## SELinux MLS/MCS label translation service. ######################################## ## ## Execute setrans server in the setrans domain. ## ## ## ## Domain allowed to transition. ## ## # # interface(`setrans_initrc_domtrans',` gen_require(` type setrans_initrc_exec_t; ') init_labeled_script_domtrans($1, setrans_initrc_exec_t) ') ####################################### ## ## Allow a domain to translate contexts. (Deprecated) ## ## ## ## Domain allowed access. ## ## # interface(`setrans_translate_context',` refpolicywarn(`$0($*) has been deprecated') ') ###################################### ## ## All of the rules required to ## administrate an setrans environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## # interface(`setrans_admin',` gen_require(` type setrans_t, setrans_initrc_exec_t; type setrans_var_run_t, setrans_unit_t; ') allow $1 setrans_t:process { ptrace signal_perms }; ps_process_pattern($1, setrans_t) init_startstop_service($1, $2, setrans_t, setrans_initrc_exec_t, setrans_unit_t) files_search_pids($1) admin_pattern($1, setrans_var_run_t) ')