| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # debugger interface |
| 2 | type debuggerd, domain; |
| 3 | type debuggerd_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(debuggerd) |
| 6 | typeattribute debuggerd mlstrustedsubject; |
| Stephen Smalley | 5f9917c | 2012-07-31 09:15:46 -0400 | [diff] [blame] | 7 | allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner }; |
| rpcraig | abd977a | 2012-08-10 06:25:52 -0400 | [diff] [blame] | 8 | allow debuggerd self:capability2 { syslog }; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 9 | allow debuggerd domain:dir r_dir_perms; |
| 10 | allow debuggerd domain:file r_file_perms; |
| 11 | allow debuggerd domain:process ptrace; |
| William Roberts | 7bb2a55 | 2013-04-04 13:17:36 -0700 | [diff] [blame] | 12 | security_access_policy(debuggerd) |
| Stephen Smalley | 5f9917c | 2012-07-31 09:15:46 -0400 | [diff] [blame] | 13 | allow debuggerd system_data_file:dir create_dir_perms; |
| 14 | allow debuggerd system_data_file:dir relabelfrom; |
| 15 | allow debuggerd tombstone_data_file:dir relabelto; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 16 | allow debuggerd tombstone_data_file:dir create_dir_perms; |
| 17 | allow debuggerd tombstone_data_file:file create_file_perms; |
| 18 | allow debuggerd domain:process { sigstop signal }; |
| 19 | allow debuggerd exec_type:file r_file_perms; |