Menu
▾
▴
[r691]: / branches / Release-2-0-6-branch / php-java-bridge / php-java-bridge.multicasts.te Maximize Restore History
63 lines (50 with data), 2.6 kB
#################################
# php-java-bridge.te
# SELinux rules for the javabridge_t domain
#
# javabridge_exec_t is the type of the javabridge
# executable "RunJavaBridge", see php-java-bridge.fc
daemon_domain(javabridge);
# log_domain(javabridge);
tmp_domain(javabridge);
# allow connect for users and httpd
allow httpd_t javabridge_exec_t:file { getattr };
allow httpd_t javabridge_t:unix_stream_socket { connectto };
#allow user_t javabridge_t:unix_stream_socket { connectto };
allow unconfined_t javabridge_t:unix_stream_socket { connectto };
# starting the bridge
allow javabridge_t bin_t:dir { search };
allow javabridge_t bin_t:file { execute execute_no_trans read };
allow javabridge_t javabridge_exec_t:file { execute_no_trans };
allow javabridge_t javabridge_t:file { getattr read };
allow javabridge_t javabridge_t:unix_stream_socket { accept bind connect create getattr getopt listen read setopt write };
allow javabridge_t var_log_t:file { append write };
allow javabridge_t var_log_t:dir { search };
# java needs these for proc/self, /etc/java.
allow javabridge_t proc_t:file { getattr read };
allow javabridge_t etc_runtime_t:file { getattr read };
allow javabridge_t etc_t:file { getattr read };
allow javabridge_t javabridge_t:process { getsched };
allow javabridge_t ld_so_cache_t:file { execute };
allow javabridge_t locale_t:file { execute };
allow javabridge_t random_device_t:chr_file { getattr read append };
allow javabridge_t urandom_device_t:chr_file { getattr read };
# multicast backends use tcp sockets
allow javabridge_t javabridge_t:tcp_socket { accept bind connect create getattr listen setopt shutdown read write node_bind };
allow javabridge_t javabridge_t:udp_socket { bind create getopt read write setopt };
allow javabridge_t netif_lo_t:netif { tcp_recv tcp_send udp_recv udp_send };
allow javabridge_t node_lo_t:node { tcp_recv tcp_send udp_recv udp_send };
allow javabridge_t port_t:tcp_socket { name_bind recv_msg send_msg };
allow javabridge_t port_t:udp_socket { name_bind recv_msg send_msg };
# ??? FIXME
allow javabridge_t node_unspec_t:udp_socket { node_bind };
allow httpd_t javabridge_exec_t:file { read };
allow javabridge_t tmp_t:file { write };
allow javabridge_t unconfined_t:udp_socket { read write };
# lib/i386/client/classes.jsa
allow javabridge_t lib_t:file { execute getattr read };
# /usr/share/java, /usr/lib/rt.jar, ...
allow javabridge_t usr_t:file { execute getattr read };
# Sun JDK 1.5 creates /tmp/hsperfdata/data and executes it.
# Ugly ...
allow javabridge_t javabridge_tmp_t:file { execute };
