| Jiyong Park | c99fde9 | 2022-12-05 14:11:24 +0900 | [diff] [blame] | 1 | typeattribute su coredomain; |
| Inseob Kim | e138997 | 2021-07-19 07:48:34 +0000 | [diff] [blame] | 2 | |
| Jiyong Park | c99fde9 | 2022-12-05 14:11:24 +0900 | [diff] [blame] | 3 | # su is also permissive to permit setenforce. |
| 4 | permissive su; |
| Inseob Kim | 9bad60c | 2024-03-28 15:23:18 +0900 | [diff] [blame] | 5 | |
| 6 | # Add su to various domains |
| 7 | dontaudit su self:capability_class_set *; |
| 8 | dontaudit su self:capability2 *; |
| 9 | dontaudit su kernel:security *; |
| 10 | dontaudit su { kernel file_type }:system *; |
| 11 | dontaudit su self:memprotect *; |
| 12 | dontaudit su domain:{ process process2 } *; |
| 13 | dontaudit su domain:fd *; |
| 14 | dontaudit su domain:dir *; |
| 15 | dontaudit su domain:lnk_file *; |
| 16 | dontaudit su domain:{ fifo_file file } *; |
| 17 | dontaudit su domain:socket_class_set *; |
| 18 | dontaudit su domain:ipc_class_set *; |
| 19 | dontaudit su domain:key *; |
| 20 | dontaudit su fs_type:filesystem *; |
| 21 | dontaudit su {fs_type dev_type file_type}:dir_file_class_set *; |
| 22 | dontaudit su node_type:node *; |
| 23 | dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *; |
| 24 | dontaudit su netif_type:netif *; |
| 25 | dontaudit su port_type:socket_class_set *; |
| 26 | dontaudit su port_type:{ tcp_socket dccp_socket } *; |
| 27 | dontaudit su domain:peer *; |
| 28 | dontaudit su domain:binder *; |
| 29 | dontaudit su property_type:property_service *; |
| 30 | dontaudit su property_type:file *; |
| 31 | dontaudit su domain:drmservice *; |
| 32 | dontaudit su unlabeled:filesystem *; |
| 33 | dontaudit su domain:bpf *; |
| 34 | dontaudit su unlabeled:vsock_socket *; |
| 35 | dontaudit su self:perf_event *; |