1 files changed, 67 insertions, 0 deletions

diff --git a/policy/modules/contrib/ulogd.te b/policy/modules/contrib/ulogd.te
new file mode 100644
index 00000000..3b953f57
--- /dev/null
+++ b/policy/modules/contrib/ulogd.te
@@ -0,0 +1,67 @@
+policy_module(ulogd, 1.2.0)
+
+########################################
+#
+# Declarations
+#
+
+type ulogd_t;
+type ulogd_exec_t;
+init_daemon_domain(ulogd_t, ulogd_exec_t)
+
+# config files
+type ulogd_etc_t;
+files_type(ulogd_etc_t)
+
+type ulogd_initrc_exec_t;
+init_script_file(ulogd_initrc_exec_t)
+
+# /usr/lib files
+type ulogd_modules_t;
+files_type(ulogd_modules_t)
+
+# log files
+type ulogd_var_log_t;
+logging_log_file(ulogd_var_log_t)
+
+########################################
+#
+# ulogd local policy
+#
+
+allow ulogd_t self:capability net_admin;
+allow ulogd_t self:netlink_nflog_socket create_socket_perms;
+
+# config files
+read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
+
+# modules for ulogd
+list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
+mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
+
+# log files
+manage_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
+logging_log_filetrans(ulogd_t, ulogd_var_log_t, file)
+
+files_read_etc_files(ulogd_t)
+files_read_usr_files(ulogd_t)
+
+miscfiles_read_localization(ulogd_t)
+
+optional_policy(`
+	allow ulogd_t self:tcp_socket create_stream_socket_perms;
+
+	mysql_stream_connect(ulogd_t)
+	mysql_tcp_connect(ulogd_t)
+
+	sysnet_dns_name_resolve(ulogd_t)
+')
+
+optional_policy(`
+	allow ulogd_t self:tcp_socket create_stream_socket_perms;
+
+	postgresql_stream_connect(ulogd_t)
+	postgresql_tcp_connect(ulogd_t)
+
+	sysnet_dns_name_resolve(ulogd_t)
+')