Chris PeBenito 3000a3
## <summary>
Chris PeBenito 414e41
## Core policy for shells, and generic programs
Chris PeBenito 414e41
## in /bin, /sbin, /usr/bin, and /usr/sbin.
Chris PeBenito 3000a3
## </summary>
Chris PeBenito e5d452
## <required val="true">
Chris PeBenito e5d452
##	Contains the base bin and sbin directory types
Chris PeBenito e5d452
##	which need to be searched for the kernel to
Chris PeBenito e5d452
##	run init.
Chris PeBenito e5d452
## </required>
Chris PeBenito e181fe
Chris PeBenito f7ebea
########################################
Chris PeBenito 80436b
## <summary>
Chris PeBenito fb63d0
##	Make the specified type usable for files
Chris PeBenito fb63d0
##	that are exectuables, such as binary programs.
Chris PeBenito fb63d0
##	This does not include shared libraries.
Chris PeBenito fb63d0
## </summary>
Chris PeBenito fb63d0
## <param name="type">
Chris PeBenito fb63d0
##	<summary>
Chris PeBenito fb63d0
##	Type to be used for files.
Chris PeBenito fb63d0
##	</summary>
Chris PeBenito fb63d0
## </param>
Chris PeBenito fb63d0
#
Chris PeBenito fb63d0
interface(`corecmd_executable_file',`
Chris PeBenito fb63d0
	gen_require(`
Chris PeBenito fb63d0
		attribute exec_type;
Chris PeBenito fb63d0
	')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
	typeattribute $1 exec_type;
Chris PeBenito fb63d0
Chris PeBenito fb63d0
	files_type($1)
Chris PeBenito fb63d0
')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
########################################
Chris PeBenito fb63d0
## <summary>
Chris PeBenito 350b6a
##	Create a aliased type to generic bin files.  (Deprecated)
Chris PeBenito 9e9138
## </summary>
Chris PeBenito c6d4c8
## <desc>
Chris PeBenito c6d4c8
##	

Chris PeBenito 350b6a
##	Create a aliased type to generic bin files.  (Deprecated)
Chris PeBenito c6d4c8
##	

Chris PeBenito c6d4c8
##	

Chris PeBenito c6d4c8
##	This is added to support targeted policy.  Its
Chris PeBenito c6d4c8
##	use should be limited.  It has no effect
Chris PeBenito c6d4c8
##	on the strict policy.
Chris PeBenito c6d4c8
##	

