2005-09-26 20:26:32 +00:00
|
|
|
## <summary>Multilevel security policy</summary>
|
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## This module contains interfaces for handling multilevel
|
|
|
|
## security. The interfaces allow the specified subjects
|
|
|
|
## and objects to be allowed certain privileges in the
|
|
|
|
## MLS rules.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
|
|
|
## <required val="true">
|
|
|
|
## Contains attributes used in MLS policy.
|
|
|
|
## </required>
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
2007-08-20 15:15:03 +00:00
|
|
|
## for reading from files up to its clearance.
|
2005-09-26 20:26:32 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
2006-09-06 22:07:25 +00:00
|
|
|
## <rolecap/>
|
2005-09-26 20:26:32 +00:00
|
|
|
#
|
2007-08-20 15:15:03 +00:00
|
|
|
interface(`mls_file_read_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsfilereadtoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfilereadtoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from files at all levels. (Deprecated)
|
|
|
|
## </summary>
|
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from files at all levels.
|
|
|
|
## </p>
|
|
|
|
## <p>
|
|
|
|
## This interface has been deprecated, please use
|
|
|
|
## mls_file_read_all_levels() instead.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2005-09-26 20:26:32 +00:00
|
|
|
interface(`mls_file_read_up',`
|
2007-08-20 18:26:08 +00:00
|
|
|
refpolicywarn(`$0($*) has been deprecated, please use mls_file_read_all_levels() instead.')
|
2007-08-20 15:15:03 +00:00
|
|
|
mls_file_read_all_levels($1)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from files at all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_file_read_all_levels',`
|
2005-09-26 20:26:32 +00:00
|
|
|
gen_require(`
|
|
|
|
attribute mlsfileread;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfileread;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
2007-08-20 15:15:03 +00:00
|
|
|
## for write to files up to its clearance.
|
2005-09-26 20:26:32 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
2006-09-06 22:07:25 +00:00
|
|
|
## <rolecap/>
|
2005-09-26 20:26:32 +00:00
|
|
|
#
|
2007-08-20 15:15:03 +00:00
|
|
|
interface(`mls_file_write_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsfilewritetoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfilewritetoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to files at all levels. (Deprecated)
|
|
|
|
## </summary>
|
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to files at all levels.
|
|
|
|
## </p>
|
|
|
|
## <p>
|
|
|
|
## This interface has been deprecated, please use
|
|
|
|
## mls_file_write_all_levels() instead.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
2005-09-26 20:26:32 +00:00
|
|
|
interface(`mls_file_write_down',`
|
2007-08-20 18:26:08 +00:00
|
|
|
refpolicywarn(`$0($*) has been deprecated, please use mls_file_write_all_levels() instead.')
|
2007-08-20 15:15:03 +00:00
|
|
|
mls_file_write_all_levels($1)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to files at all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_file_write_all_levels',`
|
2005-09-26 20:26:32 +00:00
|
|
|
gen_require(`
|
|
|
|
attribute mlsfilewrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfilewrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for raising the level of files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
2006-09-06 22:07:25 +00:00
|
|
|
## <rolecap/>
|
2005-09-26 20:26:32 +00:00
|
|
|
#
|
|
|
|
interface(`mls_file_upgrade',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsfileupgrade;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfileupgrade;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for lowering the level of files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
2006-09-06 22:07:25 +00:00
|
|
|
## <rolecap/>
|
2005-09-26 20:26:32 +00:00
|
|
|
#
|
|
|
|
interface(`mls_file_downgrade',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsfiledowngrade;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfiledowngrade;
|
|
|
|
')
|
|
|
|
|
2006-11-01 15:42:22 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain trusted to
|
|
|
|
## be written to within its MLS range.
|
|
|
|
## The subject's MLS range must be a
|
|
|
|
## proper subset of the object's MLS range.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-11-01 15:42:22 +00:00
|
|
|
#
|
|
|
|
interface(`mls_file_write_within_range',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsfilewriteinrange;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfilewriteinrange;
|
|
|
|
')
|
|
|
|
|
2006-03-15 16:27:39 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from sockets at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_socket_read_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsnetread;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsnetread;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from sockets at any level
|
|
|
|
## that is dominated by the process clearance.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_socket_read_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsnetreadtoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsnetreadtoclr;
|
|
|
|
')
|
|
|
|
|
2007-08-20 15:15:03 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to sockets up to
|
|
|
|
## its clearance.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_socket_write_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsnetwritetoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsnetwritetoclr;
|
|
|
|
')
|
|
|
|
|
2006-03-15 16:27:39 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to sockets at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_socket_write_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsnetwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsnetwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for receiving network data from
|
|
|
|
## network interfaces or hosts at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_net_receive_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsnetrecvall;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsnetrecvall;
|
|
|
|
')
|
|
|
|
|
2007-08-24 14:14:29 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain trusted to
