2 # Specified domain transition patterns
4 define(`domain_transition_pattern',`
5 allow $1 $2:file { getattr open read execute };
6 allow $1 $3:process transition;
7 dontaudit $1 $3:process { noatsecure siginh rlimitinh };
11 define(`domain_trans',`domain_transition_pattern($*)')
13 define(`spec_domtrans_pattern',`
14 allow $1 self:process setexec;
15 domain_transition_pattern($1,$2,$3)
18 allow $3 $1:fifo_file rw_inherited_fifo_file_perms;
19 allow $3 $1:process sigchld;
23 # Automatic domain transition patterns
25 define(`domain_auto_transition_pattern',`
26 domain_transition_pattern($1,$2,$3)
27 type_transition $1 $2:process $3;
31 define(`domain_auto_trans',`domain_auto_transition_pattern($*)')
33 define(`domtrans_pattern',`
34 domain_auto_transition_pattern($1,$2,$3)
37 allow $3 $1:fifo_file rw_inherited_fifo_file_perms;
38 allow $3 $1:process sigchld;
40 ifdef(`hide_broken_symptoms', `
41 dontaudit $3 $1:socket_class_set { read write };
46 # Dynamic transition pattern
48 define(`dyntrans_pattern',`
49 allow $1 self:process setcurrent;
50 allow $1 $2:process dyntransition;
51 allow $2 $1:process sigchld;
55 # Other process permissions
57 define(`send_audit_msgs_pattern',`
58 refpolicywarn(`$0($*) has been deprecated, please use logging_send_audit_msgs($1) instead.')
59 allow $1 self:capability audit_write;
60 allow $1 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
63 define(`ps_process_pattern',`
64 allow $1 $2:dir list_dir_perms;
65 allow $1 $2:file read_file_perms;
66 allow $1 $2:lnk_file read_lnk_file_perms;
67 allow $1 $2:process getattr;