diff options
author | Chris PeBenito <pebenito@ieee.org> | 2018-06-23 10:38:58 -0400 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2018-06-24 16:33:24 +0800 |
commit | 751926c0fbba4bf7105622ee65888b66740847a0 (patch) | |
tree | 6bbdd39cd5becdddc8e4cbc41332c383874c7972 /policy/modules/apps/usernetctl.if | |
parent | xdg: move compat interfaces to upstream xdg module (diff) | |
download | hardened-refpolicy-751926c0fbba4bf7105622ee65888b66740847a0.tar.gz hardened-refpolicy-751926c0fbba4bf7105622ee65888b66740847a0.tar.bz2 hardened-refpolicy-751926c0fbba4bf7105622ee65888b66740847a0.zip |
Move all files out of the old contrib directory.
Diffstat (limited to 'policy/modules/apps/usernetctl.if')
-rw-r--r-- | policy/modules/apps/usernetctl.if | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if new file mode 100644 index 00000000..7deec55c --- /dev/null +++ b/policy/modules/apps/usernetctl.if @@ -0,0 +1,47 @@ +## <summary>User network interface configuration helper.</summary> + +######################################## +## <summary> +## Execute usernetctl in the usernetctl domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`usernetctl_domtrans',` + gen_require(` + type usernetctl_t, usernetctl_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, usernetctl_exec_t, usernetctl_t) +') + +######################################## +## <summary> +## Execute usernetctl in the usernetctl +## domain, and allow the specified role +## the usernetctl domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`usernetctl_run',` + gen_require(` + attribute_role usernetctl_roles; + ') + + usernetctl_domtrans($1) + roleattribute $2 usernetctl_roles; +') |