|
|
|
|
## write to network objects within its MLS range.
|
|
|
|
## The subject's MLS range must be a
|
|
|
|
## proper subset of the object's MLS range.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_net_write_within_range',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsnetwriteranged;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsnetwriteranged;
|
|
|
|
')
|
|
|
|
|
2007-08-20 15:15:03 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from System V IPC objects
|
|
|
|
## up to its clearance.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_sysvipc_read_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsipcreadtoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsipcreadtoclr;
|
|
|
|
')
|
|
|
|
|
2006-03-15 16:27:39 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from System V IPC objects
|
|
|
|
## at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_sysvipc_read_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsipcread;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsipcread;
|
|
|
|
')
|
|
|
|
|
2007-08-20 15:15:03 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to System V IPC objects
|
|
|
|
## up to its clearance.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_sysvipc_write_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsipcwritetoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsipcwritetoclr;
|
|
|
|
')
|
|
|
|
|
2006-03-15 16:27:39 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to System V IPC objects
|
|
|
|
## at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_sysvipc_write_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsipcwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsipcwrite;
|
|
|
|
')
|
|
|
|
|
2005-09-26 20:26:32 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Allow the specified domain to do a MLS
|
|
|
|
## range transition that changes
|
|
|
|
## the current level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`mls_rangetrans_source',`
|
|
|
|
gen_require(`
|
|
|
|
attribute privrangetrans;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 privrangetrans;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain a target domain
|
|
|
|
## for MLS range transitions that change
|
|
|
|
## the current level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`mls_rangetrans_target',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsrangetrans;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsrangetrans;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
2007-08-20 15:15:03 +00:00
|
|
|
## for reading from processes up to
|
|
|
|
## its clearance.
|
2005-09-26 20:26:32 +00:00
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_process_read_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsprocreadtoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsprocreadtoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from processes at all levels. (Deprecated)
|
|
|
|
## </summary>
|
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from processes at all levels.
|
|
|
|
## </p>
|
|
|
|
## <p>
|
|
|
|
## This interface has been deprecated, please use
|
|
|
|
## mls_process_read_all_levels() instead.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2005-09-26 20:26:32 +00:00
|
|
|
#
|
|
|
|
interface(`mls_process_read_up',`
|
2007-08-20 15:15:03 +00:00
|
|
|
# refpolicywarn(`$0($*) has been deprecated, please use mls_process_read_all_levels() instead.')
|
|
|
|
mls_process_read_all_levels($1)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from processes at all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_process_read_all_levels',`
|
2005-09-26 20:26:32 +00:00
|
|
|
gen_require(`
|
|
|
|
attribute mlsprocread;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsprocread;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
2007-08-20 15:15:03 +00:00
|
|
|
## for writing to processes up to
|
|
|
|
## its clearance.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_process_write_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsprocwritetoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsprocwritetoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to processes at all levels. (Deprecated)
