|
Chris PeBenito |
3000a3 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## Core policy for shells, and generic programs
|
|
Chris PeBenito |
414e41 |
## in /bin, /sbin, /usr/bin, and /usr/sbin.
|
|
Chris PeBenito |
3000a3 |
## </summary>
|
|
Chris PeBenito |
e5d452 |
## <required val="true">
|
|
Chris PeBenito |
e5d452 |
## Contains the base bin and sbin directory types
|
|
Chris PeBenito |
e5d452 |
## which need to be searched for the kernel to
|
|
Chris PeBenito |
e5d452 |
## run init.
|
|
Chris PeBenito |
e5d452 |
## </required>
|
|
Chris PeBenito |
e181fe |
|
|
Chris PeBenito |
f7ebea |
########################################
|
|
Chris PeBenito |
80436b |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Make the specified type usable for files
|
|
Chris PeBenito |
fb63d0 |
## that are exectuables, such as binary programs.
|
|
Chris PeBenito |
fb63d0 |
## This does not include shared libraries.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## <param name="type">
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Type to be used for files.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## </param>
|
|
Chris PeBenito |
fb63d0 |
#
|
|
Chris PeBenito |
fb63d0 |
interface(`corecmd_executable_file',`
|
|
Chris PeBenito |
fb63d0 |
gen_require(`
|
|
Chris PeBenito |
fb63d0 |
attribute exec_type;
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
fb63d0 |
typeattribute $1 exec_type;
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
fb63d0 |
files_type($1)
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
fb63d0 |
########################################
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
350b6a |
## Create a aliased type to generic bin files. (Deprecated)
|
|
Chris PeBenito |
9e9138 |
## </summary>
|
|
Chris PeBenito |
c6d4c8 |
## <desc>
|
|
Chris PeBenito |
c6d4c8 |
##
|
|
Chris PeBenito |
350b6a |
## Create a aliased type to generic bin files. (Deprecated)
|
|
Chris PeBenito |
c6d4c8 |
##
|
|
Chris PeBenito |
c6d4c8 |
##
|
|
Chris PeBenito |
c6d4c8 |
## This is added to support targeted policy. Its
|
|
Chris PeBenito |
c6d4c8 |
## use should be limited. It has no effect
|
|
Chris PeBenito |
c6d4c8 |
## on the strict policy.
|
|
Chris PeBenito |
c6d4c8 |
##
|
|
Chris PeBenito |
c6d4c8 |
## </desc>
|
|
Chris PeBenito |
9e9138 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
9e9138 |
## Alias type for bin_t.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
9e9138 |
## </param>
|
|
Chris PeBenito |
ac9db9 |
#
|
|
Chris PeBenito |
9e9138 |
interface(`corecmd_bin_alias',`
|
|
Chris PeBenito |
350b6a |
refpolicywarn(`$0($*) has been deprecated.')
|
|
Chris PeBenito |
9e9138 |
')
|
|
Chris PeBenito |
9e9138 |
|
|
Chris PeBenito |
9e9138 |
########################################
|
|
Chris PeBenito |
9e9138 |
## <summary>
|
|
Chris PeBenito |
d42c7e |
## Make general progams in bin an entrypoint for
|
|
Chris PeBenito |
d42c7e |
## the specified domain.
|
|
Chris PeBenito |
d42c7e |
## </summary>
|
|
Chris PeBenito |
d42c7e |
## <param name="domain">
|
|
Chris PeBenito |
d42c7e |
## <summary>
|
|
Chris PeBenito |
d42c7e |
## The domain for which bin_t is an entrypoint.
|
|
Chris PeBenito |
d42c7e |
## </summary>
|
|
Chris PeBenito |
d42c7e |
## </param>
|
|
Chris PeBenito |
ac9db9 |
#
|
|
Chris PeBenito |
d42c7e |
interface(`corecmd_bin_entry_type',`
|
|
Chris PeBenito |
d42c7e |
gen_require(`
|
|
Chris PeBenito |
d42c7e |
type bin_t;
|
|
Chris PeBenito |
d42c7e |
')
|
|
Chris PeBenito |
d42c7e |
|
|
Chris PeBenito |
3f67f7 |
domain_entry_file($1, bin_t)
|
|
Chris PeBenito |
d42c7e |
')
|
|
Chris PeBenito |
d42c7e |
|
|
Chris PeBenito |
d42c7e |
########################################
|
|
Chris PeBenito |
d42c7e |
## <summary>
|
|
Chris PeBenito |
d42c7e |
## Make general progams in sbin an entrypoint for
|
|
Chris PeBenito |
8021cb |
## the specified domain. (Deprecated)
|
|
Chris PeBenito |
d42c7e |
## </summary>
|
|
Chris PeBenito |
d42c7e |
## <param name="domain">
|
|
Chris PeBenito |
d42c7e |
## <summary>
|
|
Chris PeBenito |
d42c7e |
## The domain for which sbin programs are an entrypoint.
|
|
Chris PeBenito |
d42c7e |
## </summary>
|
|
Chris PeBenito |
d42c7e |
## </param>
|
|
Chris PeBenito |
ac9db9 |
#
|
|
Chris PeBenito |
d42c7e |
interface(`corecmd_sbin_entry_type',`
|
|
Chris PeBenito |
8021cb |
corecmd_bin_entry_type($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_bin_entry_type() instead.')
