shorten some xml tags

This commit is contained in:
Chris PeBenito 2005-06-23 16:00:05 +00:00
parent d3b892e4fd
commit 261e0e66ee
38 changed files with 1899 additions and 1899 deletions

View File

@ -4,7 +4,7 @@
<!ELEMENT layer (module+)> <!ELEMENT layer (module+)>
<!ATTLIST layer <!ATTLIST layer
name CDATA #REQUIRED> name CDATA #REQUIRED>
<!ELEMENT module (summary,description?,(interface|template)*)> <!ELEMENT module (summary,desc?,(interface|template)*)>
<!ATTLIST module <!ATTLIST module
name CDATA #REQUIRED> name CDATA #REQUIRED>
<!ELEMENT tunable (#PCDATA)> <!ELEMENT tunable (#PCDATA)>
@ -12,14 +12,14 @@
name CDATA #REQUIRED name CDATA #REQUIRED
dftval CDATA #REQUIRED> dftval CDATA #REQUIRED>
<!ELEMENT summary (#PCDATA)> <!ELEMENT summary (#PCDATA)>
<!ELEMENT interface (summary?,description?,securitydesc?,parameter+,infoflow?)> <!ELEMENT interface (summary?,desc?,secdesc?,param+,infoflow?)>
<!ATTLIST interface name CDATA #REQUIRED> <!ATTLIST interface name CDATA #REQUIRED>
<!ELEMENT template (summary,description?,securitydesc?,parameter+)> <!ELEMENT template (summary,desc?,secdesc?,param+)>
<!ATTLIST template name CDATA #REQUIRED> <!ATTLIST template name CDATA #REQUIRED>
<!ELEMENT description (#PCDATA|%inline.class;)*> <!ELEMENT desc (#PCDATA|%inline.class;)*>
<!ELEMENT securitydesc (#PCDATA|%inline.class;)*> <!ELEMENT secdesc (#PCDATA|%inline.class;)*>
<!ELEMENT parameter (#PCDATA)> <!ELEMENT param (#PCDATA)>
<!ATTLIST parameter <!ATTLIST param
name CDATA #REQUIRED name CDATA #REQUIRED
optional (true|false) "false"> optional (true|false) "false">
<!ELEMENT infoflow EMPTY> <!ELEMENT infoflow EMPTY>

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="dmesg_domtrans"> ## <interface name="dmesg_domtrans">
## <description> ## <desc>
## Execute dmesg in the dmesg domain. ## Execute dmesg in the dmesg domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`dmesg_domtrans',` interface(`dmesg_domtrans',`
@ -30,12 +30,12 @@ interface(`dmesg_domtrans',`
######################################## ########################################
## <interface name="dmesg_exec"> ## <interface name="dmesg_exec">
## <description> ## <desc>
## Execute dmesg in the caller domain. ## Execute dmesg in the caller domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`dmesg_exec',` interface(`dmesg_exec',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="rpm_domtrans"> ## <interface name="rpm_domtrans">
## <description> ## <desc>
## Execute rpm programs in the rpm domain. ## Execute rpm programs in the rpm domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`rpm_domtrans',` interface(`rpm_domtrans',`
@ -31,18 +31,18 @@ interface(`rpm_domtrans',`
######################################## ########################################
## <interface name="rpm_run"> ## <interface name="rpm_run">
## <description> ## <desc>
## Execute RPM programs in the RPM domain. ## Execute RPM programs in the RPM domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to allow the RPM domain. ## The role to allow the RPM domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the RPM domain to use. ## The type of the terminal allow the RPM domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`rpm_run',` interface(`rpm_run',`
@ -59,12 +59,12 @@ interface(`rpm_run',`
######################################## ########################################
## <interface name="rpm_use_fd"> ## <interface name="rpm_use_fd">
## <description> ## <desc>
## Inherit and use file descriptors from RPM. ## Inherit and use file descriptors from RPM.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`rpm_use_fd',` interface(`rpm_use_fd',`
@ -78,12 +78,12 @@ interface(`rpm_use_fd',`
######################################## ########################################
## <interface name="rpm_read_pipe"> ## <interface name="rpm_read_pipe">
## <description> ## <desc>
## Read from a RPM pipe. ## Read from a RPM pipe.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`rpm_read_pipe',` interface(`rpm_read_pipe',`
@ -97,12 +97,12 @@ interface(`rpm_read_pipe',`
######################################## ########################################
## <interface name="rpm_read_db"> ## <interface name="rpm_read_db">
## <description> ## <desc>
## Read RPM package database. ## Read RPM package database.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`rpm_read_db',` interface(`rpm_read_db',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="usermanage_domtrans_chfn"> ## <interface name="usermanage_domtrans_chfn">
## <description> ## <desc>
## Execute chfn in the chfn domain. ## Execute chfn in the chfn domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_domtrans_chfn',` interface(`usermanage_domtrans_chfn',`
@ -31,19 +31,19 @@ interface(`usermanage_domtrans_chfn',`
######################################## ########################################
## <interface name="usermanage_run_chfn"> ## <interface name="usermanage_run_chfn">
## <description> ## <desc>
## Execute chfn in the chfn domain, and ## Execute chfn in the chfn domain, and
## allow the specified role the chfn domain. ## allow the specified role the chfn domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the chfn domain. ## The role to be allowed the chfn domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the chfn domain to use. ## The type of the terminal allow the chfn domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_run_chfn',` interface(`usermanage_run_chfn',`
@ -59,12 +59,12 @@ interface(`usermanage_run_chfn',`
######################################## ########################################
## <interface name="usermanage_domtrans_groupadd"> ## <interface name="usermanage_domtrans_groupadd">
## <description> ## <desc>
## Execute groupadd in the groupadd domain. ## Execute groupadd in the groupadd domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_domtrans_groupadd',` interface(`usermanage_domtrans_groupadd',`
@ -87,19 +87,19 @@ interface(`usermanage_domtrans_groupadd',`
######################################## ########################################
## <interface name="usermanage_run_groupadd"> ## <interface name="usermanage_run_groupadd">
## <description> ## <desc>
## Execute groupadd in the groupadd domain, and ## Execute groupadd in the groupadd domain, and
## allow the specified role the groupadd domain. ## allow the specified role the groupadd domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the groupadd domain. ## The role to be allowed the groupadd domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the groupadd domain to use. ## The type of the terminal allow the groupadd domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_run_groupadd',` interface(`usermanage_run_groupadd',`
@ -115,12 +115,12 @@ interface(`usermanage_run_groupadd',`
######################################## ########################################
## <interface name="usermanage_domtrans_passwd"> ## <interface name="usermanage_domtrans_passwd">
## <description> ## <desc>
## Execute passwd in the passwd domain. ## Execute passwd in the passwd domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_domtrans_passwd',` interface(`usermanage_domtrans_passwd',`
@ -143,19 +143,19 @@ interface(`usermanage_domtrans_passwd',`
######################################## ########################################
## <interface name="usermanage_run_passwd"> ## <interface name="usermanage_run_passwd">
## <description> ## <desc>
## Execute passwd in the passwd domain, and ## Execute passwd in the passwd domain, and
## allow the specified role the passwd domain. ## allow the specified role the passwd domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the passwd domain. ## The role to be allowed the passwd domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the passwd domain to use. ## The type of the terminal allow the passwd domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_run_passwd',` interface(`usermanage_run_passwd',`
@ -171,12 +171,12 @@ interface(`usermanage_run_passwd',`
######################################## ########################################
## <interface name="usermanage_domtrans_useradd"> ## <interface name="usermanage_domtrans_useradd">
## <description> ## <desc>
## Execute useradd in the useradd domain. ## Execute useradd in the useradd domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_domtrans_useradd',` interface(`usermanage_domtrans_useradd',`
@ -199,19 +199,19 @@ interface(`usermanage_domtrans_useradd',`
######################################## ########################################
## <interface name="usermanage_run_useradd"> ## <interface name="usermanage_run_useradd">
## <description> ## <desc>
## Execute useradd in the useradd domain, and ## Execute useradd in the useradd domain, and
## allow the specified role the useradd domain. ## allow the specified role the useradd domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the useradd domain. ## The role to be allowed the useradd domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the useradd domain to use. ## The type of the terminal allow the useradd domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`usermanage_run_useradd',` interface(`usermanage_run_useradd',`

View File

