## Red Hat Graphical Boot
########################################
##
## RHGB stub interface. No access allowed.
##
##
##
## N/A
##
##
#
interface(`rhgb_stub',`
gen_require(`
type rhgb_t;
')
')
########################################
##
## Use a rhgb file descriptor.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_use_fds',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:fd use;
')
########################################
##
## Get the process group of rhgb.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_getpgid',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:process getpgid;
')
########################################
##
## Send a signal to rhgb.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_signal',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:process signal;
')
########################################
##
## Read and write to unix stream sockets.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_rw_stream_sockets',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:unix_stream_socket { read write };
')
########################################
##
## Do not audit attempts to read and write
## rhgb unix domain stream sockets.
##
##
##
## Domain to not audit.
##
##
#
interface(`rhgb_dontaudit_rw_stream_sockets',`
gen_require(`
type rhgb_t;
')
dontaudit $1 rhgb_t:unix_stream_socket { read write };
')
########################################
##
## Connected to rhgb unix stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_stream_connect',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:unix_stream_socket connectto;
')
########################################
##
## Read and write to rhgb shared memory.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_rw_shm',`
gen_require(`
type rhgb_t;
')
allow $1 rhgb_t:shm rw_shm_perms;
')
########################################
##
## Read from and write to the rhgb devpts.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_use_ptys',`
gen_require(`
type rhgb_devpts_t;
')
allow $1 rhgb_devpts_t:chr_file rw_term_perms;
')
########################################
##
## dontaudit Read from and write to the rhgb devpts.
##
##
##
## Domain to not audit.
##
##
#
interface(`rhgb_dontaudit_use_ptys',`
gen_require(`
type rhgb_devpts_t;
')
dontaudit $1 rhgb_devpts_t:chr_file rw_term_perms;
')
########################################
##
## Read and write to rhgb temporary file system.
##
##
##
## Domain allowed access.
##
##
#
interface(`rhgb_rw_tmpfs_files',`
gen_require(`
type rhgb_tmpfs_t;
')
fs_search_tmpfs($1)
allow $1 rhgb_tmpfs_t:file rw_file_perms;
')