selinux-policy/refpolicy/policy/modules/kernel/mls.te

88 lines
2.0 KiB
Plaintext
Raw Normal View History

2005-09-26 20:26:32 +00:00
2005-12-13 20:38:19 +00:00
policy_module(mls,1.1.1)
2005-09-26 20:26:32 +00:00
########################################
#
# Declarations
#
attribute mlsfileread;
attribute mlsfilereadtoclr;
attribute mlsfilewrite;
attribute mlsfilewritetoclr;
attribute mlsfileupgrade;
attribute mlsfiledowngrade;
attribute mlsnetread;
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
attribute mlsnetwritetoclr;
attribute mlsnetupgrade;
attribute mlsnetdowngrade;
attribute mlsnetrecvall;
attribute mlsipcread;
attribute mlsipcreadtoclr;
attribute mlsipcwrite;
attribute mlsipcwritetoclr;
attribute mlsprocread;
attribute mlsprocreadtoclr;
attribute mlsprocwrite;
attribute mlsprocwritetoclr;
attribute mlsprocsetsl;
attribute mlsxwinread;
attribute mlsxwinreadtoclr;
attribute mlsxwinwrite;
attribute mlsxwinwritetoclr;
attribute mlsxwinupgrade;
attribute mlsxwindowngrade;
attribute mlstrustedobject;
attribute privrangetrans;
attribute mlsrangetrans;
########################################
#
# THIS IS A HACK
#
# Only the base module can have range_transitions, so we
# temporarily have to break encapsulation to work around this.
#
2005-12-13 20:38:19 +00:00
type crond_exec_t;
2005-10-23 22:10:59 +00:00
type cupsd_exec_t;
type getty_t;
2005-10-21 17:55:15 +00:00
type init_t;
type init_exec_t;
type initrc_t;
2005-12-02 22:06:05 +00:00
type initrc_exec_t;
2005-12-13 20:38:19 +00:00
type login_exec_t;
2005-10-18 15:07:11 +00:00
type sshd_exec_t;
type su_exec_t;
type udev_exec_t;
type unconfined_t;
2005-10-21 17:55:15 +00:00
type xdm_exec_t;
2005-10-21 17:55:15 +00:00
ifdef(`enable_mcs',`
range_transition getty_t login_exec_t s0 - s0:c0.c255;
2005-10-21 17:55:15 +00:00
range_transition init_t xdm_exec_t s0 - s0:c0.c255;
2005-12-13 20:38:19 +00:00
range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
2005-10-23 22:10:59 +00:00
range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
range_transition initrc_t udev_exec_t s0 - s0:c0.c255;
2005-10-21 17:55:15 +00:00
range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
2005-10-28 15:09:03 +00:00
# these might be targeted_policy only
2005-10-21 17:55:15 +00:00
range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
2005-10-28 15:12:23 +00:00
range_transition unconfined_t initrc_exec_t s0;
')
2005-10-21 17:55:15 +00:00
ifdef(`enable_mls',`
# run init with maximum MLS range
2005-10-24 14:22:13 +00:00
range_transition kernel_t init_exec_t s0 - s15:c0.c255;
')