rtorrent/rtorrent.te

   1 policy_module(rtorrent, 0.0.19)
   2
   3 require {
   4     type init_t;
   5     type public_content_t;
   6     type public_content_rw_t;
   7     type bin_t;
   8     type shell_exec_t;
   9     type fs_t;
  10 }
  11
  12
  13 # File context for the executable process
  14 type rtorrent_t;
  15 type rtorrent_exec_t;
  16
  17 type rtorrent_rw_t;
  18 files_type(rtorrent_rw_t)
  19
  20 type rtorrent_ro_t;
  21 files_type(rtorrent_ro_t)
  22
  23 # _sky_files_use_tmp(rtorrent_t, rtorrent_tmp_t)
  24
  25 init_daemon_domain(rtorrent_t, rtorrent_exec_t)
  26
  27 # corenet_udp_sendrecv_generic_port(rtorrent_t)
  28 corenet_udp_bind_generic_port(rtorrent_t)
  29 corenet_udp_bind_generic_node(rtorrent_t)
  30 corenet_tcp_sendrecv_generic_port(rtorrent_t)
  31 corenet_tcp_bind_generic_port(rtorrent_t)
  32 corenet_tcp_bind_generic_node(rtorrent_t)
  33
  34 corenet_tcp_connect_all_unreserved_ports(rtorrent_t)
  35 corenet_tcp_connect_all_ephemeral_ports(rtorrent_t)
  36 corenet_tcp_connect_http_port(rtorrent_t)
  37
  38 allow rtorrent_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
  39
  40 # Needed to start /bin/bash
  41 #exec_files_pattern(rtorrent_t, bin_t, shell_exec_t)
  42
  43 # Needed to start java
  44 # exec_files_pattern(rtorrent_t, bin_t, bin_t)
  45 # _sky_java_process(rtorrent_t)
  46
  47 read_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
  48 read_lnk_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
  49 mmap_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
  50
  51 read_files_pattern(rtorrent_t, public_content_t, public_content_t)
  52 read_lnk_files_pattern(rtorrent_t, public_content_t, public_content_t)
  53 mmap_files_pattern(rtorrent_t, public_content_t, public_content_t)
  54
  55 manage_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
  56 manage_dirs_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
  57 manage_lnk_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
  58 mmap_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
  59
  60 manage_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)
  61 mmap_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)
  62
  63 sysnet_dns_name_resolve(rtorrent_t)
  64
  65 #sssd_read_public_files(rtorrent_t)
  66
  67 #dev_read_rand(rtorrent_t)
  68 #dev_read_sysfs(rtorrent_t)
  69
  70 allow rtorrent_t fs_t:filesystem getattr;