Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/rolekit.te

policy_module(rolekit, 1.0.0)

########################################
#
# Declarations
#

type rolekit_t;
type rolekit_exec_t;
init_daemon_domain(rolekit_t, rolekit_exec_t)

type rolekit_tmp_t;
files_tmp_file(rolekit_tmp_t)

type rolekit_unit_file_t;
systemd_unit_file(rolekit_unit_file_t)

########################################
#
# rolekit local policy
#

allow rolekit_t self:fifo_file rw_fifo_file_perms;
allow rolekit_t self:unix_stream_socket create_stream_socket_perms;

manage_files_pattern(rolekit_t, rolekit_tmp_t, rolekit_tmp_t)
manage_dirs_pattern(rolekit_t, rolekit_tmp_t, rolekit_tmp_t)
files_tmp_filetrans(rolekit_t, rolekit_tmp_t, { file dir })

kernel_read_system_state(rolekit_t)

auth_use_nsswitch(rolekit_t)

optional_policy(`
    sssd_domtrans(rolekit_t)
')

optional_policy(`
    rpm_transition_script(rolekit_t, system_r)
')

optional_policy(`
    unconfined_domain_noaudit(rolekit_t)
    #should be changed for debugging
    #unconfined_domain(rolekit_t)
    domain_named_filetrans(rolekit_t)
')
extract all compressed files to make viewing source code easier and updated oreon-backgrounds and oreon-release packages 2024-07-03 21:20:34 -07:00			`policy_module(rolekit, 1.0.0)`

			`########################################`
			`#`
			`# Declarations`
			`#`

			`type rolekit_t;`
			`type rolekit_exec_t;`
			`init_daemon_domain(rolekit_t, rolekit_exec_t)`

			`type rolekit_tmp_t;`
			`files_tmp_file(rolekit_tmp_t)`

			`type rolekit_unit_file_t;`
			`systemd_unit_file(rolekit_unit_file_t)`

			`########################################`
			`#`
			`# rolekit local policy`
			`#`

			`allow rolekit_t self:fifo_file rw_fifo_file_perms;`
			`allow rolekit_t self:unix_stream_socket create_stream_socket_perms;`

			`manage_files_pattern(rolekit_t, rolekit_tmp_t, rolekit_tmp_t)`
			`manage_dirs_pattern(rolekit_t, rolekit_tmp_t, rolekit_tmp_t)`
			`files_tmp_filetrans(rolekit_t, rolekit_tmp_t, { file dir })`

			`kernel_read_system_state(rolekit_t)`

			`auth_use_nsswitch(rolekit_t)`

			optional_policy(`
			`sssd_domtrans(rolekit_t)`
			`')`

			optional_policy(`
			`rpm_transition_script(rolekit_t, system_r)`
			`')`

			optional_policy(`
			`unconfined_domain_noaudit(rolekit_t)`
			`#should be changed for debugging`
			`#unconfined_domain(rolekit_t)`
			`domain_named_filetrans(rolekit_t)`
			`')`