Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/contrib/wireguard.if

58 lines
1.1 KiB
Text
Raw Permalink Normal View History

## <summary>policy for wireguard</summary>
########################################
## <summary>
## Execute wireguard_exec_t in the wireguard domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`wireguard_domtrans',`
gen_require(`
type wireguard_t, wireguard_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, wireguard_exec_t, wireguard_t)
')
######################################
## <summary>
## Execute wireguard in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`wireguard_exec',`
gen_require(`
type wireguard_exec_t;
')
corecmd_search_bin($1)
can_exec($1, wireguard_exec_t)
')
########################################
## <summary>
## Read wireguard fifo files.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`wireguard_read_fifo_files',`
gen_require(`
type wireguard_t;
')
allow $1 wireguard_t:fifo_file read_fifo_file_perms;
')