|
2005-09-26 20:26:32 +00:00
|
|
|
## </summary>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to processes at all levels.
|
|
|
|
## </p>
|
|
|
|
## <p>
|
|
|
|
## This interface has been deprecated, please use
|
|
|
|
## mls_process_write_all_levels() instead.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
2005-09-26 20:26:32 +00:00
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`mls_process_write_down',`
|
2007-08-20 15:15:03 +00:00
|
|
|
# refpolicywarn(`$0($*) has been deprecated, please use mls_process_write_all_levels() instead.')
|
|
|
|
mls_process_write_all_levels($1)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to processes at all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_process_write_all_levels',`
|
2005-09-26 20:26:32 +00:00
|
|
|
gen_require(`
|
|
|
|
attribute mlsprocwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsprocwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for setting the level of processes
|
|
|
|
## it executes.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2006-03-15 16:27:39 +00:00
|
|
|
## Domain allowed access.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2005-09-26 20:26:32 +00:00
|
|
|
#
|
|
|
|
interface(`mls_process_set_level',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsprocsetsl;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsprocsetsl;
|
|
|
|
')
|
|
|
|
|
2008-04-01 20:23:23 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from X objects up to its clearance.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_xwin_read_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsxwinreadtoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsxwinreadtoclr;
|
|
|
|
')
|
|
|
|
|
2006-03-15 16:27:39 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from X objects at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_xwin_read_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsxwinread;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsxwinread;
|
|
|
|
')
|
|
|
|
|
2008-04-01 20:23:23 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for write to X objects up to its clearance.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_xwin_write_to_clearance',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsxwinwritetoclr;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsxwinwritetoclr;
|
|
|
|
')
|
|
|
|
|
2006-03-15 16:27:39 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to X objects at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_xwin_write_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsxwinwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsxwinwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from X colormaps at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_colormap_read_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsxwinreadcolormap;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsxwinreadcolormap;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to X colormaps at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-03-15 16:27:39 +00:00
|
|
|
#
|
|
|
|
interface(`mls_colormap_write_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsxwinwritecolormap;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsxwinwritecolormap;
|
|
|
|
')
|
2005-09-26 20:26:32 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified object MLS trusted.
|
|
|
|
## </summary>
|
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## Make specified object MLS trusted. This
|
|
|
|
## allows all levels to read and write the
|
|
|
|
## object.
|
|
|
|
## </p>
|
|
|
|
## <p>
|
|
|
|
## This currently only applies to filesystem
|
|
|
|
## objects, for example, files and directories.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
|
|
|
## <param name="domain">
|
2006-02-10 18:41:53 +00:00
|
|
|
## <summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## The type of the object.
|
2006-02-10 18:41:53 +00:00
|
|
|
## </summary>
|
2005-09-26 20:26:32 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`mls_trusted_object',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlstrustedobject;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlstrustedobject;
|
|
|
|
')
|
2006-09-15 19:05:03 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make the specified domain trusted
|
|
|
|
## to inherit and use file descriptors
|
|
|
|
## from all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-09-15 19:05:03 +00:00
|
|
|
#
|
|
|
|
interface(`mls_fd_use_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsfduse;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfduse;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make the file descriptors from the
|
|
|
|
## specifed domain inheritable by
|
|
|
|
## all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-09-15 19:05:03 +00:00
|
|
|
#
|
|
|
|
interface(`mls_fd_share_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsfdshare;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsfdshare;
|
|
|
|
')
|
2006-10-20 14:44:23 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for translating contexts at all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2006-10-20 14:44:23 +00:00
|
|
|
#
|
|
|
|
interface(`mls_context_translate_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlstranslate;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlstranslate;
|
|
|
|
')
|
2007-08-09 13:15:07 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for reading from databases at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2007-08-09 13:15:07 +00:00
|
|
|
#
|
|
|
|
interface(`mls_db_read_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsdbread;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsdbread;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for writing to databases at any level.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2007-08-09 13:15:07 +00:00
|
|
|
#
|
|
|
|
interface(`mls_db_write_all_levels',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsdbwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsdbwrite;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for raising the level of databases.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2007-08-09 13:15:07 +00:00
|
|
|
#
|
|
|
|
interface(`mls_db_upgrade',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsdbupgrade;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsdbupgrade;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for lowering the level of databases.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2007-08-20 15:15:03 +00:00
|
|
|
## <rolecap/>
|
2007-08-09 13:15:07 +00:00
|
|
|
#
|
|
|
|
interface(`mls_db_downgrade',`
|
|
|
|
gen_require(`
|
|
|
|
attribute mlsdbdowngrade;
|
|
|
|
')
|
|
|
|
|
|
|
|
typeattribute $1 mlsdbdowngrade;
|
|
|
|
')
|
2008-01-03 20:37:25 +00:00
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for sending dbus messages to
|
|
|
|
## all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_dbus_send_all_levels',`
|
2008-12-03 18:33:19 +00:00
|
|
|
gen_require(`
|
|
|
|
attribute mlsdbussend;
|
|
|
|
')
|
2008-01-03 20:37:25 +00:00
|
|
|
|
|
|
|
typeattribute $1 mlsdbussend;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Make specified domain MLS trusted
|
|
|
|
## for receiving dbus messages from
|
|
|
|
## all levels.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`mls_dbus_recv_all_levels',`
|
2008-12-03 18:33:19 +00:00
|
|
|
gen_require(`
|
|
|
|
attribute mlsdbusrecv;
|
|
|
|
')
|
2008-01-03 20:37:25 +00:00
|
|
|
|
|
|
|
typeattribute $1 mlsdbusrecv;
|
|
|
|
')
|