Chris PeBenito 17de1b
## <summary>The unconfined domain.</summary>
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Make the specified domain unconfined.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain to make unconfined.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_domain_noaudit',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		class dbus all_dbus_perms;
Chris PeBenito 17de1b
		class nscd all_nscd_perms;
Chris PeBenito 17de1b
		class passwd all_passwd_perms;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	# Use any Linux capability.
Chris PeBenito 17de1b
	allow $1 self:capability *;
Chris PeBenito c0868a
	allow $1 self:fifo_file manage_fifo_file_perms;
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	# Transition to myself, to make get_ordered_context_list happy.
Chris PeBenito 17de1b
	allow $1 self:process transition;
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	# Write access is for setting attributes under /proc/self/attr.
Chris PeBenito 17de1b
	allow $1 self:file rw_file_perms;
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	# Userland object managers
Chris PeBenito 17de1b
	allow $1 self:nscd *;
Chris PeBenito 17de1b
	allow $1 self:dbus *;
Chris PeBenito 17de1b
	allow $1 self:passwd *;
Chris PeBenito 6b19be
	allow $1 self:association *;
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	kernel_unconfined($1)
Chris PeBenito 17de1b
	corenet_unconfined($1)
Chris PeBenito 17de1b
	dev_unconfined($1)
Chris PeBenito 17de1b
	domain_unconfined($1)
Chris PeBenito 17de1b
	domain_dontaudit_read_all_domains_state($1)
Chris PeBenito a5e213
	domain_dontaudit_ptrace_all_domains($1)
Chris PeBenito 17de1b
	files_unconfined($1)
Chris PeBenito 17de1b
	fs_unconfined($1)
Chris PeBenito 17de1b
	selinux_unconfined($1)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	tunable_policy(`allow_execheap',`
Chris PeBenito 17de1b
		# Allow making the stack executable via mprotect.
Chris PeBenito 17de1b
		allow $1 self:process execheap;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	tunable_policy(`allow_execmem',`
Chris PeBenito 17de1b
		# Allow making anonymous memory executable, e.g. 
Chris PeBenito 17de1b
		# for runtime-code generation or executable stack.
Chris PeBenito 17de1b
		allow $1 self:process execmem;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 465510
	tunable_policy(`allow_execstack',`
Chris PeBenito 465510
		# Allow making the stack executable via mprotect;
Chris PeBenito 465510
		# execstack implies execmem;
Chris PeBenito 465510
		allow $1 self:process { execstack execmem };
Chris PeBenito 17de1b
#		auditallow $1 self:process execstack;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	optional_policy(`
Chris PeBenito 17de1b
		auth_unconfined($1)
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	optional_policy(`
Chris PeBenito 17de1b
		# Communicate via dbusd.
Chris PeBenito 17de1b
		dbus_system_bus_unconfined($1)
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	optional_policy(`
Chris PeBenito 17de1b
		# this is to handle execmod on shared
Chris PeBenito 17de1b
		# libs with text relocations
Chris PeBenito 17de1b
		libs_use_shared_libs($1)
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	optional_policy(`
Chris PeBenito 17de1b
		nscd_unconfined($1)
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	optional_policy(`
Chris PeBenito 17de1b
		seutil_create_bin_policy($1)
Chris PeBenito 17de1b
		seutil_relabelto_bin_policy($1)
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	optional_policy(`
Chris PeBenito 17de1b
		storage_unconfined($1)
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Make the specified domain unconfined and
Chris PeBenito 17de1b
##	audit executable memory and executable heap
Chris PeBenito 17de1b
##	usage.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain to make unconfined.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_domain',`
Chris PeBenito 17de1b
	unconfined_domain_noaudit($1)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	tunable_policy(`allow_execheap',`
Chris PeBenito 17de1b
		auditallow $1 self:process execheap;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
# Turn off this audit for FC5
Chris PeBenito 17de1b
#	tunable_policy(`allow_execmem',`
Chris PeBenito 17de1b
#		auditallow $1 self:process execmem;
Chris PeBenito 17de1b
#	')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Transition to the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_domtrans',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t, unconfined_exec_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito c0868a
	domtrans_pattern($1,unconfined_exec_t,unconfined_t)
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Execute specified programs in the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	The type of the process performing this action.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
## <param name="role">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	The role to allow the unconfined domain.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
## <param name="terminal">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	The type of the terminal allow the unconfined domain to use.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_run',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	unconfined_domtrans($1)
Chris PeBenito 17de1b
	role $2 types unconfined_t;
Chris PeBenito 17de1b
	allow unconfined_t $3:chr_file rw_term_perms;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Transition to the unconfined domain by executing a shell.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_shell_domtrans',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	corecmd_shell_domtrans($1,unconfined_t)
Chris PeBenito c0868a
	allow unconfined_t $1:fd use;
Chris PeBenito c0868a
	allow unconfined_t $1:fifo_file rw_file_perms;
Chris PeBenito c0868a
	allow unconfined_t $1:process sigchld;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Allow unconfined to execute the specified program in
