selinux-policy/refpolicy/policy/modules/system/files.te

170 lines
3.7 KiB
Plaintext
Raw Normal View History

2005-04-20 19:07:16 +00:00
policy_module(files,1.0)
2005-06-30 18:54:08 +00:00
########################################
#
# Declarations
#
2005-04-14 20:18:17 +00:00
attribute file_type;
2005-10-24 00:54:39 +00:00
# cjp: should handle this different
allow file_type self:filesystem associate;
2005-04-14 20:18:17 +00:00
attribute lockfile;
2005-05-23 15:49:31 +00:00
attribute mountpoint;
2005-04-14 20:18:17 +00:00
attribute pidfile;
2005-09-19 21:17:45 +00:00
# For labeling types that are to be polyinstantiated
attribute polydir;
2005-10-24 18:40:24 +00:00
# this is a hack and should be changed
attribute usercanread;
2005-09-19 21:17:45 +00:00
# And for labeling the parent directories of those polyinstantiated directories
# This is necessary for remounting the original in the parent to give
# security aware apps access
attribute polyparent;
# And labeling for the member directories
attribute polymember;
# sensitive security files whose accesses should
# not be dontaudited for uses
attribute security_file_type;
2005-04-14 20:18:17 +00:00
attribute tmpfile;
2005-05-23 15:49:31 +00:00
attribute tmpfsfile;
2005-04-14 20:18:17 +00:00
# default_t is the default type for files that do not
# match any specification in the file_contexts configuration
# other than the generic /.* specification.
2005-04-28 21:41:09 +00:00
type default_t, file_type, mountpoint;
2005-06-08 13:12:00 +00:00
fs_associate(default_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(default_t)
2005-04-14 20:18:17 +00:00
#
# etc_t is the type of the system etc directories.
#
type etc_t, file_type;
2005-06-08 13:12:00 +00:00
fs_associate(etc_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(etc_t)
2005-04-14 20:18:17 +00:00
#
# etc_runtime_t is the type of various
# files in /etc that are automatically
# generated during initialization.
#
type etc_runtime_t, file_type;
2005-06-08 13:12:00 +00:00
fs_associate(etc_runtime_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(etc_runtime_t)
2005-04-14 20:18:17 +00:00
#
# file_t is the default type of a file that has not yet been
# assigned an extended attribute (EA) value (when using a filesystem
# that supports EAs).
#
2005-04-28 21:41:09 +00:00
type file_t, file_type, mountpoint;
2005-06-08 13:12:00 +00:00
fs_associate(file_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(file_t)
kernel_rootfs_mountpoint(file_t)
sid file gen_context(system_u:object_r:file_t,s0)
2005-04-14 20:18:17 +00:00
#
# home_root_t is the type for the directory where user home directories
# are created
#
2005-09-13 13:06:07 +00:00
type home_root_t, file_type, mountpoint; #, polyparent
2005-06-08 13:12:00 +00:00
fs_associate(home_root_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(home_root_t)
2005-04-14 20:18:17 +00:00
#
# lost_found_t is the type for the lost+found directories.
#
type lost_found_t, file_type;
2005-06-08 13:12:00 +00:00
fs_associate(lost_found_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(lost_found_t)
2005-04-14 20:18:17 +00:00
#
# mnt_t is the type for mount points such as /mnt/cdrom
#
2005-04-28 21:41:09 +00:00
type mnt_t, file_type, mountpoint;
2005-06-08 13:12:00 +00:00
fs_associate(mnt_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(mnt_t)
2005-04-14 20:18:17 +00:00
type no_access_t, file_type;
2005-06-08 13:12:00 +00:00
fs_associate(no_access_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(no_access_t)
type poly_t, file_type;
2005-06-08 13:12:00 +00:00
fs_associate(poly_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(poly_t)
type readable_t, file_type;
2005-06-08 13:12:00 +00:00
fs_associate(readable_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(readable_t)
2005-04-28 21:41:09 +00:00
#
# root_t is the type for rootfs and the root directory.
#
2005-09-13 13:06:07 +00:00
type root_t, file_type, mountpoint; #, polyparent
2005-06-08 13:12:00 +00:00
fs_associate(root_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(root_t)
kernel_rootfs_mountpoint(root_t)
genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
2005-04-28 21:41:09 +00:00
2005-04-14 20:18:17 +00:00
#
# src_t is the type of files in the system src directories.
#
2005-09-13 13:06:07 +00:00
type src_t, file_type, mountpoint;
2005-06-08 13:12:00 +00:00
fs_associate(src_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(src_t)
2005-04-14 20:18:17 +00:00
#
# tmp_t is the type of the temporary directories
#
2005-10-25 20:06:27 +00:00
type tmp_t, mountpoint; #, polydir
files_tmp_file(tmp_t)
2005-04-14 20:18:17 +00:00
#
# usr_t is the type for /usr.
#
2005-04-28 21:41:09 +00:00
type usr_t, file_type, mountpoint;
2005-06-08 13:12:00 +00:00
fs_associate(usr_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(usr_t)
2005-04-14 20:18:17 +00:00
#
# var_t is the type of /var
#
2005-04-28 21:41:09 +00:00
type var_t, file_type, mountpoint;
2005-06-08 13:12:00 +00:00
fs_associate(var_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(var_t)
2005-04-14 20:18:17 +00:00
#
# var_lib_t is the type of /var/lib
#
2005-07-20 17:36:48 +00:00
type var_lib_t, file_type, mountpoint;
2005-06-08 13:12:00 +00:00
fs_associate(var_lib_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(var_lib_t)
2005-04-14 20:18:17 +00:00
#
# var_lock_t is tye type of /var/lock
#
type var_lock_t, file_type, lockfile;
2005-06-08 13:12:00 +00:00
fs_associate(var_lock_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(var_lock_t)
2005-04-14 20:18:17 +00:00
#
# var_run_t is the type of /var/run, usually
# used for pid and other runtime files.
#
type var_run_t, file_type, pidfile;
2005-06-08 13:12:00 +00:00
fs_associate(var_run_t)
2005-06-10 01:01:13 +00:00
fs_associate_noxattr(var_run_t)
2005-04-14 20:18:17 +00:00
#
# var_spool_t is the type of /var/spool
#
2005-10-25 20:06:27 +00:00
type var_spool_t;
files_tmp_file(var_spool_t)