execmem domain

######################################## ##

## Execute the execmem program in the execmem domain. ##

## ##

## Domain allowed access. ##

## # interface(`execmem_exec',` gen_require(` type execmem_exec_t; ') can_exec($1, execmem_exec_t) ') ####################################### ##

## The role template for the execmem module. ##

## ##

## This template creates a derived domains which are used ## for execmem applications. ##

## ## ##

## The prefix of the user domain (e.g., user ## is the prefix for user_t). ##

## ## ##

## The role associated with the user domain. ##

## ## ##

## The type of the user domain. ##

## # template(`execmem_role_template',` gen_require(` type execmem_exec_t; ') type $1_execmem_t; domain_type($1_execmem_t) domain_entry_file($1_execmem_t, execmem_exec_t) role $2 types $1_execmem_t; userdom_unpriv_usertype($1, $1_execmem_t) userdom_manage_tmp_role($2, $1_execmem_t) userdom_manage_tmpfs_role($2, $1_execmem_t) allow $1_execmem_t self:process { execmem execstack }; allow $3 $1_execmem_t:process { getattr ptrace noatsecure signal_perms }; domtrans_pattern($3, execmem_exec_t, $1_execmem_t) ifdef(`hide_broken_symptoms', ` dontaudit $1_execmem_t $3:socket_class_set { read write }; ') files_execmod_tmp($1_execmem_t) optional_policy(` chrome_role($2, $1_execmem_t) ') optional_policy(` mozilla_execmod_user_home_files($1_execmem_t) ') optional_policy(` nsplugin_rw_shm($1_execmem_t) nsplugin_rw_semaphores($1_execmem_t) ') optional_policy(` xserver_role($2, $1_execmem_t) ') ') ######################################## ##

## Execute a execmem_exec file ## in the specified domain. ##

## ##

## Domain allowed access. ##

## ## ##

## The type of the new process. ##

## # interface(`execmem_domtrans',` gen_require(` type execmem_exec_t; ') domtrans_pattern($1, execmem_exec_t, $2) ')