This file is indexed.

/usr/share/selinux/ubuntu/include/admin/vbetool.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
## <summary>run real-mode video BIOS code to alter hardware state</summary>

########################################
## <summary>
##	Execute vbetool application in the vbetool domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`vbetool_domtrans',`
	gen_require(`
		type vbetool_t, vbetool_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, vbetool_exec_t, vbetool_t)
')

########################################
## <summary>
##	Execute vbetool in the vbetool domain, and
##	allow the specified role the vbetool domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the vbetool domain.
##	</summary>
## </param>
#
interface(`vbetool_run',`
	gen_require(`
		type vbetool_t;
	')

	vbetool_domtrans($1)
	role $2 types vbetool_t;
')