaudit_rw_dgram_sockets',`
- gen_require(`
- type hald_t;
- ')
-
- dontaudit $1 hald_t:unix_dgram_socket { read write };
-')
-
-########################################
-## <summary>
-## Send messages to hald over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_dbus_send',`
- gen_require(`
- type hald_t;
- class dbus send_msg;
- ')
-
- allow $1 hald_t:dbus send_msg;
-')
-
-########################################
-## <summary>
-## Send and receive messages from
-## hald over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_dbus_chat',`
- gen_require(`
- type hald_t;
- class dbus send_msg;
- ')
-
- allow $1 hald_t:dbus send_msg;
- allow hald_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-## Execute hal mac in the hal mac domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`hal_domtrans_mac',`
- gen_require(`
- type hald_mac_t, hald_mac_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, hald_mac_exec_t, hald_mac_t)
-')
-
-########################################
-## <summary>
-## Write hald log files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_write_log',`
- gen_require(`
- type hald_log_t;
- ')
-
- logging_search_logs($1)
- write_files_pattern($1, hald_log_t, hald_log_t)
-')
-
-########################################
-## <summary>
-## Do not audit attempts to write hald
-## log files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`hal_dontaudit_write_log',`
- gen_require(`
- type hald_log_t;
- ')
-
- dontaudit $1 hald_log_t:file { append write };
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## hald log files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_manage_log',`
- gen_require(`
- type hald_log_t;
- ')
-
- logging_search_logs($1)
- manage_files_pattern($1, hald_log_t, hald_log_t)
-')
-
-########################################
-## <summary>
-## Read hald temporary files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_read_tmp_files',`
- gen_require(`
- type hald_tmp_t;
- ')
-
- files_search_tmp($1)
- allow $1 hald_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-## Do not audit attempts to append
-## hald libraries files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`hal_dontaudit_append_lib_files',`
- gen_require(`
- type hald_var_lib_t;
- ')
-
- dontaudit $1 hald_var_lib_t:file append_file_perms;
-')
-
-########################################
-## <summary>
-## Read hald pid files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_read_pid_files',`
- gen_require(`
- type hald_var_run_t;
- ')
-
- files_search_pids($1)
- allow $1 hald_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-## Read and write hald pid files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_rw_pid_files',`
- gen_require(`
- type hald_var_run_t;
- ')
-
- files_search_pids($1)
- allow $1 hald_var_run_t:file rw_file_perms;
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## hald pid directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_manage_pid_dirs',`
- gen_require(`
- type hald_var_run_t;
- ')
-
- files_search_pids($1)
- manage_dirs_pattern($1, hald_var_run_t, hald_var_run_t)
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## hald pid files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`hal_manage_pid_files',`
- gen_require(`
- type hald_var_run_t;
- ')
-
- files_search_pids($1)
- manage_files_pattern($1, hald_var_run_t, hald_var_run_t)
-')