Lines Matching refs:domain
615 mlsconstrain file { read } ((h1 dom h2) or ( t2 == domain ) or ( t1 == mlsfileread ));
631 attribute domain;
1235 neverallow domain ~domain:process { transition dyntransition };
1236 neverallow { domain -set_curr_context } self:process setcurrent;
1237 neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
1238 neverallow ~{ domain unlabeled_t } *:process *;
1397 typeattribute kernel_t domain;
1418 neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr;
1483 allow kernel_t domain:process signal;
1485 allow kernel_t domain:dir search;
1528 allow kernel_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } socket key_socket } *;
1529 allow kernel_t domain:fd use;
1530 allow kernel_t domain:fifo_file { getattr read write append ioctl lock };
1531 allow kernel_t domain:process ~{ transition dyntransition execmem execstack execheap };
1532 allow kernel_t domain:{ sem msgq shm } *;
1533 allow kernel_t domain:msg { send receive };
1534 allow kernel_t domain:dir { read getattr lock search ioctl };
1535 allow kernel_t domain:file { read getattr lock ioctl };
1536 allow kernel_t domain:lnk_file { read getattr lock ioctl };
1537 dontaudit kernel_t domain:dir { read getattr lock search ioctl };
1538 dontaudit kernel_t domain:lnk_file { read getattr lock ioctl };
1539 dontaudit kernel_t domain:file { read getattr lock ioctl };
1540 dontaudit kernel_t domain:sock_file { read getattr lock ioctl };
1541 dontaudit kernel_t domain:fifo_file { read getattr lock ioctl };
