rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

move all interfaces over to the interface macro. add traceback debugging info

This commit is contained in:
Chris PeBenito 2005-06-22 19:21:31 +00:00
parent cbc9d6951a
commit 199895e201
43 changed files with 762 additions and 727 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
refpolicy/Makefile
View File

@ -238,9 +238,9 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES)
done
$(QUIET) $(SETTUN) $(TUNABLES) >> $@
tmp/all_interfaces.conf: $(ALL_INTERFACES)
tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
@test -d tmp || mkdir -p tmp
$(QUIET) cat $^ > $@
$(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
tmp/all_te_files.conf: $(ALL_TE_FILES)
@test -d tmp || mkdir -p tmp

4
refpolicy/policy/modules/admin/consoletype.if
View File

@ -3,7 +3,7 @@
#
# consoletype_domtrans(domain)
#
define(`consoletype_domtrans',`
interface(`consoletype_domtrans',`
gen_require(`
type consoletype_t, consoletype_exec_t;
class process sigchld;
@ -24,7 +24,7 @@ define(`consoletype_domtrans',`
#
# consoletype_exec(domain)
#
define(`consoletype_exec',`
interface(`consoletype_exec',`
gen_require(`
type consoletype_exec_t;
')

4
refpolicy/policy/modules/admin/dmesg.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`dmesg_domtrans',`
interface(`dmesg_domtrans',`
gen_require(`
type dmesg_t, dmesg_exec_t;
class process sigchld;
@ -38,7 +38,7 @@ define(`dmesg_domtrans',`
## </parameter>
## </interface>
#
define(`dmesg_exec',`
interface(`dmesg_exec',`
gen_require(`
type dmesg_exec_t;
')

4
refpolicy/policy/modules/admin/netutils.if
View File

@ -3,7 +3,7 @@
#
# netutils_domtrans(domain)
#
define(`netutils_domtrans',`
interface(`netutils_domtrans',`
gen_require(`
type netutils_t, netutils_exec_t;
class process sigchld;
@ -23,7 +23,7 @@ define(`netutils_domtrans',`
#
# netutils_exec(domain)
#
define(`netutils_exec',`
interface(`netutils_exec',`
gen_require(`
type netutils_exec_t;
')

12
refpolicy/policy/modules/admin/rpm.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`rpm_domtrans',`
interface(`rpm_domtrans',`
gen_require(`
type rpm_t, rpm_exec_t;
class process sigchld;
@ -45,7 +45,7 @@ define(`rpm_domtrans',`
## </parameter>
## </interface>
#
define(`rpm_run',`
interface(`rpm_run',`
gen_require(`
type rpm_t, rpm_script_t;
class chr_file rw_term_perms;
@ -67,7 +67,7 @@ define(`rpm_run',`
## </parameter>
## </interface>
#
define(`rpm_use_fd',`
interface(`rpm_use_fd',`
gen_require(`
type rpm_t;
class fd use;
@ -86,7 +86,7 @@ define(`rpm_use_fd',`
## </parameter>
## </interface>
#
define(`rpm_read_pipe',`
interface(`rpm_read_pipe',`
gen_require(`
type rpm_t;
class fifo_file r_file_perms;
@ -105,7 +105,7 @@ define(`rpm_read_pipe',`
## </parameter>
## </interface>
#
define(`rpm_read_db',`
interface(`rpm_read_db',`
gen_require(`
type rpm_var_lib_t_t;
class dir r_dir_perms;
@ -122,7 +122,7 @@ define(`rpm_read_db',`
#
# rpm_manage_db(domain)
#
define(`rpm_manage_db',`
interface(`rpm_manage_db',`
gen_require(`
type rpm_var_lib_t_t;
class dir rw_dir_perms;

16
refpolicy/policy/modules/admin/usermanage.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`usermanage_domtrans_chfn',`
interface(`usermanage_domtrans_chfn',`
gen_require(`
type chfn_t, chfn_exec_t;
class process sigchld;
@ -46,7 +46,7 @@ define(`usermanage_domtrans_chfn',`
## </parameter>
## </interface>
#
define(`usermanage_run_chfn',`
interface(`usermanage_run_chfn',`
gen_require(`
type chfn_t;
class chr_file rw_term_perms;
@ -67,7 +67,7 @@ define(`usermanage_run_chfn',`
## </parameter>
## </interface>
#
define(`usermanage_domtrans_groupadd',`
interface(`usermanage_domtrans_groupadd',`
gen_require(`
type groupadd_t, groupadd_exec_t;
class process sigchld;
@ -102,7 +102,7 @@ define(`usermanage_domtrans_groupadd',`
## </parameter>
## </interface>
#
define(`usermanage_run_groupadd',`
interface(`usermanage_run_groupadd',`
gen_require(`
type groupadd_t;
class chr_file rw_term_perms;
@ -123,7 +123,7 @@ define(`usermanage_run_groupadd',`
## </parameter>
## </interface>
#
define(`usermanage_domtrans_passwd',`
interface(`usermanage_domtrans_passwd',`
gen_require(`
type passwd_t, passwd_exec_t;
class process sigchld;
@ -158,7 +158,7 @@ define(`usermanage_domtrans_passwd',`
## </parameter>
## </interface>
#
define(`usermanage_run_passwd',`
interface(`usermanage_run_passwd',`
gen_require(`
type passwd_t;
class chr_file rw_term_perms;
@ -179,7 +179,7 @@ define(`usermanage_run_passwd',`
## </parameter>
## </interface>
#
define(`usermanage_domtrans_useradd',`
interface(`usermanage_domtrans_useradd',`
gen_require(`
type useradd_t, useradd_exec_t;
class process sigchld;
@ -214,7 +214,7 @@ define(`usermanage_domtrans_useradd',`
## </parameter>
## </interface>
#
define(`usermanage_run_useradd',`
interface(`usermanage_run_useradd',`
gen_require(`
type useradd_t;
class chr_file rw_term_perms;

2
refpolicy/policy/modules/apps/gpg.if
View File

@ -24,7 +24,7 @@
## is the prefix for user_t).
## </parameter>
#
define(`gpg_per_userdomain_template',`
template(`gpg_per_userdomain_template',`
gen_require(`$0'_depend)
########################################

38
refpolicy/policy/modules/kernel/bootloader.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`bootloader_domtrans',`
interface(`bootloader_domtrans',`
gen_require(`
type bootloader_t;
class process sigchld;
@ -44,7 +44,7 @@ define(`bootloader_domtrans',`
## </parameter>
## </interface>
#
define(`bootloader_run',`
interface(`bootloader_run',`
gen_require(`
type bootloader_t;
class chr_file rw_file_perms;
@ -66,7 +66,7 @@ define(`bootloader_run',`
## </parameter>
## </interface>
#
define(`bootloader_search_boot_dir',`
interface(`bootloader_search_boot_dir',`
gen_require(`
type boot_t;
class dir search;
@ -85,7 +85,7 @@ define(`bootloader_search_boot_dir',`
## </parameter>
## </interface>
#
define(`bootloader_dontaudit_search_boot',`
interface(`bootloader_dontaudit_search_boot',`
gen_require(`
type boot_t;
class dir search;
@ -105,7 +105,7 @@ define(`bootloader_dontaudit_search_boot',`
## </parameter>
## </interface>
#
define(`bootloader_rw_boot_symlinks',`
interface(`bootloader_rw_boot_symlinks',`
gen_require(`
type boot_t;
class dir r_dir_perms;
@ -126,7 +126,7 @@ define(`bootloader_rw_boot_symlinks',`
## </parameter>
## </interface>
#
define(`bootloader_create_kernel',`
interface(`bootloader_create_kernel',`
gen_require(`
type boot_t;
class dir ra_dir_perms;
@ -149,7 +149,7 @@ define(`bootloader_create_kernel',`
## </parameter>
## </interface>
#
define(`bootloader_create_kernel_symbol_table',`
interface(`bootloader_create_kernel_symbol_table',`
gen_require(`
type boot_t, system_map_t;
class dir ra_dir_perms;
@ -170,7 +170,7 @@ define(`bootloader_create_kernel_symbol_table',`
## </parameter>
## </interface>
#
define(`bootloader_read_kernel_symbol_table',`
interface(`bootloader_read_kernel_symbol_table',`
gen_require(`
type boot_t, system_map_t;
class dir r_dir_perms;
@ -191,7 +191,7 @@ define(`bootloader_read_kernel_symbol_table',`
## </parameter>
## </interface>
#
define(`bootloader_delete_kernel',`
interface(`bootloader_delete_kernel',`
gen_require(`
type boot_t;
class dir { r_dir_perms write remove_name };
@ -212,7 +212,7 @@ define(`bootloader_delete_kernel',`
## </parameter>
## </interface>
#
define(`bootloader_delete_kernel_symbol_table',`
interface(`bootloader_delete_kernel_symbol_table',`
gen_require(`
type boot_t, system_map_t;
class dir { r_dir_perms write remove_name };
@ -233,7 +233,7 @@ define(`bootloader_delete_kernel_symbol_table',`
## </parameter>
## </interface>
#
define(`bootloader_read_config',`
interface(`bootloader_read_config',`
gen_require(`
type bootloader_etc_t;
class file r_file_perms;
@ -253,7 +253,7 @@ define(`bootloader_read_config',`
## </parameter>
## </interface>
#
define(`bootloader_rw_config',`
interface(`bootloader_rw_config',`
gen_require(`
type bootloader_etc_t;
class file rw_file_perms;
@ -273,7 +273,7 @@ define(`bootloader_rw_config',`
## </parameter>
## </interface>
#
define(`bootloader_rw_tmp_file',`
interface(`bootloader_rw_tmp_file',`
gen_require(`
type bootloader_tmp_t;
class file rw_file_perms;
@ -294,7 +294,7 @@ define(`bootloader_rw_tmp_file',`
## </parameter>
## </interface>
#
define(`bootloader_create_runtime_file',`
interface(`bootloader_create_runtime_file',`
gen_require(`
type boot_t, boot_runtime_t;
class dir rw_dir_perms;
@ -316,7 +316,7 @@ define(`bootloader_create_runtime_file',`
## </parameter>
## </interface>
#
define(`bootloader_list_kernel_modules',`
interface(`bootloader_list_kernel_modules',`
gen_require(`
type modules_object_t;
class dir r_dir_perms;
@ -335,7 +335,7 @@ define(`bootloader_list_kernel_modules',`
## </parameter>
## </interface>
#
define(`bootloader_read_kernel_modules',`
interface(`bootloader_read_kernel_modules',`
gen_require(`
type modules_object_t;
class dir r_dir_perms;
@ -358,7 +358,7 @@ define(`bootloader_read_kernel_modules',`
## </parameter>
## </interface>
#
define(`bootloader_write_kernel_modules',`
interface(`bootloader_write_kernel_modules',`
gen_require(`
attribute rw_kern_modules;
type modules_object_t;
@ -383,7 +383,7 @@ define(`bootloader_write_kernel_modules',`
## </parameter>
## </interface>
#
define(`bootloader_manage_kernel_modules',`
interface(`bootloader_manage_kernel_modules',`
gen_require(`
attribute rw_kern_modules;
type modules_object_t;
@ -401,7 +401,7 @@ define(`bootloader_manage_kernel_modules',`
#
# bootloader_create_private_module_dir_entry(domain,privatetype,[class(es)])
#
define(`bootloader_create_private_module_dir_entry',`
interface(`bootloader_create_private_module_dir_entry',`
gen_require(`
type modules_object_t;
class dir rw_dir_perms;

116
refpolicy/policy/modules/kernel/corenetwork.if.in
View File

@ -12,7 +12,7 @@
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_tcp_sendrecv_generic_if',`
interface(`corenet_tcp_sendrecv_generic_if',`
gen_require(`
type netif_t;
class netif { tcp_send tcp_recv };
@ -25,7 +25,7 @@ define(`corenet_tcp_sendrecv_generic_if',`
#
# corenet_udp_send_generic_if(domain)
#
define(`corenet_udp_send_generic_if',`
interface(`corenet_udp_send_generic_if',`
gen_require(`
type netif_t;
class netif udp_send;
@ -38,7 +38,7 @@ define(`corenet_udp_send_generic_if',`
#
# corenet_udp_receive_generic_if(domain)
#
define(`corenet_udp_receive_generic_if',`
interface(`corenet_udp_receive_generic_if',`
gen_require(`
type netif_t;
class netif udp_recv;
@ -51,7 +51,7 @@ define(`corenet_udp_receive_generic_if',`
#
# corenet_udp_sendrecv_generic_if(domain)
#
define(`corenet_udp_sendrecv_generic_if',`
interface(`corenet_udp_sendrecv_generic_if',`
corenet_udp_send_generic_if($1)
corenet_udp_receive_generic_if($1)
')
@ -60,7 +60,7 @@ define(`corenet_udp_sendrecv_generic_if',`
#
# corenet_raw_send_generic_if(domain)
#
define(`corenet_raw_send_generic_if',`
interface(`corenet_raw_send_generic_if',`
gen_require(`
type netif_t;
class netif rawip_send;
@ -75,7 +75,7 @@ define(`corenet_raw_send_generic_if',`
#
# corenet_raw_receive_generic_if(domain)
#
define(`corenet_raw_receive_generic_if',`
interface(`corenet_raw_receive_generic_if',`
gen_require(`
type netif_t;
class netif rawip_recv;
@ -88,7 +88,7 @@ define(`corenet_raw_receive_generic_if',`
#
# corenet_raw_sendrecv_generic_if(domain)
#
define(`corenet_raw_sendrecv_generic_if',`
interface(`corenet_raw_sendrecv_generic_if',`
corenet_raw_send_generic_if($1)
corenet_raw_receive_generic_if($1)
')
@ -97,7 +97,7 @@ define(`corenet_raw_sendrecv_generic_if',`
#
# corenet_tcp_sendrecv_all_if(domain)
#
define(`corenet_tcp_sendrecv_all_if',`
interface(`corenet_tcp_sendrecv_all_if',`
gen_require(`
attribute netif_type;
class netif { tcp_send tcp_recv };
@ -110,7 +110,7 @@ define(`corenet_tcp_sendrecv_all_if',`
#
# corenet_udp_send_all_if(domain)
#
define(`corenet_udp_send_all_if',`
interface(`corenet_udp_send_all_if',`
gen_require(`
attribute netif_type;
class netif udp_send;
@ -123,7 +123,7 @@ define(`corenet_udp_send_all_if',`
#
# corenet_udp_receive_all_if(domain)
#
define(`corenet_udp_receive_all_if',`
interface(`corenet_udp_receive_all_if',`
gen_require(`
attribute netif_type;
class netif udp_recv;
@ -136,7 +136,7 @@ define(`corenet_udp_receive_all_if',`
#
# corenet_udp_sendrecv_all_if(domain)
#
define(`corenet_udp_sendrecv_all_if',`
interface(`corenet_udp_sendrecv_all_if',`
corenet_udp_send_all_if($1)
corenet_udp_receive_all_if($1)
')
@ -145,7 +145,7 @@ define(`corenet_udp_sendrecv_all_if',`
#
# corenet_raw_send_all_if(domain)
#
define(`corenet_raw_send_all_if',`
interface(`corenet_raw_send_all_if',`
gen_require(`
attribute netif_type;
class netif rawip_send;
@ -160,7 +160,7 @@ define(`corenet_raw_send_all_if',`
#
# corenet_raw_receive_all_if(domain)
#
define(`corenet_raw_receive_all_if',`
interface(`corenet_raw_receive_all_if',`
gen_require(`
attribute netif_type;
class netif rawip_recv;
@ -173,7 +173,7 @@ define(`corenet_raw_receive_all_if',`
#
# corenet_raw_sendrecv_all_if(domain)
#
define(`corenet_raw_sendrecv_all_if',`
interface(`corenet_raw_sendrecv_all_if',`
corenet_raw_send_all_if($1)
corenet_raw_receive_all_if($1)
')
@ -182,7 +182,7 @@ define(`corenet_raw_sendrecv_all_if',`
#
# corenet_tcp_sendrecv_generic_node(domain)
#
define(`corenet_tcp_sendrecv_generic_node',`
interface(`corenet_tcp_sendrecv_generic_node',`
gen_require(`
type node_t;
class node { tcp_send tcp_recv };
@ -195,7 +195,7 @@ define(`corenet_tcp_sendrecv_generic_node',`
#
# corenet_udp_send_generic_node(domain)
#
define(`corenet_udp_send_generic_node',`
interface(`corenet_udp_send_generic_node',`
gen_require(`
type node_t;
class node udp_send;
@ -208,7 +208,7 @@ define(`corenet_udp_send_generic_node',`
#
# corenet_udp_receive_generic_node(domain)
#
define(`corenet_udp_receive_generic_node',`
interface(`corenet_udp_receive_generic_node',`
gen_require(`
type node_t;
class node udp_recv;
@ -221,7 +221,7 @@ define(`corenet_udp_receive_generic_node',`
#
# corenet_udp_sendrecv_generic_node(domain)
#
define(`corenet_udp_sendrecv_generic_node',`
interface(`corenet_udp_sendrecv_generic_node',`
corenet_udp_send_generic_node($1)
corenet_udp_receive_generic_node($1)
')
@ -230,7 +230,7 @@ define(`corenet_udp_sendrecv_generic_node',`
#
# corenet_raw_send_generic_node(domain)
#
define(`corenet_raw_send_generic_node',`
interface(`corenet_raw_send_generic_node',`
gen_require(`
type node_t;
class node rawip_send;
@ -243,7 +243,7 @@ define(`corenet_raw_send_generic_node',`
#
# corenet_raw_receive_generic_node(domain)
#
define(`corenet_raw_receive_generic_node',`
interface(`corenet_raw_receive_generic_node',`
gen_require(`
type node_t;
class node rawip_recv;
@ -256,7 +256,7 @@ define(`corenet_raw_receive_generic_node',`
#
# corenet_raw_sendrecv_generic_node(domain)
#
define(`corenet_raw_sendrecv_generic_node',`
interface(`corenet_raw_sendrecv_generic_node',`
corenet_raw_send_generic_node($1)
corenet_raw_receive_generic_node($1)
')
@ -265,7 +265,7 @@ define(`corenet_raw_sendrecv_generic_node',`
#
# corenet_tcp_bind_generic_node(domain)
#
define(`corenet_tcp_bind_generic_node',`
interface(`corenet_tcp_bind_generic_node',`
gen_require(`
type node_t;
class tcp_socket node_bind;
@ -278,7 +278,7 @@ define(`corenet_tcp_bind_generic_node',`
#
# corenet_udp_bind_generic_node(domain)
#
define(`corenet_udp_bind_generic_node',`
interface(`corenet_udp_bind_generic_node',`
gen_require(`
type node_t;
class udp_socket node_bind;
@ -291,7 +291,7 @@ define(`corenet_udp_bind_generic_node',`
#
# corenet_tcp_sendrecv_all_nodes(domain)
#
define(`corenet_tcp_sendrecv_all_nodes',`
interface(`corenet_tcp_sendrecv_all_nodes',`
gen_require(`
attribute node_type;
class node { tcp_send tcp_recv };
@ -304,7 +304,7 @@ define(`corenet_tcp_sendrecv_all_nodes',`
#
# corenet_udp_send_all_nodes(domain)
#
define(`corenet_udp_send_all_nodes',`
interface(`corenet_udp_send_all_nodes',`
gen_require(`
attribute node_type;
class node udp_send;
@ -317,7 +317,7 @@ define(`corenet_udp_send_all_nodes',`
#
# corenet_udp_receive_all_nodes(domain)
#
define(`corenet_udp_receive_all_nodes',`
interface(`corenet_udp_receive_all_nodes',`
gen_require(`
attribute node_type;
class node udp_recv;
@ -330,7 +330,7 @@ define(`corenet_udp_receive_all_nodes',`
#
# corenet_udp_sendrecv_all_nodes(domain)
#
define(`corenet_udp_sendrecv_all_nodes',`
interface(`corenet_udp_sendrecv_all_nodes',`
corenet_udp_send_all_nodes($1)
corenet_udp_receive_all_nodes($1)
')
@ -339,7 +339,7 @@ define(`corenet_udp_sendrecv_all_nodes',`
#
# corenet_raw_send_all_nodes(domain)
#
define(`corenet_raw_send_all_nodes',`
interface(`corenet_raw_send_all_nodes',`
gen_require(`
attribute node_type;
class node rawip_send;
@ -352,7 +352,7 @@ define(`corenet_raw_send_all_nodes',`
#
# corenet_raw_receive_all_nodes(domain)
#
define(`corenet_raw_receive_all_nodes',`
interface(`corenet_raw_receive_all_nodes',`
gen_require(`
attribute node_type;
class node rawip_recv;
@ -365,7 +365,7 @@ define(`corenet_raw_receive_all_nodes',`
#
# corenet_raw_sendrecv_all_nodes(domain)
#
define(`corenet_raw_sendrecv_all_nodes',`
interface(`corenet_raw_sendrecv_all_nodes',`
corenet_raw_send_all_nodes($1)
corenet_raw_receive_all_nodes($1)
')
@ -374,7 +374,7 @@ define(`corenet_raw_sendrecv_all_nodes',`
#
# corenet_tcp_bind_all_nodes(domain)
#
define(`corenet_tcp_bind_all_nodes',`
interface(`corenet_tcp_bind_all_nodes',`
gen_require(`
attribute node_type;
class tcp_socket node_bind;
@ -387,7 +387,7 @@ define(`corenet_tcp_bind_all_nodes',`
#
# corenet_udp_bind_all_nodes(domain)
#
define(`corenet_udp_bind_all_nodes',`
interface(`corenet_udp_bind_all_nodes',`
gen_require(`
attribute node_type;
class udp_socket node_bind;
@ -400,7 +400,7 @@ define(`corenet_udp_bind_all_nodes',`
#
# corenet_tcp_sendrecv_generic_port(domain)
#
define(`corenet_tcp_sendrecv_generic_port',`
interface(`corenet_tcp_sendrecv_generic_port',`
gen_require(`
type port_t;
class tcp_socket { send_msg recv_msg };
@ -413,7 +413,7 @@ define(`corenet_tcp_sendrecv_generic_port',`
#
# corenet_udp_send_generic_port(domain)
#
define(`corenet_udp_send_generic_port',`
interface(`corenet_udp_send_generic_port',`
gen_require(`
type port_t;
class udp_socket send_msg;
@ -426,7 +426,7 @@ define(`corenet_udp_send_generic_port',`
#
# corenet_udp_receive_generic_port(domain)
#
define(`corenet_udp_receive_generic_port',`
interface(`corenet_udp_receive_generic_port',`
gen_require(`
type port_t;
class udp_socket recv_msg;
@ -439,7 +439,7 @@ define(`corenet_udp_receive_generic_port',`
#
# corenet_udp_sendrecv_generic_port(domain)
#
define(`corenet_udp_sendrecv_generic_port',`
interface(`corenet_udp_sendrecv_generic_port',`
corenet_udp_send_generic_port($1)
corenet_udp_receive_generic_port($1)
')
@ -448,7 +448,7 @@ define(`corenet_udp_sendrecv_generic_port',`
#
# corenet_tcp_bind_generic_port(domain)
#
define(`corenet_tcp_bind_generic_port',`
interface(`corenet_tcp_bind_generic_port',`
gen_require(`
type port_t;
class tcp_socket name_bind;
@ -461,7 +461,7 @@ define(`corenet_tcp_bind_generic_port',`
#
# corenet_udp_bind_generic_port(domain)
#
define(`corenet_udp_bind_generic_port',`
interface(`corenet_udp_bind_generic_port',`
gen_require(`
type port_t;
class udp_socket name_bind;
@ -474,7 +474,7 @@ define(`corenet_udp_bind_generic_port',`
#
# corenet_tcp_sendrecv_all_ports(domain)
#
define(`corenet_tcp_sendrecv_all_ports',`
interface(`corenet_tcp_sendrecv_all_ports',`
gen_require(`
attribute port_type;
class tcp_socket { send_msg recv_msg };
@ -487,7 +487,7 @@ define(`corenet_tcp_sendrecv_all_ports',`
#
# corenet_udp_send_all_ports(domain)
#
define(`corenet_udp_send_all_ports',`
interface(`corenet_udp_send_all_ports',`
gen_require(`
attribute port_type;
class udp_socket send_msg;
@ -500,7 +500,7 @@ define(`corenet_udp_send_all_ports',`
#
# corenet_udp_receive_all_ports(domain)
#
define(`corenet_udp_receive_all_ports',`
interface(`corenet_udp_receive_all_ports',`
gen_require(`
attribute port_type;
class udp_socket recv_msg;
@ -513,7 +513,7 @@ define(`corenet_udp_receive_all_ports',`
#
# corenet_udp_sendrecv_all_ports(domain)
#
define(`corenet_udp_sendrecv_all_ports',`
interface(`corenet_udp_sendrecv_all_ports',`
corenet_udp_send_all_ports($1)
corenet_udp_receive_all_ports($1)
')
@ -522,7 +522,7 @@ define(`corenet_udp_sendrecv_all_ports',`
#
# corenet_tcp_bind_all_ports(domain)
#
define(`corenet_tcp_bind_all_ports',`
interface(`corenet_tcp_bind_all_ports',`
gen_require(`
attribute port_type;
class tcp_socket name_bind;
@ -535,7 +535,7 @@ define(`corenet_tcp_bind_all_ports',`
#
# corenet_udp_bind_all_ports(domain)
#
define(`corenet_udp_bind_all_ports',`
interface(`corenet_udp_bind_all_ports',`
gen_require(`
attribute port_type;
class udp_socket name_bind;
@ -548,7 +548,7 @@ define(`corenet_udp_bind_all_ports',`
#
# corenet_tcp_sendrecv_reserved_port(domain)
#
define(`corenet_tcp_sendrecv_reserved_port',`
interface(`corenet_tcp_sendrecv_reserved_port',`
gen_require(`
type reserved_port_t;
class tcp_socket { send_msg recv_msg };
@ -561,7 +561,7 @@ define(`corenet_tcp_sendrecv_reserved_port',`
#
# corenet_udp_send_reserved_port(domain)
#
define(`corenet_udp_send_reserved_port',`
interface(`corenet_udp_send_reserved_port',`
gen_require(`
type reserved_port_t;
class udp_socket send_msg;
@ -574,7 +574,7 @@ define(`corenet_udp_send_reserved_port',`
#
# corenet_udp_receive_reserved_port(domain)
#
define(`corenet_udp_receive_reserved_port',`
interface(`corenet_udp_receive_reserved_port',`
gen_require(`
type reserved_port_t;
class udp_socket recv_msg;
@ -587,7 +587,7 @@ define(`corenet_udp_receive_reserved_port',`
#
# corenet_udp_sendrecv_reserved_port(domain)
#
define(`corenet_udp_sendrecv_reserved_port',`
interface(`corenet_udp_sendrecv_reserved_port',`
corenet_udp_send_reserved_port($1)
corenet_udp_receive_reserved_port($1)
')
@ -596,7 +596,7 @@ define(`corenet_udp_sendrecv_reserved_port',`
#
# corenet_tcp_bind_reserved_port(domain)
#
define(`corenet_tcp_bind_reserved_port',`
interface(`corenet_tcp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
class tcp_socket name_bind;
@ -611,7 +611,7 @@ define(`corenet_tcp_bind_reserved_port',`
#
# corenet_udp_bind_reserved_port(domain)
#
define(`corenet_udp_bind_reserved_port',`
interface(`corenet_udp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
class udp_socket name_bind;
@ -626,7 +626,7 @@ define(`corenet_udp_bind_reserved_port',`
#
# corenet_tcp_sendrecv_all_reserved_ports(domain)
#
define(`corenet_tcp_sendrecv_all_reserved_ports',`
interface(`corenet_tcp_sendrecv_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class tcp_socket { send_msg recv_msg };
@ -639,7 +639,7 @@ define(`corenet_tcp_sendrecv_all_reserved_ports',`
#
# corenet_udp_send_all_reserved_ports(domain)
#
define(`corenet_udp_send_all_reserved_ports',`
interface(`corenet_udp_send_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket send_msg;
@ -652,7 +652,7 @@ define(`corenet_udp_send_all_reserved_ports',`
#
# corenet_udp_receive_all_reserved_ports(domain)
#
define(`corenet_udp_receive_all_reserved_ports',`
interface(`corenet_udp_receive_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket recv_msg;
@ -665,7 +665,7 @@ define(`corenet_udp_receive_all_reserved_ports',`
#
# corenet_udp_sendrecv_all_reserved_ports(domain)
#
define(`corenet_udp_sendrecv_all_reserved_ports',`
interface(`corenet_udp_sendrecv_all_reserved_ports',`
corenet_udp_send_all_reserved_ports($1)
corenet_udp_receive_all_reserved_ports($1)
')
@ -674,7 +674,7 @@ define(`corenet_udp_sendrecv_all_reserved_ports',`
#
# corenet_tcp_bind_all_reserved_ports(domain)
#
define(`corenet_tcp_bind_all_reserved_ports',`
interface(`corenet_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class tcp_socket name_bind;
@ -689,7 +689,7 @@ define(`corenet_tcp_bind_all_reserved_ports',`
#
# corenet_dontaudit_tcp_bind_all_reserved_ports(domain)
#
define(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class tcp_socket name_bind;
@ -702,7 +702,7 @@ define(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
#
# corenet_udp_bind_all_reserved_ports(domain)
#
define(`corenet_udp_bind_all_reserved_ports',`
interface(`corenet_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket name_bind;
@ -717,7 +717,7 @@ define(`corenet_udp_bind_all_reserved_ports',`
#
# corenet_dontaudit_udp_bind_all_reserved_ports(domain)
#
define(`corenet_dontaudit_udp_bind_all_reserved_ports',`
interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket name_bind;