Chris PeBenito c6d4c8
## </desc>
Chris PeBenito 9e9138
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 9e9138
##	Alias type for bin_t.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 9e9138
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito 9e9138
interface(`corecmd_bin_alias',`
Chris PeBenito 350b6a
	refpolicywarn(`$0($*) has been deprecated.')
Chris PeBenito 9e9138
')
Chris PeBenito 9e9138
Chris PeBenito 9e9138
########################################
Chris PeBenito 9e9138
## <summary>
Chris PeBenito d42c7e
##	Make general progams in bin an entrypoint for
Chris PeBenito d42c7e
##	the specified domain.
Chris PeBenito d42c7e
## </summary>
Chris PeBenito d42c7e
## <param name="domain">
Chris PeBenito d42c7e
##	<summary>
Chris PeBenito d42c7e
##	The domain for which bin_t is an entrypoint.
Chris PeBenito d42c7e
##	</summary>
Chris PeBenito d42c7e
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito d42c7e
interface(`corecmd_bin_entry_type',`
Chris PeBenito d42c7e
	gen_require(`
Chris PeBenito d42c7e
		type bin_t;
Chris PeBenito d42c7e
	')
Chris PeBenito d42c7e
Chris PeBenito d42c7e
	domain_entry_file($1,bin_t)
Chris PeBenito d42c7e
')
Chris PeBenito d42c7e
Chris PeBenito d42c7e
########################################
Chris PeBenito d42c7e
## <summary>
Chris PeBenito d42c7e
##	Make general progams in sbin an entrypoint for
Chris PeBenito 8021cb
##	the specified domain.  (Deprecated)
Chris PeBenito d42c7e
## </summary>
Chris PeBenito d42c7e
## <param name="domain">
Chris PeBenito d42c7e
##	<summary>
Chris PeBenito d42c7e
##	The domain for which sbin programs are an entrypoint.
Chris PeBenito d42c7e
##	</summary>
Chris PeBenito d42c7e
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito d42c7e
interface(`corecmd_sbin_entry_type',`
Chris PeBenito 8021cb
	corecmd_bin_entry_type($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_entry_type() instead.')
Chris PeBenito d42c7e
')
Chris PeBenito d42c7e
Chris PeBenito d42c7e
########################################
Chris PeBenito d42c7e
## <summary>
Chris PeBenito 80436b
##	Make the shell an entrypoint for the specified domain.
Chris PeBenito 80436b
## </summary>
Chris PeBenito 80436b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 80436b
##	The domain for which the shell is an entrypoint.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 80436b
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito 199895
interface(`corecmd_shell_entry_type',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type shell_exec_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	domain_entry_file($1, shell_exec_t)
Chris PeBenito 07efe9
')
Chris PeBenito 07efe9
Chris PeBenito b4cd15
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Search the contents of bin directories.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`corecmd_search_bin',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type bin_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	search_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 075c4f
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito 8021cb
##	Do not audit attempts to search the contents of bin directories.
Chris PeBenito 8021cb
## </summary>
Chris PeBenito 8021cb
## <param name="domain">
Chris PeBenito 8021cb
##	<summary>
Chris PeBenito 8021cb
##	Domain allowed access.
Chris PeBenito 8021cb
##	</summary>
Chris PeBenito 8021cb
## </param>
Chris PeBenito 8021cb
#
Chris PeBenito 8021cb
interface(`corecmd_dontaudit_search_bin',`
Chris PeBenito 8021cb
	gen_require(`
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito 8021cb
	')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
	dontaudit $1 bin_t:dir search_dir_perms;
Chris PeBenito 8021cb
')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
########################################
Chris PeBenito 8021cb
## <summary>
Chris PeBenito ac9db9
##	List the contents of bin directories.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`corecmd_list_bin',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type bin_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	list_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 58c3da
########################################
Chris PeBenito 80436b
## <summary>
Chris PeBenito 8021cb
##	Do not auidt attempts to write bin directories.
Chris PeBenito 8021cb
## </summary>
Chris PeBenito 8021cb
## <param name="domain">
Chris PeBenito 8021cb
##	<summary>
Chris PeBenito 8021cb
##	Domain allowed access.
Chris PeBenito 8021cb
##	</summary>
Chris PeBenito 8021cb
## </param>
Chris PeBenito 8021cb
#
Chris PeBenito 8021cb
interface(`corecmd_dontaudit_write_bin_dirs',`
Chris PeBenito 8021cb
	gen_require(`
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito 8021cb
	')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
	dontaudit $1 bin_t:dir write;
Chris PeBenito 8021cb
')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
########################################
Chris PeBenito 8021cb
## <summary>
Chris PeBenito 80436b
##	Get the attributes of files in bin directories.
Chris PeBenito 80436b
## </summary>
Chris PeBenito 80436b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 80436b
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_getattr_bin_files',`
Chris PeBenito 80436b
	gen_require(`
Chris PeBenito 80436b
		type bin_t;
Chris PeBenito 80436b
	')
Chris PeBenito 80436b
Chris PeBenito 0bfccd
	getattr_files_pattern($1, bin_t, bin_t)
Chris PeBenito 80436b
')
Chris PeBenito 80436b
Chris PeBenito 58c3da
########################################
Chris PeBenito 80436b
## <summary>
Chris PeBenito 8f3a0a
##	Get the attributes of files in bin directories.
Chris PeBenito 8f3a0a
## </summary>
Chris PeBenito 8f3a0a
## <param name="domain">
Chris PeBenito 8f3a0a
##	<summary>
Chris PeBenito 8f3a0a
##	Domain allowed access.
Chris PeBenito 8f3a0a
##	</summary>
Chris PeBenito 8f3a0a
## </param>
Chris PeBenito 8f3a0a
#
Chris PeBenito 8f3a0a
interface(`corecmd_dontaudit_getattr_bin_files',`
Chris PeBenito 8f3a0a
	gen_require(`
Chris PeBenito 8f3a0a
		type bin_t;
Chris PeBenito 8f3a0a
	')
Chris PeBenito 8f3a0a
Chris PeBenito 8f3a0a
	dontaudit $1 bin_t:dir search_dir_perms;
Chris PeBenito 8f3a0a
	dontaudit $1 bin_t:file getattr_file_perms;
