diff options
Diffstat (limited to 'policy/modules/services/stunnel.if')
-rw-r--r-- | policy/modules/services/stunnel.if | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/policy/modules/services/stunnel.if b/policy/modules/services/stunnel.if new file mode 100644 index 000000000..038efa890 --- /dev/null +++ b/policy/modules/services/stunnel.if @@ -0,0 +1,46 @@ +## <summary>SSL Tunneling Proxy.</summary> + +######################################## +## <summary> +## Define the specified domain as a stunnel inetd service. +## </summary> +## <param name="domain"> +## <summary> +## The type associated with the stunnel inetd service process. +## </summary> +## </param> +## <param name="entrypoint"> +## <summary> +## The type associated with the process program. +## </summary> +## </param> +# +interface(`stunnel_service_domain',` + gen_require(` + type stunnel_t; + ') + + domtrans_pattern(stunnel_t, $2, $1) + allow $1 stunnel_t:tcp_socket rw_socket_perms; +') + +######################################## +## <summary> +## Read stunnel configuration content. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`stunnel_read_config',` + gen_require(` + type stunnel_etc_t; + ') + + files_search_etc($1) + allow $1 stunnel_etc_t:dir list_dir_perms; + allow $1 stunnel_etc_t:file read_file_perms; + allow $1 stunnel_etc_t:lnk_file read_lnk_file_perms; +') |