## <summary>Java virtual machine</summary> ######################################## ## <summary> ## Role access for java ## </summary> ## <param name="role"> ## <summary> ## Role allowed access ## </summary> ## </param> ## <param name="domain"> ## <summary> ## User domain for the role ## </summary> ## </param> # interface(`java_role',` gen_require(` type java_t, java_exec_t; ') role $1 types java_t; # The user role is authorized for this domain. domtrans_pattern($2, java_exec_t, java_t) allow java_t $2:process signull; # Unrestricted inheritance from the caller. allow $2 java_t:process { noatsecure siginh rlimitinh }; allow java_t $2:unix_stream_socket connectto; allow java_t $2:unix_stream_socket { read write }; ') ######################################## ## <summary> ## Run java in javaplugin domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # template(`java_domtrans',` gen_require(` type java_t, java_exec_t; ') domtrans_pattern($1, java_exec_t, java_t) ') ######################################## ## <summary> ## Execute the java program in the unconfined java domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`java_domtrans_unconfined',` gen_require(` type unconfined_java_t, java_exec_t; ') domtrans_pattern($1, java_exec_t, unconfined_java_t) corecmd_search_bin($1) ') ######################################## ## <summary> ## Execute the java program in the unconfined java domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <param name="role"> ## <summary> ## Role allowed access. ## </summary> ## </param> # interface(`java_run_unconfined',` gen_require(` type unconfined_java_t; ') java_domtrans_unconfined($1) role $2 types unconfined_java_t; ')