selinux-policy/strict/domains/misc/userspace_objmgr.te

#DESC Userspace Object Managers
#
#################################

# Get our own security context.
can_getcon(userspace_objmgr)
# Get security decisions via selinuxfs.
can_getsecurity(userspace_objmgr)
# Read /etc/selinux
r_dir_file(userspace_objmgr, { selinux_config_t default_context_t })
# Receive notifications of policy reloads and enforcing status changes.
allow userspace_objmgr self:netlink_selinux_socket { create bind read };
initial commit 2005-04-29 17:45:15 +00:00			`#DESC Userspace Object Managers`
			`#`
			`#################################`

			`# Get our own security context.`
			`can_getcon(userspace_objmgr)`
			`# Get security decisions via selinuxfs.`
			`can_getsecurity(userspace_objmgr)`
			`# Read /etc/selinux`
			`r_dir_file(userspace_objmgr, { selinux_config_t default_context_t })`
			`# Receive notifications of policy reloads and enforcing status changes.`
			`allow userspace_objmgr self:netlink_selinux_socket { create bind read };`