@ -6,7 +6,7 @@
## <summary> ## <summary>
## The per-userdomain template for the gpg module. ## The per-userdomain template for the gpg module.
## </summary> ## </summary>
## <description> ## <desc>
## <p> ## <p>
## This template creates the types and rules for GPG, ## This template creates the types and rules for GPG,
## GPG-agent, and GPG helper programs. This protects ## GPG-agent, and GPG helper programs. This protects
@ -18,11 +18,11 @@
## generally does not need to be statically invoked ## generally does not need to be statically invoked
## directly by policy writers. ## directly by policy writers.
## </p> ## </p>
## </description> ## </desc>
## <parameter name="userdomain_prefix"> ## <param name="userdomain_prefix">
## The prefix of the user domain (e.g., user ## The prefix of the user domain (e.g., user
## is the prefix for user_t). ## is the prefix for user_t).
## </parameter> ## </param>
# #
template(`gpg_per_userdomain_template',` template(`gpg_per_userdomain_template',`
gen_require(`$0'_depend) gen_require(`$0'_depend)

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="bootloader_domtrans"> ## <interface name="bootloader_domtrans">
## <description> ## <desc>
## Execute bootloader in the bootloader domain. ## Execute bootloader in the bootloader domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_domtrans',` interface(`bootloader_domtrans',`
@ -29,19 +29,19 @@ interface(`bootloader_domtrans',`
######################################## ########################################
## <interface name="bootloader_run"> ## <interface name="bootloader_run">
## <description> ## <desc>
## Execute bootloader interactively and do ## Execute bootloader interactively and do
## a domain transition to the bootloader domain. ## a domain transition to the bootloader domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the bootloader domain. ## The role to be allowed the bootloader domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the bootloader domain to use. ## The type of the terminal allow the bootloader domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_run',` interface(`bootloader_run',`
@ -58,12 +58,12 @@ interface(`bootloader_run',`
######################################## ########################################
## <interface name="bootloader_search_boot_dir"> ## <interface name="bootloader_search_boot_dir">
## <description> ## <desc>
## Search the /boot directory. ## Search the /boot directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_search_boot_dir',` interface(`bootloader_search_boot_dir',`
@ -77,12 +77,12 @@ interface(`bootloader_search_boot_dir',`
######################################## ########################################
## <interface name="bootloader_dontaudit_search_boot"> ## <interface name="bootloader_dontaudit_search_boot">
## <description> ## <desc>
## Do not audit attempts to search the /boot directory. ## Do not audit attempts to search the /boot directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_dontaudit_search_boot',` interface(`bootloader_dontaudit_search_boot',`
@ -96,13 +96,13 @@ interface(`bootloader_dontaudit_search_boot',`
######################################## ########################################
## <interface name="bootloader_rw_boot_symlinks"> ## <interface name="bootloader_rw_boot_symlinks">
## <description> ## <desc>
## Read and write symbolic links ## Read and write symbolic links
## in the /boot directory. ## in the /boot directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_rw_boot_symlinks',` interface(`bootloader_rw_boot_symlinks',`
@ -118,12 +118,12 @@ interface(`bootloader_rw_boot_symlinks',`
######################################## ########################################
## <interface name="bootloader_create_kernel"> ## <interface name="bootloader_create_kernel">
## <description> ## <desc>
## Install a kernel into the /boot directory. ## Install a kernel into the /boot directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_create_kernel',` interface(`bootloader_create_kernel',`
@ -141,12 +141,12 @@ interface(`bootloader_create_kernel',`
######################################## ########################################
## <interface name="bootloader_create_kernel_symbol_table"> ## <interface name="bootloader_create_kernel_symbol_table">
## <description> ## <desc>
## Install a system.map into the /boot directory. ## Install a system.map into the /boot directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_create_kernel_symbol_table',` interface(`bootloader_create_kernel_symbol_table',`
@ -162,12 +162,12 @@ interface(`bootloader_create_kernel_symbol_table',`
######################################## ########################################
## <interface name="bootloader_read_kernel_symbol_table"> ## <interface name="bootloader_read_kernel_symbol_table">
## <description> ## <desc>
## Read system.map in the /boot directory. ## Read system.map in the /boot directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_read_kernel_symbol_table',` interface(`bootloader_read_kernel_symbol_table',`
@ -183,12 +183,12 @@ interface(`bootloader_read_kernel_symbol_table',`
######################################## ########################################
## <interface name="bootloader_delete_kernel"> ## <interface name="bootloader_delete_kernel">
## <description> ## <desc>
## Delete a kernel from /boot. ## Delete a kernel from /boot.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_delete_kernel',` interface(`bootloader_delete_kernel',`
@ -204,12 +204,12 @@ interface(`bootloader_delete_kernel',`
######################################## ########################################
## <interface name="bootloader_delete_kernel_symbol_table"> ## <interface name="bootloader_delete_kernel_symbol_table">
## <description> ## <desc>
## Delete a system.map in the /boot directory. ## Delete a system.map in the /boot directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_delete_kernel_symbol_table',` interface(`bootloader_delete_kernel_symbol_table',`
@ -225,12 +225,12 @@ interface(`bootloader_delete_kernel_symbol_table',`
######################################## ########################################
## <interface name="bootloader_read_config"> ## <interface name="bootloader_read_config">
## <description> ## <desc>
## Read the bootloader configuration file. ## Read the bootloader configuration file.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_read_config',` interface(`bootloader_read_config',`
@ -244,13 +244,13 @@ interface(`bootloader_read_config',`
######################################## ########################################
## <interface name="bootloader_rw_config"> ## <interface name="bootloader_rw_config">
## <description> ## <desc>
## Read and write the bootloader ## Read and write the bootloader
## configuration file. ## configuration file.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_rw_config',` interface(`bootloader_rw_config',`
@ -264,13 +264,13 @@ interface(`bootloader_rw_config',`
######################################## ########################################
## <interface name="bootloader_rw_tmp_file"> ## <interface name="bootloader_rw_tmp_file">
## <description> ## <desc>
## Read and write the bootloader ## Read and write the bootloader
## temporary data in /tmp. ## temporary data in /tmp.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_rw_tmp_file',` interface(`bootloader_rw_tmp_file',`
@ -285,13 +285,13 @@ interface(`bootloader_rw_tmp_file',`
######################################## ########################################
## <interface name="bootloader_create_runtime_file"> ## <interface name="bootloader_create_runtime_file">
## <description> ## <desc>
## Read and write the bootloader ## Read and write the bootloader
## temporary data in /tmp. ## temporary data in /tmp.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_create_runtime_file',` interface(`bootloader_create_runtime_file',`
@ -308,12 +308,12 @@ interface(`bootloader_create_runtime_file',`
######################################## ########################################
## <interface name="bootloader_list_kernel_modules"> ## <interface name="bootloader_list_kernel_modules">
## <description> ## <desc>
## List the contents of the kernel module directories. ## List the contents of the kernel module directories.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_list_kernel_modules',` interface(`bootloader_list_kernel_modules',`
@ -327,12 +327,12 @@ interface(`bootloader_list_kernel_modules',`
######################################## ########################################
## <interface name="bootloader_read_kernel_modules"> ## <interface name="bootloader_read_kernel_modules">
## <description> ## <desc>
## Read kernel module files. ## Read kernel module files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_read_kernel_modules',` interface(`bootloader_read_kernel_modules',`
@ -350,12 +350,12 @@ interface(`bootloader_read_kernel_modules',`
######################################## ########################################
## <interface name="bootloader_write_kernel_modules"> ## <interface name="bootloader_write_kernel_modules">
## <description> ## <desc>
## Write kernel module files. ## Write kernel module files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_write_kernel_modules',` interface(`bootloader_write_kernel_modules',`
@ -374,13 +374,13 @@ interface(`bootloader_write_kernel_modules',`
######################################## ########################################
## <interface name="bootloader_manage_kernel_modules"> ## <interface name="bootloader_manage_kernel_modules">
## <description> ## <desc>
## Create, read, write, and delete ## Create, read, write, and delete
## kernel module files. ## kernel module files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`bootloader_manage_kernel_modules',` interface(`bootloader_manage_kernel_modules',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="corenet_tcp_sendrecv_generic_if"> ## <interface name="corenet_tcp_sendrecv_generic_if">
## <description> ## <desc>
## Send and receive TCP network traffic on the general interfaces. ## Send and receive TCP network traffic on the general interfaces.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #

View File

@ -7,12 +7,12 @@
define(`create_netif_interfaces',`` define(`create_netif_interfaces',``
######################################## ########################################
