import code

author: Yves Fischer <yvesf-git@xapek.org> 2014-01-11 18:44:50 +0100
committer: Yves Fischer <yvesf-git@xapek.org> 2014-01-11 18:48:48 +0100
commit: 002a2c3e1d0f091a48f8cc3eb7dce519870debaf (patch)
tree: 64140ef20603bcf66dc33b8f2c5416d006547cb1 /jni/iodine/doc/iodine.te
download: andiodine-002a2c3e1d0f091a48f8cc3eb7dce519870debaf.tar.gz
andiodine-002a2c3e1d0f091a48f8cc3eb7dce519870debaf.zip
1 files changed, 25 insertions, 0 deletions
diff --git a/jni/iodine/doc/iodine.te b/jni/iodine/doc/iodine.te
new file mode 100644
index 0000000..9749f03
--- /dev/null
+++ b/jni/iodine/doc/iodine.te
@@ -0,0 +1,25 @@
+# Sample post-initialization SELinux policy for Iodine
+policy_module(iodine, 1.1)
+
+require {
+	type init_t;
+	type initrc_t;
+	type unconfined_t;
+	type unlabeled_t;
+	class udp_socket { read write };
+	class rawip_socket { write read };
+	class association recvfrom;
+	class unix_dgram_socket { create connect };
+}
+
+type iodine_t;
+domain_type(iodine_t)
+domain_dyntrans_type(initrc_t)
+allow initrc_t iodine_t:process dyntransition;
+
+allow iodine_t unconfined_t:udp_socket { read write };
+allow iodine_t unconfined_t:rawip_socket { write read };
+allow iodine_t unlabeled_t:association recvfrom;
+allow iodine_t self:unix_dgram_socket { create connect };
+corenet_raw_receive_generic_node(iodine_t)
+corenet_rw_tun_tap_dev(iodine_t)
author	Yves Fischer <yvesf-git@xapek.org>	2014-01-11 18:44:50 +0100
committer	Yves Fischer <yvesf-git@xapek.org>	2014-01-11 18:48:48 +0100
commit	002a2c3e1d0f091a48f8cc3eb7dce519870debaf (patch)
tree	64140ef20603bcf66dc33b8f2c5416d006547cb1 /jni/iodine/doc/iodine.te
download	andiodine-002a2c3e1d0f091a48f8cc3eb7dce519870debaf.tar.gz andiodine-002a2c3e1d0f091a48f8cc3eb7dce519870debaf.zip