2009-12-21 19:53:59

by stefan

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] New policy module for PyICQt.


Resending this policy.

Signed-off-by: Stefan Schulze Frielinghaus <[email protected]>
---
policy/modules/services/pyicqt.fc | 7 ++++
policy/modules/services/pyicqt.if | 1 +
policy/modules/services/pyicqt.te | 63 +++++++++++++++++++++++++++++++++++++
3 files changed, 71 insertions(+), 0 deletions(-)
create mode 100644 policy/modules/services/pyicqt.fc
create mode 100644 policy/modules/services/pyicqt.if
create mode 100644 policy/modules/services/pyicqt.te

diff --git a/policy/modules/services/pyicqt.fc b/policy/modules/services/pyicqt.fc
new file mode 100644
index 0000000..491fe8f
--- /dev/null
+++ b/policy/modules/services/pyicqt.fc
@@ -0,0 +1,7 @@
+/etc/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_conf_t,s0)
+
+/usr/share/pyicq-t/PyICQt\.py -- gen_context(system_u:object_r:pyicqt_exec_t,s0)
+
+/var/run/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_var_run_t,s0)
+
+/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_spool_t,s0)
diff --git a/policy/modules/services/pyicqt.if b/policy/modules/services/pyicqt.if
new file mode 100644
index 0000000..9604b6a
--- /dev/null
+++ b/policy/modules/services/pyicqt.if
@@ -0,0 +1 @@
+## <summary>PyICQt is an ICQ transport for XMPP server.</summary>
diff --git a/policy/modules/services/pyicqt.te b/policy/modules/services/pyicqt.te
new file mode 100644
index 0000000..df989a3
--- /dev/null
+++ b/policy/modules/services/pyicqt.te
@@ -0,0 +1,63 @@
+
+policy_module(pyicqt, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type pyicqt_t;
+type pyicqt_exec_t;
+init_daemon_domain(pyicqt_t, pyicqt_exec_t)
+
+type pyicqt_conf_t;
+files_config_file(pyicqt_conf_t)
+
+type pyicqt_spool_t;
+files_type(pyicqt_spool_t)
+
+type pyicqt_var_run_t;
+files_pid_file(pyicqt_var_run_t)
+
+########################################
+#
+# PyICQt policy
+#
+
+allow pyicqt_t self:fifo_file rw_fifo_file_perms;
+allow pyicqt_t self:tcp_socket create_socket_perms;
+allow pyicqt_t self:udp_socket create_socket_perms;
+
+read_files_pattern(pyicqt_t, pyicqt_conf_t, pyicqt_conf_t)
+
+manage_dirs_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
+manage_files_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
+
+manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t)
+
+kernel_read_system_state(pyicqt_t)
+
+corecmd_exec_bin(pyicqt_t)
+
+corenet_all_recvfrom_unlabeled(pyicqt_t)
+corenet_all_recvfrom_netlabel(pyicqt_t)
+corenet_tcp_connect_generic_port(pyicqt_t)
+corenet_tcp_sendrecv_generic_if(pyicqt_t)
+corenet_tcp_sendrecv_generic_node(pyicqt_t)
+corenet_sendrecv_generic_client_packets(pyicqt_t)
+corenet_sendrecv_unlabeled_packets(pyicqt_t)
+
+dev_read_urand(pyicqt_t)
+
+files_pid_filetrans(pyicqt_t, pyicqt_var_run_t, file)
+files_read_etc_files(pyicqt_t)
+files_read_usr_files(pyicqt_t)
+files_spool_filetrans(pyicqt_t, pyicqt_spool_t, { dir file })
+
+libs_read_lib_files(pyicqt_t)
+libs_use_ld_so(pyicqt_t)
+libs_use_shared_libs(pyicqt_t)
+
+miscfiles_read_localization(pyicqt_t)
+
+sysnet_read_config(pyicqt_t)
--
1.6.5.2


2010-02-09 13:45:38

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] New policy module for PyICQt.

On Mon, 2009-12-21 at 20:53 +0100, Stefan Schulze Frielinghaus wrote:
> Resending this policy.

Merged.