## <interface name="corenet_tcp_sendrecv_$1"> ## <interface name="corenet_tcp_sendrecv_$1">
## <description> ## <desc>
## Send and receive TCP network traffic on the $1 interface. ## Send and receive TCP network traffic on the $1 interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -27,12 +27,12 @@ interface(`corenet_tcp_sendrecv_$1',`
######################################## ########################################
## <interface name="corenet_udp_send_$1"> ## <interface name="corenet_udp_send_$1">
## <description> ## <desc>
## Send UDP network traffic on the $1 interface. ## Send UDP network traffic on the $1 interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="write" weight="10"/> ## <infoflow type="write" weight="10"/>
## </interface> ## </interface>
# #
@ -47,12 +47,12 @@ interface(`corenet_udp_send_$1',`
######################################## ########################################
## <interface name="corenet_udp_receive_$1"> ## <interface name="corenet_udp_receive_$1">
## <description> ## <desc>
## Receive UDP network traffic on the $1 interface. ## Receive UDP network traffic on the $1 interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="read" weight="10"/> ## <infoflow type="read" weight="10"/>
## </interface> ## </interface>
# #
@ -67,12 +67,12 @@ interface(`corenet_udp_receive_$1',`
######################################## ########################################
## <interface name="corenetwork_sendrecv_udp_on_$1_interface"> ## <interface name="corenetwork_sendrecv_udp_on_$1_interface">
## <description> ## <desc>
## Send and receive UDP network traffic on the $1 interface. ## Send and receive UDP network traffic on the $1 interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -83,12 +83,12 @@ interface(`corenet_udp_sendrecv_$1',`
######################################## ########################################
## <interface name="corenet_raw_send_$1"> ## <interface name="corenet_raw_send_$1">
## <description> ## <desc>
## Send raw IP packets on the $1 interface. ## Send raw IP packets on the $1 interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="write" weight="10"/> ## <infoflow type="write" weight="10"/>
## </interface> ## </interface>
# #
@ -105,12 +105,12 @@ interface(`corenet_raw_send_$1',`
######################################## ########################################
## <interface name="corenet_raw_receive_$1"> ## <interface name="corenet_raw_receive_$1">
## <description> ## <desc>
## Receive raw IP packets on the $1 interface. ## Receive raw IP packets on the $1 interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="read" weight="10"/> ## <infoflow type="read" weight="10"/>
## </interface> ## </interface>
# #
@ -125,12 +125,12 @@ interface(`corenet_raw_receive_$1',`
######################################## ########################################
## <interface name="corenet_raw_sendrecv_$1"> ## <interface name="corenet_raw_sendrecv_$1">
## <description> ## <desc>
## Send and receive raw IP packets on the $1 interface. ## Send and receive raw IP packets on the $1 interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -149,12 +149,12 @@ interface(`corenet_raw_sendrecv_$1',`
define(`create_node_interfaces',`` define(`create_node_interfaces',``
######################################## ########################################
## <interface name="corenet_tcp_sendrecv_$1_node"> ## <interface name="corenet_tcp_sendrecv_$1_node">
## <description> ## <desc>
## Send and receive TCP traffic on the $1 node. ## Send and receive TCP traffic on the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -169,12 +169,12 @@ interface(`corenet_tcp_sendrecv_$1_node',`
######################################## ########################################
## <interface name="corenet_udp_send_$1_node"> ## <interface name="corenet_udp_send_$1_node">
## <description> ## <desc>
## Send UDP traffic on the $1 node. ## Send UDP traffic on the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="write" weight="10"/> ## <infoflow type="write" weight="10"/>
## </interface> ## </interface>
# #
@ -189,12 +189,12 @@ interface(`corenet_udp_send_$1_node',`
######################################## ########################################
## <interface name="corenet_udp_receive_$1_node"> ## <interface name="corenet_udp_receive_$1_node">
## <description> ## <desc>
## Receive UDP traffic on the $1 node. ## Receive UDP traffic on the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="read" weight="10"/> ## <infoflow type="read" weight="10"/>
## </interface> ## </interface>
# #
@ -209,12 +209,12 @@ interface(`corenet_udp_receive_$1_node',`
######################################## ########################################
## <interface name="corenet_udp_sendrecv_$1_node"> ## <interface name="corenet_udp_sendrecv_$1_node">
## <description> ## <desc>
## Send and receive UDP traffic on the $1 node. ## Send and receive UDP traffic on the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -225,12 +225,12 @@ interface(`corenet_udp_sendrecv_$1_node',`
######################################## ########################################
## <interface name="corenet_raw_send_$1_node"> ## <interface name="corenet_raw_send_$1_node">
## <description> ## <desc>
## Send raw IP packets on the $1 node. ## Send raw IP packets on the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="write" weight="10"/> ## <infoflow type="write" weight="10"/>
## </interface> ## </interface>
# #
@ -245,12 +245,12 @@ interface(`corenet_raw_send_$1_node',`
######################################## ########################################
## <interface name="corenet_raw_receive_$1_node"> ## <interface name="corenet_raw_receive_$1_node">
## <description> ## <desc>
## Receive raw IP packets on the $1 node. ## Receive raw IP packets on the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="write" weight="10"/> ## <infoflow type="write" weight="10"/>
## </interface> ## </interface>
# #
@ -265,12 +265,12 @@ interface(`corenet_raw_receive_$1_node',`
######################################## ########################################
## <interface name="corenet_raw_sendrecv_$1_node"> ## <interface name="corenet_raw_sendrecv_$1_node">
## <description> ## <desc>
## Send and receive raw IP packets on the $1 node. ## Send and receive raw IP packets on the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -281,12 +281,12 @@ interface(`corenet_raw_sendrecv_$1_node',`
######################################## ########################################
## <interface name="corenet_tcp_bind_$1_node"> ## <interface name="corenet_tcp_bind_$1_node">
## <description> ## <desc>
## Bind TCP sockets to node $1. ## Bind TCP sockets to node $1.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="none"/> ## <infoflow type="none"/>
## </interface> ## </interface>
# #
@ -301,12 +301,12 @@ interface(`corenet_tcp_bind_$1_node',`
######################################## ########################################
## <interface name="corenet_udp_bind_$1_node"> ## <interface name="corenet_udp_bind_$1_node">
## <description> ## <desc>
## Bind UDP sockets to the $1 node. ## Bind UDP sockets to the $1 node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="none"/> ## <infoflow type="none"/>
## </interface> ## </interface>
# #
@ -329,12 +329,12 @@ interface(`corenet_udp_bind_$1_node',`
define(`create_port_interfaces',`` define(`create_port_interfaces',``
######################################## ########################################
## <interface name="corenet_tcp_sendrecv_$1_port"> ## <interface name="corenet_tcp_sendrecv_$1_port">
## <description> ## <desc>
## Send and receive TCP traffic on the $1 port. ## Send and receive TCP traffic on the $1 port.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -349,12 +349,12 @@ interface(`corenet_tcp_sendrecv_$1_port',`
######################################## ########################################
## <interface name="corenet_udp_send_$1_port"> ## <interface name="corenet_udp_send_$1_port">
## <description> ## <desc>
## Send UDP traffic on the $1 port. ## Send UDP traffic on the $1 port.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="write" weight="10"/> ## <infoflow type="write" weight="10"/>
## </interface> ## </interface>
# #
@ -369,12 +369,12 @@ interface(`corenet_udp_send_$1_port',`
######################################## ########################################
## <interface name="corenet_udp_receive_$1_port"> ## <interface name="corenet_udp_receive_$1_port">
## <description> ## <desc>
## Receive UDP traffic on the $1 port. ## Receive UDP traffic on the $1 port.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="read" weight="10"/> ## <infoflow type="read" weight="10"/>
## </interface> ## </interface>
# #
@ -389,12 +389,12 @@ interface(`corenet_udp_receive_$1_port',`
######################################## ########################################
## <interface name="corenetwork_sendrecv_udp_on_$1_port"> ## <interface name="corenetwork_sendrecv_udp_on_$1_port">
## <description> ## <desc>
## Send and receive UDP traffic on the $1 port. ## Send and receive UDP traffic on the $1 port.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
## </interface> ## </interface>
# #
@ -405,12 +405,12 @@ interface(`corenet_udp_sendrecv_$1_port',`
######################################## ########################################
## <interface name="corenet_tcp_bind_$1_port"> ## <interface name="corenet_tcp_bind_$1_port">
## <description> ## <desc>
## Bind TCP sockets to the $1 port. ## Bind TCP sockets to the $1 port.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="none"/> ## <infoflow type="none"/>
## </interface> ## </interface>
# #
@ -426,12 +426,12 @@ interface(`corenet_tcp_bind_$1_port',`
######################################## ########################################
## <interface name="corenet_udp_bind_$1_port"> ## <interface name="corenet_udp_bind_$1_port">
## <description> ## <desc>
## Bind UDP sockets to the $1 port. ## Bind UDP sockets to the $1 port.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <infoflow type="none"/> ## <infoflow type="none"/>
## </interface> ## </interface>
# #

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -6,16 +6,16 @@
######################################## ########################################
## <interface name="kernel_userland_entry"> ## <interface name="kernel_userland_entry">
## <description> ## <desc>
## Allows to start userland processes ## Allows to start userland processes
## by transitioning to the specified domain. ## by transitioning to the specified domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type entered by kernel. ## The process type entered by kernel.
