diff options
Diffstat (limited to 'policy/modules/contrib/zarafa.if')
-rw-r--r-- | policy/modules/contrib/zarafa.if | 174 |
1 files changed, 0 insertions, 174 deletions
diff --git a/policy/modules/contrib/zarafa.if b/policy/modules/contrib/zarafa.if deleted file mode 100644 index 36e32df6..00000000 --- a/policy/modules/contrib/zarafa.if +++ /dev/null @@ -1,174 +0,0 @@ -## <summary>Zarafa collaboration platform.</summary> - -####################################### -## <summary> -## The template to define a zarafa domain. -## </summary> -## <param name="domain_prefix"> -## <summary> -## Domain prefix to be used. -## </summary> -## </param> -# -template(`zarafa_domain_template',` - gen_require(` - attribute zarafa_domain, zarafa_logfile, zarafa_pidfile; - ') - - ######################################## - # - # Declarations - # - - type zarafa_$1_t, zarafa_domain; - type zarafa_$1_exec_t; - init_daemon_domain(zarafa_$1_t, zarafa_$1_exec_t) - - type zarafa_$1_log_t, zarafa_logfile; - logging_log_file(zarafa_$1_log_t) - - type zarafa_$1_var_run_t, zarafa_pidfile; - files_pid_file(zarafa_$1_var_run_t) - - ######################################## - # - # Policy - # - - manage_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t) - manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t) - files_pid_filetrans(zarafa_$1_t, zarafa_$1_var_run_t, { file sock_file }) - - append_files_pattern(zarafa_$1_t, zarafa_$1_log_t, zarafa_$1_log_t) - create_files_pattern(zarafa_$1_t, zarafa_$1_log_t, zarafa_$1_log_t) - setattr_files_pattern(zarafa_$1_t, zarafa_$1_log_t, zarafa_$1_log_t) - logging_log_filetrans(zarafa_$1_t, zarafa_$1_log_t, file) - - auth_use_nsswitch(zarafa_$1_t) -') - -###################################### -## <summary> -## search zarafa configuration directories. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`zarafa_search_config',` - gen_require(` - type zarafa_etc_t; - ') - - files_search_etc($1) - allow $1 zarafa_etc_t:dir search_dir_perms; -') - -######################################## -## <summary> -## Execute a domain transition to run zarafa deliver. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`zarafa_domtrans_deliver',` - gen_require(` - type zarafa_deliver_t, zarafa_deliver_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, zarafa_deliver_exec_t, zarafa_deliver_t) -') - -######################################## -## <summary> -## Execute a domain transition to run zarafa server. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`zarafa_domtrans_server',` - gen_require(` - type zarafa_server_t, zarafa_server_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, zarafa_server_exec_t, zarafa_server_t) -') - -####################################### -## <summary> -## Connect to zarafa server with a unix -## domain stream socket. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`zarafa_stream_connect_server',` - gen_require(` - type zarafa_server_t, zarafa_server_var_run_t; - ') - - files_search_var_lib($1) - stream_connect_pattern($1, zarafa_server_var_run_t, zarafa_server_var_run_t, zarafa_server_t) -') - -######################################## -## <summary> -## All of the rules required to -## administrate an zarafa environment. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`zarafa_admin',` - gen_require(` - attribute zarafa_domain, zarafa_logfile, zarafa_pidfile; - type zarafa_etc_t, zarafa_initrc_exec_t, zarafa_deliver_tmp_t; - type zarafa_indexer_tmp_t, zarafa_server_tmp_t, zarafa_share_t; - type zarafa_var_lib_t; - ') - - allow $1 zarafa_domain:process { ptrace signal_perms }; - ps_process_pattern($1, zarafa_domain) - - init_labeled_script_domtrans($1, zarafa_initrc_exec_t) - domain_system_change_exemption($1) - role_transition $2 zarafa_initrc_exec_t system_r; - allow $2 system_r; - - files_search_etc($1) - admin_pattern($1, zarafa_etc_t) - - files_search_tmp($1) - admin_pattern($1, { zarafa_deliver_tmp_t zarafa_indexer_tmp_t zarafa_server_tmp_t }) - - logging_search_log($1) - admin_pattern($1, zarafa_logfile) - - files_search_var_lib($1) - admin_pattern($1, { zarafa_var_lib_t zarafa_share_t }) - - files_search_pids($1) - admin_pattern($1, zarafa_pidfile) -') |