Chris PeBenito 3000a3
## <summary>
Chris PeBenito 414e41
## Core policy for shells, and generic programs
Chris PeBenito 414e41
## in /bin, /sbin, /usr/bin, and /usr/sbin.
Chris PeBenito 3000a3
## </summary>
Chris PeBenito e5d452
## <required val="true">
Chris PeBenito e5d452
##	Contains the base bin and sbin directory types
Chris PeBenito e5d452
##	which need to be searched for the kernel to
Chris PeBenito e5d452
##	run init.
Chris PeBenito e5d452
## </required>
Chris PeBenito e181fe
Chris PeBenito f7ebea
########################################
Chris PeBenito 80436b
## <summary>
Chris PeBenito fb63d0
##	Make the specified type usable for files
Chris PeBenito fb63d0
##	that are exectuables, such as binary programs.
Chris PeBenito fb63d0
##	This does not include shared libraries.
Chris PeBenito fb63d0
## </summary>
Chris PeBenito fb63d0
## <param name="type">
Chris PeBenito fb63d0
##	<summary>
Chris PeBenito fb63d0
##	Type to be used for files.
Chris PeBenito fb63d0
##	</summary>
Chris PeBenito fb63d0
## </param>
Chris PeBenito fb63d0
#
Chris PeBenito fb63d0
interface(`corecmd_executable_file',`
Chris PeBenito fb63d0
	gen_require(`
Chris PeBenito fb63d0
		attribute exec_type;
Chris PeBenito fb63d0
	')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
	typeattribute $1 exec_type;
Chris PeBenito fb63d0
Chris PeBenito fb63d0
	files_type($1)
Chris PeBenito fb63d0
')
Chris PeBenito fb63d0
Chris PeBenito fb63d0
########################################
Chris PeBenito fb63d0
## <summary>
Chris PeBenito 350b6a
##	Create a aliased type to generic bin files.  (Deprecated)
Chris PeBenito 9e9138
## </summary>
Chris PeBenito c6d4c8
## <desc>
Chris PeBenito c6d4c8
##	

Chris PeBenito 350b6a
##	Create a aliased type to generic bin files.  (Deprecated)
Chris PeBenito c6d4c8
##	

Chris PeBenito c6d4c8
##	

Chris PeBenito c6d4c8
##	This is added to support targeted policy.  Its
Chris PeBenito c6d4c8
##	use should be limited.  It has no effect
Chris PeBenito c6d4c8
##	on the strict policy.
Chris PeBenito c6d4c8
##	