Chris PeBenito 8f3a0a
')
Chris PeBenito 8f3a0a
Chris PeBenito 8f3a0a
########################################
Chris PeBenito 8f3a0a
## <summary>
Chris PeBenito ae9e27
##	Read files in bin directories.
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_files',`
Chris PeBenito ae9e27
	gen_require(`
Chris PeBenito ae9e27
		type bin_t;
Chris PeBenito ae9e27
	')
Chris PeBenito ae9e27
Chris PeBenito 0bfccd
	read_files_pattern($1, bin_t, bin_t)
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito 80436b
##	Read symbolic links in bin directories.
Chris PeBenito 80436b
## </summary>
Chris PeBenito 80436b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 80436b
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_symlinks',`
Chris PeBenito 80436b
	gen_require(`
Chris PeBenito 80436b
		type bin_t;
Chris PeBenito ae9e27
	')
Chris PeBenito ae9e27
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito ae9e27
##	Read pipes in bin directories.
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_pipes',`
Chris PeBenito ae9e27
	gen_require(`
Chris PeBenito ae9e27
		type bin_t;
Chris PeBenito ae9e27
	')
Chris PeBenito ae9e27
Chris PeBenito 0bfccd
	read_fifo_files_pattern($1, bin_t, bin_t)
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito ae9e27
##	Read named sockets in bin directories.
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_sockets',`
Chris PeBenito ae9e27
	gen_require(`
Chris PeBenito ae9e27
		type bin_t;
Chris PeBenito 80436b
	')
Chris PeBenito 80436b
Chris PeBenito 0bfccd
	read_sock_files_pattern($1, bin_t, bin_t)
Chris PeBenito 80436b
')
Chris PeBenito 80436b
Chris PeBenito 075c4f
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Execute generic programs in bin directories,
Chris PeBenito ac9db9
##	in the caller domain.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`corecmd_exec_bin',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type bin_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	list_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	can_exec($1, bin_t)
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito df00b2
## <summary>
Chris PeBenito 2c2435
##	Create, read, write, and delete bin files.
Chris PeBenito 2c2435
## </summary>
Chris PeBenito 2c2435
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 2c2435
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 2c2435
## </param>
Chris PeBenito 2c2435
#
Chris PeBenito 2c2435
interface(`corecmd_manage_bin_files',`
Chris PeBenito 2c2435
	gen_require(`
Chris PeBenito 2c2435
		type bin_t;
Chris PeBenito 2c2435
	')
Chris PeBenito 2c2435
Chris PeBenito 0bfccd
	manage_files_pattern($1, bin_t, bin_t)
Chris PeBenito 2c2435
')
Chris PeBenito 2c2435
Chris PeBenito 2c2435
########################################
Chris PeBenito 2c2435
## <summary>
Chris PeBenito 2c2435
##	Relabel to and from the bin type.
Chris PeBenito 2c2435
## </summary>
Chris PeBenito 2c2435
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 2c2435
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 2c2435
## </param>
Chris PeBenito 2c2435
#
Chris PeBenito 2c2435
interface(`corecmd_relabel_bin_files',`
Chris PeBenito 2c2435
	gen_require(`
Chris PeBenito 2c2435
		type bin_t;
Chris PeBenito 2c2435
	')
Chris PeBenito 2c2435
Chris PeBenito 0bfccd
	relabel_files_pattern($1, bin_t, bin_t)
Chris PeBenito 2c2435
')
Chris PeBenito 2c2435
Chris PeBenito 2c2435
########################################
Chris PeBenito 2c2435
## <summary>
Chris PeBenito 2c2435
##	Mmap a bin file as executable.
Chris PeBenito 2c2435
## </summary>
Chris PeBenito 2c2435
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 2c2435
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 2c2435
## </param>
Chris PeBenito 2c2435
#
Chris PeBenito 2c2435
interface(`corecmd_mmap_bin_files',`
Chris PeBenito 2c2435
	gen_require(`
Chris PeBenito 2c2435
		type bin_t;
Chris PeBenito 2c2435
	')
Chris PeBenito 2c2435
Chris PeBenito 2c2435
	allow $1 bin_t:dir search_dir_perms;
Chris PeBenito 2c2435
	allow $1 bin_t:file { getattr read execute };
Chris PeBenito 2c2435
')
Chris PeBenito 2c2435
Chris PeBenito 2c2435
########################################
Chris PeBenito 2c2435
## <summary>
Chris PeBenito df00b2
##	Execute a file in a bin directory
Chris PeBenito 7c2f5a
##	in the specified domain but do not
Chris PeBenito 7c2f5a
##	do it automatically. This is an explicit
Chris PeBenito 7c2f5a
##	transition, requiring the caller to use setexeccon().
Chris PeBenito df00b2
## </summary>
Chris PeBenito df00b2
## <desc>
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	Execute a file in a bin directory
Chris PeBenito df00b2
##	in the specified domain.  This allows
Chris PeBenito df00b2
##	the specified domain to execute any file
Chris PeBenito df00b2
##	on these filesystems in the specified
Chris PeBenito df00b2
##	domain.  This is not suggested.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	No interprocess communication (signals, pipes,
Chris PeBenito df00b2
##	etc.) is provided by this interface since
Chris PeBenito df00b2
##	the domains are not owned by this module.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	This interface was added to handle
Chris PeBenito 7c2f5a
##	the userhelper policy.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
## </desc>
Chris PeBenito df00b2
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito df00b2
## </param>
Chris PeBenito df00b2
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito df00b2
##	The type of the new process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito df00b2
## </param>
Chris PeBenito df00b2
#
Chris PeBenito 7c2f5a
interface(`corecmd_bin_spec_domtrans',`
Chris PeBenito df00b2
	gen_require(`
Chris PeBenito df00b2
		type bin_t;
Chris PeBenito df00b2
	')
Chris PeBenito df00b2
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	domain_transition_pattern($1, bin_t, $2)
Chris PeBenito 7c2f5a
')
Chris PeBenito 7c2f5a
Chris PeBenito 7c2f5a
########################################
Chris PeBenito 7c2f5a
## <summary>
Chris PeBenito 7c2f5a
##      Execute a file in a bin directory
Chris PeBenito 7c2f5a
##      in the specified domain.
Chris PeBenito 7c2f5a
## </summary>
Chris PeBenito 7c2f5a
## <desc>
Chris PeBenito 7c2f5a
##      

