selinux-policy/refpolicy/policy/modules/kernel/mls.te

70 lines
1.5 KiB
Plaintext
Raw Normal View History

2005-09-26 20:26:32 +00:00
policy_module(mls,1.3.1)
2005-09-26 20:26:32 +00:00
########################################
#
# Declarations
#
attribute mlsfileread;
attribute mlsfilereadtoclr;
attribute mlsfilewrite;
attribute mlsfilewritetoclr;
attribute mlsfileupgrade;
attribute mlsfiledowngrade;
attribute mlsnetread;
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
attribute mlsnetwritetoclr;
attribute mlsnetupgrade;
attribute mlsnetdowngrade;
attribute mlsnetrecvall;
attribute mlsipcread;
attribute mlsipcreadtoclr;
attribute mlsipcwrite;
attribute mlsipcwritetoclr;
attribute mlsprocread;
attribute mlsprocreadtoclr;
attribute mlsprocwrite;
attribute mlsprocwritetoclr;
attribute mlsprocsetsl;
attribute mlsxwinread;
attribute mlsxwinreadtoclr;
attribute mlsxwinwrite;
attribute mlsxwinwritetoclr;
2006-01-06 22:51:40 +00:00
attribute mlsxwinreadproperty;
attribute mlsxwinwriteproperty;
attribute mlsxwinreadcolormap;
attribute mlsxwinwritecolormap;
attribute mlsxwinwritexinput;
2005-09-26 20:26:32 +00:00
attribute mlstrustedobject;
attribute privrangetrans;
attribute mlsrangetrans;
########################################
#
# THIS IS A HACK
#
# Only the base module can have range_transitions, so we
# temporarily have to break encapsulation to work around this.
# Other types are declared in the mcs module.
#
type lvm_exec_t;
type run_init_t;
type setrans_exec_t;
2005-10-21 17:55:15 +00:00
ifdef(`enable_mls',`
2006-01-17 17:50:10 +00:00
range_transition initrc_t auditd_exec_t s15:c0.c255;
range_transition kernel_t init_exec_t s0 - s15:c0.c255;
range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
range_transition initrc_t setrans_exec_t s15:c0.c255;
range_transition run_init_t initrc_exec_t s0 - s15:c0.c255;
')