24 lines
1.2 KiB
Plaintext
24 lines
1.2 KiB
Plaintext
allow unconfineddomain self:capability_class_set *;
|
|
allow unconfineddomain kernel:security *;
|
|
allow unconfineddomain kernel:system *;
|
|
allow unconfineddomain self:memprotect *;
|
|
allow unconfineddomain domain:process *;
|
|
allow unconfineddomain domain:fd *;
|
|
allow unconfineddomain domain:dir r_dir_perms;
|
|
allow unconfineddomain domain:lnk_file r_file_perms;
|
|
allow unconfineddomain domain:{ fifo_file file } rw_file_perms;
|
|
allow unconfineddomain domain:socket_class_set *;
|
|
allow unconfineddomain domain:ipc_class_set *;
|
|
allow unconfineddomain domain:key *;
|
|
allow unconfineddomain fs_type:filesystem *;
|
|
allow unconfineddomain {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } *;
|
|
allow unconfineddomain {fs_type dev_type file_type}:{ chr_file file } ~entrypoint;
|
|
allow unconfineddomain node_type:node *;
|
|
allow unconfineddomain node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
|
|
allow unconfineddomain netif_type:netif *;
|
|
allow unconfineddomain port_type:socket_class_set name_bind;
|
|
allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect;
|
|
allow unconfineddomain domain:peer recv;
|
|
allow unconfineddomain domain:binder { call transfer set_context_mgr };
|
|
allow unconfineddomain property_type:property_service set;
|