1*2d543d20SAndroid Build Coastguard Worker# Copyright (C) 2007-2012 Red Hat 2*2d543d20SAndroid Build Coastguard Worker# see file 'COPYING' for use and warranty information 3*2d543d20SAndroid Build Coastguard Worker# 4*2d543d20SAndroid Build Coastguard Worker# policygentool is a tool for the initial generation of SELinux policy 5*2d543d20SAndroid Build Coastguard Worker# 6*2d543d20SAndroid Build Coastguard Worker# This program is free software; you can redistribute it and/or 7*2d543d20SAndroid Build Coastguard Worker# modify it under the terms of the GNU General Public License as 8*2d543d20SAndroid Build Coastguard Worker# published by the Free Software Foundation; either version 2 of 9*2d543d20SAndroid Build Coastguard Worker# the License, or (at your option) any later version. 10*2d543d20SAndroid Build Coastguard Worker# 11*2d543d20SAndroid Build Coastguard Worker# This program is distributed in the hope that it will be useful, 12*2d543d20SAndroid Build Coastguard Worker# but WITHOUT ANY WARRANTY; without even the implied warranty of 13*2d543d20SAndroid Build Coastguard Worker# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14*2d543d20SAndroid Build Coastguard Worker# GNU General Public License for more details. 15*2d543d20SAndroid Build Coastguard Worker# 16*2d543d20SAndroid Build Coastguard Worker# You should have received a copy of the GNU General Public License 17*2d543d20SAndroid Build Coastguard Worker# along with this program; if not, write to the Free Software 18*2d543d20SAndroid Build Coastguard Worker# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 19*2d543d20SAndroid Build Coastguard Worker# 02111-1307 USA 20*2d543d20SAndroid Build Coastguard Worker# 21*2d543d20SAndroid Build Coastguard Worker# 22*2d543d20SAndroid Build Coastguard Worker 23*2d543d20SAndroid Build Coastguard Worker########################### tmp Template File ############################# 24*2d543d20SAndroid Build Coastguard Workerte_types=""" 25*2d543d20SAndroid Build Coastguard Workertype TEMPLATETYPE_rw_t; 26*2d543d20SAndroid Build Coastguard Workerfiles_type(TEMPLATETYPE_rw_t) 27*2d543d20SAndroid Build Coastguard Worker""" 28*2d543d20SAndroid Build Coastguard Worker 29*2d543d20SAndroid Build Coastguard Workerte_rules=""" 30*2d543d20SAndroid Build Coastguard Workermanage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) 31*2d543d20SAndroid Build Coastguard Workermanage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) 32*2d543d20SAndroid Build Coastguard Workermanage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) 33*2d543d20SAndroid Build Coastguard Worker""" 34*2d543d20SAndroid Build Coastguard Worker 35*2d543d20SAndroid Build Coastguard Worker########################### Interface File ############################# 36*2d543d20SAndroid Build Coastguard Workerif_rules=""" 37*2d543d20SAndroid Build Coastguard Worker######################################## 38*2d543d20SAndroid Build Coastguard Worker## <summary> 39*2d543d20SAndroid Build Coastguard Worker## Search TEMPLATETYPE rw directories. 40*2d543d20SAndroid Build Coastguard Worker## </summary> 41*2d543d20SAndroid Build Coastguard Worker## <param name="domain"> 42*2d543d20SAndroid Build Coastguard Worker## <summary> 43*2d543d20SAndroid Build Coastguard Worker## Domain allowed access. 