## <summary>Policy for user executable applications.</summary>

########################################

## <summary>

##	Make the specified type usable as an application domain.

## </summary>

## <param name="type">

##	<summary>

##	Type to be used as a domain type.

##	</summary>

## </param>

#

interface(`application_type',`

	gen_require(`

		attribute application_domain_type;

	')

	typeattribute $1 application_domain_type;

	# start with basic domain

	domain_type($1)

')

########################################

## <summary>

##	Make the specified type usable for files

##	that are exectuables, such as binary programs.

##	This does not include shared libraries.

## </summary>

## <param name="type">

##	<summary>

##	Type to be used for files.

##	</summary>

## </param>

#

interface(`application_executable_file',`

	gen_require(`

		attribute application_exec_type;

	')

	typeattribute $1 application_exec_type;

	corecmd_executable_file($1)

')

########################################

## <summary>

## Execute application executables in the caller domain.

## </summary>

## <param name="type">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

#

interface(`application_exec',`

	gen_require(`

		attribute application_exec_type;

	')

	can_exec($1, application_exec_type)

')

########################################

## <summary>

##	Execute all executable files.

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

## <rolecap/>

#

interface(`application_exec_all',`

	corecmd_dontaudit_exec_all_executables($1)

	corecmd_exec_bin($1)

	corecmd_exec_shell($1)

	corecmd_exec_chroot($1)

	application_exec($1)

')

########################################

## <summary>

##	Create a domain for applications.

## </summary>

## <desc>

##	

##	Create a domain for applications.  Typically these are

##	programs that are run interactively.

##	

##	

##	The types will be made usable as a domain and file, making

##	calls to domain_type() and files_type() redundant.

##	

## </desc>

## <param name="domain">

##	<summary>

##	Type to be used as an application domain.

##	</summary>

## </param>

## <param name="entry_point">

##	<summary>

##	Type of the program to be used as an entry point to this domain.

##	</summary>

## </param>

## <infoflow type="none"/>

#

interface(`application_domain',`

	application_type($1)

	application_executable_file($2)

	domain_entry_file($1, $2)

')

########################################

## <summary>

##	Send signull to all application domains.

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

#

interface(`application_signull',`

	gen_require(`

		attribute application_domain_type;

	')

	allow $1 application_domain_type:process signull;

')

########################################

## <summary>

##	Send signal to all application domains.

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

#

interface(`application_signal',`

	gen_require(`

		attribute application_domain_type;

	')

	allow $1 application_domain_type:process signal;

')