summaryrefslogtreecommitdiff
path: root/jni/iodine/doc/iodine.te
diff options
context:
space:
mode:
Diffstat (limited to 'jni/iodine/doc/iodine.te')
-rw-r--r--jni/iodine/doc/iodine.te25
1 files changed, 25 insertions, 0 deletions
diff --git a/jni/iodine/doc/iodine.te b/jni/iodine/doc/iodine.te
new file mode 100644
index 0000000..9749f03
--- /dev/null
+++ b/jni/iodine/doc/iodine.te
@@ -0,0 +1,25 @@
+# Sample post-initialization SELinux policy for Iodine
+policy_module(iodine, 1.1)
+
+require {
+ type init_t;
+ type initrc_t;
+ type unconfined_t;
+ type unlabeled_t;
+ class udp_socket { read write };
+ class rawip_socket { write read };
+ class association recvfrom;
+ class unix_dgram_socket { create connect };
+}
+
+type iodine_t;
+domain_type(iodine_t)
+domain_dyntrans_type(initrc_t)
+allow initrc_t iodine_t:process dyntransition;
+
+allow iodine_t unconfined_t:udp_socket { read write };
+allow iodine_t unconfined_t:rawip_socket { write read };
+allow iodine_t unlabeled_t:association recvfrom;
+allow iodine_t self:unix_dgram_socket { create connect };
+corenet_raw_receive_generic_node(iodine_t)
+corenet_rw_tun_tap_dev(iodine_t)