Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/networkmanager.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/networkmanager.te')
-rw-r--r--policy/modules/contrib/networkmanager.te391
1 files changed, 0 insertions, 391 deletions
diff --git a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
deleted file mode 100644
index 2280d850b..000000000
--- a/policy/modules/contrib/networkmanager.te
+++ /dev/null
@@ -1,391 +0,0 @@
-policy_module(networkmanager, 1.14.7)
-
-########################################
-#
-# Declarations
-#
-
-type NetworkManager_t;
-type NetworkManager_exec_t;
-init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
-
-type NetworkManager_etc_t;
-files_config_file(NetworkManager_etc_t)
-
-type NetworkManager_etc_rw_t;
-files_config_file(NetworkManager_etc_rw_t)
-
-type NetworkManager_initrc_exec_t;
-init_script_file(NetworkManager_initrc_exec_t)
-
-type NetworkManager_log_t;
-logging_log_file(NetworkManager_log_t)
-
-type NetworkManager_tmp_t;
-files_tmp_file(NetworkManager_tmp_t)
-
-type NetworkManager_var_lib_t;
-files_type(NetworkManager_var_lib_t)
-
-type NetworkManager_var_run_t;
-files_pid_file(NetworkManager_var_run_t)
-
-type wpa_cli_t;
-type wpa_cli_exec_t;
-init_system_domain(wpa_cli_t, wpa_cli_exec_t)
-
-ifdef(`distro_gentoo',`
- type wpa_cli_var_run_t;
- files_pid_file(wpa_cli_var_run_t)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
-dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace };
-allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
-allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
-allow NetworkManager_t self:unix_dgram_socket sendto;
-allow NetworkManager_t self:unix_stream_socket { accept listen };
-allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
-allow NetworkManager_t self:netlink_socket create_socket_perms;
-allow NetworkManager_t self:netlink_kobject_uevent_socket create_socket_perms;
-allow NetworkManager_t self:tcp_socket { accept listen };
-allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom relabelto };
-allow NetworkManager_t self:packet_socket create_socket_perms;
-
-allow NetworkManager_t wpa_cli_t:unix_dgram_socket sendto;
-
-allow NetworkManager_t NetworkManager_etc_t:dir list_dir_perms;
-allow NetworkManager_t NetworkManager_etc_t:file read_file_perms;
-allow NetworkManager_t NetworkManager_etc_t:lnk_file read_lnk_file_perms;
-
-manage_dirs_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
-manage_files_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
-filetrans_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_rw_t, { dir file })
-
-allow NetworkManager_t NetworkManager_log_t:dir setattr_dir_perms;
-append_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
-create_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
-setattr_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
-logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
-
-manage_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
-
-manage_dirs_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
-manage_files_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
-files_var_lib_filetrans(NetworkManager_t, NetworkManager_var_lib_t, dir)
-
-manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
-
-can_exec(NetworkManager_t, { NetworkManager_exec_t wpa_cli_exec_t NetworkManager_tmp_t })
-
-kernel_read_crypto_sysctls(NetworkManager_t)
-kernel_read_system_state(NetworkManager_t)
-kernel_read_network_state(NetworkManager_t)
-kernel_read_kernel_sysctls(NetworkManager_t)
-kernel_request_load_module(NetworkManager_t)
-kernel_read_debugfs(NetworkManager_t)
-kernel_rw_net_sysctls(NetworkManager_t)
-
-corenet_all_recvfrom_unlabeled(NetworkManager_t)
-corenet_all_recvfrom_netlabel(NetworkManager_t)