44
refpolicy/policy/modules/kernel/corenetwork.if.m4
View File

@ -16,7 +16,7 @@ define(`create_netif_interfaces',``
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_tcp_sendrecv_$1',`
interface(`corenet_tcp_sendrecv_$1',`
gen_require(`
type $1_netif_t;
class netif { tcp_send tcp_recv };
@ -36,7 +36,7 @@ define(`corenet_tcp_sendrecv_$1',`
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`corenet_udp_send_$1',`
interface(`corenet_udp_send_$1',`
gen_require(`
type $1_netif_t;
class netif udp_send;
@ -56,7 +56,7 @@ define(`corenet_udp_send_$1',`
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`corenet_udp_receive_$1',`
interface(`corenet_udp_receive_$1',`
gen_require(`
type $1_netif_t;
class netif udp_recv;
@ -76,7 +76,7 @@ define(`corenet_udp_receive_$1',`
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_udp_sendrecv_$1',`
interface(`corenet_udp_sendrecv_$1',`
corenet_udp_send_$1(dollarsone)
corenet_udp_receive_$1(dollarsone)
')
@ -92,7 +92,7 @@ define(`corenet_udp_sendrecv_$1',`
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`corenet_raw_send_$1',`
interface(`corenet_raw_send_$1',`
gen_require(`
type $1_netif_t;
class netif rawip_send;
@ -114,7 +114,7 @@ define(`corenet_raw_send_$1',`
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`corenet_raw_receive_$1',`
interface(`corenet_raw_receive_$1',`
gen_require(`
type $1_netif_t;
class netif rawip_recv;
@ -134,7 +134,7 @@ define(`corenet_raw_receive_$1',`
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_raw_sendrecv_$1',`
interface(`corenet_raw_sendrecv_$1',`
corenet_raw_send_$1(dollarsone)
corenet_raw_receive_$1(dollarsone)
')
@ -158,7 +158,7 @@ define(`create_node_interfaces',``
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_tcp_sendrecv_$1_node',`
interface(`corenet_tcp_sendrecv_$1_node',`
gen_require(`
type $1_node_t;
class node { tcp_send tcp_recv };
@ -178,7 +178,7 @@ define(`corenet_tcp_sendrecv_$1_node',`
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`corenet_udp_send_$1_node',`
interface(`corenet_udp_send_$1_node',`
gen_require(`
type $1_node_t;
class node udp_send;
@ -198,7 +198,7 @@ define(`corenet_udp_send_$1_node',`
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`corenet_udp_receive_$1_node',`
interface(`corenet_udp_receive_$1_node',`
gen_require(`
type $1_node_t;
class node udp_recv;
@ -218,7 +218,7 @@ define(`corenet_udp_receive_$1_node',`
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_udp_sendrecv_$1_node',`
interface(`corenet_udp_sendrecv_$1_node',`
corenet_udp_send_$1_node(dollarsone)
corenet_udp_receive_$1_node(dollarsone)
')
@ -234,7 +234,7 @@ define(`corenet_udp_sendrecv_$1_node',`
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`corenet_raw_send_$1_node',`
interface(`corenet_raw_send_$1_node',`
gen_require(`
type $1_node_t;
class node rawip_send;
@ -254,7 +254,7 @@ define(`corenet_raw_send_$1_node',`
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`corenet_raw_receive_$1_node',`
interface(`corenet_raw_receive_$1_node',`
gen_require(`
type $1_node_t;
class node rawip_recv;
@ -274,7 +274,7 @@ define(`corenet_raw_receive_$1_node',`
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_raw_sendrecv_$1_node',`
interface(`corenet_raw_sendrecv_$1_node',`
corenet_raw_send_$1_node(dollarsone)
corenet_raw_receive_$1_node(dollarsone)
')
@ -290,7 +290,7 @@ define(`corenet_raw_sendrecv_$1_node',`
## <infoflow type="none"/>
## </interface>
#
define(`corenet_tcp_bind_$1_node',`
interface(`corenet_tcp_bind_$1_node',`
gen_require(`
type $1_node_t;
class tcp_socket node_bind;
@ -310,7 +310,7 @@ define(`corenet_tcp_bind_$1_node',`
## <infoflow type="none"/>
## </interface>
#
define(`corenet_udp_bind_$1_node',`
interface(`corenet_udp_bind_$1_node',`
gen_require(`
type $1_node_t;
class udp_socket node_bind;
@ -338,7 +338,7 @@ define(`create_port_interfaces',``
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_tcp_sendrecv_$1_port',`
interface(`corenet_tcp_sendrecv_$1_port',`
gen_require(`
type $1_port_t;
class tcp_socket { send_msg recv_msg };
@ -358,7 +358,7 @@ define(`corenet_tcp_sendrecv_$1_port',`
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`corenet_udp_send_$1_port',`
interface(`corenet_udp_send_$1_port',`
gen_require(`
type $1_port_t;
class udp_socket send_msg;
@ -378,7 +378,7 @@ define(`corenet_udp_send_$1_port',`
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`corenet_udp_receive_$1_port',`
interface(`corenet_udp_receive_$1_port',`
gen_require(`
type $1_port_t;
class udp_socket recv_msg;
@ -398,7 +398,7 @@ define(`corenet_udp_receive_$1_port',`
## <infoflow type="both" weight="10"/>
## </interface>
#
define(`corenet_udp_sendrecv_$1_port',`
interface(`corenet_udp_sendrecv_$1_port',`
corenet_udp_send_$1_port(dollarsone)
corenet_udp_receive_$1_port(dollarsone)
')
@ -414,7 +414,7 @@ define(`corenet_udp_sendrecv_$1_port',`
## <infoflow type="none"/>
## </interface>
#
define(`corenet_tcp_bind_$1_port',`
interface(`corenet_tcp_bind_$1_port',`
gen_require(`
type $1_port_t;
class tcp_socket name_bind;
@ -435,7 +435,7 @@ define(`corenet_tcp_bind_$1_port',`
## <infoflow type="none"/>
## </interface>
#
define(`corenet_udp_bind_$1_port',`
interface(`corenet_udp_bind_$1_port',`
gen_require(`
type $1_port_t;
class udp_socket name_bind;