44*2d543d20SAndroid Build Coastguard Worker## </summary> 45*2d543d20SAndroid Build Coastguard Worker## </param> 46*2d543d20SAndroid Build Coastguard Worker# 47*2d543d20SAndroid Build Coastguard Workerinterface(`TEMPLATETYPE_search_rw_dir',` 48*2d543d20SAndroid Build Coastguard Worker gen_require(` 49*2d543d20SAndroid Build Coastguard Worker type TEMPLATETYPE_rw_t; 50*2d543d20SAndroid Build Coastguard Worker ') 51*2d543d20SAndroid Build Coastguard Worker 52*2d543d20SAndroid Build Coastguard Worker allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms; 53*2d543d20SAndroid Build Coastguard Worker files_search_rw($1) 54*2d543d20SAndroid Build Coastguard Worker') 55*2d543d20SAndroid Build Coastguard Worker 56*2d543d20SAndroid Build Coastguard Worker######################################## 57*2d543d20SAndroid Build Coastguard Worker## <summary> 58*2d543d20SAndroid Build Coastguard Worker## Read TEMPLATETYPE rw files. 59*2d543d20SAndroid Build Coastguard Worker## </summary> 60*2d543d20SAndroid Build Coastguard Worker## <param name="domain"> 61*2d543d20SAndroid Build Coastguard Worker## <summary> 62*2d543d20SAndroid Build Coastguard Worker## Domain allowed access. 63*2d543d20SAndroid Build Coastguard Worker## </summary> 64*2d543d20SAndroid Build Coastguard Worker## </param> 65*2d543d20SAndroid Build Coastguard Worker# 66*2d543d20SAndroid Build Coastguard Workerinterface(`TEMPLATETYPE_read_rw_files',` 67*2d543d20SAndroid Build Coastguard Worker gen_require(` 68*2d543d20SAndroid Build Coastguard Worker type TEMPLATETYPE_rw_t; 69*2d543d20SAndroid Build Coastguard Worker ') 70*2d543d20SAndroid Build Coastguard Worker 71*2d543d20SAndroid Build Coastguard Worker read_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) 72*2d543d20SAndroid Build Coastguard Worker allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms; 73*2d543d20SAndroid Build Coastguard Worker files_search_rw($1) 74*2d543d20SAndroid Build Coastguard Worker') 75*2d543d20SAndroid Build Coastguard Worker 76*2d543d20SAndroid Build Coastguard Worker######################################## 77*2d543d20SAndroid Build Coastguard Worker## <summary> 78*2d543d20SAndroid Build Coastguard Worker## Manage TEMPLATETYPE rw files. 79*2d543d20SAndroid Build Coastguard Worker## </summary> 80*2d543d20SAndroid Build Coastguard Worker## <param name="domain"> 81*2d543d20SAndroid Build Coastguard Worker## <summary> 82*2d543d20SAndroid Build Coastguard Worker## Domain allowed access. 83*2d543d20SAndroid Build Coastguard Worker## </summary> 84*2d543d20SAndroid Build Coastguard Worker## </param> 85*2d543d20SAndroid Build Coastguard Worker# 86*2d543d20SAndroid Build Coastguard Workerinterface(`TEMPLATETYPE_manage_rw_files',` 87*2d543d20SAndroid Build Coastguard Worker gen_require(` 88*2d543d20SAndroid Build Coastguard Worker type TEMPLATETYPE_rw_t; 89*2d543d20SAndroid Build Coastguard Worker ') 90*2d543d20SAndroid Build Coastguard Worker 91*2d543d20SAndroid Build Coastguard Worker manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) 92*2d543d20SAndroid Build Coastguard Worker') 93*2d543d20SAndroid Build Coastguard Worker 94*2d543d20SAndroid Build Coastguard Worker######################################## 95*2d543d20SAndroid Build Coastguard Worker## <summary> 96*2d543d20SAndroid Build Coastguard Worker## Create, read, write, and delete 97*2d543d20SAndroid Build Coastguard Worker## TEMPLATETYPE rw dirs. 98*2d543d20SAndroid Build Coastguard Worker## </summary> 99*2d543d20SAndroid Build Coastguard Worker## <param name="domain"> 100*2d543d20SAndroid Build Coastguard Worker## <summary> 101*2d543d20SAndroid Build Coastguard Worker## Domain allowed access. 