> Signed-off-by: Stefan Schulze Frielinghaus <[email protected]>
> ---
> policy/modules/services/pyicqt.fc | 7 ++++
> policy/modules/services/pyicqt.if | 1 +
> policy/modules/services/pyicqt.te | 63 +++++++++++++++++++++++++++++++++++++
> 3 files changed, 71 insertions(+), 0 deletions(-)
> create mode 100644 policy/modules/services/pyicqt.fc
> create mode 100644 policy/modules/services/pyicqt.if
> create mode 100644 policy/modules/services/pyicqt.te
>
> diff --git a/policy/modules/services/pyicqt.fc b/policy/modules/services/pyicqt.fc
> new file mode 100644
> index 0000000..491fe8f
> --- /dev/null
> +++ b/policy/modules/services/pyicqt.fc
> @@ -0,0 +1,7 @@
> +/etc/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_conf_t,s0)
> +
> +/usr/share/pyicq-t/PyICQt\.py -- gen_context(system_u:object_r:pyicqt_exec_t,s0)
> +
> +/var/run/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_var_run_t,s0)
> +
> +/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_spool_t,s0)
> diff --git a/policy/modules/services/pyicqt.if b/policy/modules/services/pyicqt.if
> new file mode 100644
> index 0000000..9604b6a
> --- /dev/null
> +++ b/policy/modules/services/pyicqt.if
> @@ -0,0 +1 @@
> +## <summary>PyICQt is an ICQ transport for XMPP server.</summary>
> diff --git a/policy/modules/services/pyicqt.te b/policy/modules/services/pyicqt.te
> new file mode 100644
> index 0000000..df989a3
> --- /dev/null
> +++ b/policy/modules/services/pyicqt.te
> @@ -0,0 +1,63 @@
> +
> +policy_module(pyicqt, 1.0.0)
> +
> +########################################
> +#
> +# Declarations
> +#
> +
> +type pyicqt_t;
> +type pyicqt_exec_t;
> +init_daemon_domain(pyicqt_t, pyicqt_exec_t)
> +
> +type pyicqt_conf_t;
> +files_config_file(pyicqt_conf_t)
> +
> +type pyicqt_spool_t;
> +files_type(pyicqt_spool_t)
> +
> +type pyicqt_var_run_t;
> +files_pid_file(pyicqt_var_run_t)
> +
> +########################################
> +#
> +# PyICQt policy
> +#
> +
> +allow pyicqt_t self:fifo_file rw_fifo_file_perms;
> +allow pyicqt_t self:tcp_socket create_socket_perms;
> +allow pyicqt_t self:udp_socket create_socket_perms;
> +
> +read_files_pattern(pyicqt_t, pyicqt_conf_t, pyicqt_conf_t)
> +
> +manage_dirs_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
> +manage_files_pattern(pyicqt_t, pyicqt_spool_t, pyicqt_spool_t)
> +
> +manage_files_pattern(pyicqt_t, pyicqt_var_run_t, pyicqt_var_run_t)
> +
> +kernel_read_system_state(pyicqt_t)
> +
> +corecmd_exec_bin(pyicqt_t)
> +
> +corenet_all_recvfrom_unlabeled(pyicqt_t)
> +corenet_all_recvfrom_netlabel(pyicqt_t)
> +corenet_tcp_connect_generic_port(pyicqt_t)
> +corenet_tcp_sendrecv_generic_if(pyicqt_t)
> +corenet_tcp_sendrecv_generic_node(pyicqt_t)
> +corenet_sendrecv_generic_client_packets(pyicqt_t)
> +corenet_sendrecv_unlabeled_packets(pyicqt_t)
> +
> +dev_read_urand(pyicqt_t)
> +
> +files_pid_filetrans(pyicqt_t, pyicqt_var_run_t, file)
> +files_read_etc_files(pyicqt_t)
> +files_read_usr_files(pyicqt_t)
> +files_spool_filetrans(pyicqt_t, pyicqt_spool_t, { dir file })
> +
> +libs_read_lib_files(pyicqt_t)
> +libs_use_ld_so(pyicqt_t)
> +libs_use_shared_libs(pyicqt_t)
> +
> +miscfiles_read_localization(pyicqt_t)
> +
> +sysnet_read_config(pyicqt_t)

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150