Chris PeBenito c6d4c8
## </desc>
Chris PeBenito 9e9138
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 9e9138
##	Alias type for bin_t.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 9e9138
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito 9e9138
interface(`corecmd_bin_alias',`
Chris PeBenito 350b6a
	refpolicywarn(`$0($*) has been deprecated.')
Chris PeBenito 9e9138
')
Chris PeBenito 9e9138
Chris PeBenito 9e9138
########################################
Chris PeBenito 9e9138
## <summary>
Chris PeBenito d42c7e
##	Make general progams in bin an entrypoint for
Chris PeBenito d42c7e
##	the specified domain.
Chris PeBenito d42c7e
## </summary>
Chris PeBenito d42c7e
## <param name="domain">
Chris PeBenito d42c7e
##	<summary>
Chris PeBenito d42c7e
##	The domain for which bin_t is an entrypoint.
Chris PeBenito d42c7e
##	</summary>
Chris PeBenito d42c7e
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito d42c7e
interface(`corecmd_bin_entry_type',`
Chris PeBenito d42c7e
	gen_require(`
Chris PeBenito d42c7e
		type bin_t;
Chris PeBenito d42c7e
	')
Chris PeBenito d42c7e
Chris PeBenito 3f67f7
	domain_entry_file($1, bin_t)
Chris PeBenito d42c7e
')
Chris PeBenito d42c7e
Chris PeBenito d42c7e
########################################
Chris PeBenito d42c7e
## <summary>
Chris PeBenito d42c7e
##	Make general progams in sbin an entrypoint for
Chris PeBenito 8021cb
##	the specified domain.  (Deprecated)
Chris PeBenito d42c7e
## </summary>
Chris PeBenito d42c7e
## <param name="domain">
Chris PeBenito d42c7e
##	<summary>
Chris PeBenito d42c7e
##	The domain for which sbin programs are an entrypoint.
Chris PeBenito d42c7e
##	</summary>
Chris PeBenito d42c7e
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito d42c7e
interface(`corecmd_sbin_entry_type',`
Chris PeBenito 8021cb
	corecmd_bin_entry_type($1)
Chris PeBenito 8021cb
	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_entry_type() instead.')
Chris PeBenito d42c7e
')
Chris PeBenito d42c7e
Chris PeBenito d42c7e
########################################
Chris PeBenito d42c7e
## <summary>
Chris PeBenito 80436b
##	Make the shell an entrypoint for the specified domain.
Chris PeBenito 80436b
## </summary>
Chris PeBenito 80436b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 80436b
##	The domain for which the shell is an entrypoint.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 80436b
## </param>
Chris PeBenito ac9db9
#
Chris PeBenito 199895
interface(`corecmd_shell_entry_type',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type shell_exec_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	domain_entry_file($1, shell_exec_t)
Chris PeBenito 07efe9
')
Chris PeBenito 07efe9
Chris PeBenito b4cd15
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Search the contents of bin directories.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`corecmd_search_bin',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type bin_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	search_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 075c4f
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito 8021cb
##	Do not audit attempts to search the contents of bin directories.
Chris PeBenito 8021cb
## </summary>
Chris PeBenito 8021cb
## <param name="domain">
Chris PeBenito 8021cb
##	<summary>
Dominick Grift 705f70
##	Domain to not audit.
Chris PeBenito 8021cb
##	</summary>
Chris PeBenito 8021cb
## </param>
Chris PeBenito 8021cb
#
Chris PeBenito 8021cb
interface(`corecmd_dontaudit_search_bin',`
Chris PeBenito 8021cb
	gen_require(`
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito 8021cb
	')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
	dontaudit $1 bin_t:dir search_dir_perms;
Chris PeBenito 8021cb
')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
########################################
Chris PeBenito 8021cb
## <summary>
Chris PeBenito ac9db9
##	List the contents of bin directories.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`corecmd_list_bin',`
Chris PeBenito 139520
	gen_require(`
Chris PeBenito 139520
		type bin_t;
Chris PeBenito 139520
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	list_dirs_pattern($1, bin_t, bin_t)
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 58c3da
########################################
Chris PeBenito 80436b
## <summary>
Dan Walsh 20f707
##	Do not audit attempts to write bin directories.
Chris PeBenito 8021cb
## </summary>
Chris PeBenito 8021cb
## <param name="domain">
Chris PeBenito 8021cb
##	<summary>
Dominick Grift 705f70
##	Domain to not audit.
Chris PeBenito 8021cb
##	</summary>
Chris PeBenito 8021cb
## </param>
Chris PeBenito 8021cb
#
Chris PeBenito 8021cb
interface(`corecmd_dontaudit_write_bin_dirs',`
Chris PeBenito 8021cb
	gen_require(`
Chris PeBenito 8021cb
		type bin_t;
Chris PeBenito 8021cb
	')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
	dontaudit $1 bin_t:dir write;
Chris PeBenito 8021cb
')
Chris PeBenito 8021cb
Chris PeBenito 8021cb
########################################
Chris PeBenito 8021cb
## <summary>
Dan Walsh 20f707
##	Do not audit attempts to write bin files.
Dan Walsh 20f707
## </summary>
Dan Walsh 20f707
## <param name="domain">
Dan Walsh 20f707
##	<summary>
Dan Walsh 20f707
##	Domain to not audit.
Dan Walsh 20f707
##	</summary>
Dan Walsh 20f707
## </param>
Dan Walsh 20f707
#
Dan Walsh 20f707
interface(`corecmd_dontaudit_write_bin_files',`
Dan Walsh 20f707
	gen_require(`
Dan Walsh 20f707
		type bin_t;
Dan Walsh 20f707
	')
Dan Walsh 20f707
Dan Walsh 20f707
	dontaudit $1 bin_t:file write;
Dan Walsh 20f707
')
Dan Walsh 20f707
Dan Walsh 20f707
########################################
Dan Walsh 20f707
## <summary>
Chris PeBenito 80436b
##	Get the attributes of files in bin directories.
Chris PeBenito 80436b
## </summary>
Chris PeBenito 80436b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 80436b
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_getattr_bin_files',`
Chris PeBenito 80436b
	gen_require(`
Chris PeBenito 80436b
		type bin_t;
Chris PeBenito 80436b
	')
Chris PeBenito 80436b
Chris PeBenito 0bfccd
	getattr_files_pattern($1, bin_t, bin_t)
Chris PeBenito 80436b
')
Chris PeBenito 80436b
Chris PeBenito 58c3da
########################################
Chris PeBenito 80436b
## <summary>
Chris PeBenito 8f3a0a
##	Get the attributes of files in bin directories.
Chris PeBenito 8f3a0a
## </summary>
Chris PeBenito 8f3a0a
## <param name="domain">
Chris PeBenito 8f3a0a
##	<summary>
Chris PeBenito 8f3a0a
##	Domain allowed access.
Chris PeBenito 8f3a0a
##	</summary>
Chris PeBenito 8f3a0a
## </param>
Chris PeBenito 8f3a0a
#
Chris PeBenito 8f3a0a
interface(`corecmd_dontaudit_getattr_bin_files',`
Chris PeBenito 8f3a0a
	gen_require(`
Chris PeBenito 8f3a0a
		type bin_t;
Chris PeBenito 8f3a0a
	')
Chris PeBenito 8f3a0a
Chris PeBenito 8f3a0a
	dontaudit $1 bin_t:dir search_dir_perms;
Chris PeBenito 8f3a0a
	dontaudit $1 bin_t:file getattr_file_perms;
Chris PeBenito 8f3a0a
')
Chris PeBenito 8f3a0a
Chris PeBenito 8f3a0a
########################################
Chris PeBenito 8f3a0a
## <summary>
Chris PeBenito ae9e27
##	Read files in bin directories.
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_files',`
Chris PeBenito ae9e27
	gen_require(`
Chris PeBenito ae9e27
		type bin_t;
Chris PeBenito ae9e27
	')
Chris PeBenito ae9e27
Chris PeBenito 0bfccd
	read_files_pattern($1, bin_t, bin_t)
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito 80436b
##	Read symbolic links in bin directories.
Chris PeBenito 80436b
## </summary>
Chris PeBenito 80436b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 80436b
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_symlinks',`
Chris PeBenito 80436b
	gen_require(`
Chris PeBenito 80436b
		type bin_t;
Chris PeBenito ae9e27
	')
Chris PeBenito ae9e27
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, bin_t, bin_t)
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito ae9e27
##	Read pipes in bin directories.
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_pipes',`
Chris PeBenito ae9e27
	gen_require(`
Chris PeBenito ae9e27
		type bin_t;
Chris PeBenito ae9e27
	')
Chris PeBenito ae9e27
Chris PeBenito 0bfccd
	read_fifo_files_pattern($1, bin_t, bin_t)
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito ae9e27
##	Read named sockets in bin directories.
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito 1815ba
interface(`corecmd_read_bin_sockets',`
Chris PeBenito ae9e27
	gen_require(`
Chris PeBenito ae9e27
		type bin_t;
Chris PeBenito 80436b
	')
Chris PeBenito 80436b
Chris PeBenito 0bfccd
	read_sock_files_pattern($1, bin_t, bin_t)
Chris PeBenito 80436b
')
Chris PeBenito 80436b
Chris PeBenito 075c4f
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Execute generic programs in bin directories,
Chris PeBenito ac9db9
##	in the caller domain.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito 3a744d
## <desc>
Chris PeBenito 3a744d
##	

Chris PeBenito 3a744d
##	Allow the specified domain to execute generic programs
Chris PeBenito 3a744d
##	in system bin directories (/bin, /sbin, /usr/bin,
Chris PeBenito 3a744d
##	/usr/sbin) a without domain transition.
Chris PeBenito 3a744d
##	

Chris PeBenito 3a744d
##	

Chris PeBenito 3a744d
##	Typically, this interface should be used when the domain
Chris PeBenito 3a744d
##	executes general system progams within the privileges
Chris PeBenito 3a744d
##	of the source domain.  Some examples of these programs
Chris PeBenito 3a744d
##	are ls, cp, sed, python, and tar. This does not include
Chris PeBenito 3a744d
##	shells, such as bash.
Chris PeBenito 3a744d
##	