|
|
Chris PeBenito |
d42c7e |
')
|
|
Chris PeBenito |
d42c7e |
|
|
Chris PeBenito |
d42c7e |
########################################
|
|
Chris PeBenito |
d42c7e |
## <summary>
|
|
Chris PeBenito |
80436b |
## Make the shell an entrypoint for the specified domain.
|
|
Chris PeBenito |
80436b |
## </summary>
|
|
Chris PeBenito |
80436b |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
80436b |
## The domain for which the shell is an entrypoint.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
80436b |
## </param>
|
|
Chris PeBenito |
ac9db9 |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_shell_entry_type',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type shell_exec_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
domain_entry_file($1, shell_exec_t)
|
|
Chris PeBenito |
07efe9 |
')
|
|
Chris PeBenito |
07efe9 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Search the contents of bin directories.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
075c4f |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_search_bin',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type bin_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
search_dirs_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
075c4f |
')
|
|
Chris PeBenito |
075c4f |
|
|
Chris PeBenito |
075c4f |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Do not audit attempts to search the contents of bin directories.
|
|
Chris PeBenito |
8021cb |
## </summary>
|
|
Chris PeBenito |
8021cb |
## <param name="domain">
|
|
Chris PeBenito |
8021cb |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain to not audit.
|
|
Chris PeBenito |
8021cb |
## </summary>
|
|
Chris PeBenito |
8021cb |
## </param>
|
|
Chris PeBenito |
8021cb |
#
|
|
Chris PeBenito |
8021cb |
interface(`corecmd_dontaudit_search_bin',`
|
|
Chris PeBenito |
8021cb |
gen_require(`
|
|
Chris PeBenito |
8021cb |
type bin_t;
|
|
Chris PeBenito |
8021cb |
')
|
|
Chris PeBenito |
8021cb |
|
|
Chris PeBenito |
8021cb |
dontaudit $1 bin_t:dir search_dir_perms;
|
|
Chris PeBenito |
8021cb |
')
|
|
Chris PeBenito |
8021cb |
|
|
Chris PeBenito |
8021cb |
########################################
|
|
Chris PeBenito |
8021cb |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## List the contents of bin directories.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
075c4f |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_list_bin',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type bin_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
list_dirs_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
075c4f |
')
|
|
Chris PeBenito |
075c4f |
|
|
Chris PeBenito |
58c3da |
########################################
|
|
Chris PeBenito |
80436b |
## <summary>
|
|
Dan Walsh |
20f707 |
## Do not audit attempts to write bin directories.
|
|
Chris PeBenito |
8021cb |
## </summary>
|
|
Chris PeBenito |
8021cb |
## <param name="domain">
|
|
Chris PeBenito |
8021cb |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain to not audit.
|
|
Chris PeBenito |
8021cb |
## </summary>
|
|
Chris PeBenito |
8021cb |
## </param>
|
|
Chris PeBenito |
8021cb |
#
|
|
Chris PeBenito |
8021cb |
interface(`corecmd_dontaudit_write_bin_dirs',`
|
|
Chris PeBenito |
8021cb |
gen_require(`
|
|
Chris PeBenito |
8021cb |
type bin_t;
|
|
Chris PeBenito |
8021cb |
')
|
|
Chris PeBenito |
8021cb |
|
|
Chris PeBenito |
8021cb |
dontaudit $1 bin_t:dir write;
|
|
Chris PeBenito |
8021cb |
')
|
|
Chris PeBenito |
8021cb |
|
|
Chris PeBenito |
8021cb |
########################################
|
|
Chris PeBenito |
8021cb |
## <summary>
|
|
Dan Walsh |
20f707 |
## Do not audit attempts to write bin files.
|
|
Dan Walsh |
20f707 |
## </summary>
|
|
Dan Walsh |
20f707 |
## <param name="domain">
|
|
Dan Walsh |
20f707 |
## <summary>
|
|
Dan Walsh |
20f707 |
## Domain to not audit.
|
|
Dan Walsh |
20f707 |
## </summary>
|
|
Dan Walsh |
20f707 |
## </param>
|
|
Dan Walsh |
20f707 |
#
|
|
Dan Walsh |
20f707 |
interface(`corecmd_dontaudit_write_bin_files',`
|
|
Dan Walsh |
20f707 |
gen_require(`
|
|
Dan Walsh |
20f707 |
type bin_t;
|
|
Dan Walsh |
20f707 |
')
|
|
Dan Walsh |
20f707 |
|
|
Dan Walsh |
20f707 |
dontaudit $1 bin_t:file write;
|
|
Dan Walsh |
20f707 |
')
|
|
Dan Walsh |
20f707 |
|
|
Dan Walsh |
20f707 |
########################################
|
|
Dan Walsh |
20f707 |
## <summary>
|
|
Chris PeBenito |
80436b |
## Get the attributes of files in bin directories.
|
|
Chris PeBenito |
80436b |
## </summary>
|
|
Chris PeBenito |
80436b |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
80436b |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_getattr_bin_files',`
|
|
Chris PeBenito |
80436b |
gen_require(`
|
|
Chris PeBenito |
80436b |
type bin_t;
|
|
Chris PeBenito |
80436b |
')
|
|
Chris PeBenito |
80436b |
|
|
Chris PeBenito |
0bfccd |
getattr_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
80436b |
')
|
|
Chris PeBenito |
80436b |
|
|
Chris PeBenito |
58c3da |
########################################
|
|
Chris PeBenito |
80436b |
## <summary>
|
|
Chris PeBenito |
8f3a0a |
## Get the attributes of files in bin directories.
|
|
Chris PeBenito |
8f3a0a |
## </summary>
|
|
Chris PeBenito |
8f3a0a |
## <param name="domain">
|
|
Chris PeBenito |
8f3a0a |
## <summary>
|
|
Chris PeBenito |
8f3a0a |
## Domain allowed access.
|
|
Chris PeBenito |
8f3a0a |
## </summary>
|
|
Chris PeBenito |
8f3a0a |
## </param>
|
|
Chris PeBenito |
8f3a0a |
#
|
|
Chris PeBenito |
8f3a0a |
interface(`corecmd_dontaudit_getattr_bin_files',`
|
|
Chris PeBenito |
8f3a0a |
gen_require(`
|
|
Chris PeBenito |
8f3a0a |
type bin_t;
|
|
Chris PeBenito |
8f3a0a |
')
|
|
Chris PeBenito |
8f3a0a |
|
|
Chris PeBenito |
8f3a0a |
dontaudit $1 bin_t:dir search_dir_perms;
|
|
Chris PeBenito |
8f3a0a |
dontaudit $1 bin_t:file getattr_file_perms;
|
|
Chris PeBenito |
8f3a0a |
')
