a
����ye&����������������������@���s���d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d Z d
Z
d�Z�d�Z�d�Z
d�Z�d
Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d�Z d�Z!d Z"d!Z#d"Z$d#Z%d$Z&d%Z'd&Z(d'S�)(zpolicy_module(TEMPLATETYPE, 1.0.0)
########################################
#
# Declarations
#
type TEMPLATETYPE_t;
type TEMPLATETYPE_exec_t;
init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
permissive TEMPLATETYPE_t;
zO
type TEMPLATETYPE_initrc_exec_t;
init_script_file(TEMPLATETYPE_initrc_exec_t)
a#���policy_module(TEMPLATETYPE, 1.0.0)
########################################
#
# Declarations
#
type TEMPLATETYPE_t;
type TEMPLATETYPE_exec_t;
domain_type(TEMPLATETYPE_t)
domain_entry_file(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
role system_r types TEMPLATETYPE_t;
permissive TEMPLATETYPE_t;
zpolicy_module(TEMPLATETYPE, 1.0.0)
########################################
#
# Declarations
#
type TEMPLATETYPE_t;
type TEMPLATETYPE_exec_t;
inetd_service_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
permissive TEMPLATETYPE_t;
aa���policy_module(TEMPLATETYPE, 1.0.0)
########################################
#
# Declarations
#
attribute_role TEMPLATETYPE_roles;
roleattribute system_r TEMPLATETYPE_roles;
type TEMPLATETYPE_t;
type TEMPLATETYPE_exec_t;
application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
role TEMPLATETYPE_roles types TEMPLATETYPE_t;
permissive TEMPLATETYPE_t;
zpolicy_module(TEMPLATETYPE, 1.0.0)
########################################
#
# Declarations
#
sandbox_x_domain_template(TEMPLATETYPE)
permissive TEMPLATETYPE_t;
permissive TEMPLATETYPE_client_t;
zpolicy_module(TEMPLATETYPE, 1.0.0)
########################################
#
# Declarations
#
apache_content_template(TEMPLATETYPE)
permissive httpd_TEMPLATETYPE_script_t;
zallow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms;
allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
�
zO
optional_policy(`
dbus_system_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
')
z
allow TEMPLATETYPE_t self:fifo_file manage_fifo_file_perms;
allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
z#
auth_use_nsswitch(TEMPLATETYPE_t)
z)
logging_send_syslog_msg(TEMPLATETYPE_t)
z)
sysnet_dns_name_resolve(TEMPLATETYPE_t)
z*
auth_domtrans_chk_passwd(TEMPLATETYPE_t)
z�
mta_send_mail(TEMPLATETYPE_t)
zg
optional_policy(`
dbus_system_bus_client(TEMPLATETYPE_t)
dbus_connect_system_bus(TEMPLATETYPE_t)
')
z4
optional_policy(`
kerberos_use(TEMPLATETYPE_t)
')
z{
optional_policy(`
kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
kerberos_manage_host_rcache(TEMPLATETYPE_t)
')
z)
logging_send_audit_msgs(TEMPLATETYPE_t)
zj
optional_policy(`
gen_require(`
type USER_t;
role USER_r;
')
TEMPLATETYPE_run(USER_t, USER_r)
')
z,
domain_use_interactive_fds(TEMPLATETYPE_t)
z&
files_read_etc_files(TEMPLATETYPE_t)
z-
miscfiles_read_localization(TEMPLATETYPE_t)
z.
## policy for TEMPLATETYPEa���
########################################
##
## Execute TEMPLATETYPE_exec_t in the TEMPLATETYPE domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`TEMPLATETYPE_domtrans',`
gen_require(`
type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
')
######################################
##
## Execute TEMPLATETYPE in the caller domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`TEMPLATETYPE_exec',`
gen_require(`
type TEMPLATETYPE_exec_t;
')
corecmd_search_bin($1)
can_exec($1, TEMPLATETYPE_exec_t)
')
