| Last change
                  on this file since 547 was
                  91,
                  checked in by presbrey, 19 years ago | 
        
          | Zephyr strict SELinux module | 
        | File size:
            601 bytes | 
      
      
        
  | Rev | Line |  | 
|---|
| [91] | 1 | # Joe Presbrey | 
|---|
|  | 2 | # presbrey@mit.edu | 
|---|
|  | 3 | # 2006/1/15 | 
|---|
|  | 4 |  | 
|---|
| [84] | 5 | interface(`zephyr_domtrans',` | 
|---|
|  | 6 | gen_requires(` | 
|---|
|  | 7 | type zephyr_t, zephyr_exec_t; | 
|---|
|  | 8 | ') | 
|---|
|  | 9 |  | 
|---|
|  | 10 | domain_auto_trans($1,zephyr_exec_t,zephyr_t) | 
|---|
|  | 11 |  | 
|---|
|  | 12 | allow $1 zephyr_t:fd use; | 
|---|
|  | 13 | allow zephyr_t $1:fd use; | 
|---|
|  | 14 | allow zephyr_t:$1:fifo_file rw_file_perms; | 
|---|
|  | 15 | allow zephyr_t $1:process sigchld; | 
|---|
|  | 16 | ') | 
|---|
|  | 17 |  | 
|---|
|  | 18 | template(`zephyr_access',` | 
|---|
|  | 19 | require { | 
|---|
|  | 20 | type zephyr_t, zephyr_bin_t; | 
|---|
|  | 21 | } | 
|---|
|  | 22 |  | 
|---|
|  | 23 | allow $1 zephyr_t:udp_socket { read write }; | 
|---|
|  | 24 | can_exec($1, zephyr_t) | 
|---|
|  | 25 | can_exec($1, zephyr_bin_t) | 
|---|
|  | 26 | ') | 
|---|
       
      
      Note: See 
TracBrowser
        for help on using the repository browser.