# Copyright (C) 2005 Tresys Technology, LLC ######################################## # # init_transition(domain) # define(`init_transition',` requires_block_template(`$0'_depend) allow $1 init_exec_t:file { getattr read execute }; allow $1 init_t:process transition; type_transition $1 init_exec_t:file init_t; dontaudit $1 init_t:process { noatsecure siginh rlimitinh }; ') define(`init_transition_depend',` type init_t, init_exec_t; class file { getattr read execute }; class process { transition noatsecure siginh rlimitinh }; ') ######################################## # # init_get_process_group(domain) # define(`init_get_process_group',` requires_block_template(`$0'_depend) allow $1 init_t:process getpgid; ') define(`init_get_process_group_depend',` type init_t; class process getpgid; ') ######################################## # # init_get_control_channel_attributes(domain) # define(`init_get_control_channel_attributes',` requires_block_template(`$0'_depend) allow $1 initctl_t:fifo_file getattr; ') define(`init_get_control_channel_attributes_depend',` type initctl_t; class fifo_file getattr; ') ######################################## # # init_use_control_channel(domain) # define(`init_use_control_channel',` requires_block_template(`$0'_depend) allow $1 initctl_t:fifo_file { getattr read write }; devices_list_device_nodes($1) ') define(`init_use_control_channel_depend',` type initctl_t; class fifo_file { getattr read write }; ') ######################################## # # init_ignore_use_control_channel(domain) # define(`init_ignore_use_control_channel',` requires_block_template(`$0'_depend) dontaudit $1 initctl_t:fifo_file { read write }; ') define(`init_ignore_use_control_channel_depend',` type initctl_t; class fifo_file { read write }; ') ######################################## # # init_sigchld(domain) # define(`init_sigchld',` requires_block_template(`$0'_depend) allow $1 init_t:process sigchld; ') define(`init_sigchld_depend',` type init_t; class process sigchld; ') ######################################## # # init_use_file_descriptors(domain) # define(`init_use_file_descriptors',` requires_block_template(`$0'_depend) allow $1 init_t:fd use; ') define(`init_use_file_descriptors_depend',` type init_t; class fd use; ') ######################################## # # init_ignore_use_file_descriptors(domain) # define(`init_ignore_use_file_descriptors',` requires_block_template(`$0'_depend) dontaudit $1 init_t:fd use; ') define(`init_ignore_use_file_descriptors_depend',` type init_t; class fd use; ') ######################################## # # init_script_transition(domain) # define(`init_script_transition',` requires_block_template(`$0'_depend) allow $1 initrc_exec_t:file { getattr read execute }; allow $1 initrc_t:process transition; type_transition $1 initrc_exec_t:process init_t; dontaudit $1 init_t:process { noatsecure siginh rlimitinh }; ') define(`init_script_transition_depend',` type initrc_t, initrc_exec_t; class file { getattr read execute }; class process { transition noatsecure siginh rlimitinh }; ') ######################################## # # init_script_execute(domain) # define(`init_script_execute',` requires_block_template(`$0'_depend) allow $1 initrc_exec_t:file { getattr read execute execute_no_trans }; ') define(`init_script_execute_depend',` type initrc_exec_t; class file { getattr read execute execute_no_trans }; ') ######################################## # # init_script_direct_admin_transition(role,domain) # define(`init_script_direct_admin_transition',` requires_block_template(`$0'_depend) allow $2 initrc_exec_t:file { getattr read execute }; allow $2 initrc_t:process transition; type_transition $2 initrc_exec_t:file init_t; role_transition $1 initrc_exec_t system_r; dontaudit $2 init_t:process { noatsecure siginh rlimitinh }; ') define(`init_script_direct_admin_transition_depend',` type initrc_t, initrc_exec_t; class file { getattr read execute }; class process { transition noatsecure siginh rlimitinh }; kernel_system_role_transition_depend ') ######################################## # # init_script_use_file_descriptors(domain) # define(`init_script_use_file_descriptors',` requires_block_template(`$0'_depend) allow $1 initrc_t:fd use; ') define(`init_script_use_file_descriptors_depend',` type initrc_t; class fd use; ') ######################################## # # init_script_use_pseudoterminal(domain) # define(`init_script_use_pseudoterminal',` requires_block_template(`$0'_depend) allow $1 initrc_devpts_t:chr_file { read write }; ') define(`init_script_use_pseudoterminal_depend',` type initrc_devpts_t; class chr_file { read write }; ') ######################################## # # init_script_get_process_group(domain) # define(`init_script_get_process_group',` requires_block_template(`$0'_depend) allow $1 initrc_t:process getpgid; ') define(`init_script_get_process_group_depend',` type initrc_t; class process getpgid; ') ######################################## # # init_script_read_runtime_data(domain) # define(`init_script_read_runtime_data',` requires_block_template(`$0'_depend) files_read_runtime_data_directory($1) allow $1 initrc_var_run_t:file { getattr read }; ') define(`init_script_read_runtime_data_depend',` type initrc_var_run_t; class file { getattr read }; ') ######################################## # # init_script_modify_runtime_data(domain) # define(`init_script_modify_runtime_data',` requires_block_template(`$0'_depend) files_read_runtime_data_directory($1) allow $1 initrc_var_run_t:file { getattr read write append }; ') define(`init_script_modify_runtime_data_depend',` type initrc_var_run_t; class file { getattr read write append }; ') ######################################## # # init_script_ignore_modify_runtime_data(domain) # define(`init_script_ignore_modify_runtime_data',` requires_block_template(`$0'_depend) dontaudit $1 initrc_var_run_t:file { getattr read write append }; ') define(`init_script_ignore_modify_runtime_data_depend',` type initrc_var_run_t; class file { getattr read write append }; ') ######################################## # # init_run_init_transition(domain) # define(`init_run_init_transition',` requires_block_template(`$0'_depend) allow $1 run_init_exec_t:file { getattr read execute }; allow $1 run_init_t:process transition; type_transition $1 run_init_exec_t:file run_init_t; dontaudit $1 run_init_t:process { noatsecure siginh rlimitinh }; ') define(`init_run_init_transition_depend',` type run_init_t, run_init_exec_t; class file { getattr read execute }; class process { transition noatsecure siginh rlimitinh }; ') ######################################## # # init_run_init_use_file_descriptors(domain) # define(`init_run_init_use_file_descriptors',` requires_block_template(`$0'_depend) allow $1 run_init_t:fd use; ') define(`init_run_init_use_file_descriptors_depend',` type run_init_t; class fd use; ')