## </parameter> ## </param>
## <parameter name="entrypoint"> ## <param name="entrypoint">
## The executable type for the entrypoint. ## The executable type for the entrypoint.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_userland_entry',` interface(`kernel_userland_entry',`
@ -36,13 +36,13 @@ interface(`kernel_userland_entry',`
######################################## ########################################
## <interface name="kernel_rootfs_mountpoint"> ## <interface name="kernel_rootfs_mountpoint">
## <description> ## <desc>
## Allows the kernel to mount filesystems on ## Allows the kernel to mount filesystems on
## the specified directory type. ## the specified directory type.
## </description> ## </desc>
## <parameter name="directory_type"> ## <param name="directory_type">
## The type of the directory to use as a mountpoint. ## The type of the directory to use as a mountpoint.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rootfs_mountpoint',` interface(`kernel_rootfs_mountpoint',`
@ -56,12 +56,12 @@ interface(`kernel_rootfs_mountpoint',`
######################################## ########################################
## <interface name="kernel_sigchld"> ## <interface name="kernel_sigchld">
## <description> ## <desc>
## Send a SIGCHLD signal to kernel threads. ## Send a SIGCHLD signal to kernel threads.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process sending the signal. ## The type of the process sending the signal.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_sigchld',` interface(`kernel_sigchld',`
@ -75,13 +75,13 @@ interface(`kernel_sigchld',`
######################################## ########################################
## <interface name="kernel_share_state"> ## <interface name="kernel_share_state">
## <description> ## <desc>
## Allows the kernel to share state information with ## Allows the kernel to share state information with
## the caller. ## the caller.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process with which to share state information. ## The type of the process with which to share state information.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_share_state',` interface(`kernel_share_state',`
@ -95,12 +95,12 @@ interface(`kernel_share_state',`
######################################## ########################################
## <interface name="kernel_use_fd"> ## <interface name="kernel_use_fd">
## <description> ## <desc>
## Permits caller to use kernel file descriptors. ## Permits caller to use kernel file descriptors.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process using the descriptors. ## The type of the process using the descriptors.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_use_fd',` interface(`kernel_use_fd',`
@ -114,13 +114,13 @@ interface(`kernel_use_fd',`
######################################## ########################################
## <interface name="kernel_dontaudit_use_fd"> ## <interface name="kernel_dontaudit_use_fd">
## <description> ## <desc>
## Do not audit attempts to use ## Do not audit attempts to use
## kernel file descriptors. ## kernel file descriptors.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of process not to audit. ## The type of process not to audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_dontaudit_use_fd',` interface(`kernel_dontaudit_use_fd',`
@ -134,12 +134,12 @@ interface(`kernel_dontaudit_use_fd',`
######################################## ########################################
## <interface name="kernel_load_module"> ## <interface name="kernel_load_module">
## <description> ## <desc>
## Allows caller to load kernel modules ## Allows caller to load kernel modules
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to allow to load kernel modules. ## The process type to allow to load kernel modules.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_load_module',` interface(`kernel_load_module',`
@ -154,12 +154,12 @@ interface(`kernel_load_module',`
######################################## ########################################
## <interface name="kernel_read_ring_buffer"> ## <interface name="kernel_read_ring_buffer">
## <description> ## <desc>
## Allows caller to read the ring buffer. ## Allows caller to read the ring buffer.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type allowed to read the ring buffer. ## The process type allowed to read the ring buffer.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_ring_buffer',` interface(`kernel_read_ring_buffer',`
@ -173,12 +173,12 @@ interface(`kernel_read_ring_buffer',`
######################################## ########################################
## <interface name="kernel_dontaudit_read_ring_buffer"> ## <interface name="kernel_dontaudit_read_ring_buffer">
## <description> ## <desc>
## Do not audit attempts to read the ring buffer. ## Do not audit attempts to read the ring buffer.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The domain to not audit. ## The domain to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_dontaudit_read_ring_buffer',` interface(`kernel_dontaudit_read_ring_buffer',`
@ -192,12 +192,12 @@ interface(`kernel_dontaudit_read_ring_buffer',`
######################################## ########################################
## <interface name="kernel_change_ring_buffer_level"> ## <interface name="kernel_change_ring_buffer_level">
## <description> ## <desc>
## ##
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## ##
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_change_ring_buffer_level',` interface(`kernel_change_ring_buffer_level',`
@ -211,12 +211,12 @@ interface(`kernel_change_ring_buffer_level',`
######################################## ########################################
## <interface name="kernel_clear_ring_buffer"> ## <interface name="kernel_clear_ring_buffer">
## <description> ## <desc>
## Allows the caller to clear the ring buffer. ## Allows the caller to clear the ring buffer.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type clearing the buffer. ## The process type clearing the buffer.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_clear_ring_buffer',` interface(`kernel_clear_ring_buffer',`
@ -230,12 +230,12 @@ interface(`kernel_clear_ring_buffer',`
######################################## ########################################
## <interface name="kernel_get_sysvipc_info"> ## <interface name="kernel_get_sysvipc_info">
## <description> ## <desc>
## Get information on all System V IPC objects. ## Get information on all System V IPC objects.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## ##
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_get_sysvipc_info',` interface(`kernel_get_sysvipc_info',`
@ -249,12 +249,12 @@ interface(`kernel_get_sysvipc_info',`
######################################## ########################################
## <interface name="kernel_read_system_state"> ## <interface name="kernel_read_system_state">
## <description> ## <desc>
## Allows caller to read system state information. ## Allows caller to read system state information.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type reading the system state information. ## The process type reading the system state information.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_system_state',` interface(`kernel_read_system_state',`
@ -272,13 +272,13 @@ interface(`kernel_read_system_state',`
######################################## ########################################
## <interface name="kernel_dontaudit_read_system_state"> ## <interface name="kernel_dontaudit_read_system_state">
## <description> ## <desc>
## Do not audit attempts by caller to ## Do not audit attempts by caller to
## read system state information. ## read system state information.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type not to audit. ## The process type not to audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_dontaudit_read_system_state',` interface(`kernel_dontaudit_read_system_state',`
@ -292,12 +292,12 @@ interface(`kernel_dontaudit_read_system_state',`
####################################### #######################################
## <interface name="kernel_read_software_raid_state"> ## <interface name="kernel_read_software_raid_state">
## <description> ## <desc>
## Allow caller to read the state information for software raid. ## Allow caller to read the state information for software raid.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type reading software raid state. ## The process type reading software raid state.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_software_raid_state',` interface(`kernel_read_software_raid_state',`
@ -313,12 +313,12 @@ interface(`kernel_read_software_raid_state',`
######################################## ########################################
## <interface name="kernel_getattr_core"> ## <interface name="kernel_getattr_core">
## <description> ## <desc>
## Allows caller to get attribues of core kernel interface. ## Allows caller to get attribues of core kernel interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type getting the attibutes. ## The process type getting the attibutes.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_getattr_core',` interface(`kernel_getattr_core',`
@ -334,13 +334,13 @@ interface(`kernel_getattr_core',`
######################################## ########################################
## <interface name="kernel_dontaudit_getattr_core"> ## <interface name="kernel_dontaudit_getattr_core">
## <description> ## <desc>
## Do not audit attempts to get the attributes of ## Do not audit attempts to get the attributes of
## core kernel interfaces. ## core kernel interfaces.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to not audit. ## The process type to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_dontaudit_getattr_core',` interface(`kernel_dontaudit_getattr_core',`
@ -354,13 +354,13 @@ interface(`kernel_dontaudit_getattr_core',`
######################################## ########################################
## <interface name="kernel_read_messages"> ## <interface name="kernel_read_messages">
## <description> ## <desc>
## Allow caller to read kernel messages ## Allow caller to read kernel messages
## using the /proc/kmsg interface. ## using the /proc/kmsg interface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type reading the messages. ## The process type reading the messages.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_messages',` interface(`kernel_read_messages',`
@ -378,13 +378,13 @@ interface(`kernel_read_messages',`
######################################## ########################################
