PHP/Java Bridge SvnRepo

60 lines (45 with data), 1.8 kB

#################################
# php-java-bridge.te
# SELinux rules for the javabridge_t domain
#
# javabridge_exec_t is the type of the javabridge 
# executable "RunJavaBridge", see php-java-bridge.fc

daemon_domain(javabridge, `, nscd_client_domain');
# log_domain(javabridge);
tmp_domain(javabridge);

# -- base file read access ---------
# We can't use the base_file_read_access macro on FC3.
# The following is a copy of the FC4 macro:

# Read /.
allow javabridge_t root_t:dir r_dir_perms;
allow javabridge_t root_t:notdevfile_class_set r_file_perms;

# Read /usr.
allow javabridge_t usr_t:dir r_dir_perms;
allow javabridge_t usr_t:notdevfile_class_set r_file_perms;

# Read bin and sbin directories.
allow javabridge_t bin_t:dir r_dir_perms;
allow javabridge_t bin_t:notdevfile_class_set r_file_perms;
allow javabridge_t sbin_t:dir r_dir_perms;
allow javabridge_t sbin_t:notdevfile_class_set r_file_perms;
read_sysctl(javabridge_t)
# --- end base file read access ---

can_exec_any(javabridge_t)

general_domain_access(javabridge_t)
general_proc_read_access(javabridge_t)

# we currently have no log directory
allow javabridge_t var_log_t:dir search;
allow javabridge_t var_log_t:file { append write };

# Connect from httpd.
can_unix_connect(httpd_t, javabridge_t)

# Read locale data
read_locale(javabridge_t)

# Access random device
allow javabridge_t { urandom_device_t random_device_t }:chr_file r_file_perms;

# Read /etc
allow javabridge_t etc_runtime_t:{ file lnk_file } r_file_perms;


# Insane settings needed for sun java 1.5.  Comment this out, if you
# can.
allow javabridge_t javabridge_tmp_t:file { execute };
allow javabridge_t usr_t:file { execute };
allow javabridge_t locale_t:file { execute };
allow javabridge_t random_device_t:chr_file { append };