Blame refpolicy/policy/modules/kernel/selinux.te
|
Chris PeBenito |
ff7bc1 |
|
|
Chris PeBenito |
d3d270 |
policy_module(selinux,1.1.0)
|
|
Chris PeBenito |
ff7bc1 |
|
|
Chris PeBenito |
ff7bc1 |
########################################
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
ff7bc1 |
# Declarations
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
ff7bc1 |
|
|
Chris PeBenito |
9726b3 |
attribute can_load_policy;
|
|
Chris PeBenito |
9726b3 |
attribute can_setenforce;
|
|
Chris PeBenito |
9726b3 |
attribute can_setsecparam;
|
|
Chris PeBenito |
9726b3 |
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
ff7bc1 |
# security_t is the target type when checking
|
|
Chris PeBenito |
ff7bc1 |
# the permissions in the security class. It is also
|
|
Chris PeBenito |
ff7bc1 |
# applied to selinuxfs inodes.
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
f0574f |
type security_t;
|
|
Chris PeBenito |
cbca03 |
fs_type(security_t)
|
|
Chris PeBenito |
f0574f |
mls_trusted_object(security_t)
|
|
Chris PeBenito |
bf080a |
sid security gen_context(system_u:object_r:security_t,s15:c0.c255)
|
|
Chris PeBenito |
e02c61 |
genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0)
|
|
Chris PeBenito |
9726b3 |
|
|
Chris PeBenito |
9726b3 |
neverallow ~can_load_policy security_t:security load_policy;
|
|
Chris PeBenito |
9726b3 |
neverallow ~can_setenforce security_t:security setenforce;
|
|
Chris PeBenito |
9726b3 |
neverallow ~can_setsecparam security_t:security setsecparam;
|