Skip to content
Snippets Groups Projects
Select Git revision
  • poly-speedup
  • master default protected
  • debug-partition-size
  • wta-generator
  • fixes
  • bench-hex
  • ci-artifacts
  • new-monoids
  • stack
  • sumbag
  • tutorial
  • web
  • features/disable-sanity
  • ghc-8.4.4
  • linux-bin-artifacts
  • syntax-doc
  • ci-stack
  • rationals
  • double-round
  • init-time
  • group-weight
21 results

valmari-fig3

Blame
  • incident_helper.te 614 B
    typeattribute incident_helper coredomain;
    
    type incident_helper_exec, exec_type, file_type;
    
    # switch to incident_helper domain for incident_helper command
    domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
    
    # use pipe to transmit data from/to incidentd/incident_helper for parsing
    allow incident_helper { shell incident incidentd }:fd use;
    allow incident_helper { shell incident incidentd }:fifo_file { getattr read write };
    
    # only allow incidentd and shell to call incident_helper
    neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };