#DESC Ftpd - Ftp daemon
#
# Authors:  Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser  
#           Russell Coker <russell@coker.com.au>
# X-Debian-Packages: proftpd-common bsd-ftpd ftpd vsftpd
#

#################################
#
# Rules for the ftpd_t domain 
#
daemon_domain(ftpd, `, auth_chkpwd, nscd_client_domain')
etc_domain(ftpd)

can_network(ftpd_t)
allow ftpd_t port_type:tcp_socket name_connect;
allow ftpd_t self:unix_dgram_socket { sendto create_socket_perms };
allow ftpd_t self:unix_stream_socket create_socket_perms;
allow ftpd_t self:process { getcap setcap setsched setrlimit };
allow ftpd_t self:fifo_file rw_file_perms;

allow ftpd_t bin_t:dir search;
can_exec(ftpd_t, bin_t)
allow ftpd_t bin_t:lnk_file read;
read_sysctl(ftpd_t)

allow ftpd_t urandom_device_t:chr_file { getattr read };

ifdef(`crond.te', `
system_crond_entry(ftpd_exec_t, ftpd_t)
allow system_crond_t xferlog_t:file r_file_perms;
can_exec(ftpd_t, { sbin_t shell_exec_t })
allow ftpd_t usr_t:file { getattr read };
ifdef(`logrotate.te', `
can_exec(ftpd_t, logrotate_exec_t)
')dnl end if logrotate.te
')dnl end if crond.te

allow ftpd_t ftp_data_port_t:tcp_socket name_bind;
allow ftpd_t port_t:tcp_socket name_bind;

# ftpd_lock_t is only needed when ftpd_is_daemon is true, but we cannot define types conditionally
type ftpd_lock_t, file_type, sysadmfile, lockfile;

# Allow ftpd to run directly without inetd.
bool ftpd_is_daemon false;
if (ftpd_is_daemon) {
file_type_auto_trans(ftpd_t, var_lock_t, ftpd_lock_t, file)
allow ftpd_t ftp_port_t:tcp_socket name_bind;
can_tcp_connect(userdomain, ftpd_t)
# Allows it to check exec privs on daemon
allow inetd_t ftpd_exec_t:file x_file_perms;
}
ifdef(`inetd.te', `
if (!ftpd_is_daemon) {
ifdef(`tcpd.te', `domain_auto_trans(tcpd_t, ftpd_exec_t, ftpd_t)')
domain_auto_trans(inetd_t, ftpd_exec_t, ftpd_t)

# Use sockets inherited from inetd.
allow ftpd_t inetd_t:fd use;
allow ftpd_t inetd_t:tcp_socket rw_stream_socket_perms;

# Send SIGCHLD to inetd on death.
allow ftpd_t inetd_t:process sigchld;
}
') dnl end inetd.te

# Access shared memory tmpfs instance.
tmpfs_domain(ftpd)

# Use capabilities.
allow ftpd_t self:capability { chown fowner fsetid setgid setuid net_bind_service sys_chroot sys_nice sys_resource };

# Append to /var/log/wtmp.
allow ftpd_t wtmp_t:file { getattr append };
#kerberized ftp requires the following
allow ftpd_t wtmp_t:file { write lock };

# Create and modify /var/log/xferlog.
type xferlog_t, file_type, sysadmfile, logfile;
file_type_auto_trans(ftpd_t, var_log_t, xferlog_t, file)

# Execute /bin/ls (can comment this out for proftpd)
# also may need rules to allow tar etc...
can_exec(ftpd_t, ls_exec_t)

allow initrc_t ftpd_etc_t:file { getattr read };
allow ftpd_t { etc_t etc_runtime_t }:file { getattr read };
allow ftpd_t proc_t:file { getattr read };

dontaudit ftpd_t sysadm_home_dir_t:dir getattr;
dontaudit ftpd_t selinux_config_t:dir search;
allow ftpd_t autofs_t:dir search;
allow ftpd_t self:file { getattr read };
tmp_domain(ftpd)

# Allow ftp to read/write files in the user home directories.
bool ftp_home_dir false;

if (ftp_home_dir) {
# allow access to /home
allow ftpd_t home_root_t:dir { getattr search };
allow ftpd_t home_dir_type:dir r_dir_perms;
create_dir_file(ftpd_t, home_type)
}
if (use_nfs_home_dirs && ftp_home_dir) {
	r_dir_file(ftpd_t, nfs_t)
}
if (use_samba_home_dirs && ftp_home_dir) {
	r_dir_file(ftpd_t, cifs_t)
}
dontaudit ftpd_t selinux_config_t:dir search;
#
# Type for access to anon ftp
#
r_dir_file(ftpd_t,ftpd_anon_t)
type ftpd_anon_rw_t, file_type, sysadmfile, customizable;
create_dir_file(ftpd_t,ftpd_anon_rw_t)