1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
## <summary>policy for bitcoin</summary>
########################################
## <summary>
## Transition to bitcoin.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`bitcoin_domtrans',`
gen_require(`
type bitcoin_t, bitcoin_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, bitcoin_exec_t, bitcoin_t)
')
########################################
## <summary>
## Execute bitcoin server in the bitcoin domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_initrc_domtrans',`
gen_require(`
type bitcoin_initrc_exec_t;
')
init_labeled_script_domtrans($1, bitcoin_initrc_exec_t)
')
########################################
## <summary>
## Search bitcoin lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_search_lib',`
gen_require(`
type bitcoin_var_lib_t;
')
allow $1 bitcoin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Read bitcoin lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_read_lib_files',`
gen_require(`
type bitcoin_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
')
########################################
## <summary>
## Manage bitcoin lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_manage_lib_files',`
gen_require(`
type bitcoin_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
')
########################################
## <summary>
## Manage bitcoin lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`bitcoin_manage_lib_dirs',`
gen_require(`
type bitcoin_var_lib_t;
')
files_search_var_lib($1)
manage_dirs_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t)
')
########################################
## <summary>
## All of the rules required to administrate
## a bitcoin environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`bitcoin_admin',`
gen_require(`
type bitcoin_t;
type bitcoin_initrc_exec_t;
type bitcoin_var_lib_t;
')
allow $1 bitcoin_t:process { ptrace signal_perms };
ps_process_pattern($1, bitcoin_t)
bitcoin_initrc_domtrans($1)
domain_system_change_exemption($1)
role_transition $2 bitcoin_initrc_exec_t system_r;
allow $2 system_r;
files_search_var_lib($1)
admin_pattern($1, bitcoin_var_lib_t)
')
|