186
refpolicy/policy/modules/kernel/devices.if
View File

@ -36,7 +36,7 @@
## </parameter>
## </interface>
#
define(`dev_node',`
interface(`dev_node',`
gen_require(`
attribute device_node;
')
@ -60,7 +60,7 @@ define(`dev_node',`
## </parameter>
## </interface>
#
define(`dev_relabel_all_dev_nodes',`
interface(`dev_relabel_all_dev_nodes',`
gen_require(`
attribute device_node;
type device_t;
@ -92,7 +92,7 @@ define(`dev_relabel_all_dev_nodes',`
## </parameter>
## </interface>
#
define(`dev_list_all_dev_nodes',`
interface(`dev_list_all_dev_nodes',`
gen_require(`
type device_t;
class dir r_dir_perms;
@ -113,7 +113,7 @@ define(`dev_list_all_dev_nodes',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_list_all_dev_nodes',`
interface(`dev_dontaudit_list_all_dev_nodes',`
gen_require(`
type device_t;
class dir r_dir_perms;
@ -132,7 +132,7 @@ define(`dev_dontaudit_list_all_dev_nodes',`
## </parameter>
## </interface>
#
define(`dev_create_dir',`
interface(`dev_create_dir',`
gen_require(`
type device_t;
class dir { ra_dir_perms create };
@ -151,7 +151,7 @@ define(`dev_create_dir',`
## </parameter>
## </interface>
#
define(`dev_relabel_dev_dirs',`
interface(`dev_relabel_dev_dirs',`
gen_require(`
type device_t;
class dir { r_dir_perms relabelfrom relabelto };
@ -170,7 +170,7 @@ define(`dev_relabel_dev_dirs',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_getattr_generic_pipe',`
interface(`dev_dontaudit_getattr_generic_pipe',`
gen_require(`
type device_t;
class fifo_file getattr;
@ -189,7 +189,7 @@ define(`dev_dontaudit_getattr_generic_pipe',`
## </parameter>
## </interface>
#
define(`dev_getattr_generic_blk_file',`
interface(`dev_getattr_generic_blk_file',`
gen_require(`
type device_t;
class dir r_dir_perms;
@ -210,7 +210,7 @@ define(`dev_getattr_generic_blk_file',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_getattr_generic_blk_file',`
interface(`dev_dontaudit_getattr_generic_blk_file',`
gen_require(`
type device_t;
class blk_file getattr;
@ -229,7 +229,7 @@ define(`dev_dontaudit_getattr_generic_blk_file',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_setattr_generic_blk_file',`
interface(`dev_dontaudit_setattr_generic_blk_file',`
gen_require(`
type device_t;
class blk_file setattr;
@ -249,7 +249,7 @@ define(`dev_dontaudit_setattr_generic_blk_file',`
## </parameter>
## </interface>
#
define(`dev_manage_generic_blk_file',`
interface(`dev_manage_generic_blk_file',`
gen_require(`
type device_t;
class blk_file create_file_perms;
@ -269,7 +269,7 @@ define(`dev_manage_generic_blk_file',`
## </parameter>
## </interface>
#
define(`dev_create_generic_chr_file',`
interface(`dev_create_generic_chr_file',`
gen_require(`
type device_t;
class dir ra_dir_perms;
@ -293,7 +293,7 @@ define(`dev_create_generic_chr_file',`
## </parameter>
## </interface>
#
define(`dev_getattr_generic_chr_file',`
interface(`dev_getattr_generic_chr_file',`
gen_require(`
type device_t;
class dir r_dir_perms;
@ -314,7 +314,7 @@ define(`dev_getattr_generic_chr_file',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_getattr_generic_chr_file',`
interface(`dev_dontaudit_getattr_generic_chr_file',`
gen_require(`
type device_t;
class chr_file getattr;
@ -333,7 +333,7 @@ define(`dev_dontaudit_getattr_generic_chr_file',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_setattr_generic_chr_file',`
interface(`dev_dontaudit_setattr_generic_chr_file',`
gen_require(`
type device_t;
class chr_file setattr;
@ -352,7 +352,7 @@ define(`dev_dontaudit_setattr_generic_chr_file',`
## </parameter>
## </interface>
#
define(`dev_del_generic_symlinks',`
interface(`dev_del_generic_symlinks',`
gen_require(`
type device_t;
class dir { getattr read write remove_name };
@ -373,7 +373,7 @@ define(`dev_del_generic_symlinks',`
## </parameter>
## </interface>
#
define(`dev_manage_generic_symlinks',`
interface(`dev_manage_generic_symlinks',`
gen_require(`
type device_t;
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
@ -394,7 +394,7 @@ define(`dev_manage_generic_symlinks',`
## </parameter>
## </interface>
#
define(`dev_manage_dev_nodes',`
interface(`dev_manage_dev_nodes',`
gen_require(`
attribute device_node, memory_raw_read, memory_raw_write;
type device_t;
@ -432,7 +432,7 @@ define(`dev_manage_dev_nodes',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_rw_generic_dev_nodes',`
interface(`dev_dontaudit_rw_generic_dev_nodes',`
gen_require(`
type device_t;
class chr_file { getattr read write ioctl };
@ -452,7 +452,7 @@ define(`dev_dontaudit_rw_generic_dev_nodes',`
## </parameter>
## </interface>
#
define(`dev_manage_generic_blk_file',`
interface(`dev_manage_generic_blk_file',`
gen_require(`
type device_t;
class dir rw_dir_perms;
@ -473,7 +473,7 @@ define(`dev_manage_generic_blk_file',`
## </parameter>
## </interface>
#
define(`dev_manage_generic_chr_file',`
interface(`dev_manage_generic_chr_file',`
gen_require(`
type device_t;
class dir rw_dir_perms;
@ -502,7 +502,7 @@ define(`dev_manage_generic_chr_file',`
## </parameter>
## </interface>
#
define(`dev_create_dev_node',`
interface(`dev_create_dev_node',`
gen_require(`
type device_t;
class dir rw_dir_perms;
@ -526,7 +526,7 @@ define(`dev_create_dev_node',`
## </parameter>
## </interface>
#
define(`dev_getattr_all_blk_files',`
interface(`dev_getattr_all_blk_files',`
gen_require(`
attribute device_node;
class blk_file getattr;
@ -547,7 +547,7 @@ define(`dev_getattr_all_blk_files',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_getattr_all_blk_files',`
interface(`dev_dontaudit_getattr_all_blk_files',`
gen_require(`
attribute device_node;
class blk_file getattr;
@ -566,7 +566,7 @@ define(`dev_dontaudit_getattr_all_blk_files',`
## </parameter>
## </interface>
#
define(`dev_getattr_all_chr_files',`
interface(`dev_getattr_all_chr_files',`
gen_require(`
attribute device_node;
class chr_file getattr;
@ -587,7 +587,7 @@ define(`dev_getattr_all_chr_files',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_getattr_all_chr_files',`
interface(`dev_dontaudit_getattr_all_chr_files',`
gen_require(`
attribute device_node;
class chr_file getattr;
@ -606,7 +606,7 @@ define(`dev_dontaudit_getattr_all_chr_files',`
## </parameter>
## </interface>
#
define(`dev_setattr_all_blk_files',`
interface(`dev_setattr_all_blk_files',`
gen_require(`
attribute device_node;
class dir r_dir_perms;
@ -627,7 +627,7 @@ define(`dev_setattr_all_blk_files',`
## </parameter>
## </interface>
#
define(`dev_setattr_all_chr_files',`
interface(`dev_setattr_all_chr_files',`
gen_require(`
attribute device_node;
class dir r_dir_perms;
@ -648,7 +648,7 @@ define(`dev_setattr_all_chr_files',`
## </parameter>
## </interface>
#
define(`dev_manage_all_blk_files',`
interface(`dev_manage_all_blk_files',`
gen_require(`
attribute device_node;
class dir rw_dir_perms;
@ -675,7 +675,7 @@ define(`dev_manage_all_blk_files',`
## </parameter>
## </interface>
#
define(`dev_manage_all_chr_files',`
interface(`dev_manage_all_chr_files',`
gen_require(`
attribute device_node, memory_raw_read, memory_raw_write;
class dir rw_dir_perms;
@ -698,7 +698,7 @@ define(`dev_manage_all_chr_files',`
## </parameter>
## </interface>
#
define(`dev_read_raw_memory',`
interface(`dev_read_raw_memory',`
gen_require(`
type device_t, memory_device_t;
attribute memory_raw_read;
@ -724,7 +724,7 @@ define(`dev_read_raw_memory',`
## </parameter>
## </interface>
#
define(`dev_write_raw_memory',`
interface(`dev_write_raw_memory',`
gen_require(`
type device_t, memory_device_t;
attribute memory_raw_write;
@ -750,7 +750,7 @@ define(`dev_write_raw_memory',`
## </parameter>
## </interface>
#
define(`dev_rx_raw_memory',`
interface(`dev_rx_raw_memory',`
gen_require(`
type device_t, memory_device_t;
class chr_file execute;
@ -770,7 +770,7 @@ define(`dev_rx_raw_memory',`
## </parameter>
## </interface>
#
define(`dev_wx_raw_memory',`
interface(`dev_wx_raw_memory',`
gen_require(`
type device_t, memory_device_t;
class chr_file execute;
@ -790,7 +790,7 @@ define(`dev_wx_raw_memory',`
## </parameter>
## </interface>
#
define(`dev_read_rand',`
interface(`dev_read_rand',`
gen_require(`
type device_t, random_device_t;
class dir r_dir_perms;
@ -811,7 +811,7 @@ define(`dev_read_rand',`
## </parameter>
## </interface>
#
define(`dev_read_urand',`
interface(`dev_read_urand',`
gen_require(`
type device_t, urandom_device_t;
class dir r_dir_perms;
@ -834,7 +834,7 @@ define(`dev_read_urand',`
## </parameter>
## </interface>
#
define(`dev_write_rand',`
interface(`dev_write_rand',`
gen_require(`
type device_t, random_device_t;
class dir r_dir_perms;
@ -856,7 +856,7 @@ define(`dev_write_rand',`
## </parameter>
## </interface>
#
define(`dev_write_urand',`
interface(`dev_write_urand',`
gen_require(`
type device_t, urandom_device_t;
class dir r_dir_perms;
@ -877,7 +877,7 @@ define(`dev_write_urand',`
## </parameter>
## </interface>
#
define(`dev_rw_null_dev',`
interface(`dev_rw_null_dev',`
gen_require(`
type device_t, null_device_t;
class device_t:dir r_dir_perms;
@ -898,7 +898,7 @@ define(`dev_rw_null_dev',`
## </parameter>
## </interface>
#
define(`dev_rw_zero_dev',`
interface(`dev_rw_zero_dev',`
gen_require(`
type device_t, zero_device_t;
class device_t:dir r_dir_perms;
@ -919,7 +919,7 @@ define(`dev_rw_zero_dev',`
## </parameter>
## </interface>
#
define(`dev_rwx_zero_dev',`
interface(`dev_rwx_zero_dev',`
gen_require(`
type zero_device_t;
class chr_file execute;
@ -939,7 +939,7 @@ define(`dev_rwx_zero_dev',`
## </parameter>
## </interface>
#
define(`dev_read_realtime_clock',`
interface(`dev_read_realtime_clock',`
gen_require(`
type device_t, clock_device_t;
class dir r_dir_perms;
@ -960,7 +960,7 @@ define(`dev_read_realtime_clock',`
## </parameter>
## </interface>
#
define(`dev_write_realtime_clock',`
interface(`dev_write_realtime_clock',`
gen_require(`
type device_t, clock_device_t;
class dir r_dir_perms;
@ -981,7 +981,7 @@ define(`dev_write_realtime_clock',`
## </parameter>
## </interface>
#
define(`dev_rw_realtime_clock',`
interface(`dev_rw_realtime_clock',`
dev_read_realtime_clock($1)
dev_write_realtime_clock($1)
')
@ -996,7 +996,7 @@ define(`dev_rw_realtime_clock',`
## </parameter>
## </interface>
#
define(`dev_getattr_snd_dev',`
interface(`dev_getattr_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@ -1017,7 +1017,7 @@ define(`dev_getattr_snd_dev',`
## </parameter>
## </interface>
#
define(`dev_setattr_snd_dev',`
interface(`dev_setattr_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@ -1038,7 +1038,7 @@ define(`dev_setattr_snd_dev',`
## </parameter>
## </interface>
#
define(`dev_read_snd_dev',`
interface(`dev_read_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@ -1059,7 +1059,7 @@ define(`dev_read_snd_dev',`
## </parameter>
## </interface>
#
define(`dev_write_snd_dev',`
interface(`dev_write_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@ -1080,7 +1080,7 @@ define(`dev_write_snd_dev',`
## </parameter>
## </interface>
#
define(`dev_read_snd_mixer_dev',`
interface(`dev_read_snd_mixer_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@ -1101,7 +1101,7 @@ define(`dev_read_snd_mixer_dev',`
## </parameter>
## </interface>
#
define(`dev_write_snd_mixer_dev',`
interface(`dev_write_snd_mixer_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@ -1122,7 +1122,7 @@ define(`dev_write_snd_mixer_dev',`
## </parameter>
## </interface>
#
define(`dev_rw_agp_dev',`
interface(`dev_rw_agp_dev',`
gen_require(`
type device_t, agp_device_t;
class dir r_dir_perms;
@ -1143,7 +1143,7 @@ define(`dev_rw_agp_dev',`
## </parameter>
## </interface>
#
define(`dev_getattr_agp_dev',`
interface(`dev_getattr_agp_dev',`
gen_require(`
type device_t, dri_device_t;
class dir r_dir_perms;
@ -1164,7 +1164,7 @@ define(`dev_getattr_agp_dev',`
## </parameter>
## </interface>
#
define(`dev_rw_dri_dev',`
interface(`dev_rw_dri_dev',`
gen_require(`
type device_t, dri_device_t;
class dir r_dir_perms;
@ -1185,7 +1185,7 @@ define(`dev_rw_dri_dev',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_rw_dri_dev',`
interface(`dev_dontaudit_rw_dri_dev',`
gen_require(`
type dri_device_t;
class chr_file { getattr read write ioctl };
@ -1204,7 +1204,7 @@ define(`dev_dontaudit_rw_dri_dev',`
## </parameter>
## </interface>
#
define(`dev_read_mtrr',`
interface(`dev_read_mtrr',`
gen_require(`
type device_t, mtrr_device_t;
class dir r_dir_perms;
@ -1225,7 +1225,7 @@ define(`dev_read_mtrr',`
## </parameter>
## </interface>
#
define(`dev_write_mtrr',`
interface(`dev_write_mtrr',`
gen_require(`
type device_t, mtrr_device_t;
class dir r_dir_perms;
@ -1246,7 +1246,7 @@ define(`dev_write_mtrr',`
## </parameter>
## </interface>
#
define(`dev_getattr_framebuffer',`
interface(`dev_getattr_framebuffer',`
gen_require(`
type framebuf_device_t;
class dir r_dir_perms;
@ -1267,7 +1267,7 @@ define(`dev_getattr_framebuffer',`
## </parameter>
## </interface>
#
define(`dev_setattr_framebuffer',`
interface(`dev_setattr_framebuffer',`
gen_require(`
type framebuf_device_t;
class dir r_dir_perms;
@ -1288,7 +1288,7 @@ define(`dev_setattr_framebuffer',`
## </parameter>
## </interface>
#
define(`dev_read_framebuffer',`
interface(`dev_read_framebuffer',`
gen_require(`
type framebuf_device_t;
class dir r_dir_perms;
@ -1309,7 +1309,7 @@ define(`dev_read_framebuffer',`
## </parameter>
## </interface>
#
define(`dev_write_framebuffer',`
interface(`dev_write_framebuffer',`
gen_require(`
type device_t, framebuf_device_t;
class dir r_dir_perms;
@ -1330,7 +1330,7 @@ define(`dev_write_framebuffer',`
## </parameter>
## </interface>
#
define(`dev_read_lvm_control',`
interface(`dev_read_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
class dir r_dir_perms;
@ -1351,7 +1351,7 @@ define(`dev_read_lvm_control',`
## </parameter>
## </interface>
#
define(`dev_rw_lvm_control',`
interface(`dev_rw_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
class dir r_dir_perms;
@ -1372,7 +1372,7 @@ define(`dev_rw_lvm_control',`
## </parameter>
## </interface>
#
define(`dev_delete_lvm_control',`
interface(`dev_delete_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
class dir { getattr search read write remove_name };
@ -1393,7 +1393,7 @@ define(`dev_delete_lvm_control',`
## </parameter>
## </interface>
#
define(`dev_getattr_misc',`
interface(`dev_getattr_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@ -1415,7 +1415,7 @@ define(`dev_getattr_misc',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_getattr_misc',`
interface(`dev_dontaudit_getattr_misc',`
gen_require(`
type misc_device_t;
class chr_file getattr;
@ -1434,7 +1434,7 @@ define(`dev_dontaudit_getattr_misc',`
## </parameter>
## </interface>
#
define(`dev_setattr_misc',`
interface(`dev_setattr_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@ -1456,7 +1456,7 @@ define(`dev_setattr_misc',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_setattr_misc',`
interface(`dev_dontaudit_setattr_misc',`
gen_require(`
type misc_device_t;
class chr_file setattr;
@ -1475,7 +1475,7 @@ define(`dev_dontaudit_setattr_misc',`
## </parameter>
## </interface>
#
define(`dev_read_misc',`
interface(`dev_read_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@ -1496,7 +1496,7 @@ define(`dev_read_misc',`
## </parameter>
## </interface>
#
define(`dev_write_misc',`
interface(`dev_write_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@ -1517,7 +1517,7 @@ define(`dev_write_misc',`
## </parameter>
## </interface>
#
define(`dev_getattr_mouse',`
interface(`dev_getattr_mouse',`
gen_require(`
type device_t, mouse_device_t;
class dir r_dir_perms;
@ -1538,7 +1538,7 @@ define(`dev_getattr_mouse',`
## </parameter>
## </interface>
#
define(`dev_setattr_mouse',`
interface(`dev_setattr_mouse',`
gen_require(`
type device_t, mouse_device_t;
class dir r_dir_perms;
@ -1559,7 +1559,7 @@ define(`dev_setattr_mouse',`
## </parameter>
## </interface>
#
define(`dev_read_mouse',`
interface(`dev_read_mouse',`
gen_require(`
type device_t, mouse_device_t;
class dir r_dir_perms;
@ -1580,7 +1580,7 @@ define(`dev_read_mouse',`
## </parameter>
## </interface>
#
define(`dev_read_input',`
interface(`dev_read_input',`
gen_require(`
type device_t, event_device_t;
class dir r_dir_perms;
@ -1601,7 +1601,7 @@ define(`dev_read_input',`
## </parameter>
## </interface>
#
define(`dev_read_cpuid',`
interface(`dev_read_cpuid',`
gen_require(`
type device_t, cpu_device_t;
class dir r_dir_perms;
@ -1623,7 +1623,7 @@ define(`dev_read_cpuid',`
## </parameter>
## </interface>
#
define(`dev_rw_cpu_microcode',`
interface(`dev_rw_cpu_microcode',`
gen_require(`
type device_t, cpu_device_t;
class dir r_dir_perms;
@ -1644,7 +1644,7 @@ define(`dev_rw_cpu_microcode',`
## </parameter>
## </interface>
#
define(`dev_getattr_scanner',`
interface(`dev_getattr_scanner',`
gen_require(`
type device_t, scanner_device_t;
class dir r_dir_perms;
@ -1666,7 +1666,7 @@ define(`dev_getattr_scanner',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_getattr_scanner',`
interface(`dev_dontaudit_getattr_scanner',`
gen_require(`
type scanner_device_t;
class chr_file getattr;
@ -1685,7 +1685,7 @@ define(`dev_dontaudit_getattr_scanner',`
## </parameter>
## </interface>
#
define(`dev_setattr_scanner',`
interface(`dev_setattr_scanner',`
gen_require(`
type device_t, scanner_device_t;
class dir r_dir_perms;
@ -1707,7 +1707,7 @@ define(`dev_setattr_scanner',`
## </parameter>
## </interface>
#
define(`dev_dontaudit_setattr_scanner',`
interface(`dev_dontaudit_setattr_scanner',`
gen_require(`
type scanner_device_t;
class chr_file getattr;
@ -1726,7 +1726,7 @@ define(`dev_dontaudit_setattr_scanner',`
## </parameter>
## </interface>
#
define(`dev_rw_scanner',`
interface(`dev_rw_scanner',`
gen_require(`
type device_t, scanner_device_t;
class dir r_dir_perms;
@ -1747,7 +1747,7 @@ define(`dev_rw_scanner',`
## </parameter>
## </interface>
#
define(`dev_getattr_power_management',`
interface(`dev_getattr_power_management',`
gen_require(`
type device_t, power_device_t;
class dir r_dir_perms;
@ -1768,7 +1768,7 @@ define(`dev_getattr_power_management',`
## </parameter>
## </interface>
#
define(`dev_setattr_power_management',`
interface(`dev_setattr_power_management',`
gen_require(`
type device_t, power_device_t;
class dir r_dir_perms;
@ -1789,7 +1789,7 @@ define(`dev_setattr_power_management',`
## </parameter>
## </interface>
#
define(`dev_rw_power_management',`
interface(`dev_rw_power_management',`
gen_require(`
type device_t, power_device_t;
class dir r_dir_perms;
@ -1810,7 +1810,7 @@ define(`dev_rw_power_management',`
## </parameter>
## </interface>
#
define(`dev_getattr_sysfs_dir',`
interface(`dev_getattr_sysfs_dir',`
gen_require(`
type sysfs_t;
class dir getattr;
@ -1829,7 +1829,7 @@ define(`dev_getattr_sysfs_dir',`
## </parameter>
## </interface>
#
define(`dev_search_sysfs',`
interface(`dev_search_sysfs',`
gen_require(`
type sysfs_t;
class dir search;
@ -1848,7 +1848,7 @@ define(`dev_search_sysfs',`
## </parameter>
## </interface>
#
define(`dev_read_sysfs',`
interface(`dev_read_sysfs',`
gen_require(`
type sysfs_t;
class dir r_dir_perms;
@ -1870,7 +1870,7 @@ define(`dev_read_sysfs',`
## </parameter>
## </interface>
#
define(`dev_rw_sysfs',`
interface(`dev_rw_sysfs',`
gen_require(`
type sysfs_t;
class dir r_dir_perms;
@ -1893,7 +1893,7 @@ define(`dev_rw_sysfs',`
## </parameter>
## </interface>
#
define(`dev_search_usbfs',`
interface(`dev_search_usbfs',`
gen_require(`
type usbfs_t;
class dir search;
@ -1912,7 +1912,7 @@ define(`dev_search_usbfs',`
## </parameter>
## </interface>
#
define(`dev_list_usbfs',`
interface(`dev_list_usbfs',`
gen_require(`
type usbfs_t;
class dir r_dir_perms;
@ -1936,7 +1936,7 @@ define(`dev_list_usbfs',`
## </parameter>
## </interface>
#
define(`dev_read_usbfs',`
interface(`dev_read_usbfs',`
gen_require(`
type usbfs_t;
class dir r_dir_perms;
@ -1958,7 +1958,7 @@ define(`dev_read_usbfs',`
## </parameter>
## </interface>
#
define(`dev_rw_usbfs',`
interface(`dev_rw_usbfs',`
gen_require(`
type usbfs_t;
class dir r_dir_perms;
@ -1981,7 +1981,7 @@ define(`dev_rw_usbfs',`
## </parameter>
## </interface>
#
define(`dev_getattr_video_dev',`
interface(`dev_getattr_video_dev',`
gen_require(`
type device_t, v4l_device_t;
class dir r_dir_perms;
@ -2002,7 +2002,7 @@ define(`dev_getattr_video_dev',`
## </parameter>
## </interface>
#
define(`dev_setattr_video_dev',`
interface(`dev_setattr_video_dev',`
gen_require(`
type device_t, v4l_device_t;
class dir r_dir_perms;

172
refpolicy/policy/modules/kernel/filesystem.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`fs_make_fs',`
interface(`fs_make_fs',`
gen_require(`
attribute fs_type;
')
@ -31,7 +31,7 @@ define(`fs_make_fs',`
## </parameter>
## </interface>
#
define(`fs_make_noxattr_fs',`
interface(`fs_make_noxattr_fs',`
gen_require(`
attribute noxattrfs;
')
@ -54,7 +54,7 @@ define(`fs_make_noxattr_fs',`
## </parameter>
## </interface>
#
define(`fs_associate',`
interface(`fs_associate',`
gen_require(`
type fs_t;
class filesystem associate;
@ -77,7 +77,7 @@ define(`fs_associate',`
## </parameter>
## </interface>
#
define(`fs_associate_noxattr',`
interface(`fs_associate_noxattr',`
gen_require(`
attribute noxattrfs;
class filesystem associate;
@ -98,7 +98,7 @@ define(`fs_associate_noxattr',`
## </parameter>
## </interface>
#
define(`fs_mount_xattr_fs',`
interface(`fs_mount_xattr_fs',`
gen_require(`
type fs_t;
class filesystem mount;
@ -120,7 +120,7 @@ define(`fs_mount_xattr_fs',`
## </parameter>
## </interface>
#
define(`fs_remount_xattr_fs',`
interface(`fs_remount_xattr_fs',`
gen_require(`
type fs_t;
class filesystem remount;
@ -141,7 +141,7 @@ define(`fs_remount_xattr_fs',`
## </parameter>
## </interface>
#
define(`fs_unmount_xattr_fs',`
interface(`fs_unmount_xattr_fs',`
gen_require(`
type fs_t;
class filesystem unmount;
@ -163,7 +163,7 @@ define(`fs_unmount_xattr_fs',`
## </parameter>
## </interface>
#
define(`fs_getattr_xattr_fs',`
interface(`fs_getattr_xattr_fs',`
gen_require(`
type fs_t;
class filesystem getattr;
@ -185,7 +185,7 @@ define(`fs_getattr_xattr_fs',`
## </parameter>
## </interface>
#
define(`fs_dontaudit_getattr_xattr_fs',`
interface(`fs_dontaudit_getattr_xattr_fs',`
gen_require(`
type fs_t;
class filesystem getattr;
@ -206,7 +206,7 @@ define(`fs_dontaudit_getattr_xattr_fs',`
## </parameter>
## </interface>
#
define(`fs_relabelfrom_xattr_fs',`
interface(`fs_relabelfrom_xattr_fs',`
gen_require(`
type fs_t;
class filesystem relabelfrom;
@ -225,7 +225,7 @@ define(`fs_relabelfrom_xattr_fs',`
## </parameter>
## </interface>
#
define(`fs_mount_autofs',`
interface(`fs_mount_autofs',`
gen_require(`
type autofs_t;
class filesystem mount;
@ -246,7 +246,7 @@ define(`fs_mount_autofs',`
## </parameter>
## </interface>
#
define(`fs_remount_autofs',`
interface(`fs_remount_autofs',`
gen_require(`
type autofs_t;
class filesystem remount;
@ -265,7 +265,7 @@ define(`fs_remount_autofs',`
## </parameter>
## </interface>
#
define(`fs_unmount_autofs',`
interface(`fs_unmount_autofs',`
gen_require(`
type autofs_t;
class filesystem unmount;
@ -286,7 +286,7 @@ define(`fs_unmount_autofs',`
## </parameter>
## </interface>
#
define(`fs_getattr_autofs',`
interface(`fs_getattr_autofs',`
gen_require(`
type autofs_t;
class filesystem getattr;
@ -312,7 +312,7 @@ define(`fs_getattr_autofs',`
## </parameter>
## </interface>
#
define(`fs_register_binary_executable_type',`
interface(`fs_register_binary_executable_type',`
gen_require(`
type binfmt_misc_fs_t;
class dir { getattr search };
@ -333,7 +333,7 @@ define(`fs_register_binary_executable_type',`
## </parameter>
## </interface>
#
define(`fs_mount_cifs',`
interface(`fs_mount_cifs',`
gen_require(`
type cifs_t;
class filesystem mount;
@ -353,7 +353,7 @@ define(`fs_mount_cifs',`
## </parameter>
## </interface>
#
define(`fs_remount_cifs',`
interface(`fs_remount_cifs',`
gen_require(`
type cifs_t;
class filesystem remount;
@ -372,7 +372,7 @@ define(`fs_remount_cifs',`
## </parameter>
## </interface>
#
define(`fs_unmount_cifs',`
interface(`fs_unmount_cifs',`
gen_require(`
type cifs_t;
class filesystem unmount;
@ -393,7 +393,7 @@ define(`fs_unmount_cifs',`
## </parameter>
## </interface>
#
define(`fs_getattr_cifs',`
interface(`fs_getattr_cifs',`
gen_require(`
type cifs_t;
class filesystem getattr;
@ -412,7 +412,7 @@ define(`fs_getattr_cifs',`
## </parameter>
## </interface>
#
define(`fs_read_cifs_files',`
interface(`fs_read_cifs_files',`
gen_require(`
type cifs_t;
class dir r_dir_perms;
@ -434,7 +434,7 @@ define(`fs_read_cifs_files',`
## </parameter>
## </interface>
#
define(`fs_dontaudit_rw_cifs_files',`
interface(`fs_dontaudit_rw_cifs_files',`
gen_require(`
type cifs_t;
class file { read write };
@ -453,7 +453,7 @@ define(`fs_dontaudit_rw_cifs_files',`
## </parameter>
## </interface>
#
define(`fs_read_cifs_symlinks',`
interface(`fs_read_cifs_symlinks',`
gen_require(`
type cifs_t;
class dir r_dir_perms;
@ -476,7 +476,7 @@ define(`fs_read_cifs_symlinks',`
## </parameter>
## </interface>
#
define(`fs_execute_cifs_files',`
interface(`fs_execute_cifs_files',`
gen_require(`
type cifs_t;
class dir r_dir_perms;
@ -497,7 +497,7 @@ define(`fs_execute_cifs_files',`
## </parameter>
## </interface>
#
define(`fs_read_cifs_files',`
interface(`fs_read_cifs_files',`
gen_require(`
type cifs_t;
class file { read write };
@ -517,7 +517,7 @@ define(`fs_read_cifs_files',`
## </parameter>
## </interface>
#
define(`fs_manage_cifs_dirs',`
interface(`fs_manage_cifs_dirs',`
gen_require(`
type cifs_t;
class dir create_dir_perms;
@ -537,7 +537,7 @@ define(`fs_manage_cifs_dirs',`
## </parameter>
## </interface>
#
define(`fs_manage_cifs_files',`
interface(`fs_manage_cifs_files',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@ -559,7 +559,7 @@ define(`fs_manage_cifs_files',`
## </parameter>
## </interface>
#
define(`fs_manage_cifs_symlinks',`
interface(`fs_manage_cifs_symlinks',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@ -581,7 +581,7 @@ define(`fs_manage_cifs_symlinks',`
## </parameter>
## </interface>
#
define(`fs_manage_cifs_named_pipes',`
interface(`fs_manage_cifs_named_pipes',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@ -603,7 +603,7 @@ define(`fs_manage_cifs_named_pipes',`
## </parameter>
## </interface>
#
define(`fs_manage_cifs_named_sockets',`
interface(`fs_manage_cifs_named_sockets',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@ -625,7 +625,7 @@ define(`fs_manage_cifs_named_sockets',`
## </parameter>
## </interface>
#
define(`fs_mount_dos_fs',`
interface(`fs_mount_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem mount;
@ -646,7 +646,7 @@ define(`fs_mount_dos_fs',`
## </parameter>
## </interface>
#
define(`fs_remount_dos_fs',`
interface(`fs_remount_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem remount;
@ -666,7 +666,7 @@ define(`fs_remount_dos_fs',`
## </parameter>
## </interface>
#
define(`fs_unmount_dos_fs',`
interface(`fs_unmount_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem unmount;
@ -687,7 +687,7 @@ define(`fs_unmount_dos_fs',`
## </parameter>
## </interface>
#
define(`fs_getattr_dos_fs',`
interface(`fs_getattr_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem getattr;
@ -707,7 +707,7 @@ define(`fs_getattr_dos_fs',`
## </parameter>
## </interface>
#
define(`fs_relabelfrom_dos_fs',`
interface(`fs_relabelfrom_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem relabelfrom;
@ -727,7 +727,7 @@ define(`fs_relabelfrom_dos_fs',`
## </parameter>
## </interface>
#
define(`fs_mount_iso9660_fs',`
interface(`fs_mount_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem mount;
@ -748,7 +748,7 @@ define(`fs_mount_iso9660_fs',`
## </parameter>
## </interface>
#
define(`fs_remount_iso9660_fs',`
interface(`fs_remount_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem remount;
@ -768,7 +768,7 @@ define(`fs_remount_iso9660_fs',`
## </parameter>
## </interface>
#
define(`fs_unmount_iso9660_fs',`
interface(`fs_unmount_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem unmount;
@ -789,7 +789,7 @@ define(`fs_unmount_iso9660_fs',`
## </parameter>
## </interface>
#
define(`fs_getattr_iso9660_fs',`
interface(`fs_getattr_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem getattr;
@ -808,7 +808,7 @@ define(`fs_getattr_iso9660_fs',`
## </parameter>
## </interface>
#
define(`fs_mount_nfs',`
interface(`fs_mount_nfs',`
gen_require(`
type nfs_t;
class filesystem mount;
@ -828,7 +828,7 @@ define(`fs_mount_nfs',`
## </parameter>
## </interface>
#
define(`fs_remount_nfs',`
interface(`fs_remount_nfs',`
gen_require(`
type nfs_t;
class filesystem remount;
@ -847,7 +847,7 @@ define(`fs_remount_nfs',`
## </parameter>
## </interface>
#
define(`fs_unmount_nfs',`
interface(`fs_unmount_nfs',`
gen_require(`
type nfs_t;
class filesystem unmount;
@ -867,7 +867,7 @@ define(`fs_unmount_nfs',`
## </parameter>
## </interface>
#
define(`fs_getattr_nfs',`
interface(`fs_getattr_nfs',`
gen_require(`
type nfs_t;
class filesystem getattr;
@ -886,7 +886,7 @@ define(`fs_getattr_nfs',`
## </parameter>
## </interface>
#
define(`fs_read_nfs_files',`
interface(`fs_read_nfs_files',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@ -907,7 +907,7 @@ define(`fs_read_nfs_files',`
## </parameter>
## </interface>
#
define(`fs_execute_nfs_files',`
interface(`fs_execute_nfs_files',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@ -928,7 +928,7 @@ define(`fs_execute_nfs_files',`
## </parameter>
## </interface>
#
define(`fs_dontaudit_rw_nfs_files',`
interface(`fs_dontaudit_rw_nfs_files',`
gen_require(`
type nfs_t;
class file { read write };
@ -947,7 +947,7 @@ define(`fs_dontaudit_rw_nfs_files',`
## </parameter>
## </interface>
#
define(`fs_read_nfs_symlinks',`
interface(`fs_read_nfs_symlinks',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@ -969,7 +969,7 @@ define(`fs_read_nfs_symlinks',`
## </parameter>
## </interface>
#
define(`fs_manage_nfs_dirs',`
interface(`fs_manage_nfs_dirs',`
gen_require(`
type nfs_t;
class dir create_dir_perms;
@ -989,7 +989,7 @@ define(`fs_manage_nfs_dirs',`
## </parameter>
## </interface>
#
define(`fs_manage_nfs_files',`
interface(`fs_manage_nfs_files',`
gen_require(`
type nfs_t;
class dir rw_dir_perms;
@ -1011,7 +1011,7 @@ define(`fs_manage_nfs_files',`
## </parameter>
## </interface>
#
define(`fs_manage_nfs_symlinks',`
interface(`fs_manage_nfs_symlinks',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@ -1033,7 +1033,7 @@ define(`fs_manage_nfs_symlinks',`
## </parameter>
## </interface>
#
define(`fs_manage_nfs_named_pipes',`
interface(`fs_manage_nfs_named_pipes',`
gen_require(`
type nfs_t;
class dir rw_dir_perms;
@ -1055,7 +1055,7 @@ define(`fs_manage_nfs_named_pipes',`
## </parameter>
## </interface>
#
define(`fs_manage_nfs_named_sockets',`
interface(`fs_manage_nfs_named_sockets',`
gen_require(`
type nfs_t;
class dir rw_dir_perms;
@ -1076,7 +1076,7 @@ define(`fs_manage_nfs_named_sockets',`
## </parameter>
## </interface>
#
define(`fs_mount_nfsd_fs',`
interface(`fs_mount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem mount;
@ -1096,7 +1096,7 @@ define(`fs_mount_nfsd_fs',`
## </parameter>
## </interface>
#
define(`fs_remount_nfsd_fs',`
interface(`fs_remount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem remount;
@ -1115,7 +1115,7 @@ define(`fs_remount_nfsd_fs',`
## </parameter>
## </interface>
#
define(`fs_unmount_nfsd_fs',`
interface(`fs_unmount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem unmount;
@ -1136,7 +1136,7 @@ define(`fs_unmount_nfsd_fs',`
## </parameter>
## </interface>
#
define(`fs_getattr_nfsd_fs',`
interface(`fs_getattr_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem getattr;
@ -1155,7 +1155,7 @@ define(`fs_getattr_nfsd_fs',`
## </parameter>
## </interface>
#
define(`fs_mount_ramfs',`
interface(`fs_mount_ramfs',`
gen_require(`
type ramfs_t;
class filesystem mount;
@ -1175,7 +1175,7 @@ define(`fs_mount_ramfs',`
## </parameter>
## </interface>
#
define(`fs_remount_ramfs',`
interface(`fs_remount_ramfs',`
gen_require(`
type ramfs_t;
class filesystem remount;
@ -1194,7 +1194,7 @@ define(`fs_remount_ramfs',`
## </parameter>
## </interface>
#
define(`fs_unmount_ramfs',`
interface(`fs_unmount_ramfs',`
gen_require(`
type ramfs_t;
class filesystem unmount;
@ -1214,7 +1214,7 @@ define(`fs_unmount_ramfs',`
## </parameter>
## </interface>
#
define(`fs_getattr_ramfs',`
interface(`fs_getattr_ramfs',`
gen_require(`
type ramfs_t;
class filesystem getattr;
@ -1233,7 +1233,7 @@ define(`fs_getattr_ramfs',`
## </parameter>
## </interface>
#
define(`fs_mount_romfs',`
interface(`fs_mount_romfs',`
gen_require(`
type romfs_t;
class filesystem mount;
@ -1253,7 +1253,7 @@ define(`fs_mount_romfs',`
## </parameter>
## </interface>
#
define(`fs_remount_romfs',`
interface(`fs_remount_romfs',`
gen_require(`
type romfs_t;
class filesystem remount;
@ -1272,7 +1272,7 @@ define(`fs_remount_romfs',`
## </parameter>
## </interface>
#
define(`fs_unmount_romfs',`
interface(`fs_unmount_romfs',`
gen_require(`
type romfs_t;
class filesystem unmount;
@ -1293,7 +1293,7 @@ define(`fs_unmount_romfs',`
## </parameter>
## </interface>
#
define(`fs_getattr_romfs',`
interface(`fs_getattr_romfs',`
gen_require(`
type romfs_t;
class filesystem getattr;
@ -1312,7 +1312,7 @@ define(`fs_getattr_romfs',`
## </parameter>
## </interface>
#
define(`fs_mount_rpc_pipefs',`
interface(`fs_mount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem mount;
@ -1332,7 +1332,7 @@ define(`fs_mount_rpc_pipefs',`
## </parameter>
## </interface>
#
define(`fs_remount_rpc_pipefs',`
interface(`fs_remount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem remount;
@ -1351,7 +1351,7 @@ define(`fs_remount_rpc_pipefs',`
## </parameter>
## </interface>
#
define(`fs_unmount_rpc_pipefs',`
interface(`fs_unmount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem unmount;
@ -1372,7 +1372,7 @@ define(`fs_unmount_rpc_pipefs',`
## </parameter>
## </interface>
#
define(`fs_getattr_rpc_pipefs',`
interface(`fs_getattr_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem getattr;
@ -1391,7 +1391,7 @@ define(`fs_getattr_rpc_pipefs',`
## </parameter>
## </interface>
#
define(`fs_mount_tmpfs',`
interface(`fs_mount_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem mount;
@ -1410,7 +1410,7 @@ define(`fs_mount_tmpfs',`
## </parameter>
## </interface>
#
define(`fs_remount_tmpfs',`
interface(`fs_remount_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem remount;
@ -1429,7 +1429,7 @@ define(`fs_remount_tmpfs',`
## </parameter>
## </interface>
#
define(`fs_unmount_tmpfs',`
interface(`fs_unmount_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem unmount;
@ -1450,7 +1450,7 @@ define(`fs_unmount_tmpfs',`
## </parameter>
## </interface>
#
define(`fs_getattr_tmpfs',`
interface(`fs_getattr_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem getattr;
@ -1469,7 +1469,7 @@ define(`fs_getattr_tmpfs',`
## </parameter>
## </interface>
#
define(`fs_associate_tmpfs',`
interface(`fs_associate_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem associate;
@ -1482,7 +1482,7 @@ define(`fs_associate_tmpfs',`
#
# fs_create_tmpfs_data(domain,derivedtype,[class])
#
define(`fs_create_tmpfs_data',`
interface(`fs_create_tmpfs_data',`
gen_require(`
type tmpfs_t;
class filesystem associate;
@ -1509,7 +1509,7 @@ define(`fs_create_tmpfs_data',`
## </parameter>
## </interface>
#
define(`fs_use_tmpfs_character_devices',`
interface(`fs_use_tmpfs_character_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@ -1530,7 +1530,7 @@ define(`fs_use_tmpfs_character_devices',`
## </parameter>
## </interface>
#
define(`fs_relabel_tmpfs_character_devices',`
interface(`fs_relabel_tmpfs_character_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@ -1551,7 +1551,7 @@ define(`fs_relabel_tmpfs_character_devices',`
## </parameter>
## </interface>
#
define(`fs_use_tmpfs_block_devices',`
interface(`fs_use_tmpfs_block_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@ -1572,7 +1572,7 @@ define(`fs_use_tmpfs_block_devices',`
## </parameter>
## </interface>
#
define(`fs_relabel_tmpfs_block_devices',`
interface(`fs_relabel_tmpfs_block_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@ -1594,7 +1594,7 @@ define(`fs_relabel_tmpfs_block_devices',`
## </parameter>
## </interface>
#
define(`fs_manage_tmpfs_character_devices',`
interface(`fs_manage_tmpfs_character_devices',`
gen_require(`
type tmpfs_t;
class dir rw_dir_perms;
@ -1616,7 +1616,7 @@ define(`fs_manage_tmpfs_character_devices',`
## </parameter>
## </interface>
#
define(`fs_manage_tmpfs_block_devices',`
interface(`fs_manage_tmpfs_block_devices',`
gen_require(`
type tmpfs_t;
class dir rw_dir_perms;
@ -1637,7 +1637,7 @@ define(`fs_manage_tmpfs_block_devices',`
## </parameter>
## </interface>
#
define(`fs_mount_all_fs',`
interface(`fs_mount_all_fs',`
gen_require(`
attribute fs_type;
class filesystem mount;
@ -1657,7 +1657,7 @@ define(`fs_mount_all_fs',`
## </parameter>
## </interface>
#
define(`fs_remount_all_fs',`
interface(`fs_remount_all_fs',`
gen_require(`
attribute fs_type;
class filesystem remount;
@ -1676,7 +1676,7 @@ define(`fs_remount_all_fs',`
## </parameter>
## </interface>
#
define(`fs_unmount_all_fs',`
interface(`fs_unmount_all_fs',`
gen_require(`
attribute fs_type;
class filesystem unmount;
@ -1697,7 +1697,7 @@ define(`fs_unmount_all_fs',`
## </parameter>
## </interface>
#
define(`fs_getattr_all_fs',`
interface(`fs_getattr_all_fs',`
gen_require(`
attribute fs_type;
class filesystem getattr;
@ -1716,7 +1716,7 @@ define(`fs_getattr_all_fs',`
## </parameter>
## </interface>
#
define(`fs_get_all_fs_quotas',`
interface(`fs_get_all_fs_quotas',`
gen_require(`
attribute fs_type;
class filesystem quotaget;
@ -1735,7 +1735,7 @@ define(`fs_get_all_fs_quotas',`
## </parameter>
## </interface>
#
define(`fs_set_all_quotas',`
interface(`fs_set_all_quotas',`
gen_require(`
attribute fs_type;
class filesystem quotamod;
@ -1748,7 +1748,7 @@ define(`fs_set_all_quotas',`
#
# fs_getattr_all_files(type)
#
define(`fs_getattr_all_files',`
interface(`fs_getattr_all_files',`
gen_require(`
attribute fs_type;
class dir { search getattr };