Chris PeBenito 3a744d
##	

Chris PeBenito 3a744d
##	Related interface:
Chris PeBenito 3a744d
##	

Chris PeBenito 3a744d
##	
    Chris PeBenito 3a744d
    ##		
  • corecmd_exec_shell()
  • Chris PeBenito 3a744d
    ##	
    Chris PeBenito 3a744d
    ## </desc>
    Chris PeBenito ac9db9
    ## <param name="domain">
    Chris PeBenito ac9db9
    ##	<summary>
    Chris PeBenito ac9db9
    ##	Domain allowed access.
    Chris PeBenito ac9db9
    ##	</summary>
    Chris PeBenito ac9db9
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 199895
    interface(`corecmd_exec_bin',`
    Chris PeBenito 139520
    	gen_require(`
    Chris PeBenito 139520
    		type bin_t;
    Chris PeBenito 139520
    	')
    Chris PeBenito 0c73cd
    Chris PeBenito 0bfccd
    	read_lnk_files_pattern($1, bin_t, bin_t)
    Chris PeBenito 0bfccd
    	list_dirs_pattern($1, bin_t, bin_t)
    Chris PeBenito 0bfccd
    	can_exec($1, bin_t)
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito df00b2
    ## <summary>
    Chris PeBenito 2c2435
    ##	Create, read, write, and delete bin files.
    Chris PeBenito 2c2435
    ## </summary>
    Chris PeBenito 2c2435
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2c2435
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2c2435
    ## </param>
    Chris PeBenito 2c2435
    #
    Chris PeBenito 2c2435
    interface(`corecmd_manage_bin_files',`
    Chris PeBenito 2c2435
    	gen_require(`
    Chris PeBenito 2c2435
    		type bin_t;
    Chris PeBenito 2c2435
    	')
    Chris PeBenito 2c2435
    Chris PeBenito 0bfccd
    	manage_files_pattern($1, bin_t, bin_t)
    Chris PeBenito 2c2435
    ')
    Chris PeBenito 2c2435
    Chris PeBenito 2c2435
    ########################################
    Chris PeBenito 2c2435
    ## <summary>
    Chris PeBenito 2c2435
    ##	Relabel to and from the bin type.
    Chris PeBenito 2c2435
    ## </summary>
    Chris PeBenito 2c2435
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2c2435
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2c2435
    ## </param>
    Chris PeBenito 2c2435
    #
    Chris PeBenito 2c2435
    interface(`corecmd_relabel_bin_files',`
    Chris PeBenito 2c2435
    	gen_require(`
    Chris PeBenito 2c2435
    		type bin_t;
    Chris PeBenito 2c2435
    	')
    Chris PeBenito 2c2435
    Chris PeBenito 0bfccd
    	relabel_files_pattern($1, bin_t, bin_t)
    Chris PeBenito 2c2435
    ')
    Chris PeBenito 2c2435
    Chris PeBenito 2c2435
    ########################################
    Chris PeBenito 2c2435
    ## <summary>
    Chris PeBenito 2c2435
    ##	Mmap a bin file as executable.
    Chris PeBenito 2c2435
    ## </summary>
    Chris PeBenito 2c2435
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2c2435
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2c2435
    ## </param>
    Chris PeBenito 2c2435
    #
    Chris PeBenito 2c2435
    interface(`corecmd_mmap_bin_files',`
    Chris PeBenito 2c2435
    	gen_require(`
    Chris PeBenito 2c2435
    		type bin_t;
    Chris PeBenito 2c2435
    	')
    Chris PeBenito 2c2435
    Chris PeBenito 82d277
    	mmap_files_pattern($1, bin_t, bin_t)
    Chris PeBenito 2c2435
    ')
    Chris PeBenito 2c2435
    Chris PeBenito 2c2435
    ########################################
    Chris PeBenito 2c2435
    ## <summary>
    Chris PeBenito df00b2
    ##	Execute a file in a bin directory
    Chris PeBenito 7c2f5a
    ##	in the specified domain but do not
    Chris PeBenito 7c2f5a
    ##	do it automatically. This is an explicit
    Chris PeBenito 7c2f5a
    ##	transition, requiring the caller to use setexeccon().
    Chris PeBenito df00b2
    ## </summary>
    Chris PeBenito df00b2
    ## <desc>
    Chris PeBenito df00b2
    ##	

    Chris PeBenito df00b2
    ##	Execute a file in a bin directory
    Chris PeBenito df00b2
    ##	in the specified domain.  This allows
    Chris PeBenito df00b2
    ##	the specified domain to execute any file
    Chris PeBenito df00b2
    ##	on these filesystems in the specified
    Chris PeBenito df00b2
    ##	domain.  This is not suggested.
    Chris PeBenito df00b2
    ##	

    Chris PeBenito df00b2
    ##	

    Chris PeBenito df00b2
    ##	No interprocess communication (signals, pipes,
    Chris PeBenito df00b2
    ##	etc.) is provided by this interface since
    Chris PeBenito df00b2
    ##	the domains are not owned by this module.
    Chris PeBenito df00b2
    ##	

    Chris PeBenito df00b2
    ##	

    Chris PeBenito df00b2
    ##	This interface was added to handle
    Chris PeBenito 7c2f5a
    ##	the userhelper policy.
    Chris PeBenito df00b2
    ##	

    Chris PeBenito df00b2
    ## </desc>
    Chris PeBenito df00b2
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Dominick Grift 705f70
    ##	Domain allowed to transition.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito df00b2
    ## </param>
    Chris PeBenito df00b2
    ## <param name="target_domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito df00b2
    ##	The type of the new process.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito df00b2
    ## </param>
    Chris PeBenito df00b2
    #
    Chris PeBenito 7c2f5a
    interface(`corecmd_bin_spec_domtrans',`
    Chris PeBenito df00b2
    	gen_require(`
    Chris PeBenito df00b2
    		type bin_t;
    Chris PeBenito df00b2
    	')
    Chris PeBenito df00b2
    Chris PeBenito 0bfccd
    	read_lnk_files_pattern($1, bin_t, bin_t)
    Chris PeBenito 0bfccd
    	domain_transition_pattern($1, bin_t, $2)
    Chris PeBenito 7c2f5a
    ')
    Chris PeBenito 7c2f5a
    Chris PeBenito 7c2f5a
    ########################################
    Chris PeBenito 7c2f5a
    ## <summary>
    Chris PeBenito ff8f0a
    ##	Execute a file in a bin directory
    Chris PeBenito ff8f0a
    ##	in the specified domain.
    Chris PeBenito 7c2f5a
    ## </summary>
    Chris PeBenito 7c2f5a
    ## <desc>
    Chris PeBenito ff8f0a
    ##	

    Chris PeBenito ff8f0a
    ##	Execute a file in a bin directory
    Chris PeBenito ff8f0a
    ##	in the specified domain.  This allows
    Chris PeBenito ff8f0a
    ##	the specified domain to execute any file
    Chris PeBenito ff8f0a
    ##	on these filesystems in the specified
    Chris PeBenito ff8f0a
    ##	domain.  This is not suggested.
    Chris PeBenito ff8f0a
    ##	

    Chris PeBenito ff8f0a
    ##	

    Chris PeBenito ff8f0a
    ##	No interprocess communication (signals, pipes,
    Chris PeBenito ff8f0a
    ##	etc.) is provided by this interface since
    Chris PeBenito ff8f0a
    ##	the domains are not owned by this module.
    Chris PeBenito ff8f0a
    ##	

    Chris PeBenito ff8f0a
    ##	

    Chris PeBenito ff8f0a
    ##	This interface was added to handle
    Chris PeBenito ff8f0a
    ##	the ssh-agent policy.
    Chris PeBenito ff8f0a
    ##	

