1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
policy_module(uucp, 1.8.1)
########################################
#
# Declarations
#
type uucpd_t;
type uucpd_exec_t;
inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
role system_r types uucpd_t;
type uucpd_tmp_t;
files_tmp_file(uucpd_tmp_t)
type uucpd_var_run_t;
files_pid_file(uucpd_var_run_t)
type uucpd_rw_t;
files_type(uucpd_rw_t)
type uucpd_ro_t;
files_type(uucpd_ro_t)
type uucpd_spool_t;
files_type(uucpd_spool_t)
type uucpd_log_t;
logging_log_file(uucpd_log_t)
type uux_t;
type uux_exec_t;
application_domain(uux_t, uux_exec_t)
role system_r types uux_t;
########################################
#
# UUCPd Local policy
#
allow uucpd_t self:capability { setuid setgid };
allow uucpd_t self:process signal_perms;
allow uucpd_t self:fifo_file rw_fifo_file_perms;
allow uucpd_t self:tcp_socket connected_stream_socket_perms;
allow uucpd_t self:udp_socket create_socket_perms;
allow uucpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow uucpd_t uucpd_log_t:dir setattr;
manage_files_pattern(uucpd_t, uucpd_log_t, uucpd_log_t)
logging_log_filetrans(uucpd_t, uucpd_log_t, { file dir })
allow uucpd_t uucpd_ro_t:dir list_dir_perms;
read_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
read_lnk_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
manage_dirs_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
manage_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
manage_lnk_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
uucp_manage_spool(uucpd_t)
manage_dirs_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
manage_files_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
files_tmp_filetrans(uucpd_t, uucpd_tmp_t, { file dir })
manage_files_pattern(uucpd_t, uucpd_var_run_t, uucpd_var_run_t)
files_pid_filetrans(uucpd_t, uucpd_var_run_t, file)
kernel_read_kernel_sysctls(uucpd_t)
kernel_read_system_state(uucpd_t)
kernel_read_network_state(uucpd_t)
corenet_all_recvfrom_unlabeled(uucpd_t)
corenet_all_recvfrom_netlabel(uucpd_t)
corenet_tcp_sendrecv_all_if(uucpd_t)
corenet_udp_sendrecv_all_if(uucpd_t)
corenet_tcp_sendrecv_all_nodes(uucpd_t)
corenet_udp_sendrecv_all_nodes(uucpd_t)
corenet_tcp_sendrecv_all_ports(uucpd_t)
corenet_udp_sendrecv_all_ports(uucpd_t)
dev_read_urand(uucpd_t)
fs_getattr_xattr_fs(uucpd_t)
corecmd_exec_bin(uucpd_t)
files_read_etc_files(uucpd_t)
files_search_home(uucpd_t)
files_search_spool(uucpd_t)
auth_use_nsswitch(uucpd_t)
logging_send_syslog_msg(uucpd_t)
miscfiles_read_localization(uucpd_t)
optional_policy(`
kerberos_use(uucpd_t)
')
########################################
#
# UUX Local policy
#
allow uux_t self:capability { setuid setgid };
allow uux_t self:fifo_file write_file_perms;
uucp_append_log(uux_t)
uucp_manage_spool(uux_t)
corecmd_exec_bin(uux_t)
files_read_etc_files(uux_t)
fs_rw_anon_inodefs_files(uux_t)
logging_send_syslog_msg(uux_t)
miscfiles_read_localization(uux_t)
optional_policy(`
mta_send_mail(uux_t)
mta_read_queue(uux_t)
')
optional_policy(`
nscd_socket_use(uux_t)
')
|