|
|
Chris PeBenito |
8f3a0a |
|
|
Chris PeBenito |
8f3a0a |
########################################
|
|
Chris PeBenito |
8f3a0a |
## <summary>
|
|
Chris PeBenito |
ae9e27 |
## Read files in bin directories.
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_bin_files',`
|
|
Chris PeBenito |
ae9e27 |
gen_require(`
|
|
Chris PeBenito |
ae9e27 |
type bin_t;
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
0bfccd |
read_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
80436b |
## Read symbolic links in bin directories.
|
|
Chris PeBenito |
80436b |
## </summary>
|
|
Chris PeBenito |
80436b |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
80436b |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_bin_symlinks',`
|
|
Chris PeBenito |
80436b |
gen_require(`
|
|
Chris PeBenito |
80436b |
type bin_t;
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
ae9e27 |
## Read pipes in bin directories.
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_bin_pipes',`
|
|
Chris PeBenito |
ae9e27 |
gen_require(`
|
|
Chris PeBenito |
ae9e27 |
type bin_t;
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
0bfccd |
read_fifo_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
ae9e27 |
## Read named sockets in bin directories.
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_bin_sockets',`
|
|
Chris PeBenito |
ae9e27 |
gen_require(`
|
|
Chris PeBenito |
ae9e27 |
type bin_t;
|
|
Chris PeBenito |
80436b |
')
|
|
Chris PeBenito |
80436b |
|
|
Chris PeBenito |
0bfccd |
read_sock_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
80436b |
')
|
|
Chris PeBenito |
80436b |
|
|
Chris PeBenito |
075c4f |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Execute generic programs in bin directories,
|
|
Chris PeBenito |
ac9db9 |
## in the caller domain.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
3a744d |
## <desc>
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## Allow the specified domain to execute generic programs
|
|
Chris PeBenito |
3a744d |
## in system bin directories (/bin, /sbin, /usr/bin,
|
|
Chris PeBenito |
3a744d |
## /usr/sbin) a without domain transition.
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## Typically, this interface should be used when the domain
|
|
Chris PeBenito |
3a744d |
## executes general system progams within the privileges
|
|
Chris PeBenito |
3a744d |
## of the source domain. Some examples of these programs
|
|
Chris PeBenito |
3a744d |
## are ls, cp, sed, python, and tar. This does not include
|
|
Chris PeBenito |
3a744d |
## shells, such as bash.
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## Related interface:
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## corecmd_exec_shell()
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## </desc>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_exec_bin',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type bin_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
list_dirs_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
can_exec($1, bin_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
df00b2 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Create, read, write, and delete bin files.
|
|
Chris PeBenito |
2c2435 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## </param>
|
|
Chris PeBenito |
2c2435 |
#
|
|
Chris PeBenito |
2c2435 |
interface(`corecmd_manage_bin_files',`
|
|
Chris PeBenito |
2c2435 |
gen_require(`
|
|
Chris PeBenito |
2c2435 |
type bin_t;
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
0bfccd |
manage_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
2c2435 |
########################################
|
|
Chris PeBenito |
2c2435 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Relabel to and from the bin type.
|
|
Chris PeBenito |
2c2435 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## </param>
|
|
Chris PeBenito |
2c2435 |
#
|
|
Chris PeBenito |
2c2435 |
interface(`corecmd_relabel_bin_files',`
|
|
Chris PeBenito |
2c2435 |
gen_require(`
|
|
Chris PeBenito |
2c2435 |
type bin_t;
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
0bfccd |
relabel_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
2c2435 |
########################################
|
|
Chris PeBenito |
2c2435 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Mmap a bin file as executable.
|
|
Chris PeBenito |
2c2435 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## </param>
|
|
Chris PeBenito |
2c2435 |
#
|
|
Chris PeBenito |
2c2435 |
interface(`corecmd_mmap_bin_files',`
|
|
Chris PeBenito |
2c2435 |
gen_require(`
|
|
Chris PeBenito |
2c2435 |
type bin_t;
