Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/sssd.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/sssd.if')
-rw-r--r--policy/modules/contrib/sssd.if361
1 files changed, 0 insertions, 361 deletions
diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if
deleted file mode 100644
index a2404551..00000000
--- a/policy/modules/contrib/sssd.if
+++ /dev/null
@@ -1,361 +0,0 @@
-## <summary>System Security Services Daemon.</summary>
-
-#######################################
-## <summary>
-## Get attributes of sssd executable files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_getattr_exec',`
- gen_require(`
- type sssd_exec_t;
- ')
-
- allow $1 sssd_exec_t:file getattr_file_perms;
-')
-
-########################################
-## <summary>
-## Execute a domain transition to run sssd.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`sssd_domtrans',`
- gen_require(`
- type sssd_t, sssd_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, sssd_exec_t, sssd_t)
-')
-
-########################################
-## <summary>
-## Execute sssd init scripts in
-## the initrc domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`sssd_initrc_domtrans',`
- gen_require(`
- type sssd_initrc_exec_t;
- ')
-
- init_labeled_script_domtrans($1, sssd_initrc_exec_t)
-')
-
-#######################################
-## <summary>
-## Read sssd configuration content.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_read_config',`
- gen_require(`
- type sssd_conf_t;
- ')
-
- files_search_etc($1)
- list_dirs_pattern($1, sssd_conf_t, sssd_conf_t)
- read_files_pattern($1, sssd_conf_t, sssd_conf_t)
-')
-
-######################################
-## <summary>
-## Write sssd configuration files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_write_config',`
- gen_require(`
- type sssd_conf_t;
- ')
-
- files_search_etc($1)
- write_files_pattern($1, sssd_conf_t, sssd_conf_t)
-')
-
-####################################
-## <summary>
-## Create, read, write, and delete
-## sssd configuration files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_manage_config',`
- gen_require(`
- type sssd_conf_t;
- ')
-
- files_search_etc($1)
- manage_files_pattern($1, sssd_conf_t, sssd_conf_t)
-')
-
-########################################
-## <summary>
-## Read sssd public files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_read_public_files',`
- gen_require(`
- type sssd_public_t;
- ')
-
- sssd_search_lib($1)
- allow $1 sssd_public_t:dir list_dir_perms;
- read_files_pattern($1, sssd_public_t, sssd_public_t)
-')
-
-#######################################
-## <summary>
-## Create, read, write, and delete
-## sssd public files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_manage_public_files',`
- gen_require(`
- type sssd_public_t;
- ')
-
- sssd_search_lib($1)
- manage_files_pattern($1, sssd_public_t, sssd_public_t)
-')
-
-########################################
-## <summary>
-## Read sssd pid files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_read_pid_files',`
- gen_require(`
- type sssd_var_run_t;
- ')
-
- files_search_pids($1)
- allow $1 sssd_var_run_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## sssd pid content.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_manage_pids',`
- gen_require(`
- type sssd_var_run_t;
- ')
-
- files_search_pids($1)
- manage_dirs_pattern($1, sssd_var_run_t, sssd_var_run_t)
- manage_files_pattern($1, sssd_var_run_t, sssd_var_run_t)
-')
-
-########################################
-## <summary>
-## Search sssd lib directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_search_lib',`
- gen_require(`
- type sssd_var_lib_t;
- ')
-
- allow $1 sssd_var_lib_t:dir search_dir_perms;
- files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-## Do not audit attempts to search
-## sssd lib directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`sssd_dontaudit_search_lib',`
- gen_require(`
- type sssd_var_lib_t;
- ')
-
- dontaudit $1 sssd_var_lib_t:dir search_dir_perms;
-')
-
-########################################
-## <summary>
-## Read sssd lib files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_read_lib_files',`
- gen_require(`
- type sssd_var_lib_t;
- ')
-
- files_search_var_lib($1)
- read_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
- read_lnk_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## sssd lib files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_manage_lib_files',`
- gen_require(`
- type sssd_var_lib_t;
- ')
-
- files_search_var_lib($1)
- manage_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
- manage_lnk_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
-')
-
-########################################
-## <summary>
-## Send and receive messages from
-## sssd over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_dbus_chat',`
- gen_require(`
- type sssd_t;
- class dbus send_msg;
- ')
-
- allow $1 sssd_t:dbus send_msg;
- allow sssd_t $1:dbus send_msg;
-')
-
-########################################
-## <summary>
-## Connect to sssd with a unix
-## domain stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`sssd_stream_connect',`
- gen_require(`
- type sssd_t, sssd_var_lib_t;
- ')
-
- files_search_pids($1)
- stream_connect_pattern($1, sssd_var_lib_t, sssd_var_lib_t, sssd_t)
-')
-
-########################################
-## <summary>
-## All of the rules required to
-## administrate an sssd environment.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-## <rolecap/>
-#
-interface(`sssd_admin',`
- gen_require(`
- type sssd_t, sssd_public_t, sssd_initrc_exec_t;
- type sssd_var_lib_t, sssd_var_run_t, sssd_conf_t;
- type sssd_log_t;
- ')
-
- allow $1 sssd_t:process { ptrace signal_perms };
- ps_process_pattern($1, sssd_t)
-
- sssd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 sssd_initrc_exec_t system_r;
- allow $2 system_r;
-
- files_search_etc($1)
- admin_pattern($1, sssd_conf_t)
-
- files_search_var_lib($1)
- admin_pattern($1, { sssd_var_lib_t sssd_public_t })
-
- files_search_pids($1)
- admin_pattern($1, sssd_var_run_t)
-
- logging_search_logs($1)
- admin_pattern($1, sssd_log_t)
-')