Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/rshim.te

policy_module(rshim, 1.0.0)

########################################
#
# Declarations
#

type rshim_t;
type rshim_exec_t;
init_daemon_domain(rshim_t, rshim_exec_t)

type rshim_unit_file_t;
systemd_unit_file(rshim_unit_file_t)

permissive rshim_t;

########################################
#
# rshim local policy
#
allow rshim_t self:capability2 bpf;
allow rshim_t self:fifo_file rw_fifo_file_perms;
allow rshim_t self:netlink_kobject_uevent_socket { bind create getattr setopt };
allow rshim_t self:process { fork };
allow rshim_t self:system module_load;
allow rshim_t self:unix_stream_socket create_stream_socket_perms;

kernel_read_proc_files(rshim_t)

corecmd_exec_shell(rshim_t)

dev_read_sysfs(rshim_t)

domain_use_interactive_fds(rshim_t)

files_read_etc_files(rshim_t)
files_read_kernel_modules(rshim_t)

optional_policy(`
	auth_read_passwd_file(rshim_t)
')

optional_policy(`
	logging_send_syslog_msg(rshim_t)
')

optional_policy(`
	miscfiles_read_localization(rshim_t)
')

optional_policy(`
	modutils_exec_kmod(rshim_t)
	modutils_getattr_module_deps(rshim_t)
	modutils_read_module_config(rshim_t)
	modutils_read_module_deps_files(rshim_t)
')

optional_policy(`
        sssd_read_public_files(rshim_t)
')

optional_policy(`
	udev_read_pid_files(rshim_t)
')
extract all compressed files to make viewing source code easier and updated oreon-backgrounds and oreon-release packages 2024-07-03 21:20:34 -07:00			`policy_module(rshim, 1.0.0)`

			`########################################`
			`#`
			`# Declarations`
			`#`

			`type rshim_t;`
			`type rshim_exec_t;`
			`init_daemon_domain(rshim_t, rshim_exec_t)`

			`type rshim_unit_file_t;`
			`systemd_unit_file(rshim_unit_file_t)`

			`permissive rshim_t;`

			`########################################`
			`#`
			`# rshim local policy`
			`#`
			`allow rshim_t self:capability2 bpf;`
			`allow rshim_t self:fifo_file rw_fifo_file_perms;`
			`allow rshim_t self:netlink_kobject_uevent_socket { bind create getattr setopt };`
			`allow rshim_t self:process { fork };`
			`allow rshim_t self:system module_load;`
			`allow rshim_t self:unix_stream_socket create_stream_socket_perms;`

			`kernel_read_proc_files(rshim_t)`

			`corecmd_exec_shell(rshim_t)`

			`dev_read_sysfs(rshim_t)`

			`domain_use_interactive_fds(rshim_t)`

			`files_read_etc_files(rshim_t)`
			`files_read_kernel_modules(rshim_t)`

			optional_policy(`
			`auth_read_passwd_file(rshim_t)`
			`')`

			optional_policy(`
			`logging_send_syslog_msg(rshim_t)`
			`')`

			optional_policy(`
			`miscfiles_read_localization(rshim_t)`
			`')`

			optional_policy(`
			`modutils_exec_kmod(rshim_t)`
			`modutils_getattr_module_deps(rshim_t)`
			`modutils_read_module_config(rshim_t)`
			`modutils_read_module_deps_files(rshim_t)`
			`')`

			optional_policy(`
			`sssd_read_public_files(rshim_t)`
			`')`

			optional_policy(`
			`udev_read_pid_files(rshim_t)`
			`')`