Chris PeBenito 17de1b
##	the specified domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <desc>
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	Allow unconfined to execute the specified program in
Chris PeBenito 17de1b
##	the specified domain.
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	This is a interface to support third party modules
Chris PeBenito 17de1b
##	and its use is not allowed in upstream reference
Chris PeBenito 17de1b
##	policy.
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
## </desc>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain to execute in.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
## <param name="entry_file">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain entry point file.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_domtrans_to',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito c0868a
	domtrans_pattern(unconfined_t,$2,$1)
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Inherit file descriptors from the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_use_fds',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:fd use;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Send a SIGCHLD signal to the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_sigchld',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:process sigchld;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Send a SIGNULL signal to the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_signull',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:process signull;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Send generic signals to the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_signal',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:process signal;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Read unconfined domain unnamed pipes.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_read_pipes',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito c0868a
	allow $1 unconfined_t:fifo_file read_fifo_file_perms;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Do not audit attempts to read unconfined domain unnamed pipes.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_dontaudit_read_pipes',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	dontaudit $1 unconfined_t:fifo_file read;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Read and write unconfined domain unnamed pipes.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_rw_pipes',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito c0868a
	allow $1 unconfined_t:fifo_file rw_fifo_file_perms;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito d6d16b
##	Do not audit attempts to read and write
Chris PeBenito d6d16b
##	unconfined domain unnamed pipes.
Chris PeBenito d6d16b
## </summary>
Chris PeBenito d6d16b
## <param name="domain">
Chris PeBenito d6d16b
##	<summary>
Chris PeBenito d6d16b
##	Domain to not audit.
Chris PeBenito d6d16b
##	</summary>
Chris PeBenito d6d16b
## </param>
Chris PeBenito d6d16b
#
Chris PeBenito d6d16b
interface(`unconfined_dontaudit_rw_pipes',`
Chris PeBenito d6d16b
	gen_require(`
Chris PeBenito d6d16b
		type unconfined_t;
Chris PeBenito d6d16b
	')
Chris PeBenito d6d16b
Chris PeBenito d6d16b
	dontaudit $1 unconfined_t:fifo_file rw_file_perms;
Chris PeBenito d6d16b
')
Chris PeBenito d6d16b
Chris PeBenito d6d16b
########################################
Chris PeBenito d6d16b
## <summary>
Chris PeBenito 17de1b
##	Connect to the unconfined domain using
Chris PeBenito 17de1b
##	a unix domain stream socket.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_stream_connect',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:unix_stream_socket connectto;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Do not audit attempts to read or write
Chris PeBenito 17de1b
##	unconfined domain tcp sockets.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <desc>
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	Do not audit attempts to read or write
Chris PeBenito 17de1b
##	unconfined domain tcp sockets.
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	This interface was added due to a broken
Chris PeBenito 17de1b
##	symptom in ldconfig.
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
## </desc>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain to not audit.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_dontaudit_rw_tcp_sockets',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	dontaudit $1 unconfined_t:tcp_socket { read write };
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Create keys for the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_create_keys',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:key create;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Send messages to the unconfined domain over dbus.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_dbus_send',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
		class dbus send_msg;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:dbus send_msg;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Send and receive messages from
Chris PeBenito 17de1b
##	unconfined_t over dbus.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_dbus_chat',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
		class dbus send_msg;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:dbus send_msg;
Chris PeBenito 17de1b
	allow unconfined_t $1:dbus send_msg;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Add an alias type to the unconfined domain.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <desc>
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	Add an alias type to the unconfined domain.
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
##	This is added to support targeted policy.  Its
Chris PeBenito 17de1b
##	use should be limited.  It has no effect
Chris PeBenito 17de1b
##	on the strict policy.
Chris PeBenito 17de1b
##	

