# # Common domain transition pattern perms # # Parameters: # 1. source domain # 2. entry point file type # 3. target domain # define(`domain_transition_pattern',` allow $1 $2:file { getattr open read execute }; allow $1 $3:process transition; dontaudit $1 $3:process { noatsecure siginh rlimitinh }; ') # compatibility: Deprecated (20161201) define(`domain_trans',` refpolicywarn(`$0() has been deprecated, please use domain_transition_pattern() instead.') domain_transition_pattern($*) ') # # Specified domain transition patterns # # Parameters: # 1. source domain # 2. entry point file type # 3. target domain # define(`spec_domtrans_pattern',` allow $1 self:process setexec; domain_transition_pattern($1,$2,$3) allow $3 $1:fd use; allow $3 $1:fifo_file rw_fifo_file_perms; allow $3 $1:process sigchld; ') # # Automatic domain transition patterns # # Parameters: # 1. source domain # 2. entry point file type # 3. target domain # define(`domain_auto_transition_pattern',` domain_transition_pattern($1,$2,$3) type_transition $1 $2:process $3; ') # compatibility: Deprecated (20161201) define(`domain_auto_trans',` refpolicywarn(`$0() has been deprecated, please use domain_auto_transition_pattern() instead.') domain_auto_transition_pattern($*) ') # # Automatic domain transition patterns # with feedback permissions # # Parameters: # 1. source domain # 2. entry point file type # 3. target domain # define(`domtrans_pattern',` domain_auto_transition_pattern($1,$2,$3) allow $3 $1:fd use; allow $3 $1:fifo_file rw_fifo_file_perms; allow $3 $1:process sigchld; ') # # Dynamic transition pattern # # Parameters: # 1. source domain # 2. target domain # define(`dyntrans_pattern',` allow $1 self:process setcurrent; allow $1 $2:process dyntransition; allow $2 $1:process sigchld; ') # # Read foreign domain proc data # # Parameters: # 1. source domain # 2. target domain # define(`ps_process_pattern',` allow $1 $2:dir list_dir_perms; allow $1 $2:file read_file_perms; allow $1 $2:lnk_file read_lnk_file_perms; allow $1 $2:process getattr; ')