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
82d277 |
mmap_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
2c2435 |
########################################
|
|
Chris PeBenito |
2c2435 |
## <summary>
|
|
Chris PeBenito |
df00b2 |
## Execute a file in a bin directory
|
|
Chris PeBenito |
7c2f5a |
## in the specified domain but do not
|
|
Chris PeBenito |
7c2f5a |
## do it automatically. This is an explicit
|
|
Chris PeBenito |
7c2f5a |
## transition, requiring the caller to use setexeccon().
|
|
Chris PeBenito |
df00b2 |
## </summary>
|
|
Chris PeBenito |
df00b2 |
## <desc>
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
## Execute a file in a bin directory
|
|
Chris PeBenito |
df00b2 |
## in the specified domain. This allows
|
|
Chris PeBenito |
df00b2 |
## the specified domain to execute any file
|
|
Chris PeBenito |
df00b2 |
## on these filesystems in the specified
|
|
Chris PeBenito |
df00b2 |
## domain. This is not suggested.
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
## No interprocess communication (signals, pipes,
|
|
Chris PeBenito |
df00b2 |
## etc.) is provided by this interface since
|
|
Chris PeBenito |
df00b2 |
## the domains are not owned by this module.
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
## This interface was added to handle
|
|
Chris PeBenito |
7c2f5a |
## the userhelper policy.
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
## </desc>
|
|
Chris PeBenito |
df00b2 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
df00b2 |
## </param>
|
|
Chris PeBenito |
df00b2 |
## <param name="target_domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
df00b2 |
## The type of the new process.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
df00b2 |
## </param>
|
|
Chris PeBenito |
df00b2 |
#
|
|
Chris PeBenito |
7c2f5a |
interface(`corecmd_bin_spec_domtrans',`
|
|
Chris PeBenito |
df00b2 |
gen_require(`
|
|
Chris PeBenito |
df00b2 |
type bin_t;
|
|
Chris PeBenito |
df00b2 |
')
|
|
Chris PeBenito |
df00b2 |
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
domain_transition_pattern($1, bin_t, $2)
|
|
Chris PeBenito |
7c2f5a |
')
|
|
Chris PeBenito |
7c2f5a |
|
|
Chris PeBenito |
7c2f5a |
########################################
|
|
Chris PeBenito |
7c2f5a |
## <summary>
|
|
Chris PeBenito |
ff8f0a |
## Execute a file in a bin directory
|
|
Chris PeBenito |
ff8f0a |
## in the specified domain.
|
|
Chris PeBenito |
7c2f5a |
## </summary>
|
|
Chris PeBenito |
7c2f5a |
## <desc>
|
|
Chris PeBenito |
ff8f0a |
##
|
|
Chris PeBenito |
ff8f0a |
## Execute a file in a bin directory
|
|
Chris PeBenito |
ff8f0a |
## in the specified domain. This allows
|
|
Chris PeBenito |
ff8f0a |
## the specified domain to execute any file
|
|
Chris PeBenito |
ff8f0a |
## on these filesystems in the specified
|
|
Chris PeBenito |
ff8f0a |
## domain. This is not suggested.
|
|
Chris PeBenito |
ff8f0a |
##
|
|
Chris PeBenito |
ff8f0a |
##
|
|
Chris PeBenito |
ff8f0a |
## No interprocess communication (signals, pipes,
|
|
Chris PeBenito |
ff8f0a |
## etc.) is provided by this interface since
|
|
Chris PeBenito |
ff8f0a |
## the domains are not owned by this module.
|
|
Chris PeBenito |
ff8f0a |
##
|
|
Chris PeBenito |
ff8f0a |
##
|
|
Chris PeBenito |
ff8f0a |
## This interface was added to handle
|
|
Chris PeBenito |
ff8f0a |
## the ssh-agent policy.
|
|
Chris PeBenito |
ff8f0a |
##
|
|
Chris PeBenito |
7c2f5a |
## </desc>
|
|
Chris PeBenito |
7c2f5a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
7c2f5a |
## </param>
|
|
Chris PeBenito |
7c2f5a |
## <param name="target_domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
ff8f0a |
## The type of the new process.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
7c2f5a |
## </param>
|
|
Chris PeBenito |
7c2f5a |
#
|
|
Chris PeBenito |
7c2f5a |
interface(`corecmd_bin_domtrans',`
|
|
Chris PeBenito |
7c2f5a |
gen_require(`
|
|
Chris PeBenito |
7c2f5a |
type bin_t;
|
|
Chris PeBenito |
7c2f5a |
')
|
|
Chris PeBenito |
7c2f5a |
|
|
Chris PeBenito |
290aa8 |
corecmd_bin_spec_domtrans($1, $2)
|
|
Chris PeBenito |
7c2f5a |
type_transition $1 bin_t:process $2;
|
|
Chris PeBenito |
df00b2 |
')
|
|
Chris PeBenito |
df00b2 |
|
|
Chris PeBenito |
df00b2 |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Search the contents of sbin directories. (Deprecated)
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
075c4f |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_search_sbin',`
|
|
Chris PeBenito |
8021cb |
corecmd_search_bin($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
|
|
Chris PeBenito |
075c4f |
')
|
|
Chris PeBenito |
075c4f |
|
|
Chris PeBenito |
075c4f |
########################################
|
|
Chris PeBenito |
3e6c81 |
## <summary>
|
|
Chris PeBenito |
3e6c81 |
## Do not audit attempts to search
|
|
Chris PeBenito |
8021cb |
## sbin directories. (Deprecated)
|
|
Chris PeBenito |
3e6c81 |
## </summary>
|
|
Chris PeBenito |
3e6c81 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
3e6c81 |
## Domain to not audit.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
3e6c81 |
## </param>
|
|
Chris PeBenito |
3e6c81 |
#
|
|
Chris PeBenito |
3e6c81 |
interface(`corecmd_dontaudit_search_sbin',`
|
|
Chris PeBenito |
8021cb |
corecmd_dontaudit_search_bin($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_search_bin() instead.')
|
|
Chris PeBenito |
3e6c81 |
')
|
|
Chris PeBenito |
3e6c81 |
|
|
Chris PeBenito |
3e6c81 |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## List the contents of sbin directories. (Deprecated)
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
075c4f |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_list_sbin',`
|
|
Chris PeBenito |
8021cb |
corecmd_list_bin($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_list_bin() instead.')
|
|
Chris PeBenito |
075c4f |
')
|
|
Chris PeBenito |
075c4f |
|
|
Chris PeBenito |
075c4f |
########################################
|
|
Chris PeBenito |
6b19be |
## <summary>
|
|
Chris PeBenito |
6b19be |
## Do not audit attempts to write
|
|
Chris PeBenito |
8021cb |
## sbin directories. (Deprecated)
|
|
Chris PeBenito |
6b19be |
## </summary>
|
|
Chris PeBenito |
6b19be |
## <param name="domain">
|
|
Chris PeBenito |
6b19be |
## <summary>
|
|
Chris PeBenito |
6b19be |
## Domain to not audit.
|
|
Chris PeBenito |
6b19be |
## </summary>
|
|
Chris PeBenito |
6b19be |
## </param>
|
|
Chris PeBenito |
6b19be |
#
|
|
Chris PeBenito |
6b19be |
interface(`corecmd_dontaudit_write_sbin_dirs',`
|
|
Chris PeBenito |
8021cb |
corecmd_dontaudit_write_bin_dirs($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_write_bin_dirs() instead.')
