selinux-policy/refpolicy/policy/modules/system/domain.te

# Copyright (C) 2005 Tresys Technology, LLC

policy_module(domain,1.0)

# Mark process types as domains
attribute domain;

# entrypoint executables
attribute entry_type;

# processes started by init itself
attribute init_domain;
attribute init_domain_entry;

# processes started by init scripts
attribute daemon_domain;
attribute daemon_domain_entry;

# widely-inheritable file descriptors
attribute privfd;

neverallow domain ~domain:process { transition dyntransition };
add copyright statement 2005-04-20 19:07:16 +00:00			`# Copyright (C) 2005 Tresys Technology, LLC`

add module statement macro and entrypoint executable attribute to replicate can_exec($1,exec_type) 2005-04-26 17:00:25 +00:00			`policy_module(domain,1.0)`

initial commit 2005-04-14 20:18:17 +00:00			`# Mark process types as domains`
			`attribute domain;`

add module statement macro and entrypoint executable attribute to replicate can_exec($1,exec_type) 2005-04-26 17:00:25 +00:00			`# entrypoint executables`
			`attribute entry_type;`

attack with sediff, make fs:getattr interfaces consistent, create init and daemon domains 2005-04-25 19:54:27 +00:00			`# processes started by init itself`
			`attribute init_domain;`
			`attribute init_domain_entry;`

			`# processes started by init scripts`
			`attribute daemon_domain;`
			`attribute daemon_domain_entry;`

make getattr and setattr interfaces and make naming consistent 2005-04-22 19:31:32 +00:00			`# widely-inheritable file descriptors`
			`attribute privfd;`

initial commit 2005-04-14 20:18:17 +00:00			`neverallow domain ~domain:process { transition dyntransition };`