summaryrefslogtreecommitdiff
path: root/policy/modules/services/rhgb.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/services/rhgb.if')
-rw-r--r--policy/modules/services/rhgb.if126
1 files changed, 126 insertions, 0 deletions
diff --git a/policy/modules/services/rhgb.if b/policy/modules/services/rhgb.if
new file mode 100644
index 00000000..639ece6f
--- /dev/null
+++ b/policy/modules/services/rhgb.if
@@ -0,0 +1,126 @@
+## <summary> Red Hat Graphical Boot </summary>
+
+########################################
+## <summary>
+## RHGB stub interface. No access allowed.
+## </summary>
+## <param name="domain">
+## <summary>
+## N/A
+## </summary>
+## </param>
+#
+interface(`rhgb_stub',`
+ gen_require(`
+ type rhgb_t;
+ ')
+')
+
+########################################
+## <summary>
+## Use a rhgb file descriptor.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`rhgb_use_fds',`
+ gen_require(`
+ type rhgb_t;
+ ')
+
+ allow $1 rhgb_t:fd use;
+')
+
+########################################
+## <summary>
+## Read and write to unix stream sockets.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`rhgb_rw_stream_sockets',`
+ gen_require(`
+ type rhgb_t;
+ ')
+
+ allow $1 rhgb_t:unix_stream_socket { read write };
+')
+
+########################################
+## <summary>
+## Do not audit attempts to read and write
+## rhgb unix domain stream sockets.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`rhgb_dontaudit_rw_stream_sockets',`
+ gen_require(`
+ type rhgb_t;
+ ')
+
+ dontaudit $1 rhgb_t:unix_stream_socket { read write };
+')
+
+########################################
+## <summary>
+## Connected to rhgb unix stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`rhgb_stream_connect',`
+ gen_require(`
+ type rhgb_t;
+ ')
+
+ allow $1 rhgb_t:unix_stream_socket connectto;
+')
+
+########################################
+## <summary>
+## Read and write to rhgb shared memory.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`rhgb_rw_shm',`
+ gen_require(`
+ type rhgb_t;
+ ')
+
+ allow $1 rhgb_t:shm rw_shm_perms;
+')
+
+########################################
+## <summary>
+## Read and write to rhgb temporary file system.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`rhgb_rw_tmpfs_files',`
+ gen_require(`
+ type rhgb_tmpfs_t;
+ ')
+
+ allow $1 rhgb_tmpfs_t:file { read write };
+')
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 17:35:13 +0000