|
|
Chris PeBenito |
6b19be |
')
|
|
Chris PeBenito |
6b19be |
|
|
Chris PeBenito |
6b19be |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Get the attributes of sbin files. (Deprecated)
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
80436b |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_getattr_sbin_files',`
|
|
Chris PeBenito |
8021cb |
corecmd_getattr_bin_files($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_getattr_bin_files() instead.')
|
|
Chris PeBenito |
80436b |
')
|
|
Chris PeBenito |
80436b |
|
|
Chris PeBenito |
80436b |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Do not audit attempts to get the attibutes
|
|
Chris PeBenito |
8021cb |
## of sbin files. (Deprecated)
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain to not audit.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_dontaudit_getattr_sbin_files',`
|
|
Chris PeBenito |
8021cb |
corecmd_dontaudit_getattr_bin_files($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_dontaudit_getattr_bin_files() instead.')
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
58c3da |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Read files in sbin directories. (Deprecated)
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_sbin_files',`
|
|
Chris PeBenito |
8021cb |
corecmd_read_bin_files($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_files() instead.')
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Read symbolic links in sbin directories. (Deprecated)
|
|
Chris PeBenito |
58c3da |
## </summary>
|
|
Chris PeBenito |
58c3da |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
58c3da |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_sbin_symlinks',`
|
|
Chris PeBenito |
8021cb |
corecmd_read_bin_symlinks($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_symlinks() instead.')
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Read named pipes in sbin directories. (Deprecated)
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_sbin_pipes',`
|
|
Chris PeBenito |
8021cb |
corecmd_read_bin_pipes($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_pipes() instead.')
|
|
Chris PeBenito |
ae9e27 |
')
|
|
Chris PeBenito |
ae9e27 |
|
|
Chris PeBenito |
ae9e27 |
########################################
|
|
Chris PeBenito |
ae9e27 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Read named sockets in sbin directories. (Deprecated)
|
|
Chris PeBenito |
ae9e27 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
ae9e27 |
## </param>
|
|
Chris PeBenito |
ae9e27 |
#
|
|
Chris PeBenito |
1815ba |
interface(`corecmd_read_sbin_sockets',`
|
|
Chris PeBenito |
8021cb |
corecmd_read_bin_sockets($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_read_bin_sockets() instead.')
|
|
Chris PeBenito |
58c3da |
')
|
|
Chris PeBenito |
58c3da |
|
|
Chris PeBenito |
58c3da |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Execute generic programs in sbin directories,
|
|
Chris PeBenito |
8021cb |
## in the caller domain. (Deprecated)
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_exec_sbin',`
|
|
Chris PeBenito |
8021cb |
corecmd_exec_bin($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
dd8229 |
|
|
Chris PeBenito |
2c2435 |
########################################
|
|
Chris PeBenito |
2c2435 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Create, read, write, and delete sbin files. (Deprecated)
|
|
Chris PeBenito |
2c2435 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## </param>
|
|
Chris PeBenito |
2c2435 |
#
|
|
Chris PeBenito |
2c2435 |
# cjp: added for prelink
|
|
Chris PeBenito |
2c2435 |
interface(`corecmd_manage_sbin_files',`
|
|
Chris PeBenito |
8021cb |
corecmd_manage_bin_files($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_manage_bin_files() instead.')
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
2c2435 |
########################################
|
|
Chris PeBenito |
2c2435 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Relabel to and from the sbin type. (Deprecated)
|
|
Chris PeBenito |
2c2435 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## </param>
|
|
Chris PeBenito |
2c2435 |
#
|
|
Chris PeBenito |
2c2435 |
# cjp: added for prelink
|
|
Chris PeBenito |
2c2435 |
interface(`corecmd_relabel_sbin_files',`
|
|
Chris PeBenito |
8021cb |
corecmd_relabel_bin_files($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_relabel_bin_files() instead.')
|
|
Chris PeBenito |
2c2435 |
')
|
|
Chris PeBenito |
2c2435 |
|
|
Chris PeBenito |
2c2435 |
########################################
|
|
Chris PeBenito |
2c2435 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Mmap a sbin file as executable. (Deprecated)
|
|
Chris PeBenito |
2c2435 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
2c2435 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
2c2435 |
## </param>
|
|
Chris PeBenito |
2c2435 |
#
|
|
Chris PeBenito |
2c2435 |
# cjp: added for prelink
|
|
Chris PeBenito |
2c2435 |
interface(`corecmd_mmap_sbin_files',`
|
|
Chris PeBenito |
8021cb |
corecmd_mmap_bin_files($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_mmap_bin_files() instead.')
