## policy for ical
########################################
##
## Execute a domain transition to run ical.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`ical_domtrans',`
gen_require(`
type ical_t;
type ical_exec_t;
')
domtrans_pattern($1,ical_exec_t,ical_t)
')
########################################
##
## Do not audit attempts to read,
## ical tmp files
##
##
##
## Domain to not audit.
##
##
#
interface(`ical_dontaudit_read_tmp_files',`
gen_require(`
type ical_tmp_t;
')
dontaudit $1 ical_tmp_t:file read_file_perms;
')
########################################
##
## Allow domain to read, ical tmp files
##
##
##
## Domain to not audit.
##
##
#
interface(`ical_read_tmp_files',`
gen_require(`
type ical_tmp_t;
')
allow $1 ical_tmp_t:file read_file_perms;
')
########################################
##
## Allow domain to manage ical tmp files
##
##
##
## Domain to not audit.
##
##
#
interface(`ical_manage_tmp',`
gen_require(`
type ical_tmp_t;
')
manage_dirs_pattern($1,ical_tmp_t,ical_tmp_t)
manage_files_pattern($1,ical_tmp_t,ical_tmp_t)
manage_lnk_files_pattern($1,ical_tmp_t,ical_tmp_t)
')
########################################
##
## Execute ical in the ical domain, and
## allow the specified role the ical domain.
##
##
##
## Domain allowed access
##
##
##
##
## The role to be allowed the ical domain.
##
##
##
##
## The type of the role's terminal.
##
##
#
interface(`ical_run',`
gen_require(`
type ical_t;
')
ical_domtrans($1)
role $2 types ical_t;
dontaudit ical_t $3:chr_file rw_term_perms;
')
########################################
##
## All of the rules required to administrate
## an ical environment
##
##
##
## Domain allowed access.
##
##
##
##
## The role to be allowed to manage the ical domain.
##
##
##
##
## The type of the user terminal.
##
##
##
#
interface(`ical_admin',`
gen_require(`
type ical_t;
')
allow $1 ical_t:process { ptrace signal_perms getattr };
read_files_pattern($1, ical_t, ical_t)
ical_manage_tmp($1)
')