+++ /dev/null
-## <summary>Run .NET server and client applications on Linux.</summary>
-
-#######################################
-## <summary>
-## The role template for the mono module.
-## </summary>
-## <desc>
-## <p>
-## This template creates a derived domains which are used
-## for mono applications.
-## </p>
-## </desc>
-## <param name="role_prefix">
-## <summary>
-## The prefix of the user domain (e.g., user
-## is the prefix for user_t).
-## </summary>
-## </param>
-## <param name="user_role">
-## <summary>
-## The role associated with the user domain.
-## </summary>
-## </param>
-## <param name="user_domain">
-## <summary>
-## The type of the user domain.
-## </summary>
-## </param>
-#
-template(`mono_role_template',`
- gen_require(`
- type mono_exec_t;
- ')
-
- type $1_mono_t;
- domain_type($1_mono_t)
- domain_entry_file($1_mono_t, mono_exec_t)
- role $2 types $1_mono_t;
-
- domain_interactive_fd($1_mono_t)
- application_type($1_mono_t)
-
- allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack };
-
- allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
-
- domtrans_pattern($3, mono_exec_t, $1_mono_t)
-
- fs_dontaudit_rw_tmpfs_files($1_mono_t)
- corecmd_bin_domtrans($1_mono_t, $1_t)
-
- userdom_manage_user_tmpfs_files($1_mono_t)
-
- optional_policy(`
- xserver_role($1_r, $1_mono_t)
- ')
-')
-
-########################################
-## <summary>
-## Execute the mono program in the mono domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`mono_domtrans',`
- gen_require(`
- type mono_t, mono_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, mono_exec_t, mono_t)
-')
-
-########################################
-## <summary>
-## Execute mono in the mono domain, and
-## allow the specified role the mono domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-#
-interface(`mono_run',`
- gen_require(`
- type mono_t;
- ')
-
- mono_domtrans($1)
- role $2 types mono_t;
-')
-
-########################################
-## <summary>
-## Execute the mono program in the caller domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`mono_exec',`
- gen_require(`
- type mono_exec_t;
- ')
-
- corecmd_search_bin($1)
- can_exec($1, mono_exec_t)
-')
-
-########################################
-## <summary>
-## Read and write to mono shared memory.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`mono_rw_shm',`
- gen_require(`
- type mono_t;
- ')
-
- allow $1 mono_t:shm rw_shm_perms;
-')
+++ /dev/null
-policy_module(mono, 1.8.0)
-
-########################################
-#
-# Declarations
-#
-
-type mono_t;
-type mono_exec_t;
-application_type(mono_t)
-init_system_domain(mono_t, mono_exec_t)
-
-########################################
-#
-# Local policy
-#
-
-allow mono_t self:process { ptrace signal getsched execheap execmem execstack };
-
-init_dbus_chat_script(mono_t)
-
-userdom_user_home_dir_filetrans_user_home_content(mono_t, { dir file lnk_file fifo_file sock_file })
-
-optional_policy(`
- avahi_dbus_chat(mono_t)
-')
-
-optional_policy(`
- cups_dbus_chat(mono_t)
-')
-
-optional_policy(`
- hal_dbus_chat(mono_t)
-')
-
-optional_policy(`
- networkmanager_dbus_chat(mono_t)
-')
-
-optional_policy(`
- rpm_dbus_chat(mono_t)
-')
-
-optional_policy(`
- unconfined_domain(mono_t)
- unconfined_dbus_chat(mono_t)
- unconfined_dbus_connect(mono_t)
-')
-
-optional_policy(`
- xserver_rw_shm(mono_t)
-')
projects / people / stevee / selinux-policy.git / commitdiff