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
451c1e |
## <summary>
|
|
Chris PeBenito |
451c1e |
## Execute a file in a sbin directory
|
|
Chris PeBenito |
8021cb |
## in the specified domain. (Deprecated)
|
|
Chris PeBenito |
451c1e |
## </summary>
|
|
Chris PeBenito |
451c1e |
## <desc>
|
|
Chris PeBenito |
451c1e |
##
|
|
Chris PeBenito |
451c1e |
## Execute a file in a sbin directory
|
|
Chris PeBenito |
451c1e |
## in the specified domain. This allows
|
|
Chris PeBenito |
451c1e |
## the specified domain to execute any file
|
|
Chris PeBenito |
451c1e |
## on these filesystems in the specified
|
|
Chris PeBenito |
8021cb |
## domain. This is not suggested. (Deprecated)
|
|
Chris PeBenito |
451c1e |
##
|
|
Chris PeBenito |
451c1e |
##
|
|
Chris PeBenito |
451c1e |
## No interprocess communication (signals, pipes,
|
|
Chris PeBenito |
451c1e |
## etc.) is provided by this interface since
|
|
Chris PeBenito |
451c1e |
## the domains are not owned by this module.
|
|
Chris PeBenito |
451c1e |
##
|
|
Chris PeBenito |
451c1e |
##
|
|
Chris PeBenito |
451c1e |
## This interface was added to handle
|
|
Chris PeBenito |
451c1e |
## the ssh-agent policy.
|
|
Chris PeBenito |
451c1e |
##
|
|
Chris PeBenito |
451c1e |
## </desc>
|
|
Chris PeBenito |
451c1e |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
451c1e |
## </param>
|
|
Chris PeBenito |
451c1e |
## <param name="target_domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
451c1e |
## The type of the new process.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
451c1e |
## </param>
|
|
Chris PeBenito |
451c1e |
#
|
|
Chris PeBenito |
451c1e |
interface(`corecmd_sbin_domtrans',`
|
|
Chris PeBenito |
0bfccd |
corecmd_bin_domtrans($1, $2)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
|
|
Chris PeBenito |
451c1e |
')
|
|
Chris PeBenito |
451c1e |
|
|
Chris PeBenito |
451c1e |
########################################
|
|
Chris PeBenito |
725926 |
## <summary>
|
|
Chris PeBenito |
7c2f5a |
## Execute a file in a sbin directory
|
|
Chris PeBenito |
7c2f5a |
## in the specified domain but do not
|
|
Chris PeBenito |
7c2f5a |
## do it automatically. This is an explicit
|
|
Chris PeBenito |
8021cb |
## transition, requiring the caller to use setexeccon(). (Deprecated)
|
|
Chris PeBenito |
7c2f5a |
## </summary>
|
|
Chris PeBenito |
7c2f5a |
## <desc>
|
|
Chris PeBenito |
7c2f5a |
##
|
|
Chris PeBenito |
7c2f5a |
## Execute a file in a sbin directory
|
|
Chris PeBenito |
7c2f5a |
## in the specified domain. This allows
|
|
Chris PeBenito |
7c2f5a |
## the specified domain to execute any file
|
|
Chris PeBenito |
7c2f5a |
## on these filesystems in the specified
|
|
Chris PeBenito |
8021cb |
## domain. This is not suggested. (Deprecated)
|
|
Chris PeBenito |
7c2f5a |
##
|
|
Chris PeBenito |
7c2f5a |
##
|
|
Chris PeBenito |
7c2f5a |
## No interprocess communication (signals, pipes,
|
|
Chris PeBenito |
7c2f5a |
## etc.) is provided by this interface since
|
|
Chris PeBenito |
7c2f5a |
## the domains are not owned by this module.
|
|
Chris PeBenito |
7c2f5a |
##
|
|
Chris PeBenito |
7c2f5a |
##
|
|
Chris PeBenito |
7c2f5a |
## This interface was added to handle
|
|
Chris PeBenito |
7c2f5a |
## the userhelper policy.
|
|
Chris PeBenito |
7c2f5a |
##
|
|
Chris PeBenito |
7c2f5a |
## </desc>
|
|
Chris PeBenito |
7c2f5a |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
7c2f5a |
## </param>
|
|
Chris PeBenito |
7c2f5a |
## <param name="target_domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
7c2f5a |
## The type of the new process.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
7c2f5a |
## </param>
|
|
Chris PeBenito |
7c2f5a |
#
|
|
Chris PeBenito |
7c2f5a |
interface(`corecmd_sbin_spec_domtrans',`
|
|
Chris PeBenito |
0bfccd |
corecmd_bin_spec_domtrans($1, $2)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
|
|
Chris PeBenito |
7c2f5a |
')
|
|
Chris PeBenito |
7c2f5a |
|
|
Chris PeBenito |
7c2f5a |
########################################
|
|
Chris PeBenito |
7c2f5a |
## <summary>
|
|
Chris PeBenito |
725926 |
## Check if a shell is executable (DAC-wise).
|
|
Chris PeBenito |
725926 |
## </summary>
|
|
Chris PeBenito |
725926 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
725926 |
## Domain allowed access.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
725926 |
## </param>
|
|
Chris PeBenito |
725926 |
#
|
|
Chris PeBenito |
725926 |
interface(`corecmd_check_exec_shell',`
|
|
Chris PeBenito |
725926 |
gen_require(`
|
|
Chris PeBenito |
725926 |
type bin_t, shell_exec_t;
|
|
Chris PeBenito |
725926 |
')
|
|
Chris PeBenito |
725926 |
|
|
Chris PeBenito |
0bfccd |
list_dirs_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
725926 |
allow $1 shell_exec_t:file execute;
|
|
Chris PeBenito |
725926 |
')
|
|
Chris PeBenito |
725926 |
|
|
Chris PeBenito |
725926 |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
3a744d |
## Execute shells in the caller domain.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
3a744d |
## <desc>
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## Allow the specified domain to execute shells without
|
|
Chris PeBenito |
3a744d |
## a domain transition.
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## Typically, this interface should be used when the domain
|
|
Chris PeBenito |
3a744d |
## executes shells within the privileges
|
|
Chris PeBenito |
3a744d |
## of the source domain. Some examples of these programs
|
|
Chris PeBenito |
3a744d |
## are bash, tcsh, and zsh.
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## Related interface:
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## corecmd_exec_bin()
|
|
Chris PeBenito |
3a744d |
##
|
|
Chris PeBenito |
3a744d |
## </desc>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_exec_shell',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type bin_t, shell_exec_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
list_dirs_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
can_exec($1, shell_exec_t)
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
8021cb |
## Execute ls in the caller domain. (Deprecated)
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
f5c42b |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_exec_ls',`
|
|
Chris PeBenito |
8021cb |
corecmd_exec_bin($1)
|
|
Chris PeBenito |
8021cb |
refpolicywarn(`$0() has been deprecated, please use corecmd_exec_bin() instead.')
