rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/admin/bootloader.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   705f70f098efab40dd171ecd68d464ad25f1997d
  2.   policy
  3.   modules
  4.   admin
  5.   bootloader.if
Blob History Raw
Chris PeBenito c43097 
## <summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
Chris PeBenito c43097
Chris PeBenito c43097 
########################################
Chris PeBenito 11633b 
## <summary>
Chris PeBenito 414e41 
##	Execute bootloader in the bootloader domain.
Chris PeBenito 11633b 
## </summary>
Chris PeBenito 414e41 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Dominick Grift 77e4b5 
##	Domain allowed to transition.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 414e41 
## </param>
Chris PeBenito c43097 
#
Chris PeBenito 199895 
interface(`bootloader_domtrans',`
Chris PeBenito cbc9d6 
	gen_require(`
Chris PeBenito 12ae75 
		type bootloader_t, bootloader_exec_t;
Chris PeBenito cbc9d6 
	')
Chris PeBenito d11566
Chris PeBenito c0868a 
	domtrans_pattern($1, bootloader_exec_t, bootloader_t)
Chris PeBenito c43097 
')
Chris PeBenito c43097
Chris PeBenito c43097 
########################################
Chris PeBenito 11633b 
## <summary>
Chris PeBenito 414e41 
##	Execute bootloader interactively and do
Chris PeBenito 414e41 
##	a domain transition to the bootloader domain.
Chris PeBenito 11633b 
## </summary>
Chris PeBenito 414e41 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Dominick Grift 77e4b5 
##	Domain allowed to transition.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 414e41 
## </param>
Chris PeBenito 414e41 
## <param name="role">
Chris PeBenito 885b83 
##	<summary>
Chris PeBenito a7ee7f 
##	Role allowed access.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 414e41 
## </param>
Chris PeBenito bbcd3c 
## <rolecap/>
Chris PeBenito c43097 
#
Chris PeBenito 199895 
interface(`bootloader_run',`
Chris PeBenito cbc9d6 
	gen_require(`
Chris PeBenito cbc9d6 
		type bootloader_t;
Chris PeBenito cbc9d6 
	')
Chris PeBenito d11566
Chris PeBenito 0fd9dc 
	bootloader_domtrans($1)
Chris PeBenito d11566
Chris PeBenito d11566 
	role $2 types bootloader_t;
Chris PeBenito 3e5987
Chris PeBenito 3e5987 
	ifdef(`distro_redhat',`
Chris PeBenito 3e5987 
		# for mke2fs
Chris PeBenito 296273 
		mount_run(bootloader_t, $2)
Chris PeBenito 3e5987 
	')
Chris PeBenito c43097 
')
Chris PeBenito c43097
Chris PeBenito b4cd15 
########################################
Chris PeBenito 11633b 
## <summary>
Chris PeBenito 414e41 
##	Read the bootloader configuration file.
Chris PeBenito 11633b 
## </summary>
Chris PeBenito 414e41 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Chris PeBenito a72e42 
##	Domain allowed access.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 414e41 
## </param>
Chris PeBenito b4cd15 
#
Chris PeBenito 199895 
interface(`bootloader_read_config',`
Chris PeBenito cbc9d6 
	gen_require(`
Chris PeBenito cbc9d6 
		type bootloader_etc_t;
Chris PeBenito cbc9d6 
	')
Chris PeBenito d11566
Chris PeBenito c0868a 
	allow $1 bootloader_etc_t:file read_file_perms;
Chris PeBenito b4cd15 
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
########################################
Chris PeBenito 11633b 
## <summary>
Chris PeBenito 414e41 
##	Read and write the bootloader
Chris PeBenito 414e41 
##	configuration file.
Chris PeBenito 11633b 
## </summary>
Chris PeBenito 414e41 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Chris PeBenito a72e42 
##	Domain allowed access.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 414e41 
## </param>
Chris PeBenito bbcd3c 
## <rolecap/>
Chris PeBenito b4cd15 
#
Chris PeBenito 199895 
interface(`bootloader_rw_config',`
Chris PeBenito cbc9d6 
	gen_require(`
Chris PeBenito cbc9d6 
		type bootloader_etc_t;
Chris PeBenito cbc9d6 
	')
Chris PeBenito d11566
Chris PeBenito c2c00b 
	allow $1 bootloader_etc_t:file rw_file_perms;
Chris PeBenito b4cd15 
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
########################################
Chris PeBenito 11633b 
## <summary>
Chris PeBenito 414e41 
##	Read and write the bootloader
Chris PeBenito 414e41 
##	temporary data in /tmp.
Chris PeBenito 11633b 
## </summary>
Chris PeBenito 414e41 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Chris PeBenito a72e42 
##	Domain allowed access.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 414e41 
## </param>
Chris PeBenito b4cd15 
#
Chris PeBenito 1815ba 
interface(`bootloader_rw_tmp_files',`
Chris PeBenito cbc9d6 
	gen_require(`
Chris PeBenito cbc9d6 
		type bootloader_tmp_t;
Chris PeBenito cbc9d6 
	')
Chris PeBenito d11566
Chris PeBenito cbc9d6 
	# FIXME: read tmp_t dir
Chris PeBenito c2c00b 
	allow $1 bootloader_tmp_t:file rw_file_perms;
Chris PeBenito 7bba9d 
')
Chris PeBenito 7bba9d
Chris PeBenito 7bba9d 
########################################
Chris PeBenito 11633b 
## <summary>
Chris PeBenito 414e41 
##	Read and write the bootloader
Chris PeBenito 414e41 
##	temporary data in /tmp.
Chris PeBenito 11633b 
## </summary>
Chris PeBenito 414e41 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Chris PeBenito a72e42 
##	Domain allowed access.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 414e41 
## </param>
Chris PeBenito 7bba9d 
#
Chris PeBenito 199895 
interface(`bootloader_create_runtime_file',`
Chris PeBenito cbc9d6 
	gen_require(`
Chris PeBenito c0868a 
		type boot_runtime_t;
Chris PeBenito cbc9d6 
	')
Chris PeBenito d11566
Chris PeBenito c0868a 
	allow $1 boot_runtime_t:file { create_file_perms rw_file_perms };
Chris PeBenito 0bfccd 
	files_boot_filetrans($1, boot_runtime_t, file)
Chris PeBenito b4cd15 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation