Merge #11747: Fix: Open files read only if requested
[bitcoinplatinum.git] / contrib / rpm / bitcoin.if
blobb206866cc5eb4abc3075f8692637a7096d7f0b0e
2 ## <summary>policy for bitcoin</summary>
5 ########################################
6 ## <summary>
7 ##      Transition to bitcoin.
8 ## </summary>
9 ## <param name="domain">
10 ## <summary>
11 ##      Domain allowed to transition.
12 ## </summary>
13 ## </param>
15 interface(`bitcoin_domtrans',`
16         gen_require(`
17                 type bitcoin_t, bitcoin_exec_t;
18         ')
20         corecmd_search_bin($1)
21         domtrans_pattern($1, bitcoin_exec_t, bitcoin_t)
25 ########################################
26 ## <summary>
27 ##      Execute bitcoin server in the bitcoin domain.
28 ## </summary>
29 ## <param name="domain">
30 ##      <summary>
31 ##      Domain allowed access.
32 ##      </summary>
33 ## </param>
35 interface(`bitcoin_initrc_domtrans',`
36         gen_require(`
37                 type bitcoin_initrc_exec_t;
38         ')
40         init_labeled_script_domtrans($1, bitcoin_initrc_exec_t)
44 ########################################
45 ## <summary>
46 ##      Search bitcoin lib directories.
47 ## </summary>
48 ## <param name="domain">
49 ##      <summary>
50 ##      Domain allowed access.
51 ##      </summary>
52 ## </param>
54 interface(`bitcoin_search_lib',`
55         gen_require(`
56                 type bitcoin_var_lib_t;
57         ')
59         allow $1 bitcoin_var_lib_t:dir search_dir_perms;
60         files_search_var_lib($1)
63 ########################################
64 ## <summary>
65 ##      Read bitcoin lib files.
66 ## </summary>
67 ## <param name="domain">
68 ##      <summary>
69 ##      Domain allowed access.
70 ##      </summary>
71 ## </param>
73 interface(`bitcoin_read_lib_files',`
74         gen_require(`
75                 type bitcoin_var_lib_t;
76         ')
78         files_search_var_lib($1)
79         read_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
82 ########################################
83 ## <summary>
84 ##      Manage bitcoin lib files.
85 ## </summary>
86 ## <param name="domain">
87 ##      <summary>
88 ##      Domain allowed access.
89 ##      </summary>
90 ## </param>
92 interface(`bitcoin_manage_lib_files',`
93         gen_require(`
94                 type bitcoin_var_lib_t;
95         ')
97         files_search_var_lib($1)
98         manage_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
101 ########################################
102 ## <summary>
103 ##      Manage bitcoin lib directories.
104 ## </summary>
105 ## <param name="domain">
106 ##      <summary>
107 ##      Domain allowed access.
108 ##      </summary>
109 ## </param>
111 interface(`bitcoin_manage_lib_dirs',`
112         gen_require(`
113                 type bitcoin_var_lib_t;
114         ')
116         files_search_var_lib($1)
117         manage_dirs_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
121 ########################################
122 ## <summary>
123 ##      All of the rules required to administrate
124 ##      a bitcoin environment
125 ## </summary>
126 ## <param name="domain">
127 ##      <summary>
128 ##      Domain allowed access.
129 ##      </summary>
130 ## </param>
131 ## <param name="role">
132 ##      <summary>
133 ##      Role allowed access.
134 ##      </summary>
135 ## </param>
136 ## <rolecap/>
138 interface(`bitcoin_admin',`
139         gen_require(`
140                 type bitcoin_t;
141                 type bitcoin_initrc_exec_t;
142                 type bitcoin_var_lib_t;
143         ')
145         allow $1 bitcoin_t:process { ptrace signal_perms };
146         ps_process_pattern($1, bitcoin_t)
148         bitcoin_initrc_domtrans($1)
149         domain_system_change_exemption($1)
150         role_transition $2 bitcoin_initrc_exec_t system_r;
151         allow $2 system_r;
153         files_search_var_lib($1)
154         admin_pattern($1, bitcoin_var_lib_t)