104
refpolicy/policy/modules/kernel/kernel.if
View File

@ -18,7 +18,7 @@
## </parameter>
## </interface>
#
define(`kernel_userland_entry',`
interface(`kernel_userland_entry',`
gen_require(`
type kernel_t;
class process sigchld;
@ -45,7 +45,7 @@ define(`kernel_userland_entry',`
## </parameter>
## </interface>
#
define(`kernel_rootfs_mountpoint',`
interface(`kernel_rootfs_mountpoint',`
gen_require(`
type kernel_t;
class dir mounton;
@ -64,7 +64,7 @@ define(`kernel_rootfs_mountpoint',`
## </parameter>
## </interface>
#
define(`kernel_sigchld',`
interface(`kernel_sigchld',`
gen_require(`
type kernel_t;
class process sigchld;
@ -84,7 +84,7 @@ define(`kernel_sigchld',`
## </parameter>
## </interface>
#
define(`kernel_share_state',`
interface(`kernel_share_state',`
gen_require(`
type kernel_t;
class process share;
@ -103,7 +103,7 @@ define(`kernel_share_state',`
## </parameter>
## </interface>
#
define(`kernel_use_fd',`
interface(`kernel_use_fd',`
gen_require(`
type kernel_t;
class fd use;
@ -123,7 +123,7 @@ define(`kernel_use_fd',`
## </parameter>
## </interface>
#
define(`kernel_dontaudit_use_fd',`
interface(`kernel_dontaudit_use_fd',`
gen_require(`
type kernel_t;
class fd use;
@ -142,7 +142,7 @@ define(`kernel_dontaudit_use_fd',`
## </parameter>
## </interface>
#
define(`kernel_load_module',`
interface(`kernel_load_module',`
gen_require(`
attribute can_load_kernmodule;
class capability sys_module;
@ -162,7 +162,7 @@ define(`kernel_load_module',`
## </parameter>
## </interface>
#
define(`kernel_read_ring_buffer',`
interface(`kernel_read_ring_buffer',`
gen_require(`
type kernel_t;
class system syslog_read;
@ -181,7 +181,7 @@ define(`kernel_read_ring_buffer',`
## </parameter>
## </interface>
#
define(`kernel_dontaudit_read_ring_buffer',`
interface(`kernel_dontaudit_read_ring_buffer',`
gen_require(`
type kernel_t;
class system syslog_read;
@ -200,7 +200,7 @@ define(`kernel_dontaudit_read_ring_buffer',`
## </parameter>
## </interface>
#
define(`kernel_change_ring_buffer_level',`
interface(`kernel_change_ring_buffer_level',`
gen_require(`
type kernel_t;
class system syslog_console;
@ -219,7 +219,7 @@ define(`kernel_change_ring_buffer_level',`
## </parameter>
## </interface>
#
define(`kernel_clear_ring_buffer',`
interface(`kernel_clear_ring_buffer',`
gen_require(`
type kernel_t;
class system syslog_mod;
@ -238,7 +238,7 @@ define(`kernel_clear_ring_buffer',`
## </parameter>
## </interface>
#
define(`kernel_get_sysvipc_info',`
interface(`kernel_get_sysvipc_info',`
gen_require(`
type kernel_t;
class system ipc_info;
@ -257,7 +257,7 @@ define(`kernel_get_sysvipc_info',`
## </parameter>
## </interface>
#
define(`kernel_read_system_state',`
interface(`kernel_read_system_state',`
gen_require(`
type proc_t;
class dir r_dir_perms;
@ -281,7 +281,7 @@ define(`kernel_read_system_state',`
## </parameter>
## </interface>
#
define(`kernel_dontaudit_read_system_state',`
interface(`kernel_dontaudit_read_system_state',`
gen_require(`
type proc_t;
class file read;
@ -300,7 +300,7 @@ define(`kernel_dontaudit_read_system_state',`
## </parameter>
## </interface>
#
define(`kernel_read_software_raid_state',`
interface(`kernel_read_software_raid_state',`
gen_require(`
type proc_t, proc_mdstat_t;
class dir r_dir_perms;
@ -321,7 +321,7 @@ define(`kernel_read_software_raid_state',`
## </parameter>
## </interface>
#
define(`kernel_getattr_core',`
interface(`kernel_getattr_core',`
gen_require(`
type proc_t, proc_kcore_t;
class dir { search getattr read };
@ -343,7 +343,7 @@ define(`kernel_getattr_core',`
## </parameter>
## </interface>
#
define(`kernel_dontaudit_getattr_core',`
interface(`kernel_dontaudit_getattr_core',`
gen_require(`
type proc_kcore_t;
class file getattr;
@ -363,7 +363,7 @@ define(`kernel_dontaudit_getattr_core',`
## </parameter>
## </interface>
#
define(`kernel_read_messages',`
interface(`kernel_read_messages',`
gen_require(`
attribute can_receive_kernel_messages;
type proc_kmsg_t, proc_t;
@ -387,7 +387,7 @@ define(`kernel_read_messages',`
## </parameter>
## </interface>
#
define(`kernel_getattr_message_if',`
interface(`kernel_getattr_message_if',`
gen_require(`
type proc_kmsg_t, proc_t;
class dir search;
@ -409,7 +409,7 @@ define(`kernel_getattr_message_if',`
## </parameter>
## </interface>
#
define(`kernel_dontaudit_getattr_message_if',`
interface(`kernel_dontaudit_getattr_message_if',`
gen_require(`
type proc_kmsg_t, proc_t;
class file getattr;
@ -429,7 +429,7 @@ define(`kernel_dontaudit_getattr_message_if',`
## </interface>
##
#
define(`kernel_read_network_state',`
interface(`kernel_read_network_state',`
gen_require(`
type proc_t, proc_net_t;
class dir r_dir_perms;
@ -452,7 +452,7 @@ define(`kernel_read_network_state',`
## </interface>
##
#
define(`kernel_dontaudit_search_sysctl_dir',`
interface(`kernel_dontaudit_search_sysctl_dir',`
gen_require(`
type sysctl_t;
class dir search;
@ -471,7 +471,7 @@ define(`kernel_dontaudit_search_sysctl_dir',`
## </parameter>
## </interface>
#
define(`kernel_read_device_sysctl',`
interface(`kernel_read_device_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
class dir r_dir_perms;
@ -494,7 +494,7 @@ define(`kernel_read_device_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_device_sysctl',`
interface(`kernel_rw_device_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
class dir r_dir_perms;
@ -517,7 +517,7 @@ define(`kernel_rw_device_sysctl',`
## </interface>
##
#
define(`kernel_read_vm_sysctl',`
interface(`kernel_read_vm_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
class dir r_dir_perms;
@ -539,7 +539,7 @@ define(`kernel_read_vm_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_vm_sysctl',`
interface(`kernel_rw_vm_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
class dir r_dir_perms;
@ -561,7 +561,7 @@ define(`kernel_rw_vm_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_dontaudit_search_network_sysctl_dir',`
interface(`kernel_dontaudit_search_network_sysctl_dir',`
gen_require(`
type sysctl_net_t;
class dir search;
@ -581,7 +581,7 @@ define(`kernel_dontaudit_search_network_sysctl_dir',`
## </interface>
##
#
define(`kernel_read_net_sysctl',`
interface(`kernel_read_net_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
class dir r_dir_perms;
@ -604,7 +604,7 @@ define(`kernel_read_net_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_net_sysctl',`
interface(`kernel_rw_net_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
class dir r_dir_perms;
@ -628,7 +628,7 @@ define(`kernel_rw_net_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_read_unix_sysctl',`
interface(`kernel_read_unix_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
class dir r_dir_perms;
@ -652,7 +652,7 @@ define(`kernel_read_unix_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_unix_sysctl',`
interface(`kernel_rw_unix_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
class dir r_dir_perms;
@ -675,7 +675,7 @@ define(`kernel_rw_unix_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_read_hotplug_sysctl',`
interface(`kernel_read_hotplug_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
class dir r_dir_perms;
@ -698,7 +698,7 @@ define(`kernel_read_hotplug_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_hotplug_sysctl',`
interface(`kernel_rw_hotplug_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
class dir r_dir_perms;
@ -721,7 +721,7 @@ define(`kernel_rw_hotplug_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_read_modprobe_sysctl',`
interface(`kernel_read_modprobe_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
class dir r_dir_perms;
@ -744,7 +744,7 @@ define(`kernel_read_modprobe_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_modprobe_sysctl',`
interface(`kernel_rw_modprobe_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
class dir r_dir_perms;
@ -767,7 +767,7 @@ define(`kernel_rw_modprobe_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_read_kernel_sysctl',`
interface(`kernel_read_kernel_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
class dir r_dir_perms;
@ -790,7 +790,7 @@ define(`kernel_read_kernel_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_kernel_sysctl',`
interface(`kernel_rw_kernel_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
class dir r_dir_perms;
@ -813,7 +813,7 @@ define(`kernel_rw_kernel_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_read_fs_sysctl',`
interface(`kernel_read_fs_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
class dir r_dir_perms;
@ -836,7 +836,7 @@ define(`kernel_read_fs_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_fs_sysctl',`
interface(`kernel_rw_fs_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
class dir r_dir_perms;
@ -859,7 +859,7 @@ define(`kernel_rw_fs_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_read_irq_sysctl',`
interface(`kernel_read_irq_sysctl',`
gen_require(`
type proc_t, sysctl_irq_t;
class dir r_dir_perms;
@ -882,7 +882,7 @@ define(`kernel_read_irq_sysctl',`
## </interface>
##
#
define(`kernel_rw_irq_sysctl',`
interface(`kernel_rw_irq_sysctl',`
gen_require(`
type proc_t, sysctl_irq_t;
class dir r_dir_perms;
@ -898,7 +898,7 @@ define(`kernel_rw_irq_sysctl',`
#
# kernel_read_rpc_sysctl(domain)
#
define(`kernel_read_rpc_sysctl',`
interface(`kernel_read_rpc_sysctl',`
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
class dir r_dir_perms;
@ -915,7 +915,7 @@ define(`kernel_read_rpc_sysctl',`
#
# kernel_rw_rpc_sysctl(domain)
#
define(`kernel_rw_rpc_sysctl',`
interface(`kernel_rw_rpc_sysctl',`
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
class dir r_dir_perms;
@ -938,7 +938,7 @@ define(`kernel_rw_rpc_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_read_all_sysctl',`
interface(`kernel_read_all_sysctl',`
kernel_read_device_sysctl($1)
kernel_read_vm_sysctl($1)
kernel_read_net_sysctl($1)
@ -961,7 +961,7 @@ define(`kernel_read_all_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_rw_all_sysctl',`
interface(`kernel_rw_all_sysctl',`
kernel_rw_device_sysctl($1)
kernel_rw_vm_sysctl($1)
kernel_rw_net_sysctl($1)
@ -984,7 +984,7 @@ define(`kernel_rw_all_sysctl',`
## </parameter>
## </interface>
#
define(`kernel_kill_unlabeled',`
interface(`kernel_kill_unlabeled',`
gen_require(`
type unlabeled_t;
class process sigkill;
@ -1003,7 +1003,7 @@ define(`kernel_kill_unlabeled',`
## </parameter>
## </interface>
#
define(`kernel_signal_unlabeled',`
interface(`kernel_signal_unlabeled',`
gen_require(`
type unlabeled_t;
class process signal;
@ -1022,7 +1022,7 @@ define(`kernel_signal_unlabeled',`
## </parameter>
## </interface>
#
define(`kernel_signull_unlabeled',`
interface(`kernel_signull_unlabeled',`
gen_require(`
type unlabeled_t;
class process signull;
@ -1041,7 +1041,7 @@ define(`kernel_signull_unlabeled',`
## </parameter>
## </interface>
#
define(`kernel_sigstop_unlabeled',`
interface(`kernel_sigstop_unlabeled',`
gen_require(`
type unlabeled_t;
class process sigstop;
@ -1060,7 +1060,7 @@ define(`kernel_sigstop_unlabeled',`
## </parameter>
## </interface>
#
define(`kernel_sigchld_unlabeled',`
interface(`kernel_sigchld_unlabeled',`
gen_require(`
type unlabeled_t;
class process sigchld;
@ -1080,7 +1080,7 @@ define(`kernel_sigchld_unlabeled',`
## </parameter>
## </interface>
#
define(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
gen_require(`
type unlabeled_t;
class process getattr;
@ -1099,7 +1099,7 @@ define(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
## </parameter>
## </interface>
#
define(`kernel_relabel_unlabeled',`
interface(`kernel_relabel_unlabeled',`
gen_require(`
type unlabeled_t;
class dir { getattr relabelfrom };

22
refpolicy/policy/modules/kernel/selinux.if
View File

@ -13,7 +13,7 @@
## </parameter>
## </interface>
#
define(`selinux_get_fs_mount',`
interface(`selinux_get_fs_mount',`
# read /proc/filesystems to see if selinuxfs is supported
# then read /proc/self/mount to see where selinuxfs is mounted
kernel_read_system_state($1)
@ -30,7 +30,7 @@ define(`selinux_get_fs_mount',`
## </parameter>
## </interface>
#
define(`selinux_get_enforce_mode',`
interface(`selinux_get_enforce_mode',`
gen_require(`
type security_t;
class dir { read search getattr };
@ -52,7 +52,7 @@ define(`selinux_get_enforce_mode',`
## </parameter>
## </interface>
#
define(`selinux_set_enforce_mode',`
interface(`selinux_set_enforce_mode',`
gen_require(`
type security_t;
attribute can_setenforce;
@ -78,7 +78,7 @@ define(`selinux_set_enforce_mode',`
## </parameter>
## </interface>
#
define(`selinux_load_policy',`
interface(`selinux_load_policy',`
gen_require(`
type security_t;
attribute can_load_policy;
@ -108,7 +108,7 @@ define(`selinux_load_policy',`
## </parameter>
## </interface>
#
define(`selinux_set_boolean',`
interface(`selinux_set_boolean',`
gen_require(`
type security_t;
class dir { read search getattr };
@ -139,7 +139,7 @@ define(`selinux_set_boolean',`
## </parameter>
## </interface>
#
define(`selinux_set_parameters',`
interface(`selinux_set_parameters',`
gen_require(`
type security_t;
attribute can_setsecparam;
@ -165,7 +165,7 @@ define(`selinux_set_parameters',`
## </parameter>
## </interface>
#
define(`selinux_validate_context',`
interface(`selinux_validate_context',`
gen_require(`
type security_t;
class dir { read search getattr };
@ -188,7 +188,7 @@ define(`selinux_validate_context',`
## </parameter>
## </interface>
#
define(`selinux_compute_access_vector',`
interface(`selinux_compute_access_vector',`
gen_require(`
type security_t;
class dir { read search getattr };
@ -211,7 +211,7 @@ define(`selinux_compute_access_vector',`
## </parameter>
## </interface>
#
define(`selinux_compute_create_context',`
interface(`selinux_compute_create_context',`
gen_require(`
type security_t;
class dir { read search getattr };
@ -234,7 +234,7 @@ define(`selinux_compute_create_context',`
## </parameter>
## </interface>
#
define(`selinux_compute_relabel_context',`
interface(`selinux_compute_relabel_context',`
gen_require(`
type security_t;
class dir { read search getattr };
@ -257,7 +257,7 @@ define(`selinux_compute_relabel_context',`
## </parameter>
## </interface>
#
define(`selinux_compute_user_contexts',`
interface(`selinux_compute_user_contexts',`
gen_require(`
type security_t;
class dir { read search getattr };