## <interface name="kernel_getattr_message_if"> ## <interface name="kernel_getattr_message_if">
## <description> ## <desc>
## Allow caller to get the attributes of kernel message ## Allow caller to get the attributes of kernel message
## interface (/proc/kmsg). ## interface (/proc/kmsg).
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type getting the attributes. ## The process type getting the attributes.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_getattr_message_if',` interface(`kernel_getattr_message_if',`
@ -400,13 +400,13 @@ interface(`kernel_getattr_message_if',`
######################################## ########################################
## <interface name="kernel_dontaudit_getattr_message_if"> ## <interface name="kernel_dontaudit_getattr_message_if">
## <description> ## <desc>
## Do not audit attempts by caller to get the attributes of kernel ## Do not audit attempts by caller to get the attributes of kernel
## message interfaces. ## message interfaces.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type not to audit. ## The process type not to audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_dontaudit_getattr_message_if',` interface(`kernel_dontaudit_getattr_message_if',`
@ -420,12 +420,12 @@ interface(`kernel_dontaudit_getattr_message_if',`
######################################## ########################################
## <interface name="kernel_read_network_state"> ## <interface name="kernel_read_network_state">
## <description> ## <desc>
## Allow caller to read the network state information. ## Allow caller to read the network state information.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type reading the state. ## The process type reading the state.
## </parameter> ## </param>
## </interface> ## </interface>
## ##
# #
@ -443,12 +443,12 @@ interface(`kernel_read_network_state',`
######################################## ########################################
## <interface name="kernel_dontaudit_search_sysctl_dir"> ## <interface name="kernel_dontaudit_search_sysctl_dir">
## <description> ## <desc>
## Do not audit attempts by caller to search the sysctl directory. ## Do not audit attempts by caller to search the sysctl directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type not to audit. ## The process type not to audit.
## </parameter> ## </param>
## </interface> ## </interface>
## ##
# #
@ -463,12 +463,12 @@ interface(`kernel_dontaudit_search_sysctl_dir',`
######################################## ########################################
## <interface name="kernel_read_device_sysctl"> ## <interface name="kernel_read_device_sysctl">
## <description> ## <desc>
## Allow caller to read the device sysctls. ## Allow caller to read the device sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to allow to read the device sysctls. ## The process type to allow to read the device sysctls.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_device_sysctl',` interface(`kernel_read_device_sysctl',`
@ -486,12 +486,12 @@ interface(`kernel_read_device_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_device_sysctl"> ## <interface name="kernel_rw_device_sysctl">
## <description> ## <desc>
## Read and write device sysctls. ## Read and write device sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_device_sysctl',` interface(`kernel_rw_device_sysctl',`
@ -508,12 +508,12 @@ interface(`kernel_rw_device_sysctl',`
######################################## ########################################
## <interface name="kernel_read_vm_sysctl"> ## <interface name="kernel_read_vm_sysctl">
## <description> ## <desc>
## Allow caller to read virtual memory sysctls. ## Allow caller to read virtual memory sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
## ##
# #
@ -531,12 +531,12 @@ interface(`kernel_read_vm_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_vm_sysctl"> ## <interface name="kernel_rw_vm_sysctl">
## <description> ## <desc>
## Read and write virtual memory sysctls. ## Read and write virtual memory sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_vm_sysctl',` interface(`kernel_rw_vm_sysctl',`
@ -553,12 +553,12 @@ interface(`kernel_rw_vm_sysctl',`
######################################## ########################################
## <interface name="kernel_dontaudit_search_network_sysctl_dir"> ## <interface name="kernel_dontaudit_search_network_sysctl_dir">
## <description> ## <desc>
## Do not audit attempts by caller to search sysctl network directories. ## Do not audit attempts by caller to search sysctl network directories.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type not to audit. ## The process type not to audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_dontaudit_search_network_sysctl_dir',` interface(`kernel_dontaudit_search_network_sysctl_dir',`
@ -572,12 +572,12 @@ interface(`kernel_dontaudit_search_network_sysctl_dir',`
######################################## ########################################
## <interface name="kernel_read_net_sysctl"> ## <interface name="kernel_read_net_sysctl">
## <description> ## <desc>
## Allow caller to read network sysctls. ## Allow caller to read network sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
## ##
# #
@ -596,12 +596,12 @@ interface(`kernel_read_net_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_net_sysctl"> ## <interface name="kernel_rw_net_sysctl">
## <description> ## <desc>
## Allow caller to modiry contents of sysctl network files. ## Allow caller to modiry contents of sysctl network files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_net_sysctl',` interface(`kernel_rw_net_sysctl',`
@ -619,13 +619,13 @@ interface(`kernel_rw_net_sysctl',`
######################################## ########################################
## <interface name="kernel_read_unix_sysctl"> ## <interface name="kernel_read_unix_sysctl">
## <description> ## <desc>
## Allow caller to read unix domain ## Allow caller to read unix domain
## socket sysctls. ## socket sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_unix_sysctl',` interface(`kernel_read_unix_sysctl',`
@ -643,13 +643,13 @@ interface(`kernel_read_unix_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_unix_sysctl"> ## <interface name="kernel_rw_unix_sysctl">
## <description> ## <desc>
## Read and write unix domain ## Read and write unix domain
## socket sysctls. ## socket sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_unix_sysctl',` interface(`kernel_rw_unix_sysctl',`
@ -667,12 +667,12 @@ interface(`kernel_rw_unix_sysctl',`
######################################## ########################################
## <interface name="kernel_read_hotplug_sysctl"> ## <interface name="kernel_read_hotplug_sysctl">
## <description> ## <desc>
## Read the hotplug sysctl. ## Read the hotplug sysctl.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_hotplug_sysctl',` interface(`kernel_read_hotplug_sysctl',`
@ -690,12 +690,12 @@ interface(`kernel_read_hotplug_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_hotplug_sysctl"> ## <interface name="kernel_rw_hotplug_sysctl">
## <description> ## <desc>
## Read and write the hotplug sysctl. ## Read and write the hotplug sysctl.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_hotplug_sysctl',` interface(`kernel_rw_hotplug_sysctl',`
@ -713,12 +713,12 @@ interface(`kernel_rw_hotplug_sysctl',`
######################################## ########################################
## <interface name="kernel_read_modprobe_sysctl"> ## <interface name="kernel_read_modprobe_sysctl">
## <description> ## <desc>
## Read the modprobe sysctl. ## Read the modprobe sysctl.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_modprobe_sysctl',` interface(`kernel_read_modprobe_sysctl',`
@ -736,12 +736,12 @@ interface(`kernel_read_modprobe_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_modprobe_sysctl"> ## <interface name="kernel_rw_modprobe_sysctl">
## <description> ## <desc>
## Read and write the modprobe sysctl. ## Read and write the modprobe sysctl.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_modprobe_sysctl',` interface(`kernel_rw_modprobe_sysctl',`
@ -759,12 +759,12 @@ interface(`kernel_rw_modprobe_sysctl',`
######################################## ########################################
## <interface name="kernel_read_kernel_sysctl"> ## <interface name="kernel_read_kernel_sysctl">
## <description> ## <desc>
## Read generic kernel sysctls. ## Read generic kernel sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_kernel_sysctl',` interface(`kernel_read_kernel_sysctl',`
@ -782,12 +782,12 @@ interface(`kernel_read_kernel_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_kernel_sysctl"> ## <interface name="kernel_rw_kernel_sysctl">
## <description> ## <desc>
## Read and write generic kernel sysctls. ## Read and write generic kernel sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_kernel_sysctl',` interface(`kernel_rw_kernel_sysctl',`
@ -805,12 +805,12 @@ interface(`kernel_rw_kernel_sysctl',`
