diff options
Diffstat (limited to 'contrib/rpm/bitcoin.te')
| -rw-r--r-- | contrib/rpm/bitcoin.te | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/contrib/rpm/bitcoin.te b/contrib/rpm/bitcoin.te new file mode 100644 index 0000000000..d6231c591a --- /dev/null +++ b/contrib/rpm/bitcoin.te @@ -0,0 +1,81 @@ +policy_module(bitcoin, 1.100.1) + +######################################## +# +# Declarations +# + +type bitcoin_t; +type bitcoin_exec_t; +init_daemon_domain(bitcoin_t, bitcoin_exec_t) + +permissive bitcoin_t; + +type bitcoin_initrc_exec_t; +init_script_file(bitcoin_initrc_exec_t) + +type bitcoin_conf_t; +files_type(bitcoin_conf_t) + +type bitcoin_var_lib_t; +files_type(bitcoin_var_lib_t) + +type bitcoin_var_run_t; +files_type(bitcoin_var_run_t) + +type bitcoin_port_t; +corenet_port(bitcoin_port_t) + +######################################## +# +# bitcoin local policy +# +allow bitcoin_t self:process { fork }; + +allow bitcoin_t self:fifo_file rw_fifo_file_perms; +allow bitcoin_t self:unix_stream_socket create_stream_socket_perms; + +manage_dirs_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t) +manage_files_pattern(bitcoin_t, bitcoin_conf_t, bitcoin_conf_t) + +manage_dirs_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t) +manage_files_pattern(bitcoin_t, bitcoin_var_lib_t, bitcoin_var_lib_t) +files_var_lib_filetrans(bitcoin_t, bitcoin_var_lib_t, { dir file }) + +manage_dirs_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t) +manage_files_pattern(bitcoin_t, bitcoin_var_run_t, bitcoin_var_run_t) + +sysnet_dns_name_resolve(bitcoin_t) +corenet_all_recvfrom_unlabeled(bitcoin_t) + +allow bitcoin_t self:tcp_socket create_stream_socket_perms; +corenet_tcp_sendrecv_generic_if(bitcoin_t) +corenet_tcp_sendrecv_generic_node(bitcoin_t) +corenet_tcp_sendrecv_all_ports(bitcoin_t) +corenet_tcp_bind_generic_node(bitcoin_t) + +gen_require(` + type bitcoin_port_t; +') +allow bitcoin_t bitcoin_port_t:tcp_socket name_bind; + +gen_require(` + type bitcoin_port_t; +') +allow bitcoin_t bitcoin_port_t:tcp_socket name_connect; + +domain_use_interactive_fds(bitcoin_t) + +files_read_etc_files(bitcoin_t) + +miscfiles_read_localization(bitcoin_t) + +sysnet_dns_name_resolve(bitcoin_t) + +allow bitcoin_t bitcoin_exec_t:file execute_no_trans; +allow bitcoin_t self:process setsched; +corecmd_exec_ls(bitcoin_t) +corenet_tcp_connect_http_port(bitcoin_t) +dev_read_urand(bitcoin_t) +fs_getattr_xattr_fs(bitcoin_t) +kernel_read_system_state(bitcoin_t) |