52
refpolicy/policy/modules/kernel/storage.if
View File

@ -12,7 +12,7 @@
## </parameter>
## </interface>
#
define(`storage_getattr_fixed_disk',`
interface(`storage_getattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file getattr;
@ -33,7 +33,7 @@ define(`storage_getattr_fixed_disk',`
## </parameter>
## </interface>
#
define(`storage_dontaudit_getattr_fixed_disk',`
interface(`storage_dontaudit_getattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file getattr;
@ -53,7 +53,7 @@ define(`storage_dontaudit_getattr_fixed_disk',`
## </parameter>
## </interface>
#
define(`storage_setattr_fixed_disk',`
interface(`storage_setattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file setattr;
@ -74,7 +74,7 @@ define(`storage_setattr_fixed_disk',`
## </parameter>
## </interface>
#
define(`storage_dontaudit_setattr_fixed_disk',`
interface(`storage_dontaudit_setattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file getattr;
@ -96,7 +96,7 @@ define(`storage_dontaudit_setattr_fixed_disk',`
## </parameter>
## </interface>
#
define(`storage_raw_read_fixed_disk',`
interface(`storage_raw_read_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_read;
type fixed_disk_device_t;
@ -121,7 +121,7 @@ define(`storage_raw_read_fixed_disk',`
## </parameter>
## </interface>
#
define(`storage_raw_write_fixed_disk',`
interface(`storage_raw_write_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_write;
type fixed_disk_device_t;
@ -143,7 +143,7 @@ define(`storage_raw_write_fixed_disk',`
## </parameter>
## </interface>
#
define(`storage_create_fixed_disk_dev_entry',`
interface(`storage_create_fixed_disk_dev_entry',`
gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t;
@ -165,7 +165,7 @@ define(`storage_create_fixed_disk_dev_entry',`
## </parameter>
## </interface>
#
define(`storage_manage_fixed_disk',`
interface(`storage_manage_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t;
@ -190,7 +190,7 @@ define(`storage_manage_fixed_disk',`
## </parameter>
## </interface>
#
define(`storage_raw_read_lvm_volume',`
interface(`storage_raw_read_lvm_volume',`
gen_require(`
attribute fixed_disk_raw_read;
type lvm_vg_t;
@ -215,7 +215,7 @@ define(`storage_raw_read_lvm_volume',`
## </parameter>
## </interface>
#
define(`storage_raw_write_lvm_volume',`
interface(`storage_raw_write_lvm_volume',`
gen_require(`
attribute fixed_disk_raw_write;
type lvm_vg_t;
@ -238,7 +238,7 @@ define(`storage_raw_write_lvm_volume',`
## </parameter>
## </interface>
#
define(`storage_getattr_scsi_generic',`
interface(`storage_getattr_scsi_generic',`
gen_require(`
type scsi_generic_device_t;
class blk_file getattr;
@ -259,7 +259,7 @@ define(`storage_getattr_scsi_generic',`
## </parameter>
## </interface>
#
define(`storage_setattr_scsi_generic',`
interface(`storage_setattr_scsi_generic',`
gen_require(`
type scsi_generic_device_t;
class blk_file setattr;
@ -283,7 +283,7 @@ define(`storage_setattr_scsi_generic',`
## </parameter>
## </interface>
#
define(`storage_read_scsi_generic',`
interface(`storage_read_scsi_generic',`
gen_require(`
attribute scsi_generic_read;
type scsi_generic_device_t;
@ -309,7 +309,7 @@ define(`storage_read_scsi_generic',`
## </parameter>
## </interface>
#
define(`storage_write_scsi_generic',`
interface(`storage_write_scsi_generic',`
gen_require(`
attribute scsi_generic_write;
type scsi_generic_device_t;
@ -332,7 +332,7 @@ define(`storage_write_scsi_generic',`
## </parameter>
## </interface>
#
define(`storage_getattr_scsi_generic',`
interface(`storage_getattr_scsi_generic',`
gen_require(`
type scsi_generic_device_t;
class blk_file getattr;
@ -353,7 +353,7 @@ define(`storage_getattr_scsi_generic',`
## </parameter>
## </interface>
#
define(`storage_set_scsi_generic_attributes',`
interface(`storage_set_scsi_generic_attributes',`
gen_require(`
type scsi_generic_device_t;
class blk_file setattr;
@ -374,7 +374,7 @@ define(`storage_set_scsi_generic_attributes',`
## </parameter>
## </interface>
#
define(`storage_getattr_removable_device',`
interface(`storage_getattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file getattr;
@ -395,7 +395,7 @@ define(`storage_getattr_removable_device',`
## </parameter>
## </interface>
#
define(`storage_dontaudit_getattr_removable_device',`
interface(`storage_dontaudit_getattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file getattr;
@ -415,7 +415,7 @@ define(`storage_dontaudit_getattr_removable_device',`
## </parameter>
## </interface>
#
define(`storage_setattr_removable_device',`
interface(`storage_setattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file setattr;
@ -436,7 +436,7 @@ define(`storage_setattr_removable_device',`
## </parameter>
## </interface>
#
define(`storage_dontaudit_setattr_removable_device',`
interface(`storage_dontaudit_setattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file setattr;
@ -459,7 +459,7 @@ define(`storage_dontaudit_setattr_removable_device',`
## </parameter>
## </interface>
#
define(`storage_raw_read_removable_device',`
interface(`storage_raw_read_removable_device',`
gen_require(`
type removable_device_t;
class blk_file r_file_perms;
@ -483,7 +483,7 @@ define(`storage_raw_read_removable_device',`
## </parameter>
## </interface>
#
define(`storage_raw_write_removable_device',`
interface(`storage_raw_write_removable_device',`
gen_require(`
type removable_device_t;
class blk_file { getattr write ioctl };
@ -504,7 +504,7 @@ define(`storage_raw_write_removable_device',`
## </parameter>
## </interface>
#
define(`storage_read_tape_device',`
interface(`storage_read_tape_device',`
gen_require(`
type tape_device_t;
class blk_file r_file_perms;
@ -525,7 +525,7 @@ define(`storage_read_tape_device',`
## </parameter>
## </interface>
#
define(`storage_write_tape_device',`
interface(`storage_write_tape_device',`
gen_require(`
type tape_device_t;
class blk_file { getattr write ioctl };
@ -546,7 +546,7 @@ define(`storage_write_tape_device',`
## </parameter>
## </interface>
#
define(`storage_getattr_tape_device',`
interface(`storage_getattr_tape_device',`
gen_require(`
type tape_device_t;
class blk_file getattr;
@ -567,7 +567,7 @@ define(`storage_getattr_tape_device',`
## </parameter>
## </interface>
#
define(`storage_setattr_tape_device',`
interface(`storage_setattr_tape_device',`
gen_require(`
type tape_device_t;
class blk_file setattr;

68
refpolicy/policy/modules/kernel/terminal.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`term_pty',`
interface(`term_pty',`
gen_require(`
attribute ptynode;
type devpts_t;
@ -38,7 +38,7 @@ define(`term_pty',`
## </parameter>
## </interface>
#
define(`term_user_pty',`
interface(`term_user_pty',`
gen_require(`
attribute server_ptynode;
')
@ -58,7 +58,7 @@ define(`term_user_pty',`
## </parameter>
## </interface>
#
define(`term_login_pty',`
interface(`term_login_pty',`
gen_require(`
attribute server_ptynode;
')
@ -77,7 +77,7 @@ define(`term_login_pty',`
## </parameter>
## </interface>
#
define(`term_tty',`
interface(`term_tty',`
gen_require(`
attribute ttynode;
type tty_device_t;
@ -110,7 +110,7 @@ define(`term_tty',`
## </parameter>
## </interface>
#
define(`term_create_pty',`
interface(`term_create_pty',`
gen_require(`
type bsdpty_device_t, devpts_t, ptmx_t;
class filesystem getattr;
@ -138,7 +138,7 @@ define(`term_create_pty',`
## </parameter>
## </interface>
#
define(`term_use_all_terms',`
interface(`term_use_all_terms',`
gen_require(`
attribute ttynode, ptynode;
type console_device_t, devpts_t, tty_device_t;
@ -161,7 +161,7 @@ define(`term_use_all_terms',`
## </parameter>
## </interface>
#
define(`term_write_console',`
interface(`term_write_console',`
gen_require(`
type console_device_t;
class chr_file write;
@ -181,7 +181,7 @@ define(`term_write_console',`
## </parameter>
## </interface>
#
define(`term_use_console',`
interface(`term_use_console',`
gen_require(`
type console_device_t;
class chr_file rw_file_perms;
@ -202,7 +202,7 @@ define(`term_use_console',`
## </parameter>
## </interface>
#
define(`term_dontaudit_use_console',`
interface(`term_dontaudit_use_console',`
gen_require(`
type console_device_t;
class chr_file { read write };
@ -222,7 +222,7 @@ define(`term_dontaudit_use_console',`
## </parameter>
## </interface>
#
define(`term_setattr_console',`
interface(`term_setattr_console',`
gen_require(`
type console_device_t;
class chr_file setattr;
@ -243,7 +243,7 @@ define(`term_setattr_console',`
## </parameter>
## </interface>
#
define(`term_list_ptys',`
interface(`term_list_ptys',`
gen_require(`
type devpts_t;
class dir r_dir_perms;
@ -264,7 +264,7 @@ define(`term_list_ptys',`
## </parameter>
## </interface>
#
define(`term_dontaudit_list_ptys',`
interface(`term_dontaudit_list_ptys',`
gen_require(`
type devpts_t;
class dir { getattr search read };
@ -285,7 +285,7 @@ define(`term_dontaudit_list_ptys',`
## </parameter>
## </interface>
#
define(`term_use_generic_pty',`
interface(`term_use_generic_pty',`
gen_require(`
type devpts_t;
class chr_file { read write };
@ -307,7 +307,7 @@ define(`term_use_generic_pty',`
## </parameter>
## </interface>
#
define(`term_dontaudit_use_generic_pty',`
interface(`term_dontaudit_use_generic_pty',`
gen_require(`
type devpts_t;
class chr_file { read write };
@ -327,7 +327,7 @@ define(`term_dontaudit_use_generic_pty',`
## </parameter>
## </interface>
#
define(`term_use_controlling_term',`
interface(`term_use_controlling_term',`
gen_require(`
type devtty_t;
class chr_file { getattr read write ioctl };
@ -348,7 +348,7 @@ define(`term_use_controlling_term',`
## </parameter>
## </interface>
#
define(`term_dontaudit_use_ptmx',`
interface(`term_dontaudit_use_ptmx',`
gen_require(`
type ptmx_t;
class chr_file { getattr read write };
@ -368,7 +368,7 @@ define(`term_dontaudit_use_ptmx',`
## </parameter>
## </interface>
#
define(`term_getattr_all_user_ptys',`
interface(`term_getattr_all_user_ptys',`
gen_require(`
attribute ptynode;
class dir r_dir_perms;
@ -390,7 +390,7 @@ define(`term_getattr_all_user_ptys',`
## </parameter>
## </interface>
#
define(`term_use_all_user_ptys',`
interface(`term_use_all_user_ptys',`
gen_require(`
attribute ptynode;
class dir r_dir_perms;
@ -413,7 +413,7 @@ define(`term_use_all_user_ptys',`
## </parameter>
## </interface>
#
define(`term_dontaudit_use_all_user_ptys',`
interface(`term_dontaudit_use_all_user_ptys',`
gen_require(`
attribute ptynode;
class chr_file { read write };
@ -433,7 +433,7 @@ define(`term_dontaudit_use_all_user_ptys',`
## </parameter>
## </interface>
#
define(`term_relabel_all_user_ptys',`
interface(`term_relabel_all_user_ptys',`
gen_require(`
attribute ptynode;
class chr_file { relabelfrom relabelto };
@ -454,7 +454,7 @@ define(`term_relabel_all_user_ptys',`
## </parameter>
## </interface>
#
define(`term_getattr_unallocated_ttys',`
interface(`term_getattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file getattr;
@ -475,7 +475,7 @@ define(`term_getattr_unallocated_ttys',`
## </parameter>
## </interface>
#
define(`term_setattr_unallocated_ttys',`
interface(`term_setattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file setattr;
@ -496,7 +496,7 @@ define(`term_setattr_unallocated_ttys',`
## </parameter>
## </interface>
#
define(`term_relabel_unallocated_ttys',`
interface(`term_relabel_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file { relabelfrom relabelto };
@ -517,7 +517,7 @@ define(`term_relabel_unallocated_ttys',`
## </parameter>
## </interface>
#
define(`term_reset_tty_labels',`
interface(`term_reset_tty_labels',`
gen_require(`
attribute ttynode;
type tty_device_t;
@ -539,7 +539,7 @@ define(`term_reset_tty_labels',`
## </parameter>
## </interface>
#
define(`term_write_unallocated_ttys',`
interface(`term_write_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file { getattr write };
@ -559,7 +559,7 @@ define(`term_write_unallocated_ttys',`
## </parameter>
## </interface>
#
define(`term_use_unallocated_tty',`
interface(`term_use_unallocated_tty',`
gen_require(`
type tty_device_t;
class chr_file { getattr read write ioctl };
@ -580,7 +580,7 @@ define(`term_use_unallocated_tty',`
## </parameter>
## </interface>
#
define(`term_dontaudit_use_unallocated_tty',`
interface(`term_dontaudit_use_unallocated_tty',`
gen_require(`
type tty_device_t;
class chr_file { read write };
@ -600,7 +600,7 @@ define(`term_dontaudit_use_unallocated_tty',`
## </parameter>
## </interface>
#
define(`term_getattr_all_user_ttys',`
interface(`term_getattr_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file getattr;
@ -622,7 +622,7 @@ define(`term_getattr_all_user_ttys',`
## </parameter>
## </interface>
#
define(`term_dontaudit_getattr_all_user_ttys',`
interface(`term_dontaudit_getattr_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file getattr;
@ -643,7 +643,7 @@ define(`term_dontaudit_getattr_all_user_ttys',`
## </parameter>
## </interface>
#
define(`term_setattr_all_user_ttys',`
interface(`term_setattr_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file setattr;
@ -664,7 +664,7 @@ define(`term_setattr_all_user_ttys',`
## </parameter>
## </interface>
#
define(`term_relabel_all_user_ttys',`
interface(`term_relabel_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { relabelfrom relabelto };
@ -684,7 +684,7 @@ define(`term_relabel_all_user_ttys',`
## </parameter>
## </interface>
#
define(`term_write_all_user_ttys',`
interface(`term_write_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { getattr write };
@ -704,7 +704,7 @@ define(`term_write_all_user_ttys',`
## </parameter>
## </interface>
#
define(`term_use_all_user_ttys',`
interface(`term_use_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { getattr read write ioctl };
@ -725,7 +725,7 @@ define(`term_use_all_user_ttys',`
## </parameter>
## </interface>
#
define(`term_dontaudit_use_all_user_ttys',`
interface(`term_dontaudit_use_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { read write };

6
refpolicy/policy/modules/services/cron.if
View File

@ -4,7 +4,7 @@
# cron_per_userdomain_template(domainprefix)
#
define(`cron_per_userdomain_template',`
template(`cron_per_userdomain_template',`
# Type of user crontabs once moved to cron spool.
type $1_cron_spool_t;
@ -217,7 +217,7 @@ define(`cron_per_userdomain_template',`
# cron_admin_template(domainprefix)
#
define(`cron_admin_template',`
template(`cron_admin_template',`
logging_read_generic_logs($1_crond_t)
# Allow our crontab domain to unlink a user cron spool file.
@ -243,7 +243,7 @@ define(`cron_admin_template',`
#
# cron_rw_log(domain)
#
define(`cron_rw_log',`
interface(`cron_rw_log',`
gen_require(`
type crond_log_t;
class file rw_file_perms;

22
refpolicy/policy/modules/services/mta.if
View File

@ -7,7 +7,7 @@
#
# mta_per_userdomain_template(userdomain_prefix)
#
define(`mta_per_userdomain_template',`
template(`mta_per_userdomain_template',`
type $1_mail_t; # , user_mail_domain, nscd_client_domain;
domain_type($1_mail_t)
role $1_r types $1_mail_t;
@ -138,7 +138,7 @@ define(`mta_per_userdomain_template',`
#
# mta_mailserver(domain,entrypointtype)
#
define(`mta_mailserver',`
interface(`mta_mailserver',`
gen_require(`
attribute mailserver_domain;
')
@ -151,7 +151,7 @@ define(`mta_mailserver',`
#
# mta_sendmail_mailserver(domain,entrypointtype)
#
define(`mta_sendmail_mailserver',`
interface(`mta_sendmail_mailserver',`
gen_require(`
type sendmail_exec_t;
')
@ -163,7 +163,7 @@ define(`mta_sendmail_mailserver',`
#
# mta_send_mail(domain)
#
define(`mta_send_mail',`
interface(`mta_send_mail',`
gen_require(`
type system_mail_t, sendmail_exec_t;
class lnk_file r_file_perms;
@ -185,7 +185,7 @@ define(`mta_send_mail',`
#
# mta_exec(domain)
#
define(`mta_exec',`
interface(`mta_exec',`
gen_require(`
type sendmail_exec_t;
')
@ -203,7 +203,7 @@ define(`mta_exec',`
## </parameter>
## </interface>
#
define(`mta_read_aliases',`
interface(`mta_read_aliases',`
gen_require(`
type etc_aliases_t;
class file r_file_perms;
@ -217,7 +217,7 @@ define(`mta_read_aliases',`
#
# mta_rw_aliases(domain)
#
define(`mta_rw_aliases',`
interface(`mta_rw_aliases',`
gen_require(`
type etc_aliases_t;
class file { rw_file_perms setattr };
@ -231,7 +231,7 @@ define(`mta_rw_aliases',`
#
# mta_getattr_spool(domain)
#
define(`mta_getattr_spool',`
interface(`mta_getattr_spool',`
gen_require(`
type mail_spool_t;
class dir r_dir_perms;
@ -249,7 +249,7 @@ define(`mta_getattr_spool',`
#
# mta_rw_spool(domain)
#
define(`mta_rw_spool',`
interface(`mta_rw_spool',`
gen_require(`
type mail_spool_t;
class dir r_dir_perms;
@ -265,7 +265,7 @@ define(`mta_rw_spool',`
#
# mta_manage_spool(domain)
#
define(`mta_manage_spool',`
interface(`mta_manage_spool',`
gen_require(`
type mail_spool_t;
class dir rw_dir_perms;
@ -281,7 +281,7 @@ define(`mta_manage_spool',`
#
# mta_manage_queue(domain)
#
define(`mta_manage_queue',`
interface(`mta_manage_queue',`
gen_require(`
type mqueue_spool_t;
class dir rw_dir_perms;

2
refpolicy/policy/modules/services/remotelogin.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`remotelogin_domtrans',`
interface(`remotelogin_domtrans',`
gen_require(`
type remote_login_t;
')

2
refpolicy/policy/modules/services/sendmail.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`sendmail_domtrans',`
interface(`sendmail_domtrans',`
gen_require(`
type sendmail_exec_t, sendmail_t;
class process sigchld;

4
refpolicy/policy/modules/services/ssh.if
View File

@ -1,4 +1,4 @@
define(`ssh_per_userdomain_template',`
template(`ssh_per_userdomain_template',`
# Derived domain based on the calling user domain and the program.
type $1_ssh_t; #, privlog, nscd_client_domain;
domain_type($1_ssh_t)
@ -155,7 +155,7 @@ define(`ssh_per_userdomain_template',`
#
#
#
define(`sshd_program_domain', `
template(`sshd_program_domain', `
# auth_chkpwd is for running unix_chkpwd and unix_verify.
type $1_t; #, nscd_client_domain;
role system_r types $1_t;

