blob: e05d2895aab45fe8822468d1eafdd89e912b63f9 [file] [log] [blame]
## <summary>policy for swtpmcuse</summary>
########################################
## <summary>
## Execute TEMPLATE in the swtpmcuse domin.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`swtpmcuse_domtrans',`
gen_require(`
type swtpmcuse_t, swtpmcuse_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, swtpmcuse_exec_t, swtpmcuse_t)
')
########################################
## <summary>
## Execute swtpmcuse in the swtpmcuse domain, and
## allow the specified role the swtpmcuse domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the swtpmcuse domain.
## </summary>
## </param>
#
interface(`swtpmcuse_run',`
gen_require(`
type swtpmcuse_t;
attribute_role swtpmcuse_roles;
')
swtpmcuse_domtrans($1)
roleattribute $2 swtpmcuse_roles;
')
########################################
## <summary>
## Role access for swtpmcuse
## </summary>
## <param name="role">
## <summary>
## Role allowed access
## </summary>
## </param>
## <param name="domain">
## <summary>
## User domain for the role
## </summary>
## </param>
#
interface(`swtpmcuse_role',`
gen_require(`
type swtpmcuse_t;
attribute_role swtpmcuse_roles;
')
roleattribute $1 swtpmcuse_roles;
swtpmcuse_domtrans($2)
ps_process_pattern($2, swtpmcuse_t)
allow $2 swtpmcuse_t:process { signull signal sigkill };
')