/usr/share/selinux/ubuntu/include/admin/tripwire.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 | ## <summary>Tripwire file integrity checker.</summary>
## <desc>
## <p>
## Tripwire file integrity checker.
## </p>
## <p>
## NOTE: Tripwire creates temp file in its current working directory.
## This policy does not allow write access to home directories, so
## users will need to either cd to a directory where they have write
## permission, or set the TEMPDIRECTORY variable in the tripwire config
## file. The latter is preferable, as then the file_type_auto_trans
## rules will kick in and label the files as private to tripwire.
## </p>
## </desc>
########################################
## <summary>
## Execute tripwire in the tripwire domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tripwire_domtrans_tripwire',`
gen_require(`
type tripwire_t, tripwire_exec_t;
')
domtrans_pattern($1, tripwire_exec_t, tripwire_t)
')
########################################
## <summary>
## Execute tripwire in the tripwire domain, and
## allow the specified role the tripwire domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the tripwire domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`tripwire_run_tripwire',`
gen_require(`
type tripwire_t;
')
tripwire_domtrans_tripwire($1)
role $2 types tripwire_t;
')
########################################
## <summary>
## Execute twadmin in the twadmin domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tripwire_domtrans_twadmin',`
gen_require(`
type twadmin_t, twadmin_exec_t;
')
domtrans_pattern($1, twadmin_exec_t, twadmin_t)
')
########################################
## <summary>
## Execute twadmin in the twadmin domain, and
## allow the specified role the twadmin domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the twadmin domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`tripwire_run_twadmin',`
gen_require(`
type twadmin_t;
')
tripwire_domtrans_twadmin($1)
role $2 types twadmin_t;
')
########################################
## <summary>
## Execute twprint in the twprint domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tripwire_domtrans_twprint',`
gen_require(`
type twprint_t, twprint_exec_t;
')
domtrans_pattern($1, twprint_exec_t, twprint_t)
')
########################################
## <summary>
## Execute twprint in the twprint domain, and
## allow the specified role the twprint domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the twprint domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`tripwire_run_twprint',`
gen_require(`
type twprint_t;
')
tripwire_domtrans_twprint($1)
role $2 types twprint_t;
')
########################################
## <summary>
## Execute siggen in the siggen domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`tripwire_domtrans_siggen',`
gen_require(`
type siggen_t, siggen_exec_t;
')
domtrans_pattern($1, siggen_exec_t, siggen_t)
')
########################################
## <summary>
## Execute siggen in the siggen domain, and
## allow the specified role the siggen domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the siggen domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`tripwire_run_siggen',`
gen_require(`
type siggen_t;
')
tripwire_domtrans_siggen($1)
role $2 types siggen_t;
')
|