|
|
Chris PeBenito |
f5c42b |
')
|
|
Chris PeBenito |
f5c42b |
|
|
Chris PeBenito |
f5c42b |
########################################
|
|
Chris PeBenito |
f7ebea |
## <summary>
|
|
Chris PeBenito |
f7ebea |
## Execute a shell in the target domain. This
|
|
Chris PeBenito |
f7ebea |
## is an explicit transition, requiring the
|
|
Chris PeBenito |
f7ebea |
## caller to use setexeccon().
|
|
Chris PeBenito |
f7ebea |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <desc>
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
414e41 |
## Execute a shell in the target domain. This
|
|
Chris PeBenito |
414e41 |
## is an explicit transition, requiring the
|
|
Chris PeBenito |
414e41 |
## caller to use setexeccon().
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
## No interprocess communication (signals, pipes,
|
|
Chris PeBenito |
df00b2 |
## etc.) is provided by this interface since
|
|
Chris PeBenito |
df00b2 |
## the domains are not owned by this module.
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
414e41 |
## </desc>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
414e41 |
## <param name="target_domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The type of the shell process.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
075c4f |
#
|
|
Chris PeBenito |
199895 |
interface(`corecmd_shell_spec_domtrans',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type bin_t, shell_exec_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
list_dirs_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
domain_transition_pattern($1, shell_exec_t, $2)
|
|
Chris PeBenito |
075c4f |
')
|
|
Chris PeBenito |
075c4f |
|
|
Chris PeBenito |
4bf4ed |
########################################
|
|
Chris PeBenito |
df00b2 |
## <summary>
|
|
Chris PeBenito |
df00b2 |
## Execute a shell in the specified domain.
|
|
Chris PeBenito |
df00b2 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## <desc>
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
## Execute a shell in the specified domain.
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
df00b2 |
## No interprocess communication (signals, pipes,
|
|
Chris PeBenito |
df00b2 |
## etc.) is provided by this interface since
|
|
Chris PeBenito |
df00b2 |
## the domains are not owned by this module.
|
|
Chris PeBenito |
df00b2 |
##
|
|
Chris PeBenito |
414e41 |
## </desc>
|
|
Chris PeBenito |
414e41 |
## <param name="domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Dominick Grift |
705f70 |
## Domain allowed to transition.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
414e41 |
## <param name="target_domain">
|
|
Chris PeBenito |
885b83 |
## <summary>
|
|
Chris PeBenito |
414e41 |
## The type of the shell process.
|
|
Chris PeBenito |
885b83 |
## </summary>
|
|
Chris PeBenito |
414e41 |
## </param>
|
|
Chris PeBenito |
4bf4ed |
#
|
|
Chris PeBenito |
df00b2 |
interface(`corecmd_shell_domtrans',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type shell_exec_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
corecmd_shell_spec_domtrans($1, $2)
|
|
Chris PeBenito |
0c73cd |
type_transition $1 shell_exec_t:process $2;
|
|
Chris PeBenito |
4bf4ed |
')
|
|
Chris PeBenito |
4bf4ed |
|
|
Chris PeBenito |
075c4f |
########################################
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Execute chroot in the caller domain.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## <param name="domain">
|
|
Chris PeBenito |
ac9db9 |
## <summary>
|
|
Chris PeBenito |
ac9db9 |
## Domain allowed access.
|
|
Chris PeBenito |
ac9db9 |
## </summary>
|
|
Chris PeBenito |
ac9db9 |
## </param>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
df00b2 |
interface(`corecmd_exec_chroot',`
|
|
Chris PeBenito |
139520 |
gen_require(`
|
|
Chris PeBenito |
139520 |
type chroot_exec_t;
|
|
Chris PeBenito |
139520 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
can_exec($1, chroot_exec_t)
|
|
Dan Walsh |
3eaa99 |
allow $1 self:capability sys_chroot;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
fb63d0 |
########################################
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
6c20f7 |
## Get the attributes of all executable files.
|
|
Chris PeBenito |
6c20f7 |
## </summary>
|
|
Chris PeBenito |
6c20f7 |
## <param name="domain">
|
|
Chris PeBenito |
6c20f7 |
## <summary>
|
|
Chris PeBenito |
6c20f7 |
## Domain allowed access.
|
|
Chris PeBenito |
6c20f7 |
## </summary>
|
|
Chris PeBenito |
6c20f7 |
## </param>
|
|
Chris PeBenito |
6c20f7 |
## <rolecap/>
|
|
Chris PeBenito |
6c20f7 |
#
|
|
Chris PeBenito |
6c20f7 |
interface(`corecmd_getattr_all_executables',`
|
|
Chris PeBenito |
6c20f7 |
gen_require(`
|
|
Chris PeBenito |
6c20f7 |
attribute exec_type;
|
|
Chris PeBenito |
8021cb |
type bin_t;
|
|
Chris PeBenito |
6c20f7 |
')
|
|
Chris PeBenito |
6c20f7 |
|
|
Chris PeBenito |
8021cb |
allow $1 bin_t:dir list_dir_perms;
|
|
Chris PeBenito |
0bfccd |
getattr_files_pattern($1, bin_t, exec_type)
|
|
Chris PeBenito |
6c20f7 |
')
