selinux-policy/refpolicy/policy/modules/system/libraries.if

# Copyright (C) 2005 Tresys Technology, LLC

########################################
#
# libraries_use_dynamic_loader(domain)
#
define(`libraries_use_dynamic_loader',`
requires_block_template(`$0'_depend)
allow $1 lib_t:dir { getattr read search };
allow $1 lib_t:lnk_file { getattr read };
allow $1 ld_so_t:lnk_file { getattr read };
allow $1 ld_so_t:file { getattr read execute };
allow $1 ld_so_cache_t:file { getattr read };
')

define(`libraries_use_dynamic_loader_depend',`
type lib_t, ld_so_t, ld_so_cache_t;
class dir { getattr read search };
class lnk_file { getattr read };
class file { getattr read execute };
')

########################################
#
# libraries_legacy_use_dynamic_loader(domain)
#
define(`libraries_legacy_use_dynamic_loader',`
requires_block_template(`$0'_depend)
libraries_use_dynamic_loader($1,optional)
allow $1 ld_so_t:file execmod;
allow $1 ld_so_cache_t:file execute;
')

define(`libraries_legacy_use_dynamic_loader_depend',`
libraries_use_dynamic_loader_depend
type ld_so_t, ld_so_cache_t;
class file { execute execmod };
')

########################################
#
# libraries_execute_dynamic_loader(domain)
#
define(`libraries_execute_dynamic_loader',`
requires_block_template(`$0'_depend)
allow $1 lib_t:dir { getattr read search };
allow $1 lib_t:lnk_file { getattr read };
allow $1 ld_so_t:lnk_file { getattr read };
allow $1 ld_so_t:file { getattr read execute execute_no_trans };
')

define(`libraries_execute_dynamic_loader_depend',`
type lib_t, ld_so_t;
class dir { getattr read search };
class lnk_file { getattr read };
class file { getattr read execute execute_no_trans };
')

########################################
#
# libraries_modify_dynamic_loader_cache(domain)
#
define(`libraries_modify_dynamic_loader_cache',`
requires_block_template(`$0'_depend)
allow $1 ld_so_cache_t:file { getattr read write };
')

define(`libraries_modify_dynamic_loader_cache_depend',`
type ld_so_cache_t;
class file { getattr read write };
')

########################################
#
# libraries_use_shared_libraries(domain)
#
define(`libraries_use_shared_libraries',`
requires_block_template(`$0'_depend)
allow $1 lib_t:dir { getattr read search };
allow $1 lib_t:lnk_file { getattr read };
allow $1 { shlib_t texrel_shlib_t }:lnk_file { getattr read };
allow $1 { shlib_t texrel_shlib_t }:file { getattr read execute };
')

define(`libraries_use_shared_libraries_depend',`
type lib_t, shlib_t, texrel_shlib_t;
class dir { getattr read search };
class lnk_file { getattr read };
class file { getattr read execute };
')

########################################
#
# libraries_legacy_use_shared_libraries(domain)
#
define(`libraries_legacy_use_shared_libraries',`
requires_block_template(`$0'_depend)
libraries_use_shared_libraries($1)
allow $1 { shlib_t texrel_shlib_t }:file execmod;
')

define(`libraries_legacy_use_shared_libraries_depend',`
type shlib_t, texrel_shlib_t;
class file execmod;
')

########################################
#
# libraries_read_library_resources(domain)
#
define(`libraries_read_library_resources',`
requires_block_template(`$0'_depend)
allow $1 lib_t:dir { getattr read search };
allow $1 lib_t:{ file lnk_file } { getattr read };
')

define(`libraries_read_library_resources_depend',`
type lib_t;
class dir { getattr read search };
class lnk_file { getattr read };
class file { getattr read };
')

########################################
#
# libraries_execute_library_scripts(domain)
#
define(`libraries_execute_library_scripts',`
requires_block_template(`$0'_depend)
allow $1 lib_t:dir { getattr read search };
allow $1 lib_t:lnk_file { getattr read };
allow $1 lib_t:file { getattr read execute execute_no_trans };
')

define(`libraries_execute_library_scripts_depend',`
type lib_t;
class dir { getattr read search };
class lnk_file { getattr read };
class file { getattr read execute execute_no_trans };
')