Chris PeBenito ff7bc1
Chris PeBenito ff7bc1
policy_module(selinux,1.0)
Chris PeBenito ff7bc1
Chris PeBenito ff7bc1
########################################
Chris PeBenito ff7bc1
#
Chris PeBenito ff7bc1
# Declarations
Chris PeBenito ff7bc1
#
Chris PeBenito ff7bc1
Chris PeBenito 9726b3
attribute can_load_policy;
Chris PeBenito 9726b3
attribute can_setenforce;
Chris PeBenito 9726b3
attribute can_setsecparam;
Chris PeBenito 9726b3
Chris PeBenito ff7bc1
# 
Chris PeBenito ff7bc1
# security_t is the target type when checking
Chris PeBenito ff7bc1
# the permissions in the security class.  It is also
Chris PeBenito ff7bc1
# applied to selinuxfs inodes.
Chris PeBenito ff7bc1
#
Chris PeBenito cff75c
type security_t; #, mlstrustedobject;
Chris PeBenito cbca03
fs_type(security_t)
Chris PeBenito ff7bc1
sid security context_template(system_u:object_r:security_t,s0)
Chris PeBenito ff7bc1
genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
Chris PeBenito 9726b3
Chris PeBenito 9726b3
neverallow ~can_load_policy security_t:security load_policy;
Chris PeBenito 9726b3
neverallow ~can_setenforce security_t:security setenforce;
Chris PeBenito 9726b3
neverallow ~can_setsecparam security_t:security setsecparam;