Module version bump for openvpn tmp files from Sven Vermeulen.

[proj/hardened-refpolicy.git] / policy / modules / contrib / asterisk.if

diff --git a/policy/modules/contrib/asterisk.if b/policy/modules/contrib/asterisk.if
index 7268a04..57e3b8e 100644 (file)
--- a/policy/modules/contrib/asterisk.if
+++ b/policy/modules/contrib/asterisk.if
@@ -19,6 +19,25 @@ interface(`asterisk_domtrans',`
        domtrans_pattern($1, asterisk_exec_t, asterisk_t)
 ')
 
+######################################
+## <summary>
+##     Execute asterisk in the caller domain.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`asterisk_exec',`
+       gen_require(`
+               type asterisk_exec_t;
+       ')
+
+       corecmd_search_bin($1)
+       can_exec($1, asterisk_exec_t)
+')
+
 #####################################
 ## <summary>
 ##     Connect to asterisk over a unix domain.
@@ -113,6 +132,8 @@ interface(`asterisk_admin',`
        role_transition $2 asterisk_initrc_exec_t system_r;
        allow $2 system_r;
 
+       asterisk_exec($1)
+
        files_list_tmp($1)
        admin_pattern($1, asterisk_tmp_t)
 
@@ -130,4 +151,8 @@ interface(`asterisk_admin',`
 
        files_list_pids($1)
        admin_pattern($1, asterisk_var_run_t)
+
+       ifdef(`distro_gentoo',`
+               asterisk_exec($1)
+       ')
 ')