56
refpolicy/policy/modules/system/authlogin.if
View File

@ -7,7 +7,7 @@
#
# authlogin_per_userdomain_template(userdomain_prefix)
#
define(`authlogin_per_userdomain_template',`
interface(`authlogin_per_userdomain_template',`
gen_require(`
attribute can_read_shadow_passwords;
type chkpwd_exec_t, system_chkpwd_t, shadow_t;
@ -98,7 +98,7 @@ define(`authlogin_per_userdomain_template',`
## </parameter>
## </interface>
#
define(`auth_login_entry_type',`
interface(`auth_login_entry_type',`
gen_require(`
type login_exec_t;
')
@ -119,7 +119,7 @@ define(`auth_login_entry_type',`
## </parameter>
## </interface>
#
define(`auth_domtrans_login_program',`
interface(`auth_domtrans_login_program',`
gen_require(`
type login_exec_t;
class process sigchld;
@ -146,7 +146,7 @@ define(`auth_domtrans_login_program',`
## </parameter>
## </interface>
#
define(`auth_domtrans_chk_passwd',`
interface(`auth_domtrans_chk_passwd',`
gen_require(`
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
class process sigchld;
@ -190,7 +190,7 @@ define(`auth_domtrans_chk_passwd',`
## </parameter>
## </interface>
#
define(`auth_dontaudit_getattr_shadow',`
interface(`auth_dontaudit_getattr_shadow',`
gen_require(`
type shadow_t;
class file stat_file_perms;
@ -209,7 +209,7 @@ define(`auth_dontaudit_getattr_shadow',`
## </parameter>
## </interface>
#
define(`auth_read_shadow',`
interface(`auth_read_shadow',`
gen_require(`
attribute can_read_shadow_passwords;
type shadow_t;
@ -232,7 +232,7 @@ define(`auth_read_shadow',`
## </parameter>
## </interface>
#
define(`auth_dontaudit_read_shadow',`
interface(`auth_dontaudit_read_shadow',`
gen_require(`
type shadow_t;
class file r_file_perms;
@ -251,7 +251,7 @@ define(`auth_dontaudit_read_shadow',`
## </parameter>
## </interface>
#
define(`auth_rw_shadow',`
interface(`auth_rw_shadow',`
gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t;
@ -267,7 +267,7 @@ define(`auth_rw_shadow',`
#
# auth_manage_shadow(domain)
#
define(`auth_manage_shadow',`
interface(`auth_manage_shadow',`
gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t;
@ -284,7 +284,7 @@ define(`auth_manage_shadow',`
#
# auth_relabelto_shadow(domain)
#
define(`auth_relabelto_shadow',`
interface(`auth_relabelto_shadow',`
gen_require(`
attribute can_relabelto_shadow_passwords;
type shadow_t;
@ -300,7 +300,7 @@ define(`auth_relabelto_shadow',`
#
# auth_rw_faillog(domain)
#
define(`auth_rw_faillog',`
interface(`auth_rw_faillog',`
gen_require(`
type faillog_t;
class file rw_file_perms;
@ -314,7 +314,7 @@ define(`auth_rw_faillog',`
#
# auth_rw_lastlog(domain)
#
define(`auth_rw_lastlog',`
interface(`auth_rw_lastlog',`
gen_require(`
type lastlog_t;
class file { getattr read write setattr };
@ -334,7 +334,7 @@ define(`auth_rw_lastlog',`
## </parameter>
## </interface>
#
define(`auth_domtrans_pam',`
interface(`auth_domtrans_pam',`
gen_require(`
type pam_t, pam_exec_t;
class process sigchld;
@ -366,7 +366,7 @@ define(`auth_domtrans_pam',`
## </parameter>
## </interface>
#
define(`auth_run_pam',`
interface(`auth_run_pam',`
gen_require(`
type pam_t;
class chr_file rw_file_perms;
@ -387,7 +387,7 @@ define(`auth_run_pam',`
## </parameter>
## </interface>
#
define(`auth_exec_pam',`
interface(`auth_exec_pam',`
gen_require(`
type pam_exec_t;
')
@ -399,7 +399,7 @@ define(`auth_exec_pam',`
#
# auth_read_pam_pid(domain)
#
define(`auth_read_pam_pid',`
interface(`auth_read_pam_pid',`
gen_require(`
type pam_var_run_t;
class dir r_dir_perms;
@ -422,7 +422,7 @@ define(`auth_read_pam_pid',`
## </parameter>
## </interface>
#
define(`auth_delete_pam_pid',`
interface(`auth_delete_pam_pid',`
gen_require(`
type pam_var_run_t;
class dir { getattr search read write remove_name };
@ -439,7 +439,7 @@ define(`auth_delete_pam_pid',`
#
# auth_domtrans_pam_console(domain)
#
define(`auth_domtrans_pam_console',`
interface(`auth_domtrans_pam_console',`
gen_require(`
type pam_console_t, pam_console_exec_t;
class process sigchld;
@ -459,7 +459,7 @@ define(`auth_domtrans_pam_console',`
#
# auth_list_pam_console_data(domain)
#
define(`auth_list_pam_console_data',`
interface(`auth_list_pam_console_data',`
gen_require(`
type pam_var_console_t;
class dir r_dir_perms;
@ -474,7 +474,7 @@ define(`auth_list_pam_console_data',`
#
# auth_read_pam_console_data(domain)
#
define(`auth_read_pam_console_data',`
interface(`auth_read_pam_console_data',`
gen_require(`
type pam_var_console_t;
class dir r_dir_perms;
@ -491,7 +491,7 @@ define(`auth_read_pam_console_data',`
#
# auth_manage_pam_console_data(domain)
#
define(`auth_manage_pam_console_data',`
interface(`auth_manage_pam_console_data',`
gen_require(`
type pam_var_console_t;
class dir rw_dir_perms;
@ -522,7 +522,7 @@ define(`auth_manage_pam_console_data',`
## </interface>
#
define(`auth_relabel_all_files_except_shadow',`
interface(`auth_relabel_all_files_except_shadow',`
gen_require(`
type shadow_t;
')
@ -546,7 +546,7 @@ define(`auth_relabel_all_files_except_shadow',`
## </interface>
#
define(`auth_manage_all_files_except_shadow',`
interface(`auth_manage_all_files_except_shadow',`
gen_require(`
type shadow_t;
')
@ -564,7 +564,7 @@ define(`auth_manage_all_files_except_shadow',`
## </parameter>
## </interface>
#
define(`auth_domtrans_utempter',`
interface(`auth_domtrans_utempter',`
gen_require(`
type utempter_t, utempter_exec_t;
class process sigchld;
@ -596,7 +596,7 @@ define(`auth_domtrans_utempter',`
## </parameter>
## </interface>
#
define(`auth_run_utempter',`
interface(`auth_run_utempter',`
gen_require(`
type utempter_t;
class chr_file rw_file_perms;
@ -611,7 +611,7 @@ define(`auth_run_utempter',`
#
# auth_read_login_records(domain)
#
define(`auth_read_login_records',`
interface(`auth_read_login_records',`
gen_require(`
type wtmp_t;
class file r_file_perms;
@ -625,7 +625,7 @@ define(`auth_read_login_records',`
#
# auth_dontaudit_write_login_records(domain)
#
define(`auth_dontaudit_write_login_records',`
interface(`auth_dontaudit_write_login_records',`
gen_require(`
type wtmp_t;
class file write;
@ -638,7 +638,7 @@ define(`auth_dontaudit_write_login_records',`
#
# auth_rw_login_records(domain)
#
define(`auth_rw_login_records',`
interface(`auth_rw_login_records',`
gen_require(`
type wtmp_t;
class file rw_file_perms;

8
refpolicy/policy/modules/system/clock.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`clock_domtrans',`
interface(`clock_domtrans',`
gen_require(`
type hwclock_t, hwclock_exec_t;
class fd use;
@ -43,7 +43,7 @@ define(`clock_domtrans',`
## </parameter>
## </interface>
#
define(`clock_run',`
interface(`clock_run',`
gen_require(`
type hwclock_t;
class chr_file { getattr read write ioctl };
@ -64,7 +64,7 @@ define(`clock_run',`
## </parameter>
## </interface>
#
define(`clock_exec',`
interface(`clock_exec',`
gen_require(`
type hwclock_exec_t;
')
@ -82,7 +82,7 @@ define(`clock_exec',`
## </parameter>
## </interface>
#
define(`clock_rw_adjtime',`
interface(`clock_rw_adjtime',`
gen_require(`
type adjtime_t;
class file rw_file_perms;

26
refpolicy/policy/modules/system/corecommands.if
View File

@ -8,7 +8,7 @@
#
# corecmd_shell_entry_type(domain)
#
define(`corecmd_shell_entry_type',`
interface(`corecmd_shell_entry_type',`
gen_require(`
type shell_exec_t;
')
@ -20,7 +20,7 @@ define(`corecmd_shell_entry_type',`
#
# corecmd_search_bin(domain)
#
define(`corecmd_search_bin',`
interface(`corecmd_search_bin',`
gen_require(`
type bin_t;
class dir search;
@ -33,7 +33,7 @@ define(`corecmd_search_bin',`
#
# corecmd_list_bin(domain)
#
define(`corecmd_list_bin',`
interface(`corecmd_list_bin',`
gen_require(`
type bin_t;
class dir r_dir_perms;
@ -46,7 +46,7 @@ define(`corecmd_list_bin',`
#
# corecmd_exec_bin(domain)
#
define(`corecmd_exec_bin',`
interface(`corecmd_exec_bin',`
gen_require(`
type bin_t;
class dir r_dir_perms;
@ -63,7 +63,7 @@ define(`corecmd_exec_bin',`
#
# corecmd_search_sbin(domain)
#
define(`corecmd_search_sbin',`
interface(`corecmd_search_sbin',`
gen_require(`
type sbin_t;
class dir search;
@ -76,7 +76,7 @@ define(`corecmd_search_sbin',`
#
# corecmd_list_sbin(domain)
#
define(`corecmd_list_sbin',`
interface(`corecmd_list_sbin',`
gen_require(`
type sbin_t;
class dir r_dir_perms;
@ -89,7 +89,7 @@ define(`corecmd_list_sbin',`
#
# corecmd_dontaudit_getattr_sbin_file(domain)
#
define(`corecmd_dontaudit_getattr_sbin_file',`
interface(`corecmd_dontaudit_getattr_sbin_file',`
gen_require(`
type sbin_t;
class file getattr;
@ -102,7 +102,7 @@ define(`corecmd_dontaudit_getattr_sbin_file',`
#
# corecmd_exec_sbin(domain)
#
define(`corecmd_exec_sbin',`
interface(`corecmd_exec_sbin',`
gen_require(`
type sbin_t;
class dir r_dir_perms;
@ -119,7 +119,7 @@ define(`corecmd_exec_sbin',`
#
# corecmd_exec_shell(domain)
#
define(`corecmd_exec_shell',`
interface(`corecmd_exec_shell',`
gen_require(`
type bin_t, shell_exec_t;
class dir r_dir_perms;
@ -135,7 +135,7 @@ define(`corecmd_exec_shell',`
#
# corecmd_exec_ls(domain)
#
define(`corecmd_exec_ls',`
interface(`corecmd_exec_ls',`
gen_require(`
type bin_t, ls_exec_t;
class dir r_dir_perms;
@ -162,7 +162,7 @@ define(`corecmd_exec_ls',`
## </parameter>
## </interface>
#
define(`corecmd_shell_spec_domtrans',`
interface(`corecmd_shell_spec_domtrans',`
gen_require(`
type bin_t, shell_exec_t;
class dir r_dir_perms;
@ -196,7 +196,7 @@ define(`corecmd_shell_spec_domtrans',`
## </parameter>
## </interface>
#
define(`corecmd_domtrans_shell',`
interface(`corecmd_domtrans_shell',`
gen_require(`
type shell_exec_t;
')
@ -209,7 +209,7 @@ define(`corecmd_domtrans_shell',`
#
# corecmd_chroot_exec_chroot(domain)
#
define(`corecmd_chroot_exec_chroot',`
interface(`corecmd_chroot_exec_chroot',`
gen_require(`
type chroot_exec_t;
class capability sys_chroot;

52
refpolicy/policy/modules/system/domain.if
View File

@ -5,7 +5,7 @@
#
# domain_base_domain_type(domain)
#
define(`domain_base_domain_type',`
interface(`domain_base_domain_type',`
gen_require(`
attribute domain;
class dir r_dir_perms;
@ -30,7 +30,7 @@ define(`domain_base_domain_type',`
#
# domain_type(domain)
#
define(`domain_type',`
interface(`domain_type',`
# start with basic domain
domain_base_domain_type($1)
@ -56,7 +56,7 @@ define(`domain_type',`
#
# domain_entry_file(domain,entrypointfile)
#
define(`domain_entry_file',`
interface(`domain_entry_file',`
gen_require(`
attribute entry_type;
class file entrypoint;
@ -71,7 +71,7 @@ define(`domain_entry_file',`
#
# domain_wide_inherit_fd(domain)
#
define(`domain_wide_inherit_fd',`
interface(`domain_wide_inherit_fd',`
gen_require(`
attribute privfd;
')
@ -90,7 +90,7 @@ define(`domain_wide_inherit_fd',`
## </parameter>
## </interface>
#
define(`domain_subj_id_change_exempt',`
interface(`domain_subj_id_change_exempt',`
gen_require(`
attribute can_change_process_identity;
')
@ -109,7 +109,7 @@ define(`domain_subj_id_change_exempt',`
## </parameter>
## </interface>
#
define(`domain_role_change_exempt',`
interface(`domain_role_change_exempt',`
gen_require(`
attribute can_change_process_role;
')
@ -128,7 +128,7 @@ define(`domain_role_change_exempt',`
## </parameter>
## </interface>
#
define(`domain_obj_id_change_exempt',`
interface(`domain_obj_id_change_exempt',`
gen_require(`
attribute can_change_object_identity;
')
@ -140,7 +140,7 @@ define(`domain_obj_id_change_exempt',`
#
# domain_use_wide_inherit_fd(domain)
#
define(`domain_use_wide_inherit_fd',`
interface(`domain_use_wide_inherit_fd',`
gen_require(`
attribute privfd;
class fd use;
@ -153,7 +153,7 @@ define(`domain_use_wide_inherit_fd',`
#
# domain_dontaudit_use_wide_inherit_fd(domain)
#
define(`domain_dontaudit_use_wide_inherit_fd',`
interface(`domain_dontaudit_use_wide_inherit_fd',`
gen_require(`
attribute privfd;
class fd use;
@ -166,7 +166,7 @@ define(`domain_dontaudit_use_wide_inherit_fd',`
#
# domain_setpriority_all_domains(domain)
#
define(`domain_setpriority_all_domains',`
interface(`domain_setpriority_all_domains',`
gen_require(`
attribute domain;
class process setsched;
@ -185,7 +185,7 @@ define(`domain_setpriority_all_domains',`
## </parameter>
## </interface>
#
define(`domain_signal_all_domains',`
interface(`domain_signal_all_domains',`
gen_require(`
attribute domain;
class process signal;
@ -204,7 +204,7 @@ define(`domain_signal_all_domains',`
## </parameter>
## </interface>
#
define(`domain_signull_all_domains',`
interface(`domain_signull_all_domains',`
gen_require(`
attribute domain;
class process signull;
@ -223,7 +223,7 @@ define(`domain_signull_all_domains',`
## </parameter>
## </interface>
#
define(`domain_sigstop_all_domains',`
interface(`domain_sigstop_all_domains',`
gen_require(`
attribute domain;
class process sigstop;
@ -242,7 +242,7 @@ define(`domain_sigstop_all_domains',`
## </parameter>
## </interface>
#
define(`domain_sigchld_all_domains',`
interface(`domain_sigchld_all_domains',`
gen_require(`
attribute domain;
class process sigchld;
@ -261,7 +261,7 @@ define(`domain_sigchld_all_domains',`
## </parameter>
## </interface>
#
define(`domain_kill_all_domains',`
interface(`domain_kill_all_domains',`
gen_require(`
attribute domain;
class process sigkill;
@ -282,7 +282,7 @@ define(`domain_kill_all_domains',`
## </parameter>
## </interface>
#
define(`domain_read_all_domains_state',`
interface(`domain_read_all_domains_state',`
gen_require(`
attribute domain;
class dir r_dir_perms;
@ -314,7 +314,7 @@ define(`domain_read_all_domains_state',`
## </parameter>
## </interface>
#
define(`domain_dontaudit_list_all_domains_proc',`
interface(`domain_dontaudit_list_all_domains_proc',`
gen_require(`
attribute domain;
class dir r_dir_perms;
@ -333,7 +333,7 @@ define(`domain_dontaudit_list_all_domains_proc',`
## </parameter>
## </interface>
#
define(`domain_getsession_all_domains',`
interface(`domain_getsession_all_domains',`
gen_require(`
attribute domain;
class process getsession;
@ -353,7 +353,7 @@ define(`domain_getsession_all_domains',`
## </parameter>
## </interface>
#
define(`domain_dontaudit_getattr_all_udp_sockets',`
interface(`domain_dontaudit_getattr_all_udp_sockets',`
gen_require(`
attribute domain;
class udp_socket getattr;
@ -373,7 +373,7 @@ define(`domain_dontaudit_getattr_all_udp_sockets',`
## </parameter>
## </interface>
#
define(`domain_dontaudit_getattr_all_tcp_sockets',`
interface(`domain_dontaudit_getattr_all_tcp_sockets',`
gen_require(`
attribute domain;
class tcp_socket getattr;
@ -393,7 +393,7 @@ define(`domain_dontaudit_getattr_all_tcp_sockets',`
## </parameter>
## </interface>
#
define(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
gen_require(`
attribute domain;
class unix_dgram_socket getattr;
@ -413,7 +413,7 @@ define(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
## </parameter>
## </interface>
#
define(`domain_dontaudit_getattr_all_unnamed_pipes',`
interface(`domain_dontaudit_getattr_all_unnamed_pipes',`
gen_require(`
attribute domain;
class fifo_file getattr;
@ -426,7 +426,7 @@ define(`domain_dontaudit_getattr_all_unnamed_pipes',`
#
# domain_exec_all_entry_files(domain)
#
define(`domain_exec_all_entry_files',`
interface(`domain_exec_all_entry_files',`
gen_require(`
attribute entry_type;
')
@ -438,7 +438,7 @@ define(`domain_exec_all_entry_files',`
#
# domain_read_all_entry_files(domain)
#
define(`domain_read_all_entry_files',`
interface(`domain_read_all_entry_files',`
gen_require(`
attribute entry_type;
class file r_file_perms;
@ -461,7 +461,7 @@ define(`domain_read_all_entry_files',`
#
# domain_trans(source_domain,entrypoint_file,target_domain)
#
define(`domain_trans',`
interface(`domain_trans',`
gen_require(`
class file rx_file_perms;
process { transition noatsecure siginh rlimitinh };
@ -476,7 +476,7 @@ define(`domain_trans',`
#
# domain_auto_trans(source_domain,entrypoint_file,target_domain)
#
define(`domain_auto_trans',`
interface(`domain_auto_trans',`
domain_trans($1,$2,$3)
type_transition $1 $2:process $3;
')

