diff options
Diffstat (limited to 'policy/modules/contrib/polipo.if')
-rw-r--r-- | policy/modules/contrib/polipo.if | 144 |
1 files changed, 0 insertions, 144 deletions
diff --git a/policy/modules/contrib/polipo.if b/policy/modules/contrib/polipo.if deleted file mode 100644 index ae27bb7f..00000000 --- a/policy/modules/contrib/polipo.if +++ /dev/null @@ -1,144 +0,0 @@ -## <summary>Lightweight forwarding and caching proxy server.</summary> - -######################################## -## <summary> -## Role access for Polipo session. -## </summary> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <param name="domain"> -## <summary> -## User domain for the role. -## </summary> -## </param> -# -template(`polipo_role',` - gen_require(` - type polipo_session_t, polipo_exec_t, polipo_config_home_t; - type polipo_cache_home_t; - ') - - ######################################## - # - # Declarations - # - - role $1 types polipo_session_t; - - ######################################## - # - # Policy - # - - allow $2 polipo_cache_home_t:dir { manage_dir_perms relabel_dir_perms }; - allow $2 { polipo_cache_home_t polipo_config_home_t }:file { manage_file_perms relabel_file_perms }; - - userdom_user_home_dir_filetrans($2, polipo_config_home_t, file, ".forbidden") - userdom_user_home_dir_filetrans($2, polipo_config_home_t, file, ".polipo") - userdom_user_home_dir_filetrans($2, polipo_cache_home_t, dir, ".polipo-cache") - - allow $2 polipo_session_t:process { ptrace signal_perms }; - ps_process_pattern($2, polipo_session_t) - - tunable_policy(`polipo_session_users',` - domtrans_pattern($2, polipo_exec_t, polipo_session_t) - ',` - can_exec($2, polipo_exec_t) - ') -') - -######################################## -## <summary> -## Execute Polipo in the Polipo -## system domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`polipo_initrc_domtrans',` - gen_require(` - type polipo_initrc_exec_t; - ') - - init_labeled_script_domtrans($1, polipo_initrc_exec_t) -') - -######################################## -## <summary> -## Create specified objects in generic -## log directories with the polipo -## log file type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## Class of the object being created. -## </summary> -## </param> -## <param name="name" optional="true"> -## <summary> -## The name of the object being created. -## </summary> -## </param> -# -interface(`polipo_log_filetrans_log',` - gen_require(` - type polipo_log_t; - ') - - logging_log_filetrans($1, polipo_log_t, $2, $3) -') - -######################################## -## <summary> -## All of the rules required to -## administrate an polipo environment. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`polipo_admin',` - gen_require(` - type polipo_system_t, polipo_initrc_exec_t, polipo_cache_t; - type polipo_conf_t, polipo_log_t, polipo_var_run_t; - ') - - allow $1 polipo_system_t:process { ptrace signal_perms }; - ps_process_pattern($1, polipo_system_t) - - polipo_initrc_domtrans($1) - domain_system_change_exemption($1) - role_transition $2 polipo_initrc_exec_t system_r; - allow $2 system_r; - - files_search_var($1) - admin_pattern($1, polipo_cache_t) - - files_search_etc($1) - admin_pattern($1, polipo_conf_t) - - logging_search_logs($1) - admin_pattern($1, polipo_log_t) - - files_search_pids($1) - admin_pattern($1, polipo_var_run_t) -') |