######################################## ########################################
## <interface name="kernel_read_fs_sysctl"> ## <interface name="kernel_read_fs_sysctl">
## <description> ## <desc>
## Read filesystem sysctls. ## Read filesystem sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_fs_sysctl',` interface(`kernel_read_fs_sysctl',`
@ -828,12 +828,12 @@ interface(`kernel_read_fs_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_fs_sysctl"> ## <interface name="kernel_rw_fs_sysctl">
## <description> ## <desc>
## Read and write fileystem sysctls. ## Read and write fileystem sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_fs_sysctl',` interface(`kernel_rw_fs_sysctl',`
@ -851,12 +851,12 @@ interface(`kernel_rw_fs_sysctl',`
######################################## ########################################
## <interface name="kernel_read_irq_sysctl"> ## <interface name="kernel_read_irq_sysctl">
## <description> ## <desc>
## Read IRQ sysctls. ## Read IRQ sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_irq_sysctl',` interface(`kernel_read_irq_sysctl',`
@ -873,12 +873,12 @@ interface(`kernel_read_irq_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_irq_sysctl"> ## <interface name="kernel_rw_irq_sysctl">
## <description> ## <desc>
## Read and write IRQ sysctls. ## Read and write IRQ sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
## ##
# #
@ -930,12 +930,12 @@ interface(`kernel_rw_rpc_sysctl',`
######################################## ########################################
## <interface name="kernel_read_all_sysctl"> ## <interface name="kernel_read_all_sysctl">
## <description> ## <desc>
## Allow caller to read all sysctls. ## Allow caller to read all sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_read_all_sysctl',` interface(`kernel_read_all_sysctl',`
@ -953,12 +953,12 @@ interface(`kernel_read_all_sysctl',`
######################################## ########################################
## <interface name="kernel_rw_all_sysctl"> ## <interface name="kernel_rw_all_sysctl">
## <description> ## <desc>
## Read and write all sysctls. ## Read and write all sysctls.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_rw_all_sysctl',` interface(`kernel_rw_all_sysctl',`
@ -976,12 +976,12 @@ interface(`kernel_rw_all_sysctl',`
######################################## ########################################
## <interface name="kernel_kill_unlabeled"> ## <interface name="kernel_kill_unlabeled">
## <description> ## <desc>
## Send a kill signal to unlabeled processes. ## Send a kill signal to unlabeled processes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_kill_unlabeled',` interface(`kernel_kill_unlabeled',`
@ -995,12 +995,12 @@ interface(`kernel_kill_unlabeled',`
######################################## ########################################
## <interface name="kernel_signal_unlabeled"> ## <interface name="kernel_signal_unlabeled">
## <description> ## <desc>
## Send general signals to unlabeled processes. ## Send general signals to unlabeled processes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_signal_unlabeled',` interface(`kernel_signal_unlabeled',`
@ -1014,12 +1014,12 @@ interface(`kernel_signal_unlabeled',`
######################################## ########################################
## <interface name="kernel_signull_unlabeled"> ## <interface name="kernel_signull_unlabeled">
## <description> ## <desc>
## Send a null signal to unlabeled processes. ## Send a null signal to unlabeled processes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_signull_unlabeled',` interface(`kernel_signull_unlabeled',`
@ -1033,12 +1033,12 @@ interface(`kernel_signull_unlabeled',`
######################################## ########################################
## <interface name="kernel_sigstop_unlabeled"> ## <interface name="kernel_sigstop_unlabeled">
## <description> ## <desc>
## Send a stop signal to unlabeled processes. ## Send a stop signal to unlabeled processes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_sigstop_unlabeled',` interface(`kernel_sigstop_unlabeled',`
@ -1052,12 +1052,12 @@ interface(`kernel_sigstop_unlabeled',`
######################################## ########################################
## <interface name="kernel_sigchld_unlabeled"> ## <interface name="kernel_sigchld_unlabeled">
## <description> ## <desc>
## Send a child terminated signal to unlabeled processes. ## Send a child terminated signal to unlabeled processes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_sigchld_unlabeled',` interface(`kernel_sigchld_unlabeled',`
@ -1071,13 +1071,13 @@ interface(`kernel_sigchld_unlabeled',`
######################################## ########################################
## <interface name="kernel_dontaudit_getattr_unlabeled_blk_dev"> ## <interface name="kernel_dontaudit_getattr_unlabeled_blk_dev">
## <description> ## <desc>
## Do not audit attempts by caller to get attributes for ## Do not audit attempts by caller to get attributes for
## unlabeled block devices. ## unlabeled block devices.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type not to audit. ## The process type not to audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',` interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
@ -1091,12 +1091,12 @@ interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
######################################## ########################################
## <interface name="kernel_relabel_unlabeled"> ## <interface name="kernel_relabel_unlabeled">
## <description> ## <desc>
## Allow caller to relabel unlabeled objects. ## Allow caller to relabel unlabeled objects.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type relabeling the objects. ## The process type relabeling the objects.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`kernel_relabel_unlabeled',` interface(`kernel_relabel_unlabeled',`

View File

@ -5,12 +5,12 @@
######################################## ########################################
## <interface name="selinux_get_fs_mount"> ## <interface name="selinux_get_fs_mount">
## <description> ## <desc>
## Gets the caller the mountpoint of the selinuxfs filesystem. ## Gets the caller the mountpoint of the selinuxfs filesystem.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type requesting the selinuxfs mountpoint. ## The process type requesting the selinuxfs mountpoint.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_get_fs_mount',` interface(`selinux_get_fs_mount',`
@ -21,13 +21,13 @@ interface(`selinux_get_fs_mount',`
######################################## ########################################
## <interface name="selinux_get_enforce_mode"> ## <interface name="selinux_get_enforce_mode">
## <description> ## <desc>
## Allows the caller to get the mode of policy enforcement ## Allows the caller to get the mode of policy enforcement
## (enforcing or permissive mode). ## (enforcing or permissive mode).
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to allow to get the enforcing mode. ## The process type to allow to get the enforcing mode.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_get_enforce_mode',` interface(`selinux_get_enforce_mode',`
@ -43,13 +43,13 @@ interface(`selinux_get_enforce_mode',`
######################################## ########################################
## <interface name="selinux_set_enforce_mode"> ## <interface name="selinux_set_enforce_mode">
## <description> ## <desc>
## Allow caller to set the mode of policy enforcement ## Allow caller to set the mode of policy enforcement
## (enforcing or permissive mode). ## (enforcing or permissive mode).
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to allow to set the enforcement mode. ## The process type to allow to set the enforcement mode.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_set_enforce_mode',` interface(`selinux_set_enforce_mode',`
@ -70,12 +70,12 @@ interface(`selinux_set_enforce_mode',`
######################################## ########################################
## <interface name="selinux_load_policy"> ## <interface name="selinux_load_policy">
## <description> ## <desc>
## Allow caller to load the policy into the kernel. ## Allow caller to load the policy into the kernel.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type that will load the policy. ## The process type that will load the policy.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_load_policy',` interface(`selinux_load_policy',`
@ -96,16 +96,16 @@ interface(`selinux_load_policy',`
######################################## ########################################
## <interface name="selinux_set_boolean"> ## <interface name="selinux_set_boolean">
## <description> ## <desc>
## Allow caller to set the state of Booleans to ## Allow caller to set the state of Booleans to
## enable or disable conditional portions of the policy. ## enable or disable conditional portions of the policy.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type allowed to set the Boolean. ## The process type allowed to set the Boolean.
