Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/services/mpd.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/services/mpd.if')
-rw-r--r--policy/modules/services/mpd.if347
1 files changed, 347 insertions, 0 deletions
diff --git a/policy/modules/services/mpd.if b/policy/modules/services/mpd.if
new file mode 100644
index 00000000..02faa37e
--- /dev/null
+++ b/policy/modules/services/mpd.if
@@ -0,0 +1,347 @@
+## <summary>Music Player Daemon.</summary>
+
+########################################
+## <summary>
+## Execute a domain transition to run mpd.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`mpd_domtrans',`
+ gen_require(`
+ type mpd_t, mpd_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, mpd_exec_t, mpd_t)
+')
+
+########################################
+## <summary>
+## Execute mpd server in the mpd domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`mpd_initrc_domtrans',`
+ gen_require(`
+ type mpd_initrc_exec_t;
+ ')
+
+ init_labeled_script_domtrans($1, mpd_initrc_exec_t)
+')
+
+#######################################
+## <summary>
+## Read mpd data files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_read_data_files',`
+ gen_require(`
+ type mpd_data_t;
+ ')
+
+ mpd_search_lib($1)
+ read_files_pattern($1, mpd_data_t, mpd_data_t)
+')
+
+######################################
+## <summary>
+## Create, read, write, and delete
+## mpd data files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_manage_data_files',`
+ gen_require(`
+ type mpd_data_t;
+ ')
+
+ mpd_search_lib($1)
+ manage_files_pattern($1, mpd_data_t, mpd_data_t)
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## mpd user data content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_manage_user_data_content',`
+ gen_require(`
+ type mpd_user_data_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 mpd_user_data_t:dir manage_dir_perms;
+ allow $1 mpd_user_data_t:file manage_file_perms;
+ allow $1 mpd_user_data_t:lnk_file manage_lnk_file_perms;
+')
+
+########################################
+## <summary>
+## Relabel mpd user data content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_relabel_user_data_content',`
+ gen_require(`
+ type mpd_user_data_t;
+ ')
+
+ userdom_search_user_home_dirs($1)
+ allow $1 mpd_user_data_t:dir relabel_dir_perms;
+ allow $1 mpd_user_data_t:file relabel_file_perms;
+ allow $1 mpd_user_data_t:lnk_file relabel_lnk_file_perms;
+')
+
+########################################
+## <summary>
+## Create objects in user home
+## directories with the mpd user data type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`mpd_home_filetrans_user_data',`
+ gen_require(`
+ type mpd_user_data_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, mpd_user_data_t, $2, $3)
+')
+
+#######################################
+## <summary>
+## Read mpd tmpfs files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_read_tmpfs_files',`
+ gen_require(`
+ type mpd_tmpfs_t;
+ ')
+
+ fs_search_tmpfs($1)
+ read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+')
+
+###################################
+## <summary>
+## Create, read, write, and delete
+## mpd tmpfs files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_manage_tmpfs_files',`
+ gen_require(`
+ type mpd_tmpfs_t;
+ ')
+
+ fs_search_tmpfs($1)
+ manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+ manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+')
+
+########################################
+## <summary>
+## Search mpd lib directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_search_lib',`
+ gen_require(`
+ type mpd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ allow $1 mpd_var_lib_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Read mpd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_read_lib_files',`
+ gen_require(`
+ type mpd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## mpd lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_manage_lib_files',`
+ gen_require(`
+ type mpd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+')
+
+#######################################
+## <summary>
+## Create specified objects in mpd
+## lib directories with a private type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="private type">
+## <summary>
+## The type of the object to be created.
+## </summary>
+## </param>
+## <param name="object">
+## <summary>
+## The object class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`mpd_var_lib_filetrans',`
+ gen_require(`
+ type mpd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ filetrans_pattern($1, mpd_var_lib_t, $2, $3, $4)
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## mpd lib dirs.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mpd_manage_lib_dirs',`
+ gen_require(`
+ type mpd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+')
+
+########################################
+## <summary>
+## All of the rules required to
+## administrate an mpd environment.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`mpd_admin',`
+ gen_require(`
+ type mpd_t, mpd_initrc_exec_t, mpd_etc_t;
+ type mpd_data_t, mpd_log_t, mpd_var_lib_t;
+ type mpd_tmpfs_t, mpd_tmp_t, mpd_user_data_t;
+ ')
+
+ allow $1 mpd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, mpd_t)
+
+ init_startstop_service($1, $2, mpd_t, mpd_initrc_exec_t)
+
+ files_search_etc($1)
+ admin_pattern($1, mpd_etc_t)
+
+ files_search_var_lib($1)
+ admin_pattern($1, { mpd_data_t mpd_user_data_t mpd_var_lib_t })
+
+ logging_search_logs($1)
+ admin_pattern($1, mpd_log_t)
+
+ files_search_tmp($1)
+ admin_pattern($1, mpd_tmp_t)
+
+ fs_search_tmpfs($1)
+ admin_pattern($1, mpd_tmpfs_t)
+')