-corenet_tcp_sendrecv_generic_if(NetworkManager_t)
-corenet_udp_sendrecv_generic_if(NetworkManager_t)
-corenet_raw_sendrecv_generic_if(NetworkManager_t)
-corenet_tcp_sendrecv_generic_node(NetworkManager_t)
-corenet_udp_sendrecv_generic_node(NetworkManager_t)
-corenet_raw_sendrecv_generic_node(NetworkManager_t)
-corenet_tcp_sendrecv_all_ports(NetworkManager_t)
-corenet_udp_sendrecv_all_ports(NetworkManager_t)
-corenet_udp_bind_generic_node(NetworkManager_t)
-
-corenet_sendrecv_isakmp_server_packets(NetworkManager_t)
-corenet_udp_bind_isakmp_port(NetworkManager_t)
-
-corenet_sendrecv_dhcpc_server_packets(NetworkManager_t)
-corenet_udp_bind_dhcpc_port(NetworkManager_t)
-
-corenet_sendrecv_all_client_packets(NetworkManager_t)
-corenet_tcp_connect_all_ports(NetworkManager_t)
-
-corenet_rw_tun_tap_dev(NetworkManager_t)
-corenet_getattr_ppp_dev(NetworkManager_t)
-
-corecmd_exec_shell(NetworkManager_t)
-corecmd_exec_bin(NetworkManager_t)
-
-dev_rw_sysfs(NetworkManager_t)
-dev_read_rand(NetworkManager_t)
-dev_read_urand(NetworkManager_t)
-dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
-dev_getattr_all_chr_files(NetworkManager_t)
-dev_rw_wireless(NetworkManager_t)
-
-domain_use_interactive_fds(NetworkManager_t)
-domain_read_all_domains_state(NetworkManager_t)
-
-files_read_etc_runtime_files(NetworkManager_t)
-files_read_usr_files(NetworkManager_t)
-files_read_usr_src_files(NetworkManager_t)
-
-fs_getattr_all_fs(NetworkManager_t)
-fs_search_auto_mountpoints(NetworkManager_t)
-fs_list_inotifyfs(NetworkManager_t)
-
-mls_file_read_all_levels(NetworkManager_t)
-
-selinux_dontaudit_search_fs(NetworkManager_t)
-
-storage_getattr_fixed_disk_dev(NetworkManager_t)
-
-init_read_utmp(NetworkManager_t)
-init_dontaudit_write_utmp(NetworkManager_t)
-init_domtrans_script(NetworkManager_t)
-
-auth_use_nsswitch(NetworkManager_t)
-
-logging_send_syslog_msg(NetworkManager_t)
-
-miscfiles_read_generic_certs(NetworkManager_t)
-miscfiles_read_localization(NetworkManager_t)
-
-seutil_read_config(NetworkManager_t)
-
-sysnet_domtrans_ifconfig(NetworkManager_t)
-sysnet_domtrans_dhcpc(NetworkManager_t)
-sysnet_signal_dhcpc(NetworkManager_t)
-sysnet_signull_dhcpc(NetworkManager_t)
-sysnet_read_dhcpc_pid(NetworkManager_t)
-sysnet_read_dhcp_config(NetworkManager_t)
-sysnet_delete_dhcpc_pid(NetworkManager_t)
-sysnet_kill_dhcpc(NetworkManager_t)
-sysnet_read_dhcpc_state(NetworkManager_t)
-sysnet_delete_dhcpc_state(NetworkManager_t)
-sysnet_search_dhcp_state(NetworkManager_t)
-sysnet_manage_config(NetworkManager_t)
-sysnet_etc_filetrans_config(NetworkManager_t)
-
-# certificates in user home directories (cert_home_t in ~/\.pki)
-userdom_read_user_home_content_files(NetworkManager_t)
-
-userdom_write_user_tmp_sockets(NetworkManager_t)
-userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
-userdom_dontaudit_use_user_ttys(NetworkManager_t)
-
-optional_policy(`
- avahi_domtrans(NetworkManager_t)
- avahi_kill(NetworkManager_t)
- avahi_signal(NetworkManager_t)
- avahi_signull(NetworkManager_t)
-')
-
-optional_policy(`
- bind_domtrans(NetworkManager_t)
- bind_manage_cache(NetworkManager_t)
- bind_kill(NetworkManager_t)
- bind_signal(NetworkManager_t)
- bind_signull(NetworkManager_t)
-')
-
-optional_policy(`
- bluetooth_dontaudit_read_helper_state(NetworkManager_t)
-')
-
-optional_policy(`
- consolekit_read_pid_files(NetworkManager_t)
-')
-
-optional_policy(`
- consoletype_exec(NetworkManager_t)
-')
-
-optional_policy(`
- cron_read_system_job_lib_files(NetworkManager_t)
-')
-
-optional_policy(`
- dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
-
- optional_policy(`
- avahi_dbus_chat(NetworkManager_t)
- ')
-
- optional_policy(`
- consolekit_dbus_chat(NetworkManager_t)
- ')
-
- optional_policy(`
