mirror of
https://github.com/m13253/dns-over-https.git
synced 2026-03-30 20:45:38 +00:00
43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
policy_module(doh_server, 1.0.0)
|
|
|
|
require {
|
|
class process execmem;
|
|
class tcp_socket { accept bind create read write getattr listen setopt connect getopt };
|
|
class udp_socket { connect create getattr setopt read write };
|
|
class file execmod;
|
|
}
|
|
|
|
type doh_server_t;
|
|
type doh_server_exec_t;
|
|
|
|
init_daemon_domain(doh_server_t, doh_server_exec_t)
|
|
|
|
type doh_server_port_t;
|
|
|
|
corenet_port(doh_server_port_t)
|
|
|
|
type doh_server_unit_file_t;
|
|
systemd_unit_file(doh_server_unit_file_t)
|
|
|
|
allow doh_server_t self:fifo_file rw_fifo_file_perms;
|
|
allow doh_server_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow doh_server_t self:process execmem;
|
|
allow doh_server_t self:tcp_socket { accept read write bind create getattr listen setopt connect getopt};
|
|
allow doh_server_t self:udp_socket { connect create getattr setopt read write };
|
|
|
|
allow doh_server_t doh_server_exec_t:file execmod;
|
|
allow doh_server_t doh_server_port_t:tcp_socket name_bind;
|
|
|
|
domain_use_interactive_fds(doh_server_t)
|
|
|
|
files_read_etc_files(doh_server_t)
|
|
|
|
corenet_tcp_bind_generic_node(doh_server_t)
|
|
corenet_tcp_connect_dns_port(doh_server_t)
|
|
doh_server_connect(httpd_t)
|
|
|
|
kernel_read_net_sysctls(doh_server_t)
|
|
kernel_search_network_sysctl(doh_server_t)
|
|
|
|
miscfiles_read_localization(doh_server_t)
|