102*2d543d20SAndroid Build Coastguard Worker## </summary> 103*2d543d20SAndroid Build Coastguard Worker## </param> 104*2d543d20SAndroid Build Coastguard Worker# 105*2d543d20SAndroid Build Coastguard Workerinterface(`TEMPLATETYPE_manage_rw_dirs',` 106*2d543d20SAndroid Build Coastguard Worker gen_require(` 107*2d543d20SAndroid Build Coastguard Worker type TEMPLATETYPE_rw_t; 108*2d543d20SAndroid Build Coastguard Worker ') 109*2d543d20SAndroid Build Coastguard Worker 110*2d543d20SAndroid Build Coastguard Worker manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) 111*2d543d20SAndroid Build Coastguard Worker') 112*2d543d20SAndroid Build Coastguard Worker 113*2d543d20SAndroid Build Coastguard Worker""" 114*2d543d20SAndroid Build Coastguard Worker 115*2d543d20SAndroid Build Coastguard Workerte_stream_rules=""" 116*2d543d20SAndroid Build Coastguard Workermanage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) 117*2d543d20SAndroid Build Coastguard Worker""" 118*2d543d20SAndroid Build Coastguard Worker 119*2d543d20SAndroid Build Coastguard Workerif_stream_rules="""\ 120*2d543d20SAndroid Build Coastguard Worker######################################## 121*2d543d20SAndroid Build Coastguard Worker## <summary> 122*2d543d20SAndroid Build Coastguard Worker## Connect to TEMPLATETYPE over a unix stream socket. 123*2d543d20SAndroid Build Coastguard Worker## </summary> 124*2d543d20SAndroid Build Coastguard Worker## <param name="domain"> 125*2d543d20SAndroid Build Coastguard Worker## <summary> 126*2d543d20SAndroid Build Coastguard Worker## Domain allowed access. 127*2d543d20SAndroid Build Coastguard Worker## </summary> 128*2d543d20SAndroid Build Coastguard Worker## </param> 129*2d543d20SAndroid Build Coastguard Worker# 130*2d543d20SAndroid Build Coastguard Workerinterface(`TEMPLATETYPE_stream_connect',` 131*2d543d20SAndroid Build Coastguard Worker gen_require(` 132*2d543d20SAndroid Build Coastguard Worker type TEMPLATETYPE_t, TEMPLATETYPE_rw_t; 133*2d543d20SAndroid Build Coastguard Worker ') 134*2d543d20SAndroid Build Coastguard Worker 135*2d543d20SAndroid Build Coastguard Worker stream_connect_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_t) 136*2d543d20SAndroid Build Coastguard Worker') 137*2d543d20SAndroid Build Coastguard Worker""" 138*2d543d20SAndroid Build Coastguard Worker 139*2d543d20SAndroid Build Coastguard Workerif_admin_types=""" 140*2d543d20SAndroid Build Coastguard Worker type TEMPLATETYPE_rw_t;""" 141*2d543d20SAndroid Build Coastguard Worker 142*2d543d20SAndroid Build Coastguard Workerif_admin_rules=""" 143*2d543d20SAndroid Build Coastguard Worker files_search_etc($1) 144*2d543d20SAndroid Build Coastguard Worker admin_pattern($1, TEMPLATETYPE_rw_t) 145*2d543d20SAndroid Build Coastguard Worker""" 146*2d543d20SAndroid Build Coastguard Worker 147*2d543d20SAndroid Build Coastguard Worker########################### File Context ################################## 148*2d543d20SAndroid Build Coastguard Workerfc_file=""" 149*2d543d20SAndroid Build Coastguard WorkerFILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) 150*2d543d20SAndroid Build Coastguard Worker""" 151*2d543d20SAndroid Build Coastguard Worker 152*2d543d20SAndroid Build Coastguard Workerfc_sock_file="""\ 153*2d543d20SAndroid Build Coastguard WorkerFILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) 154*2d543d20SAndroid Build Coastguard Worker""" 155*2d543d20SAndroid Build Coastguard Worker 156*2d543d20SAndroid Build Coastguard Workerfc_dir=""" 157*2d543d20SAndroid Build Coastguard WorkerFILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) 158*2d543d20SAndroid Build Coastguard Worker""" 159