Chris PeBenito 17de1b
## </desc>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	New alias of the unconfined domain.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_alias_domain',`
Chris PeBenito 17de1b
	ifdef(`targeted_policy',`
Chris PeBenito 17de1b
		gen_require(`
Chris PeBenito 17de1b
			type unconfined_t;
Chris PeBenito 17de1b
		')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
		typealias unconfined_t alias $1;
Chris PeBenito 17de1b
	',`
Chris PeBenito ea3c1f
		refpolicywarn(`$0($1) has no effect in strict policy.')
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito b04ecc
##	Add an alias type to the unconfined execmem
Chris PeBenito b04ecc
##	program file type.
Chris PeBenito b04ecc
## </summary>
Chris PeBenito b04ecc
## <desc>
Chris PeBenito b04ecc
##	

Chris PeBenito b04ecc
##	Add an alias type to the unconfined execmem
Chris PeBenito b04ecc
##	program file type.
Chris PeBenito b04ecc
##	

Chris PeBenito b04ecc
##	

Chris PeBenito b04ecc
##	This is added to support targeted policy.  Its
Chris PeBenito b04ecc
##	use should be limited.  It has no effect
Chris PeBenito b04ecc
##	on the strict policy.
Chris PeBenito b04ecc
##	

Chris PeBenito b04ecc
## </desc>
Chris PeBenito b04ecc
## <param name="domain">
Chris PeBenito b04ecc
##	<summary>
Chris PeBenito b04ecc
##	New alias of the unconfined execmem program type.
Chris PeBenito b04ecc
##	</summary>
Chris PeBenito b04ecc
## </param>
Chris PeBenito b04ecc
#
Chris PeBenito b04ecc
interface(`unconfined_execmem_alias_program',`
Chris PeBenito b04ecc
	ifdef(`targeted_policy',`
Chris PeBenito b04ecc
		gen_require(`
Chris PeBenito b04ecc
			type unconfined_execmem_exec_t;
Chris PeBenito b04ecc
		')
Chris PeBenito b04ecc
Chris PeBenito b04ecc
		typealias unconfined_execmem_exec_t alias $1;
Chris PeBenito b04ecc
	',`
Chris PeBenito b04ecc
		refpolicywarn(`$0($1) has no effect in strict policy.')
Chris PeBenito b04ecc
	')
Chris PeBenito b04ecc
')
Chris PeBenito b04ecc
Chris PeBenito b04ecc
########################################
Chris PeBenito b04ecc
## <summary>
Chris PeBenito 17de1b
##	Connect to the the unconfined DBUS
Chris PeBenito 17de1b
##	for service (acquire_svc).
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`unconfined_dbus_connect',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type unconfined_t;
Chris PeBenito 17de1b
		class dbus acquire_svc;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 unconfined_t:dbus acquire_svc;
Chris PeBenito 17de1b
')