Chris PeBenito 7c2f5a
##      Execute a file in a bin directory
Chris PeBenito 7c2f5a
##      in the specified domain.  This allows
Chris PeBenito 7c2f5a
##      the specified domain to execute any file
Chris PeBenito 7c2f5a
##      on these filesystems in the specified
Chris PeBenito 7c2f5a
##      domain.  This is not suggested.
Chris PeBenito 7c2f5a
##      

Chris PeBenito 7c2f5a
##      

Chris PeBenito 7c2f5a
##      No interprocess communication (signals, pipes,
Chris PeBenito 7c2f5a
##      etc.) is provided by this interface since
Chris PeBenito 7c2f5a
##      the domains are not owned by this module.
Chris PeBenito 7c2f5a
##      

Chris PeBenito 7c2f5a
##      

Chris PeBenito 7c2f5a
##      This interface was added to handle
Chris PeBenito 7c2f5a
##      the ssh-agent policy.
Chris PeBenito 7c2f5a
##      

Chris PeBenito 7c2f5a
## </desc>
Chris PeBenito 7c2f5a
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 7c2f5a
##      Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 7c2f5a
## </param>
Chris PeBenito 7c2f5a
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 7c2f5a
##      The type of the new process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 7c2f5a
## </param>
Chris PeBenito 7c2f5a
#
Chris PeBenito 7c2f5a
interface(`corecmd_bin_domtrans',`
Chris PeBenito 7c2f5a
	gen_require(`
Chris PeBenito 7c2f5a
		type bin_t;
Chris PeBenito 7c2f5a
	')
Chris PeBenito 7c2f5a
Chris PeBenito 7c2f5a
	corecmd_bin_spec_domtrans($1,$2)
Chris PeBenito 7c2f5a
	type_transition $1 bin_t:process $2;
Chris PeBenito df00b2
')
Chris PeBenito df00b2
Chris PeBenito df00b2
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito 8021cb
##	Search the contents of sbin directories.  (Deprecated)
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`corecmd_search_sbin',`
Chris PeBenito 8021cb
	corecmd_search_bin($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 075c4f
########################################
Chris PeBenito 3e6c81
## <summary>
Chris PeBenito 3e6c81
##	Do not audit attempts to search
Chris PeBenito 8021cb
##	sbin directories.  (Deprecated)
Chris PeBenito 3e6c81
## </summary>
Chris PeBenito 3e6c81
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 3e6c81
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 3e6c81
## </param>
Chris PeBenito 3e6c81
#
Chris PeBenito 3e6c81
interface(`corecmd_dontaudit_search_sbin',`
Chris PeBenito 8021cb
	corecmd_dontaudit_search_bin($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_search_bin() instead.')
Chris PeBenito 3e6c81
')
Chris PeBenito 3e6c81
Chris PeBenito 3e6c81
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito 8021cb
##	List the contents of sbin directories.  (Deprecated)
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`corecmd_list_sbin',`
Chris PeBenito 8021cb
	corecmd_list_bin($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_list_bin() instead.')
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 075c4f
########################################
Chris PeBenito 6b19be
## <summary>
Chris PeBenito 6b19be
##	Do not audit attempts to write
Chris PeBenito 8021cb
##	sbin directories.  (Deprecated)
Chris PeBenito 6b19be
## </summary>
Chris PeBenito 6b19be
## <param name="domain">
Chris PeBenito 6b19be
##	<summary>
Chris PeBenito 6b19be
##	Domain to not audit.
Chris PeBenito 6b19be
##	</summary>
Chris PeBenito 6b19be
## </param>
Chris PeBenito 6b19be
#
Chris PeBenito 6b19be
interface(`corecmd_dontaudit_write_sbin_dirs',`
Chris PeBenito 8021cb
	corecmd_dontaudit_write_bin_dirs($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_write_bin_dirs() instead.')
Chris PeBenito 6b19be
')
Chris PeBenito 6b19be
Chris PeBenito 6b19be
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito 8021cb
##	Get the attributes of sbin files.  (Deprecated)
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito 80436b
#
Chris PeBenito 1815ba
interface(`corecmd_getattr_sbin_files',`
Chris PeBenito 8021cb
	corecmd_getattr_bin_files($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_getattr_bin_files() instead.')
Chris PeBenito 80436b
')
Chris PeBenito 80436b
Chris PeBenito 80436b
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Do not audit attempts to get the attibutes
Chris PeBenito 8021cb
##	of sbin files.  (Deprecated)
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito f5c42b
#
Chris PeBenito 1815ba
