## Red Hat Graphical Boot
########################################
##
## RHGB stub interface. No access allowed.
##
##
##
## N/A
##
##
#
interface(`rhgb_stub',`
gen_require(`
type rhgb_t;
')
')
########################################
##
## Use a rhgb file descriptor.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`rhgb_use_fds',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:fd use;
')
########################################
##
## Read and write to unix stream sockets.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`rhgb_rw_stream_sockets',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:unix_stream_socket { read write };
')
########################################
##
## Do not audit attempts to read and write
## rhgb unix domain stream sockets.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`rhgb_dontaudit_rw_stream_sockets',`
gen_require(`
type rhgb_t;
')
dontaudit $1 rhgb_t:unix_stream_socket { read write };
')
########################################
##
## Connected to rhgb unix stream socket.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`rhgb_stream_connect',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:unix_stream_socket connectto;
')
########################################
##
## Read and write to rhgb shared memory.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`rhgb_rw_shm',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:shm rw_shm_perms;
')
########################################
##
## Read and write to rhgb temporary file system.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`rhgb_rw_tmpfs_files',`
gen_require(`
type rhgb_tmpfs_t;
')
allow $1 rhgb_tmpfs_t:file { read write };
')