Blame policy/modules/system/netlabel.if
|
Chris PeBenito |
130f8a |
## <summary>NetLabel/CIPSO labeled networking management</summary>
|
|
Chris PeBenito |
130f8a |
|
|
Chris PeBenito |
130f8a |
########################################
|
|
Chris PeBenito |
130f8a |
## <summary>
|
|
Chris PeBenito |
130f8a |
## Execute netlabel_mgmt in the netlabel_mgmt domain.
|
|
Chris PeBenito |
130f8a |
## </summary>
|
|
Chris PeBenito |
130f8a |
## <param name="domain">
|
|
Chris PeBenito |
130f8a |
## <summary>
|
|
Chris PeBenito |
130f8a |
## Domain allowed access.
|
|
Chris PeBenito |
130f8a |
## </summary>
|
|
Chris PeBenito |
130f8a |
## </param>
|
|
Chris PeBenito |
130f8a |
#
|
|
Chris PeBenito |
130f8a |
interface(`netlabel_domtrans_mgmt',`
|
|
Chris PeBenito |
130f8a |
gen_require(`
|
|
Chris PeBenito |
130f8a |
type netlabel_mgmt_t, netlabel_mgmt_exec_t;
|
|
Chris PeBenito |
130f8a |
')
|
|
Chris PeBenito |
130f8a |
|
|
Chris PeBenito |
130f8a |
corecmd_search_sbin($1)
|
|
Chris PeBenito |
130f8a |
domain_auto_trans($1,netlabel_mgmt_exec_t,netlabel_mgmt_t)
|
|
Chris PeBenito |
130f8a |
allow netlabel_mgmt_t $1:fd use;
|
|
Chris PeBenito |
130f8a |
allow netlabel_mgmt_t $1:fifo_file rw_file_perms;
|
|
Chris PeBenito |
130f8a |
allow netlabel_mgmt_t $1:process sigchld;
|
|
Chris PeBenito |
130f8a |
')
|
|
Chris PeBenito |
130f8a |
|
|
Chris PeBenito |
130f8a |
########################################
|
|
Chris PeBenito |
130f8a |
## <summary>
|
|
Chris PeBenito |
130f8a |
## Execute netlabel_mgmt in the netlabel_mgmt domain, and
|
|
Chris PeBenito |
130f8a |
## allow the specified role the netlabel_mgmt domain.
|
|
Chris PeBenito |
130f8a |
## </summary>
|
|
Chris PeBenito |
130f8a |
## <param name="domain">
|
|
Chris PeBenito |
130f8a |
## <summary>
|
|
Chris PeBenito |
130f8a |
## Domain allowed access.
|
|
Chris PeBenito |
130f8a |
## </summary>
|
|
Chris PeBenito |
130f8a |
## </param>
|
|
Chris PeBenito |
130f8a |
## <param name="role">
|
|
Chris PeBenito |
130f8a |
## <summary>
|
|
Chris PeBenito |
130f8a |
## The role to be allowed the netlabel_mgmt domain.
|
|
Chris PeBenito |
130f8a |
## </summary>
|
|
Chris PeBenito |
130f8a |
## </param>
|
|
Chris PeBenito |
130f8a |
## <param name="terminal">
|
|
Chris PeBenito |
130f8a |
## <summary>
|
|
Chris PeBenito |
130f8a |
## The type of the terminal allow the netlabel_mgmt domain to use.
|
|
Chris PeBenito |
130f8a |
## </summary>
|
|
Chris PeBenito |
130f8a |
## </param>
|
|
Chris PeBenito |
130f8a |
## <rolecap/>
|
|
Chris PeBenito |
130f8a |
#
|
|
Chris PeBenito |
130f8a |
interface(`netlabel_run_mgmt',`
|
|
Chris PeBenito |
130f8a |
gen_require(`
|
|
Chris PeBenito |
130f8a |
type netlabel_mgmt_t;
|
|
Chris PeBenito |
130f8a |
')
|
|
Chris PeBenito |
130f8a |
|
|
Chris PeBenito |
130f8a |
netlabel_domtrans_mgmt($1)
|
|
Chris PeBenito |
130f8a |
role $2 types netlabel_mgmt_t;
|
|
Chris PeBenito |
130f8a |
allow netlabel_mgmt_t $3:chr_file rw_term_perms;
|
|
Chris PeBenito |
130f8a |
')
|