## <summary>Java virtual machine</summary>

########################################

## <summary>

##	Role access for java

## </summary>

## <param name="role">

##	<summary>

##	Role allowed access

##	</summary>

## </param>

## <param name="domain">

##	<summary>

##	User domain for the role

##	</summary>

## </param>

#

interface(`java_role',`

	gen_require(`

		type java_t, java_exec_t;

	')

	role $1 types java_t;

	# The user role is authorized for this domain.

	domtrans_pattern($2, java_exec_t, java_t)

	allow java_t $2:process signull;

	# Unrestricted inheritance from the caller.

	allow $2 java_t:process { noatsecure siginh rlimitinh };

	allow java_t $2:unix_stream_socket connectto;

	allow java_t $2:unix_stream_socket { read write };

')

########################################

## <summary>

##	Run java in javaplugin domain.

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

#

template(`java_domtrans',`

	gen_require(`

		type java_t, java_exec_t;

	')

	domtrans_pattern($1, java_exec_t, java_t)

')

########################################

## <summary>

##	Execute the java program in the unconfined java domain.

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

#

interface(`java_domtrans_unconfined',`

	gen_require(`

		type unconfined_java_t, java_exec_t;

	')

	domtrans_pattern($1, java_exec_t, unconfined_java_t)

	corecmd_search_bin($1)

')

########################################

## <summary>

##	Execute the java program in the unconfined java domain.

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

## <param name="role">

##	<summary>

##	Role allowed access.

##	</summary>

## </param>

#

interface(`java_run_unconfined',`

	gen_require(`

		type unconfined_java_t;

	')

	java_domtrans_unconfined($1)

	role $2 types unconfined_java_t;

')