interface(`corecmd_dontaudit_getattr_sbin_files',`
Chris PeBenito 8021cb
	corecmd_dontaudit_getattr_bin_files($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_getattr_bin_files() instead.')
Chris PeBenito f5c42b
')
Chris PeBenito f5c42b
Chris PeBenito f5c42b
########################################
Chris PeBenito 58c3da
## <summary>
Chris PeBenito 8021cb
##	Read files in sbin directories.  (Deprecated)
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_sbin_files',`
Chris PeBenito 8021cb
	corecmd_read_bin_files($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_files() instead.')
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito 8021cb
##	Read symbolic links in sbin directories.  (Deprecated)
Chris PeBenito 58c3da
## </summary>
Chris PeBenito 58c3da
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 58c3da
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_sbin_symlinks',`
Chris PeBenito 8021cb
	corecmd_read_bin_symlinks($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_symlinks() instead.')
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito 8021cb
##	Read named pipes in sbin directories.  (Deprecated)
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_sbin_pipes',`
Chris PeBenito 8021cb
	corecmd_read_bin_pipes($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_pipes() instead.')
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito 8021cb
##	Read named sockets in sbin directories.  (Deprecated)
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_sbin_sockets',`
Chris PeBenito 8021cb
	corecmd_read_bin_sockets($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_sockets() instead.')
Chris PeBenito 58c3da
')
Chris PeBenito 58c3da
Chris PeBenito 58c3da
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Execute generic programs in sbin directories,
Chris PeBenito 8021cb
##	in the caller domain.  (Deprecated)
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`corecmd_exec_sbin',`
Chris PeBenito 8021cb
	corecmd_exec_bin($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
Chris PeBenito 2c2435
')
Chris PeBenito dd8229
Chris PeBenito 2c2435
########################################
Chris PeBenito 2c2435
## <summary>
Chris PeBenito 8021cb
##	Create, read, write, and delete sbin files.  (Deprecated)
Chris PeBenito 2c2435
## </summary>
Chris PeBenito 2c2435
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 2c2435
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 2c2435
## </param>
Chris PeBenito 2c2435
#
Chris PeBenito 2c2435
# cjp: added for prelink
Chris PeBenito 2c2435
interface(`corecmd_manage_sbin_files',`
Chris PeBenito 8021cb
	corecmd_manage_bin_files($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_manage_bin_files() instead.')
Chris PeBenito 2c2435
')
Chris PeBenito 2c2435
Chris PeBenito 2c2435
########################################
Chris PeBenito 2c2435
## <summary>
Chris PeBenito 8021cb
##	Relabel to and from the sbin type.  (Deprecated)
Chris PeBenito 2c2435
## </summary>
Chris PeBenito 2c2435
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 2c2435
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 2c2435
## </param>
Chris PeBenito 2c2435
#
Chris PeBenito 2c2435
# cjp: added for prelink
Chris PeBenito 2c2435
interface(`corecmd_relabel_sbin_files',`
Chris PeBenito 8021cb
	corecmd_relabel_bin_files($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_relabel_bin_files() instead.')
Chris PeBenito 2c2435
')
Chris PeBenito 2c2435
Chris PeBenito 2c2435
########################################
Chris PeBenito 2c2435
## <summary>
Chris PeBenito 8021cb
##	Mmap a sbin file as executable.  (Deprecated)
Chris PeBenito 2c2435
## </summary>
Chris PeBenito 2c2435
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 2c2435
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 2c2435
## </param>
Chris PeBenito 2c2435
#
Chris PeBenito 2c2435
# cjp: added for prelink
Chris PeBenito 2c2435
interface(`corecmd_mmap_sbin_files',`
Chris PeBenito 8021cb
	corecmd_mmap_bin_files($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_mmap_bin_files() instead.')
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito 451c1e
## <summary>
Chris PeBenito 451c1e
##	Execute a file in a sbin directory
Chris PeBenito 8021cb
##	in the specified domain.  (Deprecated)
Chris PeBenito 451c1e
## </summary>
Chris PeBenito 451c1e
## <desc>
Chris PeBenito 451c1e
##	

