Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/contrib/anaconda.te

146 lines
2.8 KiB
Text
Raw Normal View History

policy_module(anaconda, 1.7.0)
gen_require(`
class passwd all_passwd_perms;
')
gen_require(`
class passwd { passwd chfn chsh rootok crontab };
')
########################################
#
# Declarations
#
type anaconda_t;
type anaconda_exec_t;
domain_type(anaconda_t)
domain_entry_file(anaconda_t, anaconda_exec_t)
domain_obj_id_change_exemption(anaconda_t)
role system_r types anaconda_t;
attribute_role install_roles;
roleattribute system_r install_roles;
type install_t;
type install_exec_t;
application_domain(install_t, install_exec_t)
role install_roles types install_t;
type install_var_run_t;
files_pid_file(install_var_run_t)
type preupgrade_t;
type preupgrade_exec_t;
application_domain(preupgrade_t, preupgrade_exec_t)
role system_r types preupgrade_t;
type preupgrade_data_t;
files_type(preupgrade_data_t)
########################################
#
# Local policy
#
allow anaconda_t self:process execmem;
allow anaconda_t self:passwd { rootok passwd chfn chsh };
kernel_domtrans_to(anaconda_t, anaconda_exec_t)
init_domtrans_script(anaconda_t)
logging_send_syslog_msg(anaconda_t)
modutils_domtrans_kmod(anaconda_t)
modutils_domtrans_kmod(anaconda_t)
seutil_domtrans_semanage(anaconda_t)
seutil_domtrans_setsebool(anaconda_t)
userdom_filetrans_home_content(anaconda_t)
optional_policy(`
rpm_domtrans(anaconda_t)
rpm_domtrans_script(anaconda_t)
')
optional_policy(`
ssh_domtrans_keygen(anaconda_t)
')
optional_policy(`
udev_domtrans(anaconda_t)
')
optional_policy(`
unconfined_domain_noaudit(anaconda_t)
')
########################################
#
# Local policy
#
allow install_t self:capability2 mac_admin;
systemd_dbus_chat_localed(install_t)
systemd_dbus_chat_logind(install_t)
init_dbus_chat(install_t)
init_nnp_daemon_domain(install_t)
manage_sock_files_pattern(install_t, install_var_run_t, install_var_run_t)
files_pid_filetrans(install_t, install_var_run_t, sock_file)
tunable_policy(`deny_ptrace',`',`
domain_ptrace_all_domains(install_t)
')
optional_policy(`
iscsid_run(install_t, install_roles)
')
optional_policy(`
mount_run(install_t, install_roles)
')
optional_policy(`
networkmanager_dbus_chat(install_t)
')
optional_policy(`
policykit_dbus_chat(install_t)
')
optional_policy(`
rhsmcertd_dbus_chat(install_t)
')
optional_policy(`
rtkit_scheduled(install_t)
')
optional_policy(`
seutil_run_setfiles_mac(install_t, install_roles)
seutil_nnp_domtrans_setfiles_mac(install_t)
')
optional_policy(`
unconfined_domain_noaudit(install_t)
')
########################################
#
# Local policy
#
manage_files_pattern(preupgrade_t, preupgrade_data_t, preupgrade_data_t)
manage_dirs_pattern(preupgrade_t, preupgrade_data_t, preupgrade_data_t)
manage_lnk_files_pattern(preupgrade_t, preupgrade_data_t, preupgrade_data_t)
optional_policy(`
unconfined_domain_noaudit(preupgrade_t)
')