    Chris PeBenito 7c2f5a
    ## </desc>
    Chris PeBenito 7c2f5a
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Dominick Grift 705f70
    ##	Domain allowed to transition.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 7c2f5a
    ## </param>
    Chris PeBenito 7c2f5a
    ## <param name="target_domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito ff8f0a
    ##	The type of the new process.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 7c2f5a
    ## </param>
    Chris PeBenito 7c2f5a
    #
    Chris PeBenito 7c2f5a
    interface(`corecmd_bin_domtrans',`
    Chris PeBenito 7c2f5a
    	gen_require(`
    Chris PeBenito 7c2f5a
    		type bin_t;
    Chris PeBenito 7c2f5a
    	')
    Chris PeBenito 7c2f5a
    Chris PeBenito 290aa8
    	corecmd_bin_spec_domtrans($1, $2)
    Chris PeBenito 7c2f5a
    	type_transition $1 bin_t:process $2;
    Chris PeBenito df00b2
    ')
    Chris PeBenito df00b2
    Chris PeBenito df00b2
    ########################################
    Chris PeBenito ac9db9
    ## <summary>
    Chris PeBenito 8021cb
    ##	Search the contents of sbin directories.  (Deprecated)
    Chris PeBenito ac9db9
    ## </summary>
    Chris PeBenito ac9db9
    ## <param name="domain">
    Chris PeBenito ac9db9
    ##	<summary>
    Chris PeBenito ac9db9
    ##	Domain allowed access.
    Chris PeBenito ac9db9
    ##	</summary>
    Chris PeBenito ac9db9
    ## </param>
    Chris PeBenito 075c4f
    #
    Chris PeBenito 199895
    interface(`corecmd_search_sbin',`
    Chris PeBenito 8021cb
    	corecmd_search_bin($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
    Chris PeBenito 075c4f
    ')
    Chris PeBenito 075c4f
    Chris PeBenito 075c4f
    ########################################
    Chris PeBenito 3e6c81
    ## <summary>
    Chris PeBenito 3e6c81
    ##	Do not audit attempts to search
    Chris PeBenito 8021cb
    ##	sbin directories.  (Deprecated)
    Chris PeBenito 3e6c81
    ## </summary>
    Chris PeBenito 3e6c81
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 3e6c81
    ##	Domain to not audit.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 3e6c81
    ## </param>
    Chris PeBenito 3e6c81
    #
    Chris PeBenito 3e6c81
    interface(`corecmd_dontaudit_search_sbin',`
    Chris PeBenito 8021cb
    	corecmd_dontaudit_search_bin($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_search_bin() instead.')
    Chris PeBenito 3e6c81
    ')
    Chris PeBenito 3e6c81
    Chris PeBenito 3e6c81
    ########################################
    Chris PeBenito ac9db9
    ## <summary>
    Chris PeBenito 8021cb
    ##	List the contents of sbin directories.  (Deprecated)
    Chris PeBenito ac9db9
    ## </summary>
    Chris PeBenito ac9db9
    ## <param name="domain">
    Chris PeBenito ac9db9
    ##	<summary>
    Chris PeBenito ac9db9
    ##	Domain allowed access.
    Chris PeBenito ac9db9
    ##	</summary>
    Chris PeBenito ac9db9
    ## </param>
    Chris PeBenito 075c4f
    #
    Chris PeBenito 199895
    interface(`corecmd_list_sbin',`
    Chris PeBenito 8021cb
    	corecmd_list_bin($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_list_bin() instead.')
    Chris PeBenito 075c4f
    ')
    Chris PeBenito 075c4f
    Chris PeBenito 075c4f
    ########################################
    Chris PeBenito 6b19be
    ## <summary>
    Chris PeBenito 6b19be
    ##	Do not audit attempts to write
    Chris PeBenito 8021cb
    ##	sbin directories.  (Deprecated)
    Chris PeBenito 6b19be
    ## </summary>
    Chris PeBenito 6b19be
    ## <param name="domain">
    Chris PeBenito 6b19be
    ##	<summary>
    Chris PeBenito 6b19be
    ##	Domain to not audit.
    Chris PeBenito 6b19be
    ##	</summary>
    Chris PeBenito 6b19be
    ## </param>
    Chris PeBenito 6b19be
    #
    Chris PeBenito 6b19be
    interface(`corecmd_dontaudit_write_sbin_dirs',`
    Chris PeBenito 8021cb
    	corecmd_dontaudit_write_bin_dirs($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_write_bin_dirs() instead.')
    Chris PeBenito 6b19be
    ')
    Chris PeBenito 6b19be
    Chris PeBenito 6b19be
    ########################################
    Chris PeBenito ac9db9
    ## <summary>
    Chris PeBenito 8021cb
    ##	Get the attributes of sbin files.  (Deprecated)
    Chris PeBenito ac9db9
    ## </summary>
    Chris PeBenito ac9db9
    ## <param name="domain">
    Chris PeBenito ac9db9
    ##	<summary>
    Chris PeBenito ac9db9
    ##	Domain allowed access.
    Chris PeBenito ac9db9
    ##	</summary>
    Chris PeBenito ac9db9
    ## </param>
    Chris PeBenito 80436b
    #
    Chris PeBenito 1815ba
    interface(`corecmd_getattr_sbin_files',`
    Chris PeBenito 8021cb
    	corecmd_getattr_bin_files($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_getattr_bin_files() instead.')
    Chris PeBenito 80436b
    ')
    Chris PeBenito 80436b
    Chris PeBenito 80436b
    ########################################
    Chris PeBenito ac9db9
    ## <summary>
    Chris PeBenito ac9db9
    ##	Do not audit attempts to get the attibutes
    Chris PeBenito 8021cb
    ##	of sbin files.  (Deprecated)
    Chris PeBenito ac9db9
    ## </summary>
    Chris PeBenito ac9db9
    ## <param name="domain">
    Chris PeBenito ac9db9
    ##	<summary>
    Chris PeBenito ac9db9
    ##	Domain to not audit.
    Chris PeBenito ac9db9
    ##	</summary>
    Chris PeBenito ac9db9
    ## </param>
    Chris PeBenito f5c42b
    #
    Chris PeBenito 1815ba
    interface(`corecmd_dontaudit_getattr_sbin_files',`
    Chris PeBenito 8021cb
    	corecmd_dontaudit_getattr_bin_files($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_getattr_bin_files() instead.')
    Chris PeBenito f5c42b
    ')
    Chris PeBenito f5c42b
    Chris PeBenito f5c42b
    ########################################
    Chris PeBenito 58c3da
    ## <summary>
    Chris PeBenito 8021cb
    ##	Read files in sbin directories.  (Deprecated)
    Chris PeBenito ae9e27
    ## </summary>
    Chris PeBenito ae9e27
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 725926
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ae9e27
    ## </param>
    Chris PeBenito ae9e27
    #
    Chris PeBenito 1815ba
    interface(`corecmd_read_sbin_files',`
    Chris PeBenito 8021cb
    	corecmd_read_bin_files($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_files() instead.')
    Chris PeBenito ae9e27
    ')
    Chris PeBenito ae9e27
    Chris PeBenito ae9e27
    ########################################
    Chris PeBenito ae9e27
    ## <summary>
    Chris PeBenito 8021cb
    ##	Read symbolic links in sbin directories.  (Deprecated)
    Chris PeBenito 58c3da
    ## </summary>
    Chris PeBenito 58c3da
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 725926
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 58c3da
    ## </param>
    Chris PeBenito ae9e27
    #
    Chris PeBenito 1815ba
    interface(`corecmd_read_sbin_symlinks',`
    Chris PeBenito 8021cb
    	corecmd_read_bin_symlinks($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_symlinks() instead.')
    Chris PeBenito ae9e27
    ')
    Chris PeBenito ae9e27
    Chris PeBenito ae9e27
    ########################################
    Chris PeBenito ae9e27
    ## <summary>
    Chris PeBenito 8021cb
    ##	Read named pipes in sbin directories.  (Deprecated)
    Chris PeBenito ae9e27
    ## </summary>
    Chris PeBenito ae9e27
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 725926
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ae9e27
    ## </param>
    Chris PeBenito ae9e27
    #
    Chris PeBenito 1815ba
    interface(`corecmd_read_sbin_pipes',`
    Chris PeBenito 8021cb
    	corecmd_read_bin_pipes($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_pipes() instead.')
    Chris PeBenito ae9e27
    ')
    Chris PeBenito ae9e27
    Chris PeBenito ae9e27
    ########################################
    Chris PeBenito ae9e27
    ## <summary>
    Chris PeBenito 8021cb
    ##	Read named sockets in sbin directories.  (Deprecated)
    Chris PeBenito ae9e27
    ## </summary>
    Chris PeBenito ae9e27
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 725926
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito ae9e27
    ## </param>
    Chris PeBenito ae9e27
    #
    Chris PeBenito 1815ba
    interface(`corecmd_read_sbin_sockets',`
    Chris PeBenito 8021cb
    	corecmd_read_bin_sockets($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_sockets() instead.')
    Chris PeBenito 58c3da
    ')
    Chris PeBenito 58c3da
    Chris PeBenito 58c3da
    ########################################
    Chris PeBenito ac9db9
    ## <summary>
    Chris PeBenito ac9db9
    ##	Execute generic programs in sbin directories,
    Chris PeBenito 8021cb
    ##	in the caller domain.  (Deprecated)
    Chris PeBenito ac9db9
    ## </summary>
    Chris PeBenito ac9db9
    ## <param name="domain">
    Chris PeBenito ac9db9
    ##	<summary>
    Chris PeBenito ac9db9
    ##	Domain allowed access.
    Chris PeBenito ac9db9
    ##	</summary>
    Chris PeBenito ac9db9
    ## </param>
    Chris PeBenito b4cd15
    #
    Chris PeBenito 199895
    interface(`corecmd_exec_sbin',`
    Chris PeBenito 8021cb
    	corecmd_exec_bin($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
    Chris PeBenito 2c2435
    ')
    Chris PeBenito dd8229
    Chris PeBenito 2c2435
    ########################################
    Chris PeBenito 2c2435
    ## <summary>
    Chris PeBenito 8021cb
    ##	Create, read, write, and delete sbin files.  (Deprecated)
    Chris PeBenito 2c2435
    ## </summary>
    Chris PeBenito 2c2435
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2c2435
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2c2435
    ## </param>
    Chris PeBenito 2c2435
    #
    Chris PeBenito 2c2435
    # cjp: added for prelink
    Chris PeBenito 2c2435
    interface(`corecmd_manage_sbin_files',`
    Chris PeBenito 8021cb
    	corecmd_manage_bin_files($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_manage_bin_files() instead.')
    Chris PeBenito 2c2435
    ')
    Chris PeBenito 2c2435
    Chris PeBenito 2c2435
    ########################################
    Chris PeBenito 2c2435
    ## <summary>
    Chris PeBenito 8021cb
    ##	Relabel to and from the sbin type.  (Deprecated)
    Chris PeBenito 2c2435
    ## </summary>
    Chris PeBenito 2c2435
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2c2435
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2c2435
    ## </param>
    Chris PeBenito 2c2435
    #
    Chris PeBenito 2c2435
    # cjp: added for prelink
    Chris PeBenito 2c2435
    interface(`corecmd_relabel_sbin_files',`
    Chris PeBenito 8021cb
    	corecmd_relabel_bin_files($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_relabel_bin_files() instead.')
    Chris PeBenito 2c2435
    ')
    Chris PeBenito 2c2435
    Chris PeBenito 2c2435
    ########################################
    Chris PeBenito 2c2435
    ## <summary>
    Chris PeBenito 8021cb
    ##	Mmap a sbin file as executable.  (Deprecated)
    Chris PeBenito 2c2435
    ## </summary>
    Chris PeBenito 2c2435
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 2c2435
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 2c2435
    ## </param>
    Chris PeBenito 2c2435
    #
    Chris PeBenito 2c2435
    # cjp: added for prelink
    Chris PeBenito 2c2435
    interface(`corecmd_mmap_sbin_files',`
    Chris PeBenito 8021cb
    	corecmd_mmap_bin_files($1)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_mmap_bin_files() instead.')
    Chris PeBenito b4cd15
    ')
    Chris PeBenito b4cd15
    Chris PeBenito b4cd15
    ########################################
    Chris PeBenito 451c1e
    ## <summary>
    Chris PeBenito 451c1e
    ##	Execute a file in a sbin directory
    Chris PeBenito 8021cb
    ##	in the specified domain.  (Deprecated)
    Chris PeBenito 451c1e
    ## </summary>
    Chris PeBenito 451c1e
    ## <desc>
    Chris PeBenito 451c1e
    ##	

