diff options
Diffstat (limited to 'policy/modules/contrib/certwatch.if')
-rw-r--r-- | policy/modules/contrib/certwatch.if | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/policy/modules/contrib/certwatch.if b/policy/modules/contrib/certwatch.if new file mode 100644 index 000000000..953451a44 --- /dev/null +++ b/policy/modules/contrib/certwatch.if @@ -0,0 +1,78 @@ +## <summary>Digital Certificate Tracking</summary> + +######################################## +## <summary> +## Domain transition to certwatch. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`certwatch_domtrans',` + gen_require(` + type certwatch_exec_t, certwatch_t; + ') + + files_search_usr($1) + corecmd_search_bin($1) + domtrans_pattern($1, certwatch_exec_t, certwatch_t) +') + +######################################## +## <summary> +## Execute certwatch in the certwatch domain, and +## allow the specified role the certwatch domain, +## and use the caller's terminal. Has a sigchld +## backchannel. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`certwatch_run',` + gen_require(` + type certwatch_t; + ') + + certwatch_domtrans($1) + role $2 types certwatch_t; +') + +######################################## +## <summary> +## Execute certwatch in the certwatch domain, and +## allow the specified role the certwatch domain, +## and use the caller's terminal. Has a sigchld +## backchannel. (Deprecated) +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <param name="terminal"> +## <summary> +## The type of the terminal allow the certwatch domain to use. +## </summary> +## </param> +## <rolecap/> +# +interface(`certwatach_run',` + refpolicywarn(`$0($*) has been deprecated, please use certwatch_run() instead.') + certwatch_run($*) +') |