Add interface clamav_run

Signed-off-by: Dave Sugar <dsugar@tresys.com> Signed-off-by: Jason Zaman <jason@perfinion.com>
author: Sugar, David <dsugar@tresys.com> 2019-01-19 16:19:15 +0000
committer: Jason Zaman <jason@perfinion.com> 2019-02-10 12:11:25 +0800
commit: a8f4f58205626257dae605aff481c8f2007eb75a (patch)
tree: ab80e8b537ee180085831b83876df622f77acc2d /policy/modules
parent: xserver: Move line (diff)
download: hardened-refpolicy-a8f4f58205626257dae605aff481c8f2007eb75a.tar.gz
hardened-refpolicy-a8f4f58205626257dae605aff481c8f2007eb75a.tar.bz2
hardened-refpolicy-a8f4f58205626257dae605aff481c8f2007eb75a.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 7b6df49e5..3639d7697 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -21,6 +21,32 @@ interface(`clamav_domtrans',`
 
 ########################################
 ## <summary>
+##	Execute clamd programs in the clamd
+##	domain and allow the specified role
+##	the clamd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_run',`
+	gen_require(`
+		type clamd_t;
+	')
+
+	clamav_domtrans($1)
+	role $2 types clamd_t;
+')
+
+########################################
+## <summary>
 ##	Connect to clamd using a unix
 ##	domain stream socket.
 ## </summary>
author	Sugar, David <dsugar@tresys.com>	2019-01-19 16:19:15 +0000
committer	Jason Zaman <jason@perfinion.com>	2019-02-10 12:11:25 +0800
commit	a8f4f58205626257dae605aff481c8f2007eb75a (patch)
tree	ab80e8b537ee180085831b83876df622f77acc2d /policy/modules
parent	xserver: Move line (diff)
download	hardened-refpolicy-a8f4f58205626257dae605aff481c8f2007eb75a.tar.gz hardened-refpolicy-a8f4f58205626257dae605aff481c8f2007eb75a.tar.bz2 hardened-refpolicy-a8f4f58205626257dae605aff481c8f2007eb75a.zip