    Chris PeBenito 451c1e
    ##	Execute a file in a sbin directory
    Chris PeBenito 451c1e
    ##	in the specified domain.  This allows
    Chris PeBenito 451c1e
    ##	the specified domain to execute any file
    Chris PeBenito 451c1e
    ##	on these filesystems in the specified
    Chris PeBenito 8021cb
    ##	domain.  This is not suggested.  (Deprecated)
    Chris PeBenito 451c1e
    ##	

    Chris PeBenito 451c1e
    ##	

    Chris PeBenito 451c1e
    ##	No interprocess communication (signals, pipes,
    Chris PeBenito 451c1e
    ##	etc.) is provided by this interface since
    Chris PeBenito 451c1e
    ##	the domains are not owned by this module.
    Chris PeBenito 451c1e
    ##	

    Chris PeBenito 451c1e
    ##	

    Chris PeBenito 451c1e
    ##	This interface was added to handle
    Chris PeBenito 451c1e
    ##	the ssh-agent policy.
    Chris PeBenito 451c1e
    ##	

    Chris PeBenito 451c1e
    ## </desc>
    Chris PeBenito 451c1e
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Dominick Grift 705f70
    ##	Domain allowed to transition.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 451c1e
    ## </param>
    Chris PeBenito 451c1e
    ## <param name="target_domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 451c1e
    ##	The type of the new process.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 451c1e
    ## </param>
    Chris PeBenito 451c1e
    #
    Chris PeBenito 451c1e
    interface(`corecmd_sbin_domtrans',`
    Chris PeBenito 0bfccd
    	corecmd_bin_domtrans($1, $2)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
    Chris PeBenito 451c1e
    ')
    Chris PeBenito 451c1e
    Chris PeBenito 451c1e
    ########################################
    Chris PeBenito 725926
    ## <summary>
    Chris PeBenito 7c2f5a
    ##	Execute a file in a sbin directory
    Chris PeBenito 7c2f5a
    ##	in the specified domain but do not
    Chris PeBenito 7c2f5a
    ##	do it automatically. This is an explicit
    Chris PeBenito 8021cb
    ##	transition, requiring the caller to use setexeccon().  (Deprecated)
    Chris PeBenito 7c2f5a
    ## </summary>
    Chris PeBenito 7c2f5a
    ## <desc>
    Chris PeBenito 7c2f5a
    ##	