- policykit_dbus_chat(NetworkManager_t)
- ')
-')
-
-optional_policy(`
- dnsmasq_read_pid_files(NetworkManager_t)
- dnsmasq_delete_pid_files(NetworkManager_t)
- dnsmasq_domtrans(NetworkManager_t)
- dnsmasq_initrc_domtrans(NetworkManager_t)
- dnsmasq_kill(NetworkManager_t)
- dnsmasq_signal(NetworkManager_t)
- dnsmasq_signull(NetworkManager_t)
-')
-
-optional_policy(`
- gnome_stream_connect_all_gkeyringd(NetworkManager_t)
-')
-
-optional_policy(`
- hal_write_log(NetworkManager_t)
-')
-
-optional_policy(`
- howl_signal(NetworkManager_t)
-')
-
-optional_policy(`
- ipsec_domtrans_mgmt(NetworkManager_t)
- ipsec_kill_mgmt(NetworkManager_t)
- ipsec_signal_mgmt(NetworkManager_t)
- ipsec_signull_mgmt(NetworkManager_t)
-')
-
-optional_policy(`
- iptables_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
- libs_exec_ldconfig(NetworkManager_t)
-')
-
-optional_policy(`
- modutils_domtrans_insmod(NetworkManager_t)
-')
-
-optional_policy(`
- netutils_exec_ping(NetworkManager_t)
-')
-
-optional_policy(`
- nscd_domtrans(NetworkManager_t)
- nscd_signal(NetworkManager_t)
- nscd_signull(NetworkManager_t)
- nscd_kill(NetworkManager_t)
- nscd_initrc_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
- ntp_initrc_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
- openvpn_read_config(NetworkManager_t)
- openvpn_domtrans(NetworkManager_t)
- openvpn_kill(NetworkManager_t)
- openvpn_signal(NetworkManager_t)
- openvpn_signull(NetworkManager_t)
-')
-
-optional_policy(`
- policykit_domtrans_auth(NetworkManager_t)
- policykit_read_lib(NetworkManager_t)
- policykit_read_reload(NetworkManager_t)
- userdom_read_all_users_state(NetworkManager_t)
-')
-
-optional_policy(`
- polipo_initrc_domtrans(NetworkManager_t)
-')
-
-optional_policy(`
- ppp_initrc_domtrans(NetworkManager_t)
- ppp_domtrans(NetworkManager_t)
- ppp_manage_pid_files(NetworkManager_t)
- ppp_kill(NetworkManager_t)
- ppp_signal(NetworkManager_t)
- ppp_signull(NetworkManager_t)
- ppp_read_config(NetworkManager_t)
-')
-
-optional_policy(`
- rpm_exec(NetworkManager_t)
- rpm_read_db(NetworkManager_t)
- rpm_dontaudit_manage_db(NetworkManager_t)
-')
-
-optional_policy(`
- seutil_sigchld_newrole(NetworkManager_t)
-')
-
-optional_policy(`
- udev_exec(NetworkManager_t)
- udev_read_db(NetworkManager_t)
-')
-
-optional_policy(`
- # unconfined_dgram_send(NetworkManager_t)
- unconfined_stream_connect(NetworkManager_t)
-')
-
-optional_policy(`
- vpn_domtrans(NetworkManager_t)
- vpn_kill(NetworkManager_t)
- vpn_signal(NetworkManager_t)
- vpn_signull(NetworkManager_t)
- vpn_relabelfrom_tun_socket(NetworkManager_t)
-')
-
-########################################
-#
-# wpa_cli local policy
-#
-
-allow wpa_cli_t self:capability dac_override;
-allow wpa_cli_t self:unix_dgram_socket create_socket_perms;
-
-allow wpa_cli_t NetworkManager_t:unix_dgram_socket sendto;
-
-manage_sock_files_pattern(wpa_cli_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-files_tmp_filetrans(wpa_cli_t, NetworkManager_tmp_t, sock_file)
-
-list_dirs_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-
-init_dontaudit_use_fds(wpa_cli_t)
-init_use_script_ptys(wpa_cli_t)
-
-miscfiles_read_localization(wpa_cli_t)
-
-term_dontaudit_use_console(wpa_cli_t)
-
-ifdef(`distro_gentoo',`
- manage_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
- files_pid_filetrans(wpa_cli_t, wpa_cli_var_run_t, file)
-
- corecmd_exec_bin(wpa_cli_t)
- corecmd_exec_shell(wpa_cli_t)
-
- domain_use_interactive_fds(wpa_cli_t)
-
- files_read_etc_files(wpa_cli_t)
- files_search_pids(wpa_cli_t)
-
- term_dontaudit_use_console(wpa_cli_t)
-
- getty_use_fds(wpa_cli_t)
-
- init_domtrans_script(wpa_cli_t)
-
- logging_send_syslog_msg(wpa_cli_t)
-
- sysnet_domtrans_dhcpc(wpa_cli_t)
-
- userdom_use_user_terminals(wpa_cli_t)
-')