|
Chris PeBenito |
d46cfe4 |
## <summary>Policy for user executable applications.</summary>
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
########################################
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
d46cfe4 |
## Make the specified type usable as an application domain.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## <param name="type">
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
d46cfe4 |
## Type to be used as a domain type.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## </param>
|
|
Chris PeBenito |
d46cfe4 |
#
|
|
Chris PeBenito |
d46cfe4 |
interface(`application_type',`
|
|
Chris PeBenito |
d46cfe4 |
gen_require(`
|
|
Chris PeBenito |
d46cfe4 |
attribute application_domain_type;
|
|
Chris PeBenito |
d46cfe4 |
')
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
typeattribute $1 application_domain_type;
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
# start with basic domain
|
|
Chris PeBenito |
d46cfe4 |
domain_type($1)
|
|
Chris PeBenito |
d46cfe4 |
')
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
########################################
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
d46cfe4 |
## Make the specified type usable for files
|
|
Chris PeBenito |
d46cfe4 |
## that are exectuables, such as binary programs.
|
|
Chris PeBenito |
d46cfe4 |
## This does not include shared libraries.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## <param name="type">
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
d46cfe4 |
## Type to be used for files.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## </param>
|
|
Chris PeBenito |
d46cfe4 |
#
|
|
Chris PeBenito |
d46cfe4 |
interface(`application_executable_file',`
|
|
Chris PeBenito |
d46cfe4 |
gen_require(`
|
|
Chris PeBenito |
d46cfe4 |
attribute application_exec_type;
|
|
Chris PeBenito |
d46cfe4 |
')
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
typeattribute $1 application_exec_type;
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
corecmd_executable_file($1)
|
|
Chris PeBenito |
d46cfe4 |
')
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
########################################
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
d46cfe4 |
## Execute application executables in the caller domain.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## <param name="type">
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
d46cfe4 |
## Domain allowed access.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## </param>
|
|
Chris PeBenito |
d46cfe4 |
#
|
|
Chris PeBenito |
d46cfe4 |
interface(`application_exec',`
|
|
Chris PeBenito |
d46cfe4 |
gen_require(`
|
|
Chris PeBenito |
d46cfe4 |
attribute application_exec_type;
|
|
Chris PeBenito |
d46cfe4 |
')
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
can_exec($1, application_exec_type)
|
|
Chris PeBenito |
d46cfe4 |
')
|
|
Chris PeBenito |
d46cfe4 |
|
|
Chris PeBenito |
d46cfe4 |
########################################
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
7d4161c |
## Execute all executable files.
|
|
Chris PeBenito |
7d4161c |
## </summary>
|
|
Chris PeBenito |
7d4161c |
## <param name="domain">
|
|
Chris PeBenito |
7d4161c |
## <summary>
|
|
Chris PeBenito |
7d4161c |
## Domain allowed access.
|
|
Chris PeBenito |
7d4161c |
## </summary>
|
|
Chris PeBenito |
7d4161c |
## </param>
|
|
Chris PeBenito |
7d4161c |
## <rolecap/>
|
|
Chris PeBenito |
7d4161c |
#
|
|
Chris PeBenito |
7d4161c |
interface(`application_exec_all',`
|
|
Chris PeBenito |
7d4161c |
corecmd_dontaudit_exec_all_executables($1)
|
|
Chris PeBenito |
7d4161c |
corecmd_exec_bin($1)
|
|
Chris PeBenito |
7d4161c |
corecmd_exec_shell($1)
|
|
Chris PeBenito |
7d4161c |
corecmd_exec_chroot($1)
|
|
Chris PeBenito |
7d4161c |
|
|
Chris PeBenito |
7d4161c |
application_exec($1)
|
|
Chris PeBenito |
7d4161c |
')
|
|
Chris PeBenito |
7d4161c |
|
|
Chris PeBenito |
7d4161c |
########################################
|
|
Chris PeBenito |
7d4161c |
## <summary>
|
|
Chris PeBenito |
b58db31 |
## Create a domain for applications.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
b58db31 |
## <desc>
|
|
Chris PeBenito |
b58db31 |
##
|
|
Chris PeBenito |
b58db31 |
## Create a domain for applications. Typically these are
|
|
Chris PeBenito |
b58db31 |
## programs that are run interactively.
|
|
Chris PeBenito |
b58db31 |
##
|
|
Chris PeBenito |
b58db31 |
##
|
|
Chris PeBenito |
b58db31 |
## The types will be made usable as a domain and file, making
|
|
Chris PeBenito |
b58db31 |
## calls to domain_type() and files_type() redundant.
|
|
Chris PeBenito |
b58db31 |
##
|
|
Chris PeBenito |
b58db31 |
## </desc>
|
|
Chris PeBenito |
d46cfe4 |
## <param name="domain">
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
b58db31 |
## Type to be used as an application domain.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## </param>
|
|
Chris PeBenito |
d46cfe4 |
## <param name="entry_point">
|
|
Chris PeBenito |
d46cfe4 |
## <summary>
|
|
Chris PeBenito |
d46cfe4 |
## Type of the program to be used as an entry point to this domain.
|
|
Chris PeBenito |
d46cfe4 |
## </summary>
|
|
Chris PeBenito |
d46cfe4 |
## </param>
|
|
Chris PeBenito |
b58db31 |
## <infoflow type="none"/>
|
|
Chris PeBenito |
d46cfe4 |
#
|
|
Chris PeBenito |
d46cfe4 |
interface(`application_domain',`
|
|
Chris PeBenito |
d46cfe4 |
application_type($1)
|
|
Chris PeBenito |
d46cfe4 |
application_executable_file($2)
|
|
Chris PeBenito |
5ed0617 |
domain_entry_file($1, $2)
|
|
Chris PeBenito |
5ed0617 |
')
|
|
Chris PeBenito |
5ed0617 |
|
|
Chris PeBenito |
5ed0617 |
########################################
|
|
Chris PeBenito |
5ed0617 |
## <summary>
|
|
Chris PeBenito |
5ed0617 |
## Send signull to all application domains.
|
|
Chris PeBenito |
5ed0617 |
## </summary>
|
|
Chris PeBenito |
5ed0617 |
## <param name="domain">
|
|
Chris PeBenito |
5ed0617 |
## <summary>
|
|
Chris PeBenito |
5ed0617 |
## Domain allowed access.
|
|
Chris PeBenito |
5ed0617 |
## </summary>
|
|
Chris PeBenito |
5ed0617 |
## </param>
|
|
Chris PeBenito |
5ed0617 |
#
|
|
Chris PeBenito |
5ed0617 |
interface(`application_signull',`
|
|
Chris PeBenito |
5ed0617 |
gen_require(`
|
|
Chris PeBenito |
5ed0617 |
attribute application_domain_type;
|
|
Chris PeBenito |
5ed0617 |
')
|
|
Chris PeBenito |
5ed0617 |
|
|
Chris PeBenito |
5ed0617 |
allow $1 application_domain_type:process signull;
|
|
Chris PeBenito |
d46cfe4 |
')
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
########################################
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## <summary>
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## Send signal to all application domains.
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## </summary>
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## <param name="domain">
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## <summary>
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## Domain allowed access.
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## </summary>
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
## </param>
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
#
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
interface(`application_signal',`
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
gen_require(`
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
attribute application_domain_type;
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
')
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
allow $1 application_domain_type:process signal;
|
|
![](https://seccdn.libravatar.org/avatar/736367bde6478dadf14113cbc0c504521dd994dc28b5fd55dacf3eaee94ae556?s=16&d=retro) |
3eaa993 |
')
|