diff options
Diffstat (limited to 'policy/modules/contrib/firstboot.if')
-rw-r--r-- | policy/modules/contrib/firstboot.if | 158 |
1 files changed, 0 insertions, 158 deletions
diff --git a/policy/modules/contrib/firstboot.if b/policy/modules/contrib/firstboot.if deleted file mode 100644 index 280f875f0..000000000 --- a/policy/modules/contrib/firstboot.if +++ /dev/null @@ -1,158 +0,0 @@ -## <summary>Initial system configuration utility.</summary> - -######################################## -## <summary> -## Execute firstboot in the firstboot domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`firstboot_domtrans',` - gen_require(` - type firstboot_t, firstboot_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, firstboot_exec_t, firstboot_t) -') - -######################################## -## <summary> -## Execute firstboot in the firstboot -## domain, and allow the specified role -## the firstboot domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -# -interface(`firstboot_run',` - gen_require(` - attribute_role firstboot_roles; - ') - - firstboot_domtrans($1) - roleattribute $2 firstboot_roles; -') - -######################################## -## <summary> -## Inherit and use firstboot file descriptors. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`firstboot_use_fds',` - gen_require(` - type firstboot_t; - ') - - allow $1 firstboot_t:fd use; -') - -######################################## -## <summary> -## Do not audit attempts to inherit -## firstboot file descriptors. -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit. -## </summary> -## </param> -# -interface(`firstboot_dontaudit_use_fds',` - gen_require(` - type firstboot_t; - ') - - dontaudit $1 firstboot_t:fd use; -') - -######################################## -## <summary> -## Write firstboot unnamed pipes. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`firstboot_write_pipes',` - gen_require(` - type firstboot_t; - ') - - allow $1 firstboot_t:fifo_file write; -') - -######################################## -## <summary> -## Read and Write firstboot unnamed pipes. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`firstboot_rw_pipes',` - gen_require(` - type firstboot_t; - ') - - allow $1 firstboot_t:fifo_file { read write }; -') - -######################################## -## <summary> -## Do not audit attemps to read and -## write firstboot unnamed pipes. -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit. -## </summary> -## </param> -# -interface(`firstboot_dontaudit_rw_pipes',` - gen_require(` - type firstboot_t; - ') - - dontaudit $1 firstboot_t:fifo_file { read write }; -') - -######################################## -## <summary> -## Do not audit attemps to read and -## write firstboot unix domain -## stream sockets. -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit. -## </summary> -## </param> -# -interface(`firstboot_dontaudit_rw_stream_sockets',` - gen_require(` - type firstboot_t; - ') - - dontaudit $1 firstboot_t:unix_stream_socket { read write }; -') |