Hi all !
I just researching policy in selinux, and I am facing an issue when transition domain. I want change domain from unconfined_t to staff_t domain.(when process of type unconfined_t execute file of type xuantoan_t : type_transition unconfined_t xuantoan_t : process staff_t;). since process of type unconfined_t can access file of type toanxt_t through staff_t domain.
policy_module(toanxt, 1.0.0);
require{
type unconfined_t;
type starr_t;
class process transition;
}
type toanxt_t;
type xuantoan_t;
type toanxt_exec_t;
allow staff_t toanxt_exec_t : file { excute_no_trans excute open write getattr read};
allow staff_t toanxt_t : file { excute_no_trans excute open write getattr read};
type_transition unconfined_t xuantoan_t : process staff_t;
allow unconfined_t xuantoan_t : file { execute };
allow staff_t xuantoan_t : file entrypoint;
allow unconfined_t staff_t : process transition;
but after compile and insert, process of type unconfined_t not access file of type toanxt_t. I don't know why, look forward your help!
Thanks !
--
Mr.Toan-Cu XuanSchool of Electronics and Telecommunications
Hanoi University of Science and Technology
1 Dai Co Viet, Ha noi, Viet nam.
Phone: 01656228762
Email:xuantoanbkfet@gmail.com