    Chris PeBenito 7c2f5a
    ##	Execute a file in a sbin directory
    Chris PeBenito 7c2f5a
    ##	in the specified domain.  This allows
    Chris PeBenito 7c2f5a
    ##	the specified domain to execute any file
    Chris PeBenito 7c2f5a
    ##	on these filesystems in the specified
    Chris PeBenito 8021cb
    ##	domain.  This is not suggested.  (Deprecated)
    Chris PeBenito 7c2f5a
    ##	

    Chris PeBenito 7c2f5a
    ##	

    Chris PeBenito 7c2f5a
    ##	No interprocess communication (signals, pipes,
    Chris PeBenito 7c2f5a
    ##	etc.) is provided by this interface since
    Chris PeBenito 7c2f5a
    ##	the domains are not owned by this module.
    Chris PeBenito 7c2f5a
    ##	

    Chris PeBenito 7c2f5a
    ##	

    Chris PeBenito 7c2f5a
    ##	This interface was added to handle
    Chris PeBenito 7c2f5a
    ##	the userhelper policy.
    Chris PeBenito 7c2f5a
    ##	

    Chris PeBenito 7c2f5a
    ## </desc>
    Chris PeBenito 7c2f5a
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Dominick Grift 705f70
    ##	Domain allowed to transition.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 7c2f5a
    ## </param>
    Chris PeBenito 7c2f5a
    ## <param name="target_domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 7c2f5a
    ##	The type of the new process.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 7c2f5a
    ## </param>
    Chris PeBenito 7c2f5a
    #
    Chris PeBenito 7c2f5a
    interface(`corecmd_sbin_spec_domtrans',`
    Chris PeBenito 0bfccd
    	corecmd_bin_spec_domtrans($1, $2)
    Chris PeBenito 8021cb
    	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
    Chris PeBenito 7c2f5a
    ')
    Chris PeBenito 7c2f5a
    Chris PeBenito 7c2f5a
    ########################################
    Chris PeBenito 7c2f5a
    ## <summary>
    Chris PeBenito 725926
    ##	Check if a shell is executable (DAC-wise).
    Chris PeBenito 725926
    ## </summary>
    Chris PeBenito 725926
    ## <param name="domain">
    Chris PeBenito 885b83
    ##	<summary>
    Chris PeBenito 725926
    ##	Domain allowed access.
    Chris PeBenito 885b83
    ##	</summary>
    Chris PeBenito 725926
    ## </param>
    Chris PeBenito 725926
    #
    Chris PeBenito 725926
    interface(`corecmd_check_exec_shell',`
    Chris PeBenito 725926
    	gen_require(`
    Chris PeBenito 725926
    		type bin_t, shell_exec_t;
    Chris PeBenito 725926
    	')
    Chris PeBenito 725926
    Chris PeBenito 0bfccd
    	list_dirs_pattern($1, bin_t, bin_t)
    Chris PeBenito 0bfccd
    	read_lnk_files_pattern($1, bin_t, bin_t)
    Chris PeBenito 725926
    	allow $1 shell_exec_t:file execute;
    Chris PeBenito 725926
    ')
    Chris PeBenito 725926
    Chris PeBenito 725926
    ########################################
    Chris PeBenito ac9db9
    ## <summary>
    Chris PeBenito 3a744d
    ##	Execute shells in the caller domain.
    Chris PeBenito ac9db9
    ## </summary>
    Chris PeBenito 3a744d
    ## <desc>
    Chris PeBenito 3a744d
    ##	

    Chris PeBenito 3a744d
    ##	Allow the specified domain to execute shells without
    Chris PeBenito 3a744d
    ##	a domain transition.
    Chris PeBenito 3a744d
    ##	

    Chris PeBenito 3a744d
    ##	

    Chris PeBenito 3a744d
    ##	Typically, this interface should be used when the domain
    Chris PeBenito 3a744d
    ##	executes shells within the privileges
    Chris PeBenito 3a744d
    ##	of the source domain.  Some examples of these programs
    Chris PeBenito 3a744d
    ##	are bash, tcsh, and zsh.
    Chris PeBenito 3a744d
    ##	

    Chris PeBenito 3a744d
    ##	

    Chris PeBenito 3a744d
    ##	Related interface:
    Chris PeBenito 3a744d
    ##	

    Chris PeBenito 3a744d
    ##	
      Chris PeBenito 3a744d
      ##		
    • corecmd_exec_bin()
    • Chris PeBenito 3a744d
      ##	
      Chris PeBenito 3a744d
      ## </desc>
      Chris PeBenito ac9db9
      ## <param name="domain">
      Chris PeBenito ac9db9
      ##	<summary>
      Chris PeBenito ac9db9
      ##	Domain allowed access.
      Chris PeBenito ac9db9
      ##	</summary>
      Chris PeBenito ac9db9
      ## </param>
      Chris PeBenito b4cd15
      #
      Chris PeBenito 199895
      interface(`corecmd_exec_shell',`
      Chris PeBenito 139520
      	gen_require(`
      Chris PeBenito 139520
      		type bin_t, shell_exec_t;
      Chris PeBenito 139520
      	')
      Chris PeBenito 0c73cd
      Chris PeBenito 0bfccd
      	list_dirs_pattern($1, bin_t, bin_t)
      Chris PeBenito 0bfccd
      	read_lnk_files_pattern($1, bin_t, bin_t)
      Chris PeBenito 0bfccd
      	can_exec($1, shell_exec_t)
      Chris PeBenito b4cd15
      ')
      Chris PeBenito b4cd15
      Chris PeBenito b4cd15
      ########################################
      Chris PeBenito ac9db9
      ## <summary>
      Chris PeBenito 8021cb
      ##	Execute ls in the caller domain.  (Deprecated)
      Chris PeBenito ac9db9
      ## </summary>
      Chris PeBenito ac9db9
      ## <param name="domain">
      Chris PeBenito ac9db9
      ##	<summary>
      Chris PeBenito ac9db9
      ##	Domain allowed access.
      Chris PeBenito ac9db9
      ##	</summary>
      Chris PeBenito ac9db9
      ## </param>
      Chris PeBenito f5c42b
      #
      Chris PeBenito 199895
      interface(`corecmd_exec_ls',`
      Chris PeBenito 8021cb
      	corecmd_exec_bin($1)
      Chris PeBenito 8021cb
      	refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
      Chris PeBenito f5c42b
      ')
      Chris PeBenito f5c42b
      Chris PeBenito f5c42b
      ########################################
      Chris PeBenito f7ebea
      ## <summary>
      Chris PeBenito f7ebea
      ##	Execute a shell in the target domain.  This
      Chris PeBenito f7ebea
      ##	is an explicit transition, requiring the
      Chris PeBenito f7ebea
      ##	caller to use setexeccon().
      Chris PeBenito f7ebea
      ## </summary>
      Chris PeBenito 414e41
      ## <desc>
      Chris PeBenito df00b2
      ##	

