selinux-refpolicy/policy/modules/admin/kudzu.if

65 lines
1.2 KiB
Plaintext

## <summary>Hardware detection and configuration tools</summary>
########################################
## <summary>
## Execute kudzu in the kudzu domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`kudzu_domtrans',`
gen_require(`
type kudzu_t, kudzu_exec_t;
')
domtrans_pattern($1, kudzu_exec_t, kudzu_t)
')
########################################
## <summary>
## Execute kudzu in the kudzu domain, and
## allow the specified role the kudzu domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kudzu_run',`
gen_require(`
type kudzu_t;
')
kudzu_domtrans($1)
role $2 types kudzu_t;
')
########################################
## <summary>
## Get attributes of kudzu executable.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
# cjp: added for ddcprobe
interface(`kudzu_getattr_exec_files',`
gen_require(`
type kudzu_exec_t;
')
allow $1 kudzu_exec_t:file getattr;
')