update for xml changes

This commit is contained in:
Chris PeBenito 2005-07-01 16:39:21 +00:00
parent a7a9799d79
commit 16e8e265b2

View File

@ -51,22 +51,36 @@ the /tmp directory.
</p> </p>
<h3>Module IF Policy</h3> <h3>Module IF Policy</h3>
<p> <p>
The interface file creates the macros that other modules will use to gain access to my resources. This allows the module that created the type or attribute to define appropriate uses. Additionally, it provides a single point for documentation. Create myapp.if and add the following: The interface file creates the macros that other modules will use to gain access
to my resources. This allows the module that created the type or attribute to
define appropriate uses. Additionally, it provides a single point for
documentation. Create myapp.if and add the following:
<div id="codeblock"> <div id="codeblock">
<pre> <pre>
## &lt;module name="myapp" layer="apps"&gt;
## &lt;summary&gt;Myapp example policy&lt;/summary&gt; ## &lt;summary&gt;Myapp example policy&lt;/summary&gt;
## &lt;description&gt;More descriptive text about myapp&lt;/description&gt; ## &lt;desc&gt;
## &lt;p&gt;
## More descriptive text about myapp. The &lt;desc&gt;
## tag can also use &lt;p&gt;, &lt;ul&gt;, and &lt;ol&gt;
## html tags for formatting.
## &lt;/p&gt;
## &lt;p&gt;
## This policy supports the following myapp features:
## &lt;ul&gt;
## &lt;li&gt;Feature A&lt;/li&gt;
## &lt;li&gt;Feature B&lt;/li&gt;
## &lt;li&gt;Feature C&lt;/li&gt;
## &lt;/ul&gt;
## &lt;/p&gt;
## &lt;/desc&gt;
## &lt;interface name="myapp_domtrans"&gt;
## &lt;summary&gt; ## &lt;summary&gt;
## Execute a domain transition to run myapp. ## Execute a domain transition to run myapp.
## &lt;/summary&gt; ## &lt;/summary&gt;
## &lt;parameter name="domain"&gt; ## &lt;param name="domain"&gt;
## Domain allowed to transition. ## Domain allowed to transition.
## &lt;/parameter&gt; ## &lt;/param&gt;
## &lt;/interface&gt; interface(`myapp_domtrans',`
define(`myapp_domtrans',`
gen_requires(` gen_requires(`
type myapp_t, myapp_exec_t; type myapp_t, myapp_exec_t;
class fd use; class fd use;
@ -82,15 +96,13 @@ define(`myapp_domtrans',`
allow $1 myapp_t:process sigchld; allow $1 myapp_t:process sigchld;
') ')
## &lt;interface name="myapp_read_log"&gt;
## &lt;summary&gt; ## &lt;summary&gt;
## Read myapp log files. ## Read myapp log files.
## &lt;/summary&gt; ## &lt;/summary&gt;
## &lt;parameter name="domain"&gt; ## &lt;param name="domain"&gt;
## Domain allowed to read the log files. ## Domain allowed to read the log files.
## &lt;/parameter&gt; ## &lt;/param&gt;
## &lt;/interface&gt; interface(`myapp_read_log',`
define(`myapp_read_log',`
gen_requires(` gen_requires(`
type myapp_log_t; type myapp_log_t;
class file r_file_perms; class file r_file_perms;
@ -99,8 +111,6 @@ define(`myapp_read_log',`
logging_search_logs($1) logging_search_logs($1)
allow $1 myapp_log_t:file r_file_perms; allow $1 myapp_log_t:file r_file_perms;
') ')
## &lt;/module&gt;
</pre> </pre>
</div> </div>
<p> <p>