# Copyright (C) 2005 Tresys Technology, LLC

########################################

#

# init_transition(domain,[`optional'])

#

define(`init_transition',`

requires_block_template(init_transition_depend,$2)

allow $1 init_exec_t:file { getattr read execute };

allow $1 init_t:process transition;

type_transition $1 init_exec_t:file init_t;

dontaudit $1 init_t:process { noatsecure siginh rlimitinh };

')

define(`init_transition_depend',`

type init_t, init_exec_t;

class file { getattr read execute };

class process { transition noatsecure siginh rlimitinh };

')

########################################

#

# init_get_control_channel_attributes(domain,[`optional'])

#

define(`init_get_control_channel_attributes',`

requires_block_template(init_get_control_channel_attributes_depend,$2)

allow $1 initctl_t:fifo_file getattr;

')

define(`init_get_control_channel_attributes_depend',`

type initctl_t;

class fifo_file getattr;

')

########################################

#

# init_sigchld(domain,[`optional'])

#

define(`init_sigchld',`

requires_block_template(init_sigchld_depend,$2)

allow $1 init_t:process sigchld;

')

define(`init_sigchld_depend',`

type init_t;

class process sigchld;

')

########################################

#

# init_use_file_descriptors(domain,[`optional'])

#

define(`init_use_file_descriptors',`

requires_block_template(init_use_file_descriptors_depend,$2)

allow $1 init_t:fd use;

')

define(`init_use_file_descriptors_depend',`

type init_t;

class fd use;

')

########################################

#

# init_ignore_use_file_descriptors(domain,[`optional'])

#

define(`init_ignore_use_file_descriptors',`

requires_block_template(init_ignore_use_file_descriptors_depend,$2)

dontaudit $1 init_t:fd use;

')

define(`init_ignore_use_file_descriptors_depend',`

type init_t;

class fd use;

')

########################################

#

# init_script_transition(domain,[`optional'])

#

define(`init_script_transition',`

requires_block_template(init_script_transition_depend,$2)

allow $1 initrc_exec_t:file { getattr read execute };

allow $1 initrc_t:process transition;

type_transition $1 initrc_exec_t:process init_t;

dontaudit $1 init_t:process { noatsecure siginh rlimitinh };

')

define(`init_script_transition_depend',`

type initrc_t, initrc_exec_t;

class file { getattr read execute };

class process { transition noatsecure siginh rlimitinh };

')

########################################

#

# init_script_use_file_descriptors(domain,[`optional'])

#

define(`init_script_use_file_descriptors',`

requires_block_template(init_script_use_file_descriptors_depend,$2)

allow $1 initrc_t:fd use;

')

define(`init_script_use_file_descriptors_depend',`

type initrc_t;

class fd use;

')

########################################

#

# init_script_use_pseudoterminal(domain,[`optional'])

#

define(`init_script_use_pseudoterminal',`

requires_block_template(init_script_use_pseudoterminal_depend,$2)

allow $1 initrc_devpts_t:chr_file { read write };

')

define(`init_script_use_pseudoterminal_depend',`

type initrc_devpts_t;

class chr_file { read write };

')

########################################

#

# init_script_direct_admin_transition(role,domain,[`optional'])

#

define(`init_script_direct_admin_transition',`

requires_block_template(init_script_direct_admin_transition_depend,$2)

allow $2 initrc_exec_t:file { getattr read execute };

allow $2 initrc_t:process transition;

type_transition $2 initrc_exec_t:file init_t;

kernel_system_role_transition($1,initrc_exec_t,optional)

dontaudit $2 init_t:process { noatsecure siginh rlimitinh };

')

define(`init_script_direct_admin_transition_depend',`

type initrc_t, initrc_exec_t;

class file { getattr read execute };

class process { transition noatsecure siginh rlimitinh };

kernel_system_role_transition_depend

')