Chris PeBenito 451c1e
##	Execute a file in a sbin directory
Chris PeBenito 451c1e
##	in the specified domain.  This allows
Chris PeBenito 451c1e
##	the specified domain to execute any file
Chris PeBenito 451c1e
##	on these filesystems in the specified
Chris PeBenito 8021cb
##	domain.  This is not suggested.  (Deprecated)
Chris PeBenito 451c1e
##	

Chris PeBenito 451c1e
##	

Chris PeBenito 451c1e
##	No interprocess communication (signals, pipes,
Chris PeBenito 451c1e
##	etc.) is provided by this interface since
Chris PeBenito 451c1e
##	the domains are not owned by this module.
Chris PeBenito 451c1e
##	

Chris PeBenito 451c1e
##	

Chris PeBenito 451c1e
##	This interface was added to handle
Chris PeBenito 451c1e
##	the ssh-agent policy.
Chris PeBenito 451c1e
##	

Chris PeBenito 451c1e
## </desc>
Chris PeBenito 451c1e
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 451c1e
## </param>
Chris PeBenito 451c1e
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 451c1e
##	The type of the new process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 451c1e
## </param>
Chris PeBenito 451c1e
#
Chris PeBenito 451c1e
interface(`corecmd_sbin_domtrans',`
Chris PeBenito 0bfccd
	corecmd_bin_domtrans($1, $2)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
Chris PeBenito 451c1e
')
Chris PeBenito 451c1e
Chris PeBenito 451c1e
########################################
Chris PeBenito 725926
## <summary>
Chris PeBenito 7c2f5a
##	Execute a file in a sbin directory
Chris PeBenito 7c2f5a
##	in the specified domain but do not
Chris PeBenito 7c2f5a
##	do it automatically. This is an explicit
Chris PeBenito 8021cb
##	transition, requiring the caller to use setexeccon().  (Deprecated)
Chris PeBenito 7c2f5a
## </summary>
Chris PeBenito 7c2f5a
## <desc>
Chris PeBenito 7c2f5a
##	

Chris PeBenito 7c2f5a
##	Execute a file in a sbin directory
Chris PeBenito 7c2f5a
##	in the specified domain.  This allows
Chris PeBenito 7c2f5a
##	the specified domain to execute any file
Chris PeBenito 7c2f5a
##	on these filesystems in the specified
Chris PeBenito 8021cb
##	domain.  This is not suggested.  (Deprecated)
Chris PeBenito 7c2f5a
##	

Chris PeBenito 7c2f5a
##	

Chris PeBenito 7c2f5a
##	No interprocess communication (signals, pipes,
Chris PeBenito 7c2f5a
##	etc.) is provided by this interface since
Chris PeBenito 7c2f5a
##	the domains are not owned by this module.
Chris PeBenito 7c2f5a
##	

Chris PeBenito 7c2f5a
##	

Chris PeBenito 7c2f5a
##	This interface was added to handle
Chris PeBenito 7c2f5a
##	the userhelper policy.
Chris PeBenito 7c2f5a
##	

