| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | allow unconfineddomain self:capability_class_set *; |
| 2 | allow unconfineddomain kernel:security *; |
| 3 | allow unconfineddomain kernel:system *; |
| 4 | allow unconfineddomain self:memprotect *; |
| 5 | allow unconfineddomain domain:process *; |
| 6 | allow unconfineddomain domain:fd *; |
| 7 | allow unconfineddomain domain:dir r_dir_perms; |
| 8 | allow unconfineddomain domain:lnk_file r_file_perms; |
| 9 | allow unconfineddomain domain:{ fifo_file file } rw_file_perms; |
| 10 | allow unconfineddomain domain:socket_class_set *; |
| 11 | allow unconfineddomain domain:ipc_class_set *; |
| 12 | allow unconfineddomain domain:key *; |
| 13 | allow unconfineddomain fs_type:filesystem *; |
| 14 | allow unconfineddomain fs_type:dir_file_class_set *; |
| 15 | allow unconfineddomain dev_type:dir_file_class_set *; |
| 16 | allow unconfineddomain file_type:dir_file_class_set *; |
| 17 | allow unconfineddomain node_type:node *; |
| 18 | allow unconfineddomain node_type:{ tcp_socket udp_socket } node_bind; |
| 19 | allow unconfineddomain netif_type:netif *; |
| 20 | allow unconfineddomain port_type:socket_class_set name_bind; |
| 21 | allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect; |
| 22 | allow unconfineddomain domain:peer recv; |
| 23 | allow unconfineddomain domain:binder { call transfer receive }; |
| Stephen Smalley | 124720a | 2012-04-04 10:11:16 -0400 | [diff] [blame] | 24 | allow unconfineddomain property_type:property_service set; |