## </parameter> ## </param>
## <parameter name="booltype" optional="true"> ## <param name="booltype" optional="true">
## The type of Booleans the caller is allowed to set. ## The type of Booleans the caller is allowed to set.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_set_boolean',` interface(`selinux_set_boolean',`
@ -131,12 +131,12 @@ interface(`selinux_set_boolean',`
######################################## ########################################
## <interface name="selinux_set_parameters"> ## <interface name="selinux_set_parameters">
## <description> ## <desc>
## Allow caller to set selinux security parameters. ## Allow caller to set selinux security parameters.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to allow to set security parameters. ## The process type to allow to set security parameters.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_set_parameters',` interface(`selinux_set_parameters',`
@ -157,12 +157,12 @@ interface(`selinux_set_parameters',`
######################################## ########################################
## <interface name="selinux_validate_context"> ## <interface name="selinux_validate_context">
## <description> ## <desc>
## Allows caller to validate security contexts. ## Allows caller to validate security contexts.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type permitted to validate contexts. ## The process type permitted to validate contexts.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_validate_context',` interface(`selinux_validate_context',`
@ -180,12 +180,12 @@ interface(`selinux_validate_context',`
######################################## ########################################
## <interface name="selinux_compute_access_vector"> ## <interface name="selinux_compute_access_vector">
## <description> ## <desc>
## Allows caller to compute an access vector. ## Allows caller to compute an access vector.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type allowed to compute an access vector. ## The process type allowed to compute an access vector.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_compute_access_vector',` interface(`selinux_compute_access_vector',`
@ -203,12 +203,12 @@ interface(`selinux_compute_access_vector',`
######################################## ########################################
## <interface name="selinux_compute_create_context"> ## <interface name="selinux_compute_create_context">
## <description> ## <desc>
## ##
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## ##
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_compute_create_context',` interface(`selinux_compute_create_context',`
@ -226,12 +226,12 @@ interface(`selinux_compute_create_context',`
######################################## ########################################
## <interface name="selinux_compute_relabel_context"> ## <interface name="selinux_compute_relabel_context">
## <description> ## <desc>
## ##
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to ## The process type to
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_compute_relabel_context',` interface(`selinux_compute_relabel_context',`
@ -249,12 +249,12 @@ interface(`selinux_compute_relabel_context',`
######################################## ########################################
## <interface name="selinux_compute_user_contexts"> ## <interface name="selinux_compute_user_contexts">
## <description> ## <desc>
## Allows caller to compute possible contexts for a user. ## Allows caller to compute possible contexts for a user.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type allowed to compute user contexts. ## The process type allowed to compute user contexts.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`selinux_compute_user_contexts',` interface(`selinux_compute_user_contexts',`

View File

@ -3,13 +3,13 @@
######################################## ########################################
## <interface name="storage_getattr_fixed_disk"> ## <interface name="storage_getattr_fixed_disk">
## <description> ## <desc>
## Allow the caller to get the attributes of fixed disk ## Allow the caller to get the attributes of fixed disk
## device nodes. ## device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_getattr_fixed_disk',` interface(`storage_getattr_fixed_disk',`
@ -24,13 +24,13 @@ interface(`storage_getattr_fixed_disk',`
######################################## ########################################
## <interface name="storage_dontaudit_getattr_fixed_disk"> ## <interface name="storage_dontaudit_getattr_fixed_disk">
## <description> ## <desc>
## Do not audit attempts made by the caller to get ## Do not audit attempts made by the caller to get
## the attributes of fixed disk device nodes. ## the attributes of fixed disk device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_dontaudit_getattr_fixed_disk',` interface(`storage_dontaudit_getattr_fixed_disk',`
@ -44,13 +44,13 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
######################################## ########################################
## <interface name="storage_setattr_fixed_disk"> ## <interface name="storage_setattr_fixed_disk">
## <description> ## <desc>
## Allow the caller to set the attributes of fixed disk ## Allow the caller to set the attributes of fixed disk
## device nodes. ## device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_setattr_fixed_disk',` interface(`storage_setattr_fixed_disk',`
@ -65,13 +65,13 @@ interface(`storage_setattr_fixed_disk',`
######################################## ########################################
## <interface name="storage_dontaudit_setattr_fixed_disk"> ## <interface name="storage_dontaudit_setattr_fixed_disk">
## <description> ## <desc>
## Do not audit attempts made by the caller to set ## Do not audit attempts made by the caller to set
## the attributes of fixed disk device nodes. ## the attributes of fixed disk device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_dontaudit_setattr_fixed_disk',` interface(`storage_dontaudit_setattr_fixed_disk',`
@ -85,15 +85,15 @@ interface(`storage_dontaudit_setattr_fixed_disk',`
######################################## ########################################
## <interface name="storage_raw_read_fixed_disk"> ## <interface name="storage_raw_read_fixed_disk">
## <description> ## <desc>
## Allow the caller to directly read from a fixed disk. ## Allow the caller to directly read from a fixed disk.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_raw_read_fixed_disk',` interface(`storage_raw_read_fixed_disk',`
@ -110,15 +110,15 @@ interface(`storage_raw_read_fixed_disk',`
######################################## ########################################
## <interface name="storage_raw_write_fixed_disk"> ## <interface name="storage_raw_write_fixed_disk">
## <description> ## <desc>
## Allow the caller to directly write to a fixed disk. ## Allow the caller to directly write to a fixed disk.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_raw_write_fixed_disk',` interface(`storage_raw_write_fixed_disk',`
@ -135,12 +135,12 @@ interface(`storage_raw_write_fixed_disk',`
######################################## ########################################
## <interface name="storage_create_fixed_disk"> ## <interface name="storage_create_fixed_disk">
## <description> ## <desc>
## Create block devices in /dev with the fixed disk type. ## Create block devices in /dev with the fixed disk type.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_create_fixed_disk_dev_entry',` interface(`storage_create_fixed_disk_dev_entry',`
@ -157,12 +157,12 @@ interface(`storage_create_fixed_disk_dev_entry',`
######################################## ########################################
## <interface name="storage_manage_fixed_disk"> ## <interface name="storage_manage_fixed_disk">
## <description> ## <desc>
## Create, read, write, and delete fixed disk device nodes. ## Create, read, write, and delete fixed disk device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_manage_fixed_disk',` interface(`storage_manage_fixed_disk',`
@ -179,15 +179,15 @@ interface(`storage_manage_fixed_disk',`
######################################## ########################################
## <interface name="storage_raw_read_lvm_volume"> ## <interface name="storage_raw_read_lvm_volume">
## <description> ## <desc>
## Allow the caller to directly read from a logical volume. ## Allow the caller to directly read from a logical volume.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_raw_read_lvm_volume',` interface(`storage_raw_read_lvm_volume',`
@ -204,15 +204,15 @@ interface(`storage_raw_read_lvm_volume',`
######################################## ########################################
## <interface name="storage_raw_write_lvm_volume"> ## <interface name="storage_raw_write_lvm_volume">
## <description> ## <desc>
## Allow the caller to directly read from a logical volume. ## Allow the caller to directly read from a logical volume.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_raw_write_lvm_volume',` interface(`storage_raw_write_lvm_volume',`
@ -229,13 +229,13 @@ interface(`storage_raw_write_lvm_volume',`
######################################## ########################################
## <interface name="storage_getattr_scsi_generic"> ## <interface name="storage_getattr_scsi_generic">
## <description> ## <desc>
## Allow the caller to get the attributes of ## Allow the caller to get the attributes of
## the generic SCSI interface device nodes. ## the generic SCSI interface device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_getattr_scsi_generic',` interface(`storage_getattr_scsi_generic',`
@ -250,13 +250,13 @@ interface(`storage_getattr_scsi_generic',`
######################################## ########################################