|
|
Chris PeBenito |
6c20f7 |
|
|
Chris PeBenito |
6c20f7 |
########################################
|
|
Chris PeBenito |
6c20f7 |
## <summary>
|
|
Chris PeBenito |
4b23c6 |
## Read all executable files.
|
|
Chris PeBenito |
4b23c6 |
## </summary>
|
|
Chris PeBenito |
4b23c6 |
## <param name="domain">
|
|
Chris PeBenito |
4b23c6 |
## <summary>
|
|
Chris PeBenito |
4b23c6 |
## Domain allowed access.
|
|
Chris PeBenito |
4b23c6 |
## </summary>
|
|
Chris PeBenito |
4b23c6 |
## </param>
|
|
Chris PeBenito |
4b23c6 |
## <rolecap/>
|
|
Chris PeBenito |
4b23c6 |
#
|
|
Chris PeBenito |
4b23c6 |
interface(`corecmd_read_all_executables',`
|
|
Chris PeBenito |
4b23c6 |
gen_require(`
|
|
Chris PeBenito |
4b23c6 |
attribute exec_type;
|
|
Chris PeBenito |
4b23c6 |
')
|
|
Chris PeBenito |
4b23c6 |
|
|
Chris PeBenito |
4b23c6 |
read_files_pattern($1, exec_type, exec_type)
|
|
Chris PeBenito |
4b23c6 |
')
|
|
Chris PeBenito |
4b23c6 |
|
|
Chris PeBenito |
4b23c6 |
########################################
|
|
Chris PeBenito |
4b23c6 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Execute all executable files.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## <param name="domain">
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Domain allowed access.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
fb63d0 |
#
|
|
Chris PeBenito |
fb63d0 |
interface(`corecmd_exec_all_executables',`
|
|
Chris PeBenito |
fb63d0 |
gen_require(`
|
|
Chris PeBenito |
fb63d0 |
attribute exec_type;
|
|
Chris PeBenito |
8021cb |
type bin_t;
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
0bfccd |
can_exec($1, exec_type)
|
|
Chris PeBenito |
0bfccd |
list_dirs_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
0bfccd |
read_lnk_files_pattern($1, bin_t, exec_type)
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
fb63d0 |
########################################
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
5bf9de |
## Do not audit attempts to execute all executables.
|
|
Chris PeBenito |
5bf9de |
## </summary>
|
|
Chris PeBenito |
5bf9de |
## <param name="domain">
|
|
Chris PeBenito |
5bf9de |
## <summary>
|
|
Chris PeBenito |
97b990 |
## Domain to not audit.
|
|
Chris PeBenito |
5bf9de |
## </summary>
|
|
Chris PeBenito |
5bf9de |
## </param>
|
|
Chris PeBenito |
5bf9de |
#
|
|
Chris PeBenito |
5bf9de |
interface(`corecmd_dontaudit_exec_all_executables',`
|
|
Chris PeBenito |
5bf9de |
gen_require(`
|
|
Chris PeBenito |
5bf9de |
attribute exec_type;
|
|
Chris PeBenito |
5bf9de |
')
|
|
Chris PeBenito |
5bf9de |
|
|
Chris PeBenito |
5bf9de |
dontaudit $1 exec_type:file { execute execute_no_trans };
|
|
Chris PeBenito |
5bf9de |
')
|
|
Chris PeBenito |
5bf9de |
|
|
Chris PeBenito |
5bf9de |
########################################
|
|
Chris PeBenito |
5bf9de |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Create, read, write, and all executable files.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## <param name="domain">
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Domain allowed access.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
fb63d0 |
#
|
|
Chris PeBenito |
fb63d0 |
interface(`corecmd_manage_all_executables',`
|
|
Chris PeBenito |
fb63d0 |
gen_require(`
|
|
Chris PeBenito |
fb63d0 |
attribute exec_type;
|
|
Chris PeBenito |
8021cb |
type bin_t;
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Dan Walsh |
3eaa99 |
manage_dirs_pattern($1, bin_t, exec_type)
|
|
Chris PeBenito |
0bfccd |
manage_files_pattern($1, bin_t, exec_type)
|
|
Chris PeBenito |
0bfccd |
manage_lnk_files_pattern($1, bin_t, bin_t)
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
fb63d0 |
########################################
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Relabel to and from the bin type.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## <param name="domain">
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Domain allowed access.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
fb63d0 |
#
|
|
Chris PeBenito |
fb63d0 |
interface(`corecmd_relabel_all_executables',`
|
|
Chris PeBenito |
fb63d0 |
gen_require(`
|
|
Chris PeBenito |
fb63d0 |
attribute exec_type;
|
|
Chris PeBenito |
8021cb |
type bin_t;
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
0bfccd |
relabel_files_pattern($1, bin_t, exec_type)
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
fb63d0 |
########################################
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Mmap all executables as executable.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## <param name="domain">
|
|
Chris PeBenito |
fb63d0 |
## <summary>
|
|
Chris PeBenito |
fb63d0 |
## Domain allowed access.
|
|
Chris PeBenito |
fb63d0 |
## </summary>
|
|
Chris PeBenito |
fb63d0 |
## </param>
|
|
Chris PeBenito |
fb63d0 |
#
|
|
Chris PeBenito |
fb63d0 |
interface(`corecmd_mmap_all_executables',`
|
|
Chris PeBenito |
fb63d0 |
gen_require(`
|
|
Chris PeBenito |
fb63d0 |
attribute exec_type;
|
|
Chris PeBenito |
8021cb |
type bin_t;
|
|
Chris PeBenito |
fb63d0 |
')
|
|
Chris PeBenito |
fb63d0 |
|
|
Chris PeBenito |
0bfccd |
mmap_files_pattern($1, bin_t, exec_type)
|
|
Chris PeBenito |
fb63d0 |
')
|