ak���
########################################
##
## Execute TEMPLATETYPE in the TEMPLATETYPE domain, and
## allow the specified role the TEMPLATETYPE domain.
##
##
##
## Domain allowed to transition
##
##
##
##
## The role to be allowed the TEMPLATETYPE domain.
##
##
#
interface(`TEMPLATETYPE_run',`
gen_require(`
type TEMPLATETYPE_t;
attribute_role TEMPLATETYPE_roles;
')
TEMPLATETYPE_domtrans($1)
roleattribute $2 TEMPLATETYPE_roles;
')
########################################
##
## Role access for TEMPLATETYPE
##
##
##
## Role allowed access
##
##
##
##
## User domain for the role
##
##
#
interface(`TEMPLATETYPE_role',`
gen_require(`
type TEMPLATETYPE_t;
attribute_role TEMPLATETYPE_roles;
')
roleattribute $1 TEMPLATETYPE_roles;
TEMPLATETYPE_domtrans($2)
ps_process_pattern($2, TEMPLATETYPE_t)
allow $2 TEMPLATETYPE_t:process { signull signal sigkill };
')
a���
########################################
##
## Execute sandbox in the TEMPLATETYPE_t domain, and
## allow the specified role the TEMPLATETYPE_t domain.
##
##
##
## Domain allowed to transition.
##
##
##
##
## The role to be allowed the TEMPLATETYPE_t domain.
##
##
#
interface(`TEMPLATETYPE_transition',`
gen_require(`
type TEMPLATETYPE_t;
type TEMPLATETYPE_client_t;
')
allow $1 TEMPLATETYPE_t:process { signal_perms transition };
dontaudit $1 TEMPLATETYPE_t:process { noatsecure siginh rlimitinh };
role $2 types TEMPLATETYPE_t;
role $2 types TEMPLATETYPE_client_t;
allow TEMPLATETYPE_t $1:process { sigchld signull };
allow TEMPLATETYPE_t $1:fifo_file rw_inherited_fifo_file_perms;
allow TEMPLATETYPE_client_t $1:process { sigchld signull };
allow TEMPLATETYPE_client_t $1:fifo_file rw_inherited_fifo_file_perms;
')
a>���
########################################
##
## Change to the TEMPLATETYPE role.
##
##
##
## Role allowed access.
##
##
##
#
interface(`TEMPLATETYPE_role_change',`
gen_require(`
role TEMPLATETYPE_r;
')
allow $1 TEMPLATETYPE_r;
')
a���
########################################
##
## Execute TEMPLATETYPE server in the TEMPLATETYPE domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`TEMPLATETYPE_initrc_domtrans',`
gen_require(`
type TEMPLATETYPE_initrc_exec_t;
')
init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t)
')
a���
########################################
##
## Send and receive messages from
## TEMPLATETYPE over dbus.
##
##
##
## Domain allowed access.
##
##
#
interface(`TEMPLATETYPE_dbus_chat',`
gen_require(`
type TEMPLATETYPE_t;
class dbus send_msg;
')
allow $1 TEMPLATETYPE_t:dbus send_msg;
allow TEMPLATETYPE_t $1:dbus send_msg;
')
a���
########################################
##
## All of the rules required to administrate
## an TEMPLATETYPE environment
##
##
##
## Domain allowed access.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`TEMPLATETYPE_admin',`
gen_require(`
type TEMPLATETYPE_t;z
')
allow $1 TEMPLATETYPE_t:process { signal_perms };
ps_process_pattern($1, TEMPLATETYPE_t)
tunable_policy(`deny_ptrace',`',`
allow $1 TEMPLATETYPE_t:process ptrace;
')
z#
type TEMPLATETYPE_initrc_exec_t;z
TEMPLATETYPE_initrc_domtrans($1)
domain_system_change_exemption($1)
role_transition $2 TEMPLATETYPE_initrc_exec_t system_r;
allow $2 system_r;
zb optional_policy(`
systemd_passwd_agent_exec($1)
systemd_read_fifo_file_passwd_run($1)
')
')
zEEXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
z # No file context, leave blank
zKEXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
N))Z�te_daemon_typesZ�te_initscript_typesZ�te_dbusd_typesZ�te_inetd_typesZ�te_userapp_typesZ�te_sandbox_typesZ�te_cgi_typesZ�te_daemon_rulesZ�te_inetd_rulesZ�te_dbusd_rulesZ�te_userapp_rulesZ�te_cgi_rulesZ�te_sandbox_rulesZ�te_uid_rulesZ�te_syslog_rulesZ�te_resolve_rulesZ�te_pam_rulesZ
te_mail_rulesZ
te_dbus_rulesZ�te_kerberos_rulesZ�te_manage_krb5_rcache_rulesZ�te_audit_rulesZ�te_run_rulesZ�te_fd_rulesZ�te_etc_rulesZ�te_localization_rulesZ�if_heading_rulesZ�if_program_rulesZ�if_user_program_rulesZ�if_sandbox_rulesZ�if_role_change_rulesZ�if_initscript_rulesZ
if_dbus_rulesZ�if_begin_adminZ�if_middle_adminZ�if_initscript_admin_typesZ�if_initscript_adminZ�if_end_adminZ
fc_programZ�fc_userZ
fc_initscript�r����r����A/usr/lib/python3.9/site-packages/sepolicy/templates/executable.py�����sP����������������
�����������������������������������������)�9�#��������������� ����