Chris PeBenito 7c2f5a
## </desc>
Chris PeBenito 7c2f5a
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 7c2f5a
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 7c2f5a
## </param>
Chris PeBenito 7c2f5a
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 7c2f5a
##	The type of the new process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 7c2f5a
## </param>
Chris PeBenito 7c2f5a
#
Chris PeBenito 7c2f5a
interface(`corecmd_sbin_spec_domtrans',`
Chris PeBenito 0bfccd
	corecmd_bin_spec_domtrans($1, $2)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
Chris PeBenito 7c2f5a
')
Chris PeBenito 7c2f5a
Chris PeBenito 7c2f5a
########################################
Chris PeBenito 7c2f5a
## <summary>
Chris PeBenito 725926
##	Check if a shell is executable (DAC-wise).
Chris PeBenito 725926
## </summary>
Chris PeBenito 725926
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 725926
## </param>
Chris PeBenito 725926
#
Chris PeBenito 725926
interface(`corecmd_check_exec_shell',`
Chris PeBenito 725926
	gen_require(`
Chris PeBenito 725926
		type bin_t, shell_exec_t;
Chris PeBenito 725926
	')
Chris PeBenito 725926
Chris PeBenito 0bfccd
	list_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito 725926
	allow $1 shell_exec_t:file execute;
Chris PeBenito 725926
')
Chris PeBenito 725926
Chris PeBenito 725926
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Execute a shell in the caller domain.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`corecmd_exec_shell',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type bin_t, shell_exec_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	list_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	can_exec($1, shell_exec_t)
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito 8021cb
##	Execute ls in the caller domain.  (Deprecated)
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito f5c42b
#
Chris PeBenito 199895
interface(`corecmd_exec_ls',`
Chris PeBenito 8021cb
	corecmd_exec_bin($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
Chris PeBenito f5c42b
')
Chris PeBenito f5c42b
Chris PeBenito f5c42b
########################################
Chris PeBenito f7ebea
## <summary>
Chris PeBenito f7ebea
##	Execute a shell in the target domain.  This
Chris PeBenito f7ebea
##	is an explicit transition, requiring the
Chris PeBenito f7ebea
##	caller to use setexeccon().
Chris PeBenito f7ebea
## </summary>
Chris PeBenito 414e41
## <desc>
Chris PeBenito df00b2
##	

Chris PeBenito 414e41
##	Execute a shell in the target domain.  This
Chris PeBenito 414e41
##	is an explicit transition, requiring the
Chris PeBenito 414e41
##	caller to use setexeccon().
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	No interprocess communication (signals, pipes,
Chris PeBenito df00b2
##	etc.) is provided by this interface since
Chris PeBenito df00b2
##	the domains are not owned by this module.
Chris PeBenito df00b2
##	

Chris PeBenito 414e41
## </desc>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 414e41
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 414e41
##	The type of the shell process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`corecmd_shell_spec_domtrans',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type bin_t, shell_exec_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	list_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	domain_transition_pattern($1, shell_exec_t, $2)
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 4bf4ed
########################################
Chris PeBenito df00b2
## <summary>
Chris PeBenito df00b2
##	Execute a shell in the specified domain.
Chris PeBenito df00b2
## </summary>
Chris PeBenito 414e41
## <desc>
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	Execute a shell in the specified domain.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	No interprocess communication (signals, pipes,
Chris PeBenito df00b2
##	etc.) is provided by this interface since
Chris PeBenito df00b2
##	the domains are not owned by this module.
Chris PeBenito df00b2
##	

