selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2 / usr / share / selinux / ubuntu / include / system / application.if

This file is indexed.

/usr/share/selinux/ubuntu/include/system/application.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
## <summary>Policy for user executable applications.</summary>

########################################
## <summary>
##	Make the specified type usable as an application domain.
## </summary>
## <param name="type">
##	<summary>
##	Type to be used as a domain type.
##	</summary>
## </param>
#
interface(`application_type',`
	gen_require(`
		attribute application_domain_type;
	')

	typeattribute $1 application_domain_type;

	# start with basic domain
	domain_type($1)
')

########################################
## <summary>
##	Make the specified type usable for files
##	that are exectuables, such as binary programs.
##	This does not include shared libraries.
## </summary>
## <param name="type">
##	<summary>
##	Type to be used for files.
##	</summary>
## </param>
#
interface(`application_executable_file',`
	gen_require(`
		attribute application_exec_type;
	')

	typeattribute $1 application_exec_type;

	corecmd_executable_file($1)
')

########################################
## <summary>
## Execute application executables in the caller domain.
## </summary>
## <param name="type">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`application_exec',`
	gen_require(`
		attribute application_exec_type;
	')

	can_exec($1, application_exec_type)
')

########################################
## <summary>
##	Execute all executable files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`application_exec_all',`
	corecmd_dontaudit_exec_all_executables($1)
	corecmd_exec_bin($1)
	corecmd_exec_shell($1)
	corecmd_exec_chroot($1)

	application_exec($1)
')

########################################
## <summary>
##	Create a domain which can be started by users
## </summary>
## <param name="domain">
##	<summary>
##	Type to be used as a domain.
##	</summary>
## </param>
## <param name="entry_point">
##	<summary>
##	Type of the program to be used as an entry point to this domain.
##	</summary>
## </param>
#
interface(`application_domain',`
	application_type($1)
	application_executable_file($2)
	domain_entry_file($1,$2)
')

APT Browse - Built by Thomas Orozco.