source: branches/fc11-dev/selinux/build/admof.te @ 1218

Last change on this file since 1218 was 94, checked in by presbrey, 17 years ago
admof (locker admin check) strict SELinux module
File size: 1.0 KB
Line 
1# Joe Presbrey
2# presbrey@mit.edu
3# 2006/1/15
4
5policy_module(admof,1.0.0)
6
7require {
8        type sshd_t, sshd_tmp_t, proc_t;
9};
10
11type admof_t;
12type admof_exec_t;
13role system_r types admof_t;
14domain_type(admof_t)
15domain_auto_trans(sshd_t,admof_exec_t,admof_t)
16domain_entry_file(admof_t, admof_exec_t)
17files_read_etc_files(admof_t)
18libs_use_ld_so(admof_t)
19libs_use_shared_libs(admof_t)
20miscfiles_read_localization(admof_t)
21
22allow admof_t sshd_t:fd use;
23allow admof_t sshd_t:fifo_file write;
24allow admof_t sshd_t:tcp_socket { read write };
25allow admof_t sshd_tmp_t:file all_file_perms;
26allow admof_t sshd_t:process sigchld;
27allow admof_t self:fifo_file { getattr ioctl read write };
28allow admof_t proc_t:file { getattr read };
29
30dev_read_urand(admof_t)
31corecmd_exec_all_executables(admof_t)
32
33allow sshd_t admof_exec_t:file rx_file_perms;
34
35require { type afs_t; };
36
37afs_access(admof_t)
38allow afs_t admof_t:fifo_file { getattr write };
39allow afs_t sshd_t:fifo_file write;
40allow afs_t sshd_t:tcp_socket { read write };
41allow afs_t sshd_tmp_t:file { read write };
Note: See TracBrowser for help on using the repository browser.