# Copyright (C) 2005 Tresys Technology, LLC

#######################################
#
# corecommands_make_shell_entrypoint(domain)
#
define(`corecommands_make_shell_entrypoint',`
requires_block_template(`$0'_depend)
domain_make_entrypoint_file($1,shell_exec_t)
')

define(`corecommands_make_shell_entrypoint_depend',`
type shell_exec_t;
')

########################################
#
# corecommands_search_general_programs_directory(domain)
#
define(`corecommands_search_general_programs_directory',`
requires_block_template(`$0'_depend)
allow $1 bin_t:dir search;
')

define(`corecommands_search_general_programs_directory_depend',`
type bin_t;
class dir search;
')

########################################
#
# corecommands_read_general_programs_directory(domain)
#
define(`corecommands_read_general_programs_directory',`
requires_block_template(`$0'_depend)
allow $1 bin_t:dir { getattr search read };
')

define(`corecommands_read_general_programs_directory_depend',`
type bin_t;
class dir { getattr search read };
')

########################################
#
# corecommands_execute_general_programs(domain)
#
define(`corecommands_execute_general_programs',`
requires_block_template(`$0'_depend)
allow $1 bin_t:dir { getattr search read };
allow $1 bin_t:lnk_file { getattr read };
allow $1 bin_t:file { getattr read execute execute_no_trans };
')

define(`corecommands_execute_general_programs_depend',`
type bin_t;
class dir { getattr search read };
class lnk_file { getattr read };
class file { getattr read execute execute_no_trans };
')

########################################
#
# corecommands_search_system_programs_directory(domain)
#
define(`corecommands_search_system_programs_directory',`
requires_block_template(`$0'_depend)
allow $1 sbin_t:dir search;
')

define(`corecommands_search_system_programs_directory_depend',`
type sbin_t;
class dir search;
')

########################################
#
# corecommands_read_system_programs_directory(domain)
#
define(`corecommands_read_system_programs_directory',`
requires_block_template(`$0'_depend)
allow $1 sbin_t:dir { getattr search read };
')

define(`corecommands_read_system_programs_directory_depend',`
type sbin_t;
class dir { getattr search read };
')

########################################
#
# corecommands_execute_system_programs(domain)
#
define(`corecommands_execute_system_programs',`
requires_block_template(`$0'_depend)
allow $1 sbin_t:dir { getattr search read };
allow $1 sbin_t:lnk_file { getattr read };
allow $1 sbin_t:file { getattr read execute execute_no_trans };
')

define(`corecommands_execute_system_programs_depend',`
type sbin_t;
class dir { getattr search read };
class lnk_file { getattr read };
class file { getattr read execute execute_no_trans };
')

########################################
#
# corecommands_execute_shell(domain)
#
define(`corecommands_execute_shell',`
requires_block_template(`$0'_depend)
allow $1 bin_t:dir { getattr search read };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute execute_no_trans };
')

define(`corecommands_execute_shell_depend',`
type bin_t, shell_exec_t;
class dir { getattr search read };
class lnk_file { getattr read };
class file { getattr read execute execute_no_trans };
')

########################################
#
# corecommands_shell_transition(domain)
#
define(`corecommands_shell_transition',`
requires_block_template(`$0'_depend)
allow $1 bin_t:dir { getattr search read };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
')

define(`corecommands_shell_transition_depend',`
type bin_t, shell_exec_t;
class dir { getattr search read };
class lnk_file { getattr read };
class file { getattr read execute };
')

########################################
#
# corecommands_chroot(domain)
#
define(`corecommands_chroot',`
requires_block_template(`$0'_depend)
allow $1 chroot_exec_t:file { getattr read execute execute_no_trans };
# could go to a generic chroot priv:
allow $1 self:capability sys_chroot;
')

define(`corecommands_chroot_depend',`
type chroot_exec_t;
class file { getattr read execute execute_no_trans };
class capability sys_chroot;
')