132
refpolicy/policy/modules/system/files.if
View File

@ -20,7 +20,7 @@
#
# files_file_type(type)
#
define(`files_file_type',`
interface(`files_file_type',`
gen_require(`
attribute file_type;
')
@ -34,7 +34,7 @@ define(`files_file_type',`
#
# files_lock_file(type)
#
define(`files_lock_file',`
interface(`files_lock_file',`
gen_require(`
attribute lockfile;
')
@ -47,7 +47,7 @@ define(`files_lock_file',`
#
# files_mountpoint(type)
#
define(`files_mountpoint',`
interface(`files_mountpoint',`
gen_require(`
attribute mountpoint;
')
@ -60,7 +60,7 @@ define(`files_mountpoint',`
#
# files_pid_file(type)
#
define(`files_pid_file',`
interface(`files_pid_file',`
gen_require(`
attribute pidfile;
')
@ -73,7 +73,7 @@ define(`files_pid_file',`
#
# files_tmp_file(type)
#
define(`files_tmp_file',`
interface(`files_tmp_file',`
gen_require(`
attribute tmpfile;
')
@ -93,7 +93,7 @@ define(`files_tmp_file',`
## </parameter>
## </interface>
#
define(`files_tmpfs_file',`
interface(`files_tmpfs_file',`
gen_require(`
attribute tmpfsfile;
')
@ -107,7 +107,7 @@ define(`files_tmpfs_file',`
#
# files_getattr_all_files(domain)
define(`files_getattr_all_files',`
interface(`files_getattr_all_files',`
gen_require(`
attribute file_type;
class dir { search getattr };
@ -139,7 +139,7 @@ define(`files_getattr_all_files',`
## </parameter>
## </interface>
#
define(`files_relabel_all_files',`
interface(`files_relabel_all_files',`
gen_require(`
attribute file_type;
class dir { r_dir_perms relabelfrom relabelto };
@ -178,7 +178,7 @@ define(`files_relabel_all_files',`
## </parameter>
## </interface>
#
define(`files_manage_all_files',`
interface(`files_manage_all_files',`
gen_require(`
attribute file_type;
class dir create_dir_perms;
@ -203,7 +203,7 @@ define(`files_manage_all_files',`
#
# files_search_all_dirs(domain)
#
define(`files_search_all_dirs',`
interface(`files_search_all_dirs',`
gen_require(`
attribute file_type;
class dir search;
@ -216,7 +216,7 @@ define(`files_search_all_dirs',`
#
# files_list_all_dirs(domain)
#
define(`files_list_all_dirs',`
interface(`files_list_all_dirs',`
gen_require(`
attribute file_type;
class dir r_dir_perms;
@ -229,7 +229,7 @@ define(`files_list_all_dirs',`
#
# files_dontaudit_search_all_dirs(domain)
#
define(`files_dontaudit_search_all_dirs',`
interface(`files_dontaudit_search_all_dirs',`
gen_require(`
attribute file_type;
class dir search;
@ -242,7 +242,7 @@ define(`files_dontaudit_search_all_dirs',`
#
# files_relabelto_all_file_type_fs(domain)
#
define(`files_relabelto_all_file_type_fs',`
interface(`files_relabelto_all_file_type_fs',`
gen_require(`
attribute file_type;
filesystem relabelto;
@ -255,7 +255,7 @@ define(`files_relabelto_all_file_type_fs',`
#
# files_mount_all_file_type_fs(domain)
#
define(`files_mount_all_file_type_fs',`
interface(`files_mount_all_file_type_fs',`
gen_require(`
attribute file_type;
filesystem mount;
@ -268,7 +268,7 @@ define(`files_mount_all_file_type_fs',`
#
# files_unmount_all_file_type_fs(domain)
#
define(`files_unmount_all_file_type_fs',`
interface(`files_unmount_all_file_type_fs',`
gen_require(`
attribute file_type;
filesystem mount;
@ -281,7 +281,7 @@ define(`files_unmount_all_file_type_fs',`
#
# files_mounton_all_mountpoints(domain)
#
define(`files_mounton_all_mountpoints',`
interface(`files_mounton_all_mountpoints',`
gen_require(`
attribute mountpoint;
class dir { getattr search mounton };
@ -294,7 +294,7 @@ define(`files_mounton_all_mountpoints',`
#
# files_list_root(domain)
#
define(`files_list_root',`
interface(`files_list_root',`
gen_require(`
type root_t;
class dir r_dir_perms;
@ -326,7 +326,7 @@ define(`files_list_root',`
## </parameter>
## </interface>
#
define(`files_create_root',`
interface(`files_create_root',`
gen_require(`
type root_t;
class dir create_dir_perms;
@ -359,7 +359,7 @@ define(`files_create_root',`
#
# files_dontaudit_read_root_file(domain)
#
define(`files_dontaudit_read_root_file',`
interface(`files_dontaudit_read_root_file',`
gen_require(`
type root_t;
class file read;
@ -372,7 +372,7 @@ define(`files_dontaudit_read_root_file',`
#
# files_dontaudit_rw_root_file(domain)
#
define(`files_dontaudit_rw_root_file',`
interface(`files_dontaudit_rw_root_file',`
gen_require(`
type root_t;
class file { read write };
@ -385,7 +385,7 @@ define(`files_dontaudit_rw_root_file',`
#
# files_dontaudit_rw_root_chr_dev(domain)
#
define(`files_dontaudit_rw_root_chr_dev',`
interface(`files_dontaudit_rw_root_chr_dev',`
gen_require(`
type root_t;
class chr_file { read write };
@ -398,7 +398,7 @@ define(`files_dontaudit_rw_root_chr_dev',`
#
# files_delete_root_dir_entry(domain)
#
define(`files_delete_root_dir_entry',`
interface(`files_delete_root_dir_entry',`
gen_require(`
type root_t;
class dir rw_dir_perms;
@ -411,7 +411,7 @@ define(`files_delete_root_dir_entry',`
#
# files_unmount_rootfs(domain)
#
define(`files_unmount_rootfs',`
interface(`files_unmount_rootfs',`
gen_require(`
type root_t;
class filesystem unmount;
@ -424,7 +424,7 @@ define(`files_unmount_rootfs',`
#
# files_search_etc(domain)
#
define(`files_search_etc',`
interface(`files_search_etc',`
gen_require(`
type etc_t;
class dir search;
@ -437,7 +437,7 @@ define(`files_search_etc',`
#
# files_list_etc(domain)
#
define(`files_list_etc',`
interface(`files_list_etc',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@ -450,7 +450,7 @@ define(`files_list_etc',`
#
# files_read_generic_etc_files(domain)
#
define(`files_read_generic_etc_files',`
interface(`files_read_generic_etc_files',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@ -467,7 +467,7 @@ define(`files_read_generic_etc_files',`
#
# files_rw_generic_etc_files(domain)
#
define(`files_rw_generic_etc_files',`
interface(`files_rw_generic_etc_files',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@ -484,7 +484,7 @@ define(`files_rw_generic_etc_files',`
#
# files_manage_generic_etc_files(domain)
#
define(`files_manage_generic_etc_files',`
interface(`files_manage_generic_etc_files',`
gen_require(`
type etc_t;
class dir rw_dir_perms;
@ -507,7 +507,7 @@ define(`files_manage_generic_etc_files',`
## </parameter>
## </interface>
#
define(`files_delete_generic_etc_files',`
interface(`files_delete_generic_etc_files',`
gen_require(`
type etc_t;
class dir rw_dir_perms;
@ -522,7 +522,7 @@ define(`files_delete_generic_etc_files',`
#
# files_exec_generic_etc_files(domain)
#
define(`files_exec_generic_etc_files',`
interface(`files_exec_generic_etc_files',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@ -541,7 +541,7 @@ define(`files_exec_generic_etc_files',`
#
# /halt, /.autofsck, etc
#
define(`files_create_boot_flag',`
interface(`files_create_boot_flag',`
gen_require(`
type root_t, etc_runtime_t;
class dir rw_dir_perms;
@ -557,7 +557,7 @@ define(`files_create_boot_flag',`
#
# files_manage_etc_runtime_files(type)
#
define(`files_manage_etc_runtime_files',`
interface(`files_manage_etc_runtime_files',`
gen_require(`
type etc_t, etc_runtime_t;
class dir rw_dir_perms;
@ -573,7 +573,7 @@ define(`files_manage_etc_runtime_files',`
#
# files_read_etc_runtime_files(domain)
#
define(`files_read_etc_runtime_files',`
interface(`files_read_etc_runtime_files',`
gen_require(`
type etc_t, etc_runtime_t;
class dir r_dir_perms;
@ -588,7 +588,7 @@ define(`files_read_etc_runtime_files',`
#
# files_create_etc_config(domain,privatetype,[class(es)])
#
define(`files_create_etc_config',`
interface(`files_create_etc_config',`
gen_require(`
type etc_t;
class dir rw_dir_perms;
@ -606,7 +606,7 @@ define(`files_create_etc_config',`
#
# files_rw_isid_type_dir(domain)
#
define(`files_rw_isid_type_dir',`
interface(`files_rw_isid_type_dir',`
gen_require(`
type file_t;
class dir rw_dir_perms;
@ -619,7 +619,7 @@ define(`files_rw_isid_type_dir',`
#
# files_dontaudit_getattr_isid_type_dir(domain)
#
define(`files_dontaudit_getattr_isid_type_dir',`
interface(`files_dontaudit_getattr_isid_type_dir',`
gen_require(`
type file_t;
class dir search;
@ -632,7 +632,7 @@ define(`files_dontaudit_getattr_isid_type_dir',`
#
# files_dontaudit_search_isid_type_dir(domain)
#
define(`files_dontaudit_search_isid_type_dir',`
interface(`files_dontaudit_search_isid_type_dir',`
gen_require(`
type file_t;
class dir search;
@ -651,7 +651,7 @@ define(`files_dontaudit_search_isid_type_dir',`
## </parameter>
## </interface>
#
define(`files_list_home',`
interface(`files_list_home',`
gen_require(`
type home_root_t;
class dir r_dir_perms;
@ -664,7 +664,7 @@ define(`files_list_home',`
#
# files_list_mnt(domain)
#
define(`files_list_mnt',`
interface(`files_list_mnt',`
gen_require(`
type mnt_t;
class dir r_dir_perms;
@ -677,7 +677,7 @@ define(`files_list_mnt',`
#
# files_create_tmp_files(domain,private_type,[object class(es)])
#
define(`files_create_tmp_files',`
interface(`files_create_tmp_files',`
gen_require(`
type tmp_t;
class dir rw_dir_perms;
@ -696,7 +696,7 @@ define(`files_create_tmp_files',`
#
# files_delete_all_tmp_files(domain)
#
define(`files_delete_all_tmp_files',`
interface(`files_delete_all_tmp_files',`
gen_require(`
attribute tmpfile;
class dir { getattr search read write add_name remove_name rmdir };
@ -717,7 +717,7 @@ define(`files_delete_all_tmp_files',`
#
# files_search_usr(domain)
#
define(`files_search_usr',`
interface(`files_search_usr',`
gen_require(`
type usr_t;
class dir search;
@ -730,7 +730,7 @@ define(`files_search_usr',`
#
# files_read_usr_files(domain)
#
define(`files_read_usr_files',`
interface(`files_read_usr_files',`
gen_require(`
type usr_t;
class dir r_dir_perms;
@ -752,7 +752,7 @@ define(`files_read_usr_files',`
## </parameter>
## </interface>
#
define(`files_exec_usr_files',`
interface(`files_exec_usr_files',`
gen_require(`
type usr_t, src_t;
class dir r_dir_perms;
@ -770,7 +770,7 @@ define(`files_exec_usr_files',`
#
# files_read_usr_src(domain)
#
define(`files_read_usr_src',`
interface(`files_read_usr_src',`
gen_require(`
type usr_t, src_t;
class dir r_dir_perms;
@ -787,7 +787,7 @@ define(`files_read_usr_src',`
#
# files_search_var(domain)
#
define(`files_search_var',`
interface(`files_search_var',`
gen_require(`
type var_t;
class dir search;
@ -800,7 +800,7 @@ define(`files_search_var',`
#
# files_dontaudit_search_var(domain)
#
define(`files_dontaudit_search_var',`
interface(`files_dontaudit_search_var',`
gen_require(`
type var_t;
class dir search;
@ -819,7 +819,7 @@ define(`files_dontaudit_search_var',`
## </parameter>
## </interface>
#
define(`files_search_var_lib',`
interface(`files_search_var_lib',`
gen_require(`
type var_t, var_lib_t;
class dir search;
@ -832,7 +832,7 @@ define(`files_search_var_lib',`
#
# files_manage_urandom_seed(domain)
#
define(`files_manage_urandom_seed',`
interface(`files_manage_urandom_seed',`
gen_require(`
type var_t, var_lib_t;
class dir rw_file_perms;
@ -848,7 +848,7 @@ define(`files_manage_urandom_seed',`
#
# files_getattr_generic_lock_files(domain)
#
define(`files_getattr_generic_lock_files',`
interface(`files_getattr_generic_lock_files',`
gen_require(`
type var_lock_t;
class dir r_dir_perms;
@ -863,7 +863,7 @@ define(`files_getattr_generic_lock_files',`
#
# files_manage_generic_lock_files(domain)
#
define(`files_manage_generic_lock_files',`
interface(`files_manage_generic_lock_files',`
gen_require(`
type var_lock_t;
class dir { getattr search create read write setattr add_name remove_name rmdir };
@ -878,7 +878,7 @@ define(`files_manage_generic_lock_files',`
#
# files_delete_all_lock_files(domain)
#
define(`files_delete_all_lock_files',`
interface(`files_delete_all_lock_files',`
gen_require(`
attribute lockfile;
class dir rw_dir_perms;
@ -893,7 +893,7 @@ define(`files_delete_all_lock_files',`
#
# files_create_lock_file(domain,private_type,[object class(es)])
#
define(`files_create_lock_file',`
interface(`files_create_lock_file',`
gen_require(`
type var_t, var_lock_t;
class dir rw_dir_perms;
@ -913,7 +913,7 @@ define(`files_create_lock_file',`
#
# files_search_pids(domain)
#
define(`files_search_pids',`
interface(`files_search_pids',`
gen_require(`
type var_t, var_run_t;
class dir search;
@ -927,7 +927,7 @@ define(`files_search_pids',`
#
# files_dontaudit_search_pids(domain)
#
define(`files_dontaudit_search_pids',`
interface(`files_dontaudit_search_pids',`
gen_require(`
type var_run_t;
class dir search;
@ -940,7 +940,7 @@ define(`files_dontaudit_search_pids',`
#
# files_list_pids(domain)
#
define(`files_list_pids',`
interface(`files_list_pids',`
gen_require(`
type var_t, var_run_t;
class dir r_dir_perms;
@ -954,7 +954,7 @@ define(`files_list_pids',`
#
# files_create_pid(domain,pidfile,[object class(es)])
#
define(`files_create_pid',`
interface(`files_create_pid',`
gen_require(`
type var_t, var_run_t;
class dir rw_dir_perms;
@ -974,7 +974,7 @@ define(`files_create_pid',`
#
# files_rw_generic_pids(domain)
#
define(`files_rw_generic_pids',`
interface(`files_rw_generic_pids',`
gen_require(`
type var_t, var_run_t;
class dir r_dir_perms;
@ -996,7 +996,7 @@ define(`files_rw_generic_pids',`
## </parameter>
## </interface>
#
define(`files_dontaudit_write_all_pids',`
interface(`files_dontaudit_write_all_pids',`
gen_require(`
attribute pidfile;
class file write;
@ -1015,7 +1015,7 @@ define(`files_dontaudit_write_all_pids',`
## </parameter>
## </interface>
#
define(`files_dontaudit_ioctl_all_pids',`
interface(`files_dontaudit_ioctl_all_pids',`
gen_require(`
attribute pidfile;
class file ioctl;
@ -1028,7 +1028,7 @@ define(`files_dontaudit_ioctl_all_pids',`
#
# files_read_all_pids(domain)
#
define(`files_read_all_pids',`
interface(`files_read_all_pids',`
gen_require(`
attribute pidfile;
type var_t;
@ -1045,7 +1045,7 @@ define(`files_read_all_pids',`
#
# files_delete_all_pids(domain)
#
define(`files_delete_all_pids',`
interface(`files_delete_all_pids',`
gen_require(`
attribute pidfile;
type var_t, var_run_t;
@ -1067,7 +1067,7 @@ define(`files_delete_all_pids',`
#
# files_search_spool(domain)
#
define(`files_search_spool',`
interface(`files_search_spool',`
gen_require(`
type var_t, var_spool_t;
class dir search;
@ -1081,7 +1081,7 @@ define(`files_search_spool',`
#
# files_list_spool(domain)
#
define(`files_list_spool',`
interface(`files_list_spool',`
gen_require(`
type var_t, var_spool_t;
class dir r_dir_perms;
@ -1095,7 +1095,7 @@ define(`files_list_spool',`
#
# files_read_spools(domain)
#
define(`files_read_spools',`
interface(`files_read_spools',`
gen_require(`
type var_t, var_spool_t;
class dir r_dir_perms;
@ -1111,7 +1111,7 @@ define(`files_read_spools',`
#
# files_manage_spools(domain)
#
define(`files_manage_spools',`
interface(`files_manage_spools',`
gen_require(`
type var_t, var_spool_t;
class dir rw_dir_perms;

8
refpolicy/policy/modules/system/getty.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`getty_domtrans',`
interface(`getty_domtrans',`
gen_require(`
type getty_t, getty_exec_t;
class process sigchld;
@ -38,7 +38,7 @@ define(`getty_domtrans',`
## </parameter>
## </interface>
#
define(`getty_read_log',`
interface(`getty_read_log',`
gen_require(`
type getty_log_t;
class file { getattr read };
@ -58,7 +58,7 @@ define(`getty_read_log',`
## </parameter>
## </interface>
#
define(`getty_read_config',`
interface(`getty_read_config',`
gen_require(`
type getty_etc_t;
class file { getattr read };
@ -78,7 +78,7 @@ define(`getty_read_config',`
## </parameter>
## </interface>
#
define(`getty_modify_config',`
interface(`getty_modify_config',`
gen_require(`
type getty_etc_t;
class file rw_file_perms;

6
refpolicy/policy/modules/system/hostname.if
View File

@ -12,7 +12,7 @@
## </parameter>
## </interface>
#
define(`hostname_domtrans',`
interface(`hostname_domtrans',`
gen_require(`
type hostname_t, hostname_exec_t;
class process sigchld;
@ -47,7 +47,7 @@ define(`hostname_domtrans',`
## </parameter>
## </interface>
#
define(`hostname_run',`
interface(`hostname_run',`
gen_require(`
type hostname_t;
class chr_file { getattr read write ioctl };
@ -69,7 +69,7 @@ define(`hostname_run',`
## </parameter>
## </interface>
#
define(`hostname_exec',`
interface(`hostname_exec',`
gen_require(`
type hostname_exec_t;
')

12
refpolicy/policy/modules/system/hotplug.if
View File

@ -8,7 +8,7 @@
#
# hotplug_domtrans(domain)
#
define(`hotplug_domtrans',`
interface(`hotplug_domtrans',`
gen_require(`
type hotplug_t, hotplug_exec_t;
class process sigchld;
@ -29,7 +29,7 @@ define(`hotplug_domtrans',`
#
# hotplug_exec(domain)
#
define(`hotplug_exec',`
interface(`hotplug_exec',`
gen_require(`
type hotplug_t;
')
@ -42,7 +42,7 @@ define(`hotplug_exec',`
#
# hotplug_use_fd(domain)
#
define(`hotplug_use_fd',`
interface(`hotplug_use_fd',`
gen_require(`
type hotplug_t;
class fd use;
@ -55,7 +55,7 @@ define(`hotplug_use_fd',`
#
# hotplug_dontaudit_use_fd(domain)
#
define(`hotplug_dontaudit_use_fd',`
interface(`hotplug_dontaudit_use_fd',`
gen_require(`
type hotplug_t;
class fd use;
@ -68,7 +68,7 @@ define(`hotplug_dontaudit_use_fd',`
#
# hotplug_dontaudit_search_config(domain)
#
define(`hotplug_dontaudit_search_config',`
interface(`hotplug_dontaudit_search_config',`
gen_require(`
type hotplug_etc_t;
class dir search;
@ -87,7 +87,7 @@ define(`hotplug_dontaudit_search_config',`
## </parameter>
## </interface>
#
define(`hotplug_read_config',`
interface(`hotplug_read_config',`
gen_require(`
type hotplug_etc_t;
class file r_file_perms;

52
refpolicy/policy/modules/system/init.if
View File

@ -5,7 +5,7 @@
#
# init_domain(domain,entrypointfile)
#
define(`init_domain',`
interface(`init_domain',`
gen_require(`
type init_t;
role system_r;
@ -38,7 +38,7 @@ define(`init_domain',`
#
# init_daemon_domain(domain,entrypointfile)
#
define(`init_daemon_domain',`
interface(`init_daemon_domain',`
gen_require(`
type initrc_t;
role system_r;
@ -71,7 +71,7 @@ define(`init_daemon_domain',`
#
# init_system_domain(domain,entrypointfile)
#
define(`init_system_domain',`
interface(`init_system_domain',`
gen_require(`
type initrc_t;
role system_r;
@ -104,7 +104,7 @@ define(`init_system_domain',`
#
# init_domtrans(domain)
#
define(`init_domtrans',`
interface(`init_domtrans',`
gen_require(`
type init_t, init_exec_t;
class process sigchld;
@ -124,7 +124,7 @@ define(`init_domtrans',`
#
# init_get_process_group(domain)
#
define(`init_get_process_group',`
interface(`init_get_process_group',`
gen_require(`
type init_t;
class process getpgid;
@ -137,7 +137,7 @@ define(`init_get_process_group',`
#
# init_getattr_initctl(domain)
#
define(`init_getattr_initctl',`
interface(`init_getattr_initctl',`
gen_require(`
type initctl_t;
class fifo_file getattr;
@ -150,7 +150,7 @@ define(`init_getattr_initctl',`
#
# init_dontaudit_getattr_initctl(domain)
#
define(`init_dontaudit_getattr_initctl',`
interface(`init_dontaudit_getattr_initctl',`
gen_require(`
type initctl_t;
class fifo_file getattr;
@ -163,7 +163,7 @@ define(`init_dontaudit_getattr_initctl',`
#
# init_use_initctl(domain)
#
define(`init_use_initctl',`
interface(`init_use_initctl',`
gen_require(`
type initctl_t;
class fifo_file rw_file_perms;
@ -177,7 +177,7 @@ define(`init_use_initctl',`
#
# init_dontaudit_use_initctl(domain)
#
define(`init_dontaudit_use_initctl',`
interface(`init_dontaudit_use_initctl',`
gen_require(`
type initctl_t;
class fifo_file { read write };
@ -190,7 +190,7 @@ define(`init_dontaudit_use_initctl',`
#
# init_sigchld(domain)
#
define(`init_sigchld',`
interface(`init_sigchld',`
gen_require(`
type init_t;
class process sigchld;
@ -203,7 +203,7 @@ define(`init_sigchld',`
#
# init_use_fd(domain)
#
define(`init_use_fd',`
interface(`init_use_fd',`
gen_require(`
type init_t;
class fd use;
@ -216,7 +216,7 @@ define(`init_use_fd',`
#
# init_dontaudit_use_fd(domain)
#
define(`init_dontaudit_use_fd',`
interface(`init_dontaudit_use_fd',`
gen_require(`
type init_t;
class fd use;
@ -229,7 +229,7 @@ define(`init_dontaudit_use_fd',`
#
# init_domtrans_script(domain)
#
define(`init_domtrans_script',`
interface(`init_domtrans_script',`
gen_require(`
type initrc_t, initrc_exec_t;
class process sigchld;
@ -250,7 +250,7 @@ define(`init_domtrans_script',`
#
# init_exec_script(domain)
#
define(`init_exec_script',`
interface(`init_exec_script',`
gen_require(`
type initrc_exec_t;
')
@ -269,7 +269,7 @@ define(`init_exec_script',`
## </parameter>
## </interface>
#
define(`init_read_script_process_state',`
interface(`init_read_script_process_state',`
gen_require(`
type initrc_t;
class dir r_dir_perms;
@ -294,7 +294,7 @@ define(`init_read_script_process_state',`
#
# init_use_script_fd(domain)
#
define(`init_use_script_fd',`
interface(`init_use_script_fd',`
gen_require(`
type initrc_t;
class fd use;
@ -307,7 +307,7 @@ define(`init_use_script_fd',`
#
# init_dontaudit_use_script_fd(domain)
#
define(`init_dontaudit_use_script_fd',`
interface(`init_dontaudit_use_script_fd',`
gen_require(`
type initrc_t;
class fd use;
@ -320,7 +320,7 @@ define(`init_dontaudit_use_script_fd',`
#
# init_get_script_process_group(domain)
#
define(`init_get_script_process_group',`
interface(`init_get_script_process_group',`
gen_require(`
type initrc_t;
class process getpgid;
@ -339,7 +339,7 @@ define(`init_get_script_process_group',`
## </parameter>
## </interface>
#
define(`init_rw_script_pipe',`
interface(`init_rw_script_pipe',`
gen_require(`
type initrc_t;
class chr_file { read write };
@ -352,7 +352,7 @@ define(`init_rw_script_pipe',`
#
# init_use_script_pty(domain)
#
define(`init_use_script_pty',`
interface(`init_use_script_pty',`
gen_require(`
type initrc_devpts_t;
class chr_file rw_term_perms;
@ -366,7 +366,7 @@ define(`init_use_script_pty',`
#
# init_dontaudit_use_script_pty(domain)
#
define(`init_dontaudit_use_script_pty',`
interface(`init_dontaudit_use_script_pty',`
gen_require(`
type initrc_devpts_t;
class chr_file { read write ioctl };
@ -385,7 +385,7 @@ define(`init_dontaudit_use_script_pty',`
## </parameter>
## </interface>
#
define(`init_rw_script_tmp_files',`
interface(`init_rw_script_tmp_files',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;
@ -399,7 +399,7 @@ define(`init_rw_script_tmp_files',`
#
# init_read_script_pid(domain)
#
define(`init_read_script_pid',`
interface(`init_read_script_pid',`
gen_require(`
type initrc_var_run_t;
class file r_file_perms;
@ -413,7 +413,7 @@ define(`init_read_script_pid',`
#
# init_dontaudit_write_script_pid(domain)
#
define(`init_dontaudit_write_script_pid',`
interface(`init_dontaudit_write_script_pid',`
gen_require(`
type initrc_var_run_t;
class file { write lock };
@ -426,7 +426,7 @@ define(`init_dontaudit_write_script_pid',`
#
# init_rw_script_pid(domain)
#
define(`init_rw_script_pid',`
interface(`init_rw_script_pid',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;
@ -440,7 +440,7 @@ define(`init_rw_script_pid',`
#
# init_dontaudit_rw_script_pid(domain)
#
define(`init_dontaudit_rw_script_pid',`
interface(`init_dontaudit_rw_script_pid',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;

6
refpolicy/policy/modules/system/iptables.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`iptables_domtrans',`
interface(`iptables_domtrans',`
gen_require(`
type iptables_t, iptables_exec_t;
class process sigchld;
@ -45,7 +45,7 @@ define(`iptables_domtrans',`
## </parameter>
## </interface>
#
define(`iptables_run',`
interface(`iptables_run',`
gen_require(`
type iptables_t;
class chr_file rw_term_perms;
@ -66,7 +66,7 @@ define(`iptables_run',`
## </parameter>
## </interface>
#
define(`iptables_exec',`
interface(`iptables_exec',`
gen_require(`
type iptables_exec_t;
')

22
refpolicy/policy/modules/system/libraries.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`libs_domtrans_ldconfig',`
interface(`libs_domtrans_ldconfig',`
gen_require(`
type ldconfig_t, ldconfig_exec_t;
class process sigchld;
@ -44,7 +44,7 @@ define(`libs_domtrans_ldconfig',`
## </parameter>
## </interface>
#
define(`libs_run_ldconfig',`
interface(`libs_run_ldconfig',`
gen_require(`
type ldconfig_t;
class chr_file rw_term_perms;
@ -66,7 +66,7 @@ define(`libs_run_ldconfig',`
## </parameter>
## </interface>
#
define(`libs_use_ld_so',`
interface(`libs_use_ld_so',`
gen_require(`
type lib_t, ld_so_t, ld_so_cache_t;
class dir r_dir_perms;
@ -93,7 +93,7 @@ define(`libs_use_ld_so',`
## </parameter>
## </interface>
#
define(`libs_legacy_use_ld_so',`
interface(`libs_legacy_use_ld_so',`
gen_require(`
type ld_so_t, ld_so_cache_t;
class file { execute execmod };
@ -119,7 +119,7 @@ define(`libs_legacy_use_ld_so',`
## </parameter>
## </interface>
#
define(`libs_exec_ld_so',`
interface(`libs_exec_ld_so',`
gen_require(`
type lib_t, ld_so_t;
class dir r_dir_perms;
@ -143,7 +143,7 @@ define(`libs_exec_ld_so',`
## </parameter>
## </interface>
#
define(`libs_rw_ld_so_cache',`
interface(`libs_rw_ld_so_cache',`
gen_require(`
type ld_so_cache_t;
class file rw_file_perms;
@ -163,7 +163,7 @@ define(`libs_rw_ld_so_cache',`
## </parameter>
## </interface>
#
define(`libs_search_lib',`
interface(`libs_search_lib',`
gen_require(`
type lib_t;
class dir search;
@ -183,7 +183,7 @@ define(`libs_search_lib',`
## </parameter>
## </interface>
#
define(`libs_read_lib',`
interface(`libs_read_lib',`
gen_require(`
type lib_t;
class dir r_dir_perms;
@ -206,7 +206,7 @@ define(`libs_read_lib',`
## </parameter>
## </interface>
#
define(`libs_exec_lib_files',`
interface(`libs_exec_lib_files',`
gen_require(`
type lib_t;
class dir r_dir_perms;
@ -229,7 +229,7 @@ define(`libs_exec_lib_files',`
## </parameter>
## </interface>
#
define(`libs_use_shared_libs',`
interface(`libs_use_shared_libs',`
gen_require(`
type lib_t, shlib_t, texrel_shlib_t;
class dir r_dir_perms;
@ -255,7 +255,7 @@ define(`libs_use_shared_libs',`
## </parameter>
## </interface>
#
define(`libs_legacy_use_shared_libs',`
interface(`libs_legacy_use_shared_libs',`
gen_require(`
type shlib_t, texrel_shlib_t;
class file execmod;

4
refpolicy/policy/modules/system/locallogin.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`locallogin_domtrans',`
interface(`locallogin_domtrans',`
gen_require(`
type local_login_t;
')
@ -29,7 +29,7 @@ define(`locallogin_domtrans',`
## </parameter>
## </interface>
#
define(`locallogin_use_fd',`
interface(`locallogin_use_fd',`
gen_require(`
type local_login_t;
class fd use;

