## policy for yule
########################################
##
## Execute a domain transition to run yule.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`yule_domtrans',`
gen_require(`
type yule_t;
type yule_exec_t;
')
domtrans_pattern($1,yule_exec_t,yule_t)
')
########################################
##
## Execute yule server in the yule domain.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`yule_script_domtrans',`
gen_require(`
type yule_script_exec_t;
')
init_script_domtrans_spec($1,yule_script_exec_t)
')
########################################
##
## All of the rules required to administrate
## an yule environment
##
##
##
## Domain allowed access.
##
##
##
##
## The role to be allowed to manage the yule domain.
##
##
##
##
## The type of the user terminal.
##
##
##
#
interface(`yule_admin',`
gen_require(`
type yule_t;
')
allow $1 yule_t:process { ptrace signal_perms getattr };
read_files_pattern($1, yule_t, yule_t)
gen_require(`
type yule_script_exec_t;
')
# Allow yule_t to restart the service
yule_script_domtrans($1)
domain_system_change_exemption($1)
role_transition $2 yule_script_exec_t system_r;
allow $2 system_r;
')
########################################
##
## Connect to yule using a unix domain stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`yule_stream_connect',`
gen_require(`
type yule_t, yule_var_lib_t;
')
files_search_var_lib($1)
stream_connect_pattern($1,yule_var_lib_t,yule_var_lib_t,yule_t)
')
########################################
##
## Make a TCP connection to the yule port.
##
##
##
## Domain allowed access.
##
##
#
interface(`corenet_tcp_connect_yule_port',`
gen_require(`
type yule_port_t;
')
allow $1 yule_port_t:tcp_socket name_connect;
')