      Chris PeBenito 414e41
      ##	Execute a shell in the target domain.  This
      Chris PeBenito 414e41
      ##	is an explicit transition, requiring the
      Chris PeBenito 414e41
      ##	caller to use setexeccon().
      Chris PeBenito df00b2
      ##	

      Chris PeBenito df00b2
      ##	

      Chris PeBenito df00b2
      ##	No interprocess communication (signals, pipes,
      Chris PeBenito df00b2
      ##	etc.) is provided by this interface since
      Chris PeBenito df00b2
      ##	the domains are not owned by this module.
      Chris PeBenito df00b2
      ##	

      Chris PeBenito 414e41
      ## </desc>
      Chris PeBenito 414e41
      ## <param name="domain">
      Chris PeBenito 885b83
      ##	<summary>
      Dominick Grift 705f70
      ##	Domain allowed to transition.
      Chris PeBenito 885b83
      ##	</summary>
      Chris PeBenito 414e41
      ## </param>
      Chris PeBenito 414e41
      ## <param name="target_domain">
      Chris PeBenito 885b83
      ##	<summary>
      Chris PeBenito 414e41
      ##	The type of the shell process.
      Chris PeBenito 885b83
      ##	</summary>
      Chris PeBenito 414e41
      ## </param>
      Chris PeBenito 075c4f
      #
      Chris PeBenito 199895
      interface(`corecmd_shell_spec_domtrans',`
      Chris PeBenito 139520
      	gen_require(`
      Chris PeBenito 139520
      		type bin_t, shell_exec_t;
      Chris PeBenito 139520
      	')
      Chris PeBenito 0c73cd
      Chris PeBenito 0bfccd
      	list_dirs_pattern($1, bin_t, bin_t)
      Chris PeBenito 0bfccd
      	read_lnk_files_pattern($1, bin_t, bin_t)
      Chris PeBenito 0bfccd
      	domain_transition_pattern($1, shell_exec_t, $2)
      Chris PeBenito 075c4f
      ')
      Chris PeBenito 075c4f
      Chris PeBenito 4bf4ed
      ########################################
      Chris PeBenito df00b2
      ## <summary>
      Chris PeBenito df00b2
      ##	Execute a shell in the specified domain.
      Chris PeBenito df00b2
      ## </summary>
      Chris PeBenito 414e41
      ## <desc>
      Chris PeBenito df00b2
      ##	

      Chris PeBenito df00b2
      ##	Execute a shell in the specified domain.
      Chris PeBenito df00b2
      ##	

      Chris PeBenito df00b2
      ##	

      Chris PeBenito df00b2
      ##	No interprocess communication (signals, pipes,
      Chris PeBenito df00b2
      ##	etc.) is provided by this interface since
      Chris PeBenito df00b2
      ##	the domains are not owned by this module.
      Chris PeBenito df00b2
      ##	

