Overview

File dash.te of Package dash-core

policy_module(dash, 1.100.1)

########################################
#
# Declarations
#

type dash_t;
type dash_exec_t;
init_daemon_domain(dash_t, dash_exec_t)

permissive dash_t;

type dash_initrc_exec_t;
init_script_file(dash_initrc_exec_t)

type dash_conf_t;
files_type(dash_conf_t)

type dash_var_lib_t;
files_type(dash_var_lib_t)

type dash_var_run_t;
files_type(dash_var_run_t)

type dash_port_t;
corenet_port(dash_port_t)

########################################
#
# dash local policy
#
allow dash_t self:process { fork };

allow dash_t self:fifo_file rw_fifo_file_perms;
allow dash_t self:unix_stream_socket create_stream_socket_perms;

manage_dirs_pattern(dash_t, dash_conf_t, dash_conf_t)
manage_files_pattern(dash_t, dash_conf_t, dash_conf_t)

manage_dirs_pattern(dash_t, dash_var_lib_t, dash_var_lib_t)
manage_files_pattern(dash_t, dash_var_lib_t, dash_var_lib_t)
files_var_lib_filetrans(dash_t, dash_var_lib_t, { dir file })
allow dash_t dash_var_lib_t:file map;

manage_dirs_pattern(dash_t, dash_var_run_t, dash_var_run_t)
manage_files_pattern(dash_t, dash_var_run_t, dash_var_run_t)

sysnet_dns_name_resolve(dash_t)
corenet_all_recvfrom_unlabeled(dash_t)

allow dash_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(dash_t)
corenet_tcp_sendrecv_generic_node(dash_t)
corenet_tcp_sendrecv_all_ports(dash_t)
corenet_tcp_bind_generic_node(dash_t)

gen_require(`
    type dash_port_t;
    type jboss_management_port_t;
')
allow dash_t dash_port_t:tcp_socket name_bind;
allow dash_t jboss_management_port_t:tcp_socket name_bind;

gen_require(`
    type dash_port_t;
    type jboss_management_port_t;
')
allow dash_t dash_port_t:tcp_socket name_connect;
allow dash_t jboss_management_port_t:tcp_socket name_connect;

gen_require(`
    type tor_port_t;
')
allow dash_t tor_port_t:tcp_socket name_connect;

domain_use_interactive_fds(dash_t)

files_read_etc_files(dash_t)

miscfiles_read_localization(dash_t)

sysnet_dns_name_resolve(dash_t)

allow dash_t dash_exec_t:file execute_no_trans;
allow dash_t self:process setsched;
corecmd_exec_ls(dash_t)
corenet_tcp_connect_http_port(dash_t)
dev_read_urand(dash_t)
fs_getattr_xattr_fs(dash_t)
kernel_read_system_state(dash_t)
Places