Chris PeBenito 414e41
## </desc>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 414e41
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 414e41
##	The type of the shell process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 4bf4ed
#
Chris PeBenito df00b2
interface(`corecmd_shell_domtrans',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type shell_exec_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	corecmd_shell_spec_domtrans($1, $2)
Chris PeBenito 0c73cd
	type_transition $1 shell_exec_t:process $2;
Chris PeBenito 4bf4ed
')
Chris PeBenito 4bf4ed
Chris PeBenito 075c4f
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Execute chroot in the caller domain.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito df00b2
interface(`corecmd_exec_chroot',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type chroot_exec_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	can_exec($1, chroot_exec_t)
Chris PeBenito b4cd15
')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
########################################
Chris PeBenito fb63d0
## <summary>
Chris PeBenito 6c20f7
##	Get the attributes of all executable files.
Chris PeBenito 6c20f7
## </summary>
Chris PeBenito 6c20f7
## <param name="domain">
Chris PeBenito 6c20f7
##	<summary>
Chris PeBenito 6c20f7
##	Domain allowed access.
Chris PeBenito 6c20f7
##	</summary>
Chris PeBenito 6c20f7
## </param>
Chris PeBenito 6c20f7
## <rolecap/>
Chris PeBenito 6c20f7
#
Chris PeBenito 6c20f7
interface(`corecmd_getattr_all_executables',`
Chris PeBenito 6c20f7
	gen_require(`
Chris PeBenito 6c20f7
		attribute exec_type;
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito 6c20f7
	')
Chris PeBenito 6c20f7
Chris PeBenito 8021cb
	allow $1 bin_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	getattr_files_pattern($1, bin_t, exec_type)
Chris PeBenito 6c20f7
')
Chris PeBenito 6c20f7
Chris PeBenito 6c20f7
########################################
Chris PeBenito 6c20f7
## <summary>
Chris PeBenito fb63d0
##	Execute all executable files.
Chris PeBenito fb63d0
## </summary>
Chris PeBenito fb63d0
## <param name="domain">
Chris PeBenito fb63d0
##	<summary>
Chris PeBenito fb63d0
##	Domain allowed access.
Chris PeBenito fb63d0
##	</summary>
Chris PeBenito fb63d0
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito fb63d0
#
Chris PeBenito fb63d0
interface(`corecmd_exec_all_executables',`
Chris PeBenito fb63d0
	gen_require(`
Chris PeBenito fb63d0
		attribute exec_type;
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito fb63d0
	')
Chris PeBenito fb63d0
Chris PeBenito 0bfccd
	can_exec($1, exec_type)
Chris PeBenito 0bfccd
	list_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, exec_type)
Chris PeBenito fb63d0
')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
########################################
Chris PeBenito fb63d0
## <summary>
Chris PeBenito 5bf9de
##	Do not audit attempts to execute all executables.
Chris PeBenito 5bf9de
## </summary>
Chris PeBenito 5bf9de
## <param name="domain">
Chris PeBenito 5bf9de
##	<summary>
Chris PeBenito 5bf9de
##	Domain allowed access.
Chris PeBenito 5bf9de
##	</summary>
Chris PeBenito 5bf9de
## </param>
Chris PeBenito 5bf9de
#
Chris PeBenito 5bf9de
interface(`corecmd_dontaudit_exec_all_executables',`
Chris PeBenito 5bf9de
	gen_require(`
Chris PeBenito 5bf9de
		attribute exec_type;
Chris PeBenito 5bf9de
	')
Chris PeBenito 5bf9de
Chris PeBenito 5bf9de
	dontaudit $1 exec_type:file { execute execute_no_trans };
Chris PeBenito 5bf9de
')
Chris PeBenito 5bf9de
Chris PeBenito 5bf9de
########################################
Chris PeBenito 5bf9de
## <summary>
Chris PeBenito fb63d0
##	Create, read, write, and all executable files.
Chris PeBenito fb63d0
## </summary>
Chris PeBenito fb63d0
## <param name="domain">
Chris PeBenito fb63d0
##	<summary>
Chris PeBenito fb63d0
##	Domain allowed access.
Chris PeBenito fb63d0
##	</summary>
Chris PeBenito fb63d0
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito fb63d0
#
Chris PeBenito fb63d0
interface(`corecmd_manage_all_executables',`
Chris PeBenito fb63d0
	gen_require(`
Chris PeBenito fb63d0
		attribute exec_type;
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito fb63d0
	')
Chris PeBenito fb63d0
Chris PeBenito 0bfccd
	manage_files_pattern($1, bin_t, exec_type)
Chris PeBenito 0bfccd
	manage_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito fb63d0
')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
########################################
Chris PeBenito fb63d0
## <summary>
Chris PeBenito fb63d0
##	Relabel to and from the bin type.
Chris PeBenito fb63d0
## </summary>
Chris PeBenito fb63d0
## <param name="domain">
Chris PeBenito fb63d0
##	<summary>
Chris PeBenito fb63d0
##	Domain allowed access.
Chris PeBenito fb63d0
##	</summary>
Chris PeBenito fb63d0
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito fb63d0
#
Chris PeBenito fb63d0
interface(`corecmd_relabel_all_executables',`
Chris PeBenito fb63d0
	gen_require(`
Chris PeBenito fb63d0
		attribute exec_type;
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito fb63d0
	')
Chris PeBenito fb63d0
Chris PeBenito 0bfccd
	relabel_files_pattern($1, bin_t, exec_type)
Chris PeBenito fb63d0
')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
########################################
Chris PeBenito fb63d0
## <summary>
Chris PeBenito fb63d0
##	Mmap all executables as executable.
Chris PeBenito fb63d0
## </summary>
Chris PeBenito fb63d0
## <param name="domain">
Chris PeBenito fb63d0
##	<summary>
Chris PeBenito fb63d0
##	Domain allowed access.
Chris PeBenito fb63d0
##	</summary>
Chris PeBenito fb63d0
## </param>
Chris PeBenito fb63d0
#
Chris PeBenito fb63d0
interface(`corecmd_mmap_all_executables',`
Chris PeBenito fb63d0
	gen_require(`
Chris PeBenito fb63d0
		attribute exec_type;
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito fb63d0
	')
Chris PeBenito fb63d0
Chris PeBenito 0bfccd
	mmap_files_pattern($1, bin_t, exec_type)
Chris PeBenito fb63d0
')