      Chris PeBenito 414e41
      ## </desc>
      Chris PeBenito 414e41
      ## <param name="domain">
      Chris PeBenito 885b83
      ##	<summary>
      Dominick Grift 705f70
      ##	Domain allowed to transition.
      Chris PeBenito 885b83
      ##	</summary>
      Chris PeBenito 414e41
      ## </param>
      Chris PeBenito 414e41
      ## <param name="target_domain">
      Chris PeBenito 885b83
      ##	<summary>
      Chris PeBenito 414e41
      ##	The type of the shell process.
      Chris PeBenito 885b83
      ##	</summary>
      Chris PeBenito 414e41
      ## </param>
      Chris PeBenito 4bf4ed
      #
      Chris PeBenito df00b2
      interface(`corecmd_shell_domtrans',`
      Chris PeBenito 139520
      	gen_require(`
      Chris PeBenito 139520
      		type shell_exec_t;
      Chris PeBenito 139520
      	')
      Chris PeBenito 0c73cd
      Chris PeBenito 0bfccd
      	corecmd_shell_spec_domtrans($1, $2)
      Chris PeBenito 0c73cd
      	type_transition $1 shell_exec_t:process $2;
      Chris PeBenito 4bf4ed
      ')
      Chris PeBenito 4bf4ed
      Chris PeBenito 075c4f
      ########################################
      Chris PeBenito ac9db9
      ## <summary>
      Chris PeBenito ac9db9
      ##	Execute chroot in the caller domain.
      Chris PeBenito ac9db9
      ## </summary>
      Chris PeBenito ac9db9
      ## <param name="domain">
      Chris PeBenito ac9db9
      ##	<summary>
      Chris PeBenito ac9db9
      ##	Domain allowed access.
      Chris PeBenito ac9db9
      ##	</summary>
      Chris PeBenito ac9db9
      ## </param>
      Chris PeBenito b4cd15
      #
      Chris PeBenito df00b2
      interface(`corecmd_exec_chroot',`
      Chris PeBenito 139520
      	gen_require(`
      Chris PeBenito 139520
      		type chroot_exec_t;
      Chris PeBenito 139520
      	')
      Chris PeBenito 0c73cd
      Chris PeBenito 0bfccd
      	read_lnk_files_pattern($1, bin_t, bin_t)
      Chris PeBenito 0bfccd
      	can_exec($1, chroot_exec_t)
      Dan Walsh 3eaa99
      	allow $1 self:capability sys_chroot;
      Chris PeBenito b4cd15
      ')
      Chris PeBenito fb63d0
      Chris PeBenito fb63d0
      ########################################
      Chris PeBenito fb63d0
      ## <summary>
      Chris PeBenito 6c20f7
      ##	Get the attributes of all executable files.
      Chris PeBenito 6c20f7
      ## </summary>
      Chris PeBenito 6c20f7
      ## <param name="domain">
      Chris PeBenito 6c20f7
      ##	<summary>
      Chris PeBenito 6c20f7
      ##	Domain allowed access.
      Chris PeBenito 6c20f7
      ##	</summary>
      Chris PeBenito 6c20f7
      ## </param>
      Chris PeBenito 6c20f7
      ## <rolecap/>
      Chris PeBenito 6c20f7
      #
      Chris PeBenito 6c20f7
      interface(`corecmd_getattr_all_executables',`
      Chris PeBenito 6c20f7
      	gen_require(`
      Chris PeBenito 6c20f7
      		attribute exec_type;
      Chris PeBenito 8021cb
      		type bin_t;
      Chris PeBenito 6c20f7
      	')
      Chris PeBenito 6c20f7
      Chris PeBenito 8021cb
      	allow $1 bin_t:dir list_dir_perms;
      Chris PeBenito 0bfccd
      	getattr_files_pattern($1, bin_t, exec_type)
      Chris PeBenito 6c20f7
      ')
      Chris PeBenito 6c20f7
      Chris PeBenito 6c20f7
      ########################################
      Chris PeBenito 6c20f7
      ## <summary>
      Chris PeBenito 4b23c6
      ##	Read all executable files.
      Chris PeBenito 4b23c6
      ## </summary>
      Chris PeBenito 4b23c6
      ## <param name="domain">
      Chris PeBenito 4b23c6
      ##	<summary>
      Chris PeBenito 4b23c6
      ##	Domain allowed access.
      Chris PeBenito 4b23c6
      ##	</summary>
      Chris PeBenito 4b23c6
      ## </param>
      Chris PeBenito 4b23c6
      ## <rolecap/>
      Chris PeBenito 4b23c6
      #
      Chris PeBenito 4b23c6
      interface(`corecmd_read_all_executables',`
      Chris PeBenito 4b23c6
      	gen_require(`
      Chris PeBenito 4b23c6
      		attribute exec_type;
      Chris PeBenito 4b23c6
      	')
      Chris PeBenito 4b23c6
      Chris PeBenito 4b23c6
      	read_files_pattern($1, exec_type, exec_type)
      Chris PeBenito 4b23c6
      ')
      Chris PeBenito 4b23c6
      Chris PeBenito 4b23c6
      ########################################
      Chris PeBenito 4b23c6
      ## <summary>
      Chris PeBenito fb63d0
      ##	Execute all executable files.
      Chris PeBenito fb63d0
      ## </summary>
      Chris PeBenito fb63d0
      ## <param name="domain">
      Chris PeBenito fb63d0
      ##	<summary>
      Chris PeBenito fb63d0
      ##	Domain allowed access.
      Chris PeBenito fb63d0
      ##	</summary>
      Chris PeBenito fb63d0
      ## </param>
      Chris PeBenito bbcd3c
      ## <rolecap/>
      Chris PeBenito fb63d0
      #
      Chris PeBenito fb63d0
      interface(`corecmd_exec_all_executables',`
      Chris PeBenito fb63d0
      	gen_require(`
      Chris PeBenito fb63d0
      		attribute exec_type;
      Chris PeBenito 8021cb
      		type bin_t;
      Chris PeBenito fb63d0
      	')
      Chris PeBenito fb63d0
      Chris PeBenito 0bfccd
      	can_exec($1, exec_type)
      Chris PeBenito 0bfccd
      	list_dirs_pattern($1, bin_t, bin_t)
      Chris PeBenito 0bfccd
      	read_lnk_files_pattern($1, bin_t, exec_type)
      Chris PeBenito fb63d0
      ')
      Chris PeBenito fb63d0
      Chris PeBenito fb63d0
      ########################################
      Chris PeBenito fb63d0
      ## <summary>
      Chris PeBenito 5bf9de
      ##	Do not audit attempts to execute all executables.
      Chris PeBenito 5bf9de
      ## </summary>
      Chris PeBenito 5bf9de
      ## <param name="domain">
      Chris PeBenito 5bf9de
      ##	<summary>
      Chris PeBenito 97b990
      ##	Domain to not audit.
      Chris PeBenito 5bf9de
      ##	</summary>
      Chris PeBenito 5bf9de
      ## </param>
      Chris PeBenito 5bf9de
      #
      Chris PeBenito 5bf9de
      interface(`corecmd_dontaudit_exec_all_executables',`
      Chris PeBenito 5bf9de
      	gen_require(`
      Chris PeBenito 5bf9de
      		attribute exec_type;
      Chris PeBenito 5bf9de
      	')
      Chris PeBenito 5bf9de
      Chris PeBenito 5bf9de
      	dontaudit $1 exec_type:file { execute execute_no_trans };
      Chris PeBenito 5bf9de
      ')
      Chris PeBenito 5bf9de
      Chris PeBenito 5bf9de
      ########################################
      Chris PeBenito 5bf9de
      ## <summary>
      Chris PeBenito fb63d0
      ##	Create, read, write, and all executable files.
      Chris PeBenito fb63d0
      ## </summary>
      Chris PeBenito fb63d0
      ## <param name="domain">
      Chris PeBenito fb63d0
      ##	<summary>
      Chris PeBenito fb63d0
      ##	Domain allowed access.
      Chris PeBenito fb63d0
      ##	</summary>
      Chris PeBenito fb63d0
      ## </param>
      Chris PeBenito bbcd3c
      ## <rolecap/>
      Chris PeBenito fb63d0
      #
      Chris PeBenito fb63d0
      interface(`corecmd_manage_all_executables',`
      Chris PeBenito fb63d0
      	gen_require(`
      Chris PeBenito fb63d0
      		attribute exec_type;
      Chris PeBenito 8021cb
      		type bin_t;
      Chris PeBenito fb63d0
      	')
      Chris PeBenito fb63d0
      Dan Walsh 3eaa99
      	manage_dirs_pattern($1, bin_t, exec_type)
      Chris PeBenito 0bfccd
      	manage_files_pattern($1, bin_t, exec_type)
      Chris PeBenito 0bfccd
      	manage_lnk_files_pattern($1, bin_t, bin_t)
      Chris PeBenito fb63d0
      ')
      Chris PeBenito fb63d0
      Chris PeBenito fb63d0
      ########################################
      Chris PeBenito fb63d0
      ## <summary>
      Chris PeBenito fb63d0
      ##	Relabel to and from the bin type.
      Chris PeBenito fb63d0
      ## </summary>
      Chris PeBenito fb63d0
      ## <param name="domain">
      Chris PeBenito fb63d0
      ##	<summary>
      Chris PeBenito fb63d0
      ##	Domain allowed access.
      Chris PeBenito fb63d0
      ##	</summary>
      Chris PeBenito fb63d0
      ## </param>
      Chris PeBenito bbcd3c
      ## <rolecap/>
      Chris PeBenito fb63d0
      #
      Chris PeBenito fb63d0
      interface(`corecmd_relabel_all_executables',`
      Chris PeBenito fb63d0
      	gen_require(`
      Chris PeBenito fb63d0
      		attribute exec_type;
      Chris PeBenito 8021cb
      		type bin_t;
      Chris PeBenito fb63d0
      	')
      Chris PeBenito fb63d0
      Chris PeBenito 0bfccd
      	relabel_files_pattern($1, bin_t, exec_type)
      Chris PeBenito fb63d0
      ')
      Chris PeBenito fb63d0
      Chris PeBenito fb63d0
      ########################################
      Chris PeBenito fb63d0
      ## <summary>
      Chris PeBenito fb63d0
      ##	Mmap all executables as executable.
      Chris PeBenito fb63d0
      ## </summary>
      Chris PeBenito fb63d0
      ## <param name="domain">
      Chris PeBenito fb63d0
      ##	<summary>
      Chris PeBenito fb63d0
      ##	Domain allowed access.
      Chris PeBenito fb63d0
      ##	</summary>
      Chris PeBenito fb63d0
      ## </param>
      Chris PeBenito fb63d0
      #
      Chris PeBenito fb63d0
      interface(`corecmd_mmap_all_executables',`
      Chris PeBenito fb63d0
      	gen_require(`
      Chris PeBenito fb63d0
      		attribute exec_type;
      Chris PeBenito 8021cb
      		type bin_t;
      Chris PeBenito fb63d0
      	')
      Chris PeBenito fb63d0
      Chris PeBenito 0bfccd
      	mmap_files_pattern($1, bin_t, exec_type)
      Chris PeBenito fb63d0
      ')