20
refpolicy/policy/modules/system/logging.if
View File

@ -5,7 +5,7 @@
#
# logging_log_file(domain)
#
define(`logging_log_file',`
interface(`logging_log_file',`
gen_require(`
attribute logfile;
')
@ -18,7 +18,7 @@ define(`logging_log_file',`
#
# logging_create_log(domain,privatetype,[class(es)])
#
define(`logging_create_log',`
interface(`logging_create_log',`
gen_require(`
type var_log_t;
class dir rw_dir_perms;
@ -37,7 +37,7 @@ define(`logging_create_log',`
#
# logging_send_syslog_msg(domain)
#
define(`logging_send_syslog_msg',`
interface(`logging_send_syslog_msg',`
gen_require(`
type syslogd_t, devlog_t;
class lnk_file read;
@ -71,7 +71,7 @@ define(`logging_send_syslog_msg',`
## </parameter>
## </interface>
#
define(`logging_search_logs',`
interface(`logging_search_logs',`
gen_require(`
type var_log_t;
class dir search;
@ -85,7 +85,7 @@ define(`logging_search_logs',`
#
# logging_dontaudit_getattr_all_logs(domain)
#
define(`logging_dontaudit_getattr_all_logs',`
interface(`logging_dontaudit_getattr_all_logs',`
gen_require(`
attribute logfile;
class file getattr;
@ -98,7 +98,7 @@ define(`logging_dontaudit_getattr_all_logs',`
#
# logging_append_all_logs(domain)
#
define(`logging_append_all_logs',`
interface(`logging_append_all_logs',`
gen_require(`
attribute logfile;
type var_log_t;
@ -115,7 +115,7 @@ define(`logging_append_all_logs',`
#
# logging_read_all_logs(domain)
#
define(`logging_read_all_logs',`
interface(`logging_read_all_logs',`
gen_require(`
attribute logfile;
type var_log_t;
@ -132,7 +132,7 @@ define(`logging_read_all_logs',`
#
# logging_read_generic_logs(domain)
#
define(`logging_read_generic_logs',`
interface(`logging_read_generic_logs',`
gen_require(`
type var_log_t;
class dir r_dir_perms;
@ -148,7 +148,7 @@ define(`logging_read_generic_logs',`
#
# logging_write_generic_logs(domain)
#
define(`logging_write_generic_logs',`
interface(`logging_write_generic_logs',`
gen_require(`
type var_log_t;
class dir r_dir_perms;
@ -164,7 +164,7 @@ define(`logging_write_generic_logs',`
#
# logging_rw_generic_logs(domain)
#
define(`logging_rw_generic_logs',`
interface(`logging_rw_generic_logs',`
gen_require(`
type var_log_t;
class dir r_dir_perms;

6
refpolicy/policy/modules/system/lvm.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`lvm_domtrans',`
interface(`lvm_domtrans',`
gen_require(`
type lvm_t, lvm_exec_t;
class process sigchld;
@ -44,7 +44,7 @@ define(`lvm_domtrans',`
## </parameter>
## </interface>
#
define(`lvm_run',`
interface(`lvm_run',`
gen_require(`
type lvm_t;
class chr_file rw_term_perms;
@ -65,7 +65,7 @@ define(`lvm_run',`
## </parameter>
## </interface>
#
define(`lvm_read_config',`
interface(`lvm_read_config',`
gen_require(`
type lvm_t, lvm_exec_t;
class dir r_dir_perms;

10
refpolicy/policy/modules/system/miscfiles.if
View File

@ -12,7 +12,7 @@
## </parameter>
## </interface>
#
define(`miscfiles_rw_man_cache',`
interface(`miscfiles_rw_man_cache',`
gen_require(`
type catman_t;
class dir create_dir_perms;
@ -34,7 +34,7 @@ define(`miscfiles_rw_man_cache',`
## </parameter>
## </interface>
#
define(`miscfiles_read_fonts',`
interface(`miscfiles_read_fonts',`
gen_require(`
type fonts_t;
class dir r_dir_perms;
@ -59,7 +59,7 @@ define(`miscfiles_read_fonts',`
## </parameter>
## </interface>
#
define(`miscfiles_read_localization',`
interface(`miscfiles_read_localization',`
gen_require(`
type locale_t;
class dir r_dir_perms;
@ -88,7 +88,7 @@ define(`miscfiles_read_localization',`
## </parameter>
## </interface>
#
define(`miscfiles_legacy_read_localization',`
interface(`miscfiles_legacy_read_localization',`
gen_require(`
type locale_t;
class file execute;
@ -108,7 +108,7 @@ define(`miscfiles_legacy_read_localization',`
## </parameter>
## </interface>
#
define(`miscfiles_read_man_pages',`
interface(`miscfiles_read_man_pages',`
gen_require(`
type man_t;
class dir r_dir_perms;

22
refpolicy/policy/modules/system/modutils.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`modutils_read_kernel_module_dependencies',`
interface(`modutils_read_kernel_module_dependencies',`
gen_require(`
type modules_dep_t;
class file r_file_perms;
@ -32,7 +32,7 @@ define(`modutils_read_kernel_module_dependencies',`
## </parameter>
## </interface>
#
define(`modutils_read_module_conf',`
interface(`modutils_read_module_conf',`
gen_require(`
type modules_conf_t;
class file r_file_perms;
@ -56,7 +56,7 @@ define(`modutils_read_module_conf',`
## </parameter>
## </interface>
#
define(`modutils_domtrans_insmod',`
interface(`modutils_domtrans_insmod',`
gen_require(`
type insmod_t, insmod_exec_t;
class process sigchld;
@ -92,7 +92,7 @@ define(`modutils_domtrans_insmod',`
## </parameter>
## </interface>
#
define(`modutils_run_insmod',`
interface(`modutils_run_insmod',`
gen_require(`
type insmod_t;
class chr_file rw_term_perms;
@ -107,7 +107,7 @@ define(`modutils_run_insmod',`
#
# modutils_exec_insmod(domain)
#
define(`modutils_exec_insmod',`
interface(`modutils_exec_insmod',`
gen_require(`
type insmod_t;
')
@ -126,7 +126,7 @@ define(`modutils_exec_insmod',`
## </parameter>
## </interface>
#
define(`modutils_domtrans_depmod',`
interface(`modutils_domtrans_depmod',`
gen_require(`
type depmod_t, depmod_exec_t;
class process sigchld;
@ -159,7 +159,7 @@ define(`modutils_domtrans_depmod',`
## </parameter>
## </interface>
#
define(`modutils_run_depmod',`
interface(`modutils_run_depmod',`
gen_require(`
type depmod_t;
class chr_file rw_term_perms;
@ -174,7 +174,7 @@ define(`modutils_run_depmod',`
#
# modutils_exec_depmod(domain)
#
define(`modutils_exec_depmod',`
interface(`modutils_exec_depmod',`
gen_require(`
type depmod_t;
')
@ -193,7 +193,7 @@ define(`modutils_exec_depmod',`
## </parameter>
## </interface>
#
define(`modutils_domtrans_update_mods',`
interface(`modutils_domtrans_update_mods',`
gen_require(`
type update_modules_t, update_modules_exec_t;
class process signal;
@ -226,7 +226,7 @@ define(`modutils_domtrans_update_mods',`
## </parameter>
## </interface>
#
define(`modutils_run_update_mods',`
interface(`modutils_run_update_mods',`
gen_require(`
type update_modules_t;
class chr_file rw_term_perms;
@ -241,7 +241,7 @@ define(`modutils_run_update_mods',`
#
# modutils_exec_update_mods(domain)
#
define(`modutils_exec_update_mods',`
interface(`modutils_exec_update_mods',`
gen_require(`
type update_modules_t;
')

8
refpolicy/policy/modules/system/mount.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`mount_domtrans',`
interface(`mount_domtrans',`
gen_require(`
type mount_t, mount_exec_t;
class process sigchld;
@ -45,7 +45,7 @@ define(`mount_domtrans',`
## </parameter>
## </interface>
#
define(`mount_run',`
interface(`mount_run',`
gen_require(`
type mount_t;
class chr_file rw_file_perms;
@ -66,7 +66,7 @@ define(`mount_run',`
## </parameter>
## </interface>
#
define(`mount_use_fd',`
interface(`mount_use_fd',`
gen_require(`
type mount_t;
class fd use;
@ -86,7 +86,7 @@ define(`mount_use_fd',`
## </parameter>
## </interface>
#
define(`mount_send_nfs_client_request',`
interface(`mount_send_nfs_client_request',`
gen_require(`
type mount_t;
class udp_socket rw_socket_perms;

62
refpolicy/policy/modules/system/selinuxutil.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`seutil_domtrans_checkpol',`
interface(`seutil_domtrans_checkpol',`
gen_require(`
type checkpolicy_t, checkpolicy_exec_t;
class process sigchld;
@ -48,7 +48,7 @@ define(`seutil_domtrans_checkpol',`
## </parameter>
## </interface>
#
define(`seutil_run_checkpol',`
interface(`seutil_run_checkpol',`
gen_require(`
type checkpolicy_t;
class chr_file rw_term_perms;
@ -63,7 +63,7 @@ define(`seutil_run_checkpol',`
#
# seutil_exec_checkpol(domain)
#
define(`seutil_exec_checkpol',`
interface(`seutil_exec_checkpol',`
gen_require(`
type checkpolicy_exec_t;
')
@ -83,7 +83,7 @@ define(`seutil_exec_checkpol',`
## </parameter>
## </interface>
#
define(`seutil_domtrans_loadpol',`
interface(`seutil_domtrans_loadpol',`
gen_require(`
type load_policy_t, load_policy_exec_t;
class process sigchld;
@ -119,7 +119,7 @@ define(`seutil_domtrans_loadpol',`
## </parameter>
## </interface>
#
define(`seutil_run_loadpol',`
interface(`seutil_run_loadpol',`
gen_require(`
type load_policy_t;
class chr_file rw_term_perms;
@ -134,7 +134,7 @@ define(`seutil_run_loadpol',`
#
# seutil_exec_loadpol(domain)
#
define(`seutil_exec_loadpol',`
interface(`seutil_exec_loadpol',`
gen_require(`
type load_policy_exec_t;
')
@ -147,7 +147,7 @@ define(`seutil_exec_loadpol',`
#
# seutil_read_loadpol(domain)
#
define(`seutil_read_loadpol',`
interface(`seutil_read_loadpol',`
gen_require(`
type load_policy_exec_t;
class file r_file_perms
@ -167,7 +167,7 @@ define(`seutil_read_loadpol',`
## </parameter>
## </interface>
#
define(`seutil_domtrans_newrole',`
interface(`seutil_domtrans_newrole',`
gen_require(`
type newrole_t, newrole_exec_t;
class process sigchld;
@ -203,7 +203,7 @@ define(`seutil_domtrans_newrole',`
## </parameter>
## </interface>
#
define(`seutil_run_newrole',`
interface(`seutil_run_newrole',`
gen_require(`
type newrole_t;
class chr_file rw_term_perms;
@ -218,7 +218,7 @@ define(`seutil_run_newrole',`
#
# seutil_exec_newrole(domain)
#
define(`seutil_exec_newrole',`
interface(`seutil_exec_newrole',`
gen_require(`
type newrole_t, newrole_exec_t;
')
@ -239,7 +239,7 @@ define(`seutil_exec_newrole',`
## </parameter>
## </interface>
#
define(`seutil_dontaudit_newrole_signal',`
interface(`seutil_dontaudit_newrole_signal',`
gen_require(`
type newrole_t;
class process signal;
@ -252,7 +252,7 @@ define(`seutil_dontaudit_newrole_signal',`
#
# seutil_newrole_sigchld(domain)
#
define(`seutil_newrole_sigchld',`
interface(`seutil_newrole_sigchld',`
gen_require(`
type newrole_t;
class process sigchld;
@ -265,7 +265,7 @@ define(`seutil_newrole_sigchld',`
#
# seutil_use_newrole_fd(domain)
#
define(`seutil_use_newrole_fd',`
interface(`seutil_use_newrole_fd',`
gen_require(`
type newrole_t;
class fd use;
@ -284,7 +284,7 @@ define(`seutil_use_newrole_fd',`
## </parameter>
## </interface>
#
define(`seutil_domtrans_restorecon',`
interface(`seutil_domtrans_restorecon',`
gen_require(`
type restorecon_t, restorecon_exec_t;
class process sigchld;
@ -319,7 +319,7 @@ define(`seutil_domtrans_restorecon',`
## </parameter>
## </interface>
#
define(`seutil_run_restorecon',`
interface(`seutil_run_restorecon',`
gen_require(`
type restorecon_t;
class chr_file rw_term_perms;
@ -334,7 +334,7 @@ define(`seutil_run_restorecon',`
#
# seutil_exec_restorecon(domain)
#
define(`seutil_exec_restorecon',`
interface(`seutil_exec_restorecon',`
gen_require(`
type restorecon_t, restorecon_exec_t;
')
@ -353,7 +353,7 @@ define(`seutil_exec_restorecon',`
## </parameter>
## </interface>
#
define(`seutil_domtrans_runinit',`
interface(`seutil_domtrans_runinit',`
gen_require(`
type run_init_t, run_init_exec_t;
class process sigchld;
@ -389,7 +389,7 @@ define(`seutil_domtrans_runinit',`
## </parameter>
## </interface>
#
define(`seutil_run_runinit',`
interface(`seutil_run_runinit',`
gen_require(`
type run_init_t;
class chr_file rw_term_perms;
@ -404,7 +404,7 @@ define(`seutil_run_runinit',`
#
# seutil_use_runinit_fd(domain)
#
define(`seutil_use_runinit_fd',`
interface(`seutil_use_runinit_fd',`
gen_require(`
type run_init_t;
class fd use;
@ -423,7 +423,7 @@ define(`seutil_use_runinit_fd',`
## </parameter>
## </interface>
#
define(`seutil_domtrans_setfiles',`
interface(`seutil_domtrans_setfiles',`
gen_require(`
type setfiles_t, setfiles_exec_t;
class process sigchld;
@ -459,7 +459,7 @@ define(`seutil_domtrans_setfiles',`
## </parameter>
## </interface>
#
define(`seutil_run_setfiles',`
interface(`seutil_run_setfiles',`
gen_require(`
type setfiles_t;
class chr_file rw_term_perms;
@ -474,7 +474,7 @@ define(`seutil_run_setfiles',`
#
# seutil_exec_setfiles(domain)
#
define(`seutil_exec_setfiles',`
interface(`seutil_exec_setfiles',`
gen_require(`
type setfiles_exec_t;
')
@ -488,7 +488,7 @@ define(`seutil_exec_setfiles',`
#
# seutil_read_config(domain)
#
define(`seutil_read_config',`
interface(`seutil_read_config',`
gen_require(`
type selinux_config_t;
class dir r_dir_perms;
@ -504,7 +504,7 @@ define(`seutil_read_config',`
#
# seutil_read_default_contexts(domain)
#
define(`seutil_read_default_contexts',`
interface(`seutil_read_default_contexts',`
gen_require(`
type selinux_config_t, default_context_t;
class dir r_dir_perms;
@ -521,7 +521,7 @@ define(`seutil_read_default_contexts',`
#
# seutil_read_file_contexts(domain)
#
define(`seutil_read_file_contexts',`
interface(`seutil_read_file_contexts',`
gen_require(`
type selinux_config_t, file_context_t;
class dir r_dir_perms;
@ -538,7 +538,7 @@ define(`seutil_read_file_contexts',`
#
# seutil_read_binary_pol(domain)
#
define(`seutil_read_binary_pol',`
interface(`seutil_read_binary_pol',`
gen_require(`
type selinux_config_t, policy_config_t;
class dir r_dir_perms;
@ -555,7 +555,7 @@ define(`seutil_read_binary_pol',`
#
# seutil_create_binary_pol(domain)
#
define(`seutil_create_binary_pol',`
interface(`seutil_create_binary_pol',`
gen_require(`
attribute can_write_binary_policy;
type selinux_config_t, policy_config_t;
@ -580,7 +580,7 @@ define(`seutil_create_binary_pol',`
## </parameter>
## </interface>
#
define(`seutil_relabelto_binary_pol',`
interface(`seutil_relabelto_binary_pol',`
gen_require(`
attribute can_relabelto_binary_policy;
type policy_config_t;
@ -595,7 +595,7 @@ define(`seutil_relabelto_binary_pol',`
#
# seutil_manage_binary_pol(domain)
#
define(`seutil_manage_binary_pol',`
interface(`seutil_manage_binary_pol',`
gen_require(`
attribute can_write_binary_policy;
type selinux_config_t, policy_config_t;
@ -614,7 +614,7 @@ define(`seutil_manage_binary_pol',`
#
# seutil_read_src_pol(domain)
#
define(`seutil_read_src_pol',`
interface(`seutil_read_src_pol',`
gen_require(`
type selinux_config_t, policy_src_t;
class dir r_dir_perms;
@ -631,7 +631,7 @@ define(`seutil_read_src_pol',`
#
# seutil_manage_src_pol(domain)
#
define(`seutil_manage_src_pol',`
interface(`seutil_manage_src_pol',`
gen_require(`
type selinux_config_t, policy_src_t;
class dir create_dir_perms;

8
refpolicy/policy/modules/system/sysnetwork.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`sysnet_domtrans_dhcpc',`
interface(`sysnet_domtrans_dhcpc',`
gen_require(`
type dhcpc_t, dhcpc_exec_t;
class process sigchld;
@ -38,7 +38,7 @@ define(`sysnet_domtrans_dhcpc',`
## </parameter>
## </interface>
#
define(`sysnet_domtrans_ifconfig',`
interface(`sysnet_domtrans_ifconfig',`
gen_require(`
type ifconfig_t, ifconfig_exec_t;
class process sigchld;
@ -73,7 +73,7 @@ define(`sysnet_domtrans_ifconfig',`
## </parameter>
## </interface>
#
define(`sysnet_run_ifconfig',`
interface(`sysnet_run_ifconfig',`
gen_require(`
type ifconfig_t;
class chr_file rw_term_perms;
@ -95,7 +95,7 @@ define(`sysnet_run_ifconfig',`
## </parameter>
## </interface>
#
define(`sysnet_read_config',`
interface(`sysnet_read_config',`
gen_require(`
type net_conf_t;
class file r_file_perms;

6
refpolicy/policy/modules/system/udev.if
View File

@ -11,7 +11,7 @@
## </parameter>
## </interface>
#
define(`udev_domtrans',`
interface(`udev_domtrans',`
gen_require(`
type udev_t, udev_exec_t;
class process sigchld;
@ -37,7 +37,7 @@ define(`udev_domtrans',`
## </parameter>
## </interface>
#
define(`udev_read_db',`
interface(`udev_read_db',`
gen_require(`
type udev_tdb_t;
class file r_file_perms;
@ -57,7 +57,7 @@ define(`udev_read_db',`
## </parameter>
## </interface>
#
define(`udev_rw_db',`
interface(`udev_rw_db',`
gen_require(`
type udev_tdb_t;
class file rw_file_perms;

32
refpolicy/policy/modules/system/userdomain.if
View File

@ -7,7 +7,7 @@
#
# This is common to user and admin domain
define(`base_user_domain',`
template(`base_user_domain',`
attribute $1_file_type;
@ -403,7 +403,7 @@ define(`base_user_domain',`
# User domain template
#
define(`user_domain_template', `
template(`user_domain_template', `
##############################
#
# Declarations
@ -604,7 +604,7 @@ define(`user_domain_template', `
#
# Admin domain template
#
define(`admin_domain_template',`
template(`admin_domain_template',`
##############################
#
# Declarations
@ -820,7 +820,7 @@ define(`admin_domain_template',`
## </parameter>
## </interface>
#
define(`userdom_spec_domtrans_all_users',`
interface(`userdom_spec_domtrans_all_users',`
gen_require(`
attribute userdomain;
')
@ -840,7 +840,7 @@ define(`userdom_spec_domtrans_all_users',`
## </parameter>
## </interface>
#
define(`userdom_spec_domtrans_unpriv_users',`
interface(`userdom_spec_domtrans_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
')
@ -858,7 +858,7 @@ define(`userdom_spec_domtrans_unpriv_users',`
## </parameter>
## </interface>
#
define(`userdom_shell_domtrans_sysadm',`
interface(`userdom_shell_domtrans_sysadm',`
gen_require(`
type sysadm_t;
')
@ -876,7 +876,7 @@ define(`userdom_shell_domtrans_sysadm',`
## </parameter>
## </interface>
#
define(`userdom_use_sysadm_tty',`
interface(`userdom_use_sysadm_tty',`
gen_require(`
type sysadm_tty_device_t;
class chr_file { getattr read write ioctl };
@ -897,7 +897,7 @@ define(`userdom_use_sysadm_tty',`
## </parameter>
## </interface>
#
define(`userdom_use_sysadm_terms',`
interface(`userdom_use_sysadm_terms',`
gen_require(`
attribute admin_terminal;
class chr_file { getattr read write ioctl };
@ -918,7 +918,7 @@ define(`userdom_use_sysadm_terms',`
## </parameter>
## </interface>
#
define(`userdom_dontaudit_use_sysadm_terms',`
interface(`userdom_dontaudit_use_sysadm_terms',`
gen_require(`
attribute admin_terminal;
class chr_file { read write };
@ -937,7 +937,7 @@ define(`userdom_dontaudit_use_sysadm_terms',`
## </parameter>
## </interface>
#
define(`userdom_search_all_users_home',`
interface(`userdom_search_all_users_home',`
gen_require(`
attribute home_dir_type, home_type;
class dir search;
@ -957,7 +957,7 @@ define(`userdom_search_all_users_home',`
## </parameter>
## </interface>
#
define(`userdom_read_all_user_data',`
interface(`userdom_read_all_user_data',`
gen_require(`
attribute home_type;
class dir r_dir_perms;
@ -979,7 +979,7 @@ define(`userdom_read_all_user_data',`
## </parameter>
## </interface>
#
define(`userdom_use_all_user_fd',`
interface(`userdom_use_all_user_fd',`
gen_require(`
attribute userdomain;
class fd use;
@ -998,7 +998,7 @@ define(`userdom_use_all_user_fd',`
## </parameter>
## </interface>
#
define(`userdom_signal_all_users',`
interface(`userdom_signal_all_users',`
gen_require(`
attribute userdomain;
class process signal;
@ -1017,7 +1017,7 @@ define(`userdom_signal_all_users',`
## </parameter>
## </interface>
#
define(`userdom_signal_unpriv_users',`
interface(`userdom_signal_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
class process signal;
@ -1036,7 +1036,7 @@ define(`userdom_signal_unpriv_users',`
## </parameter>
## </interface>
#
define(`userdom_use_unpriv_users_fd',`
interface(`userdom_use_unpriv_users_fd',`
gen_require(`
attribute unpriv_userdomain;
class fd use;
@ -1056,7 +1056,7 @@ define(`userdom_use_unpriv_users_fd',`
## </parameter>
## </interface>
#
define(`userdom_dontaudit_use_unpriv_user_fd',`
interface(`userdom_dontaudit_use_unpriv_user_fd',`
gen_require(`
attribute unpriv_userdomain;
class fd use;

47
refpolicy/policy/support/loadable_module.spt
View File

@ -28,17 +28,52 @@ define(`gen_require',`
##############################
#
# In the future interfaces could be in loadable modules
# In the future interfaces should be in loadable modules
#
# module_interface(name,rules)
# template(name,rules)
#
define(`module_interface',`
define(`$1',`
gen_require(`$1'_depend)
define(`template',`
`define(`$1',`
###### begin $1(dollarsstar)
$2
')
###### end $1(dollarsstar)
'')
')
# helper function, since m4 wont expand macros
# if a line is a comment (#):
define(`policy_m4_comment',`dnl
##### $2 depth: $1
')dnl
##############################
#
# In the future interfaces should be in loadable modules
#
# interface(name,rules)
#
define(`interface',`
`define(`$1',`
define(`policy_temp',incr(policy_call_depth))
pushdef(`policy_call_depth',policy_temp)
undefine(`policy_temp')
policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar))
$2
define(`policy_temp',decr(policy_call_depth))
pushdef(`policy_call_depth',policy_temp)
undefine(`policy_temp')
policy_m4_comment(policy_call_depth,end `$1'(dollarsstar))
'')
')
define(`policy_call_depth',0)
##############################
#
# Optional policy handling