/usr/share/selinux/ubuntu/include/system/application.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 | ## <summary>Policy for user executable applications.</summary>
########################################
## <summary>
## Make the specified type usable as an application domain.
## </summary>
## <param name="type">
## <summary>
## Type to be used as a domain type.
## </summary>
## </param>
#
interface(`application_type',`
gen_require(`
attribute application_domain_type;
')
typeattribute $1 application_domain_type;
# start with basic domain
domain_type($1)
')
########################################
## <summary>
## Make the specified type usable for files
## that are exectuables, such as binary programs.
## This does not include shared libraries.
## </summary>
## <param name="type">
## <summary>
## Type to be used for files.
## </summary>
## </param>
#
interface(`application_executable_file',`
gen_require(`
attribute application_exec_type;
')
typeattribute $1 application_exec_type;
corecmd_executable_file($1)
')
########################################
## <summary>
## Execute application executables in the caller domain.
## </summary>
## <param name="type">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`application_exec',`
gen_require(`
attribute application_exec_type;
')
can_exec($1, application_exec_type)
')
########################################
## <summary>
## Execute all executable files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`application_exec_all',`
corecmd_dontaudit_exec_all_executables($1)
corecmd_exec_bin($1)
corecmd_exec_shell($1)
corecmd_exec_chroot($1)
application_exec($1)
')
########################################
## <summary>
## Create a domain which can be started by users
## </summary>
## <param name="domain">
## <summary>
## Type to be used as a domain.
## </summary>
## </param>
## <param name="entry_point">
## <summary>
## Type of the program to be used as an entry point to this domain.
## </summary>
## </param>
#
interface(`application_domain',`
application_type($1)
application_executable_file($2)
domain_entry_file($1,$2)
')
|