## <interface name="storage_setattr_scsi_generic"> ## <interface name="storage_setattr_scsi_generic">
## <description> ## <desc>
## Allow the caller to set the attributes of ## Allow the caller to set the attributes of
## the generic SCSI interface device nodes. ## the generic SCSI interface device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_setattr_scsi_generic',` interface(`storage_setattr_scsi_generic',`
@ -271,16 +271,16 @@ interface(`storage_setattr_scsi_generic',`
######################################## ########################################
## <interface name="storage_read_scsi_generic"> ## <interface name="storage_read_scsi_generic">
## <description> ## <desc>
## Allow the caller to directly read, in a ## Allow the caller to directly read, in a
## generic fashion, from any SCSI device. ## generic fashion, from any SCSI device.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_read_scsi_generic',` interface(`storage_read_scsi_generic',`
@ -297,16 +297,16 @@ interface(`storage_read_scsi_generic',`
######################################## ########################################
## <interface name="storage_write_scsi_generic"> ## <interface name="storage_write_scsi_generic">
## <description> ## <desc>
## Allow the caller to directly write, in a ## Allow the caller to directly write, in a
## generic fashion, from any SCSI device. ## generic fashion, from any SCSI device.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_write_scsi_generic',` interface(`storage_write_scsi_generic',`
@ -323,13 +323,13 @@ interface(`storage_write_scsi_generic',`
######################################## ########################################
## <interface name="storage_getattr_scsi_generic"> ## <interface name="storage_getattr_scsi_generic">
## <description> ## <desc>
## Get attributes of the device nodes ## Get attributes of the device nodes
## for the SCSI generic inerface. ## for the SCSI generic inerface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_getattr_scsi_generic',` interface(`storage_getattr_scsi_generic',`
@ -344,13 +344,13 @@ interface(`storage_getattr_scsi_generic',`
######################################## ########################################
## <interface name="storage_setattr_scsi_generic"> ## <interface name="storage_setattr_scsi_generic">
## <description> ## <desc>
## Set attributes of the device nodes ## Set attributes of the device nodes
## for the SCSI generic inerface. ## for the SCSI generic inerface.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_set_scsi_generic_attributes',` interface(`storage_set_scsi_generic_attributes',`
@ -365,13 +365,13 @@ interface(`storage_set_scsi_generic_attributes',`
######################################## ########################################
## <interface name="storage_getattr_removable_device"> ## <interface name="storage_getattr_removable_device">
## <description> ## <desc>
## Allow the caller to get the attributes of removable ## Allow the caller to get the attributes of removable
## devices device nodes. ## devices device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_getattr_removable_device',` interface(`storage_getattr_removable_device',`
@ -386,13 +386,13 @@ interface(`storage_getattr_removable_device',`
######################################## ########################################
## <interface name="storage_dontaudit_getattr_removable_device"> ## <interface name="storage_dontaudit_getattr_removable_device">
## <description> ## <desc>
## Do not audit attempts made by the caller to get ## Do not audit attempts made by the caller to get
## the attributes of removable devices device nodes. ## the attributes of removable devices device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_dontaudit_getattr_removable_device',` interface(`storage_dontaudit_getattr_removable_device',`
@ -406,13 +406,13 @@ interface(`storage_dontaudit_getattr_removable_device',`
######################################## ########################################
## <interface name="storage_setattr_removable_device"> ## <interface name="storage_setattr_removable_device">
## <description> ## <desc>
## Allow the caller to set the attributes of removable ## Allow the caller to set the attributes of removable
## devices device nodes. ## devices device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_setattr_removable_device',` interface(`storage_setattr_removable_device',`
@ -427,13 +427,13 @@ interface(`storage_setattr_removable_device',`
######################################## ########################################
## <interface name="storage_dontaudit_setattr_removable_device"> ## <interface name="storage_dontaudit_setattr_removable_device">
## <description> ## <desc>
## Do not audit attempts made by the caller to set ## Do not audit attempts made by the caller to set
## the attributes of removable devices device nodes. ## the attributes of removable devices device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_dontaudit_setattr_removable_device',` interface(`storage_dontaudit_setattr_removable_device',`
@ -447,16 +447,16 @@ interface(`storage_dontaudit_setattr_removable_device',`
######################################## ########################################
## <interface name="storage_raw_read_removable_device"> ## <interface name="storage_raw_read_removable_device">
## <description> ## <desc>
## Allow the caller to directly read from ## Allow the caller to directly read from
## a removable device. ## a removable device.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_raw_read_removable_device',` interface(`storage_raw_read_removable_device',`
@ -471,16 +471,16 @@ interface(`storage_raw_read_removable_device',`
######################################## ########################################
## <interface name="storage_raw_write_removable_device"> ## <interface name="storage_raw_write_removable_device">
## <description> ## <desc>
## Allow the caller to directly write to ## Allow the caller to directly write to
## a removable device. ## a removable device.
## This is extremly dangerous as it can bypass the ## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and ## SELinux protections for filesystem objects, and
## should only be used by trusted domains. ## should only be used by trusted domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_raw_write_removable_device',` interface(`storage_raw_write_removable_device',`
@ -495,13 +495,13 @@ interface(`storage_raw_write_removable_device',`
######################################## ########################################
## <interface name="storage_read_tape_device"> ## <interface name="storage_read_tape_device">
## <description> ## <desc>
## Allow the caller to directly read ## Allow the caller to directly read
## a tape device. ## a tape device.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_read_tape_device',` interface(`storage_read_tape_device',`
@ -516,13 +516,13 @@ interface(`storage_read_tape_device',`
######################################## ########################################
## <interface name="storage_write_tape_device"> ## <interface name="storage_write_tape_device">
## <description> ## <desc>
## Allow the caller to directly read ## Allow the caller to directly read
## a tape device. ## a tape device.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_write_tape_device',` interface(`storage_write_tape_device',`
@ -537,13 +537,13 @@ interface(`storage_write_tape_device',`
######################################## ########################################
## <interface name="storage_getattr_tape_device"> ## <interface name="storage_getattr_tape_device">
## <description> ## <desc>
## Allow the caller to get the attributes ## Allow the caller to get the attributes
## of device nodes of tape devices. ## of device nodes of tape devices.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_getattr_tape_device',` interface(`storage_getattr_tape_device',`
@ -558,13 +558,13 @@ interface(`storage_getattr_tape_device',`
######################################## ########################################
## <interface name="storage_setattr_tape_device"> ## <interface name="storage_setattr_tape_device">
## <description> ## <desc>
## Allow the caller to set the attributes ## Allow the caller to set the attributes
## of device nodes of tape devices. ## of device nodes of tape devices.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`storage_setattr_tape_device',` interface(`storage_setattr_tape_device',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="term_pty"> ## <interface name="term_pty">
## <description> ## <desc>
## Transform specified type into a pty type. ## Transform specified type into a pty type.
## </description> ## </desc>
## <parameter name="pty_type"> ## <param name="pty_type">
## An object type that will applied to a pty. ## An object type that will applied to a pty.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_pty',` interface(`term_pty',`
@ -24,18 +24,18 @@ interface(`term_pty',`
######################################## ########################################
## <interface name="term_user_pty"> ## <interface name="term_user_pty">
## <description> ## <desc>
## Transform specified type into an user ## Transform specified type into an user
## pty type. This allows it to be relabeled via ## pty type. This allows it to be relabeled via
## type change by login programs such as ssh. ## type change by login programs such as ssh.
## </description> ## </desc>
## <parameter name="userdomain"> ## <param name="userdomain">
## The type of the user domain associated with ## The type of the user domain associated with
## this pty. ## this pty.
## </parameter> ## </param>
## <parameter name="object_type"> ## <param name="object_type">
## An object type that will applied to a pty. ## An object type that will applied to a pty.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_user_pty',` interface(`term_user_pty',`
@ -49,13 +49,13 @@ interface(`term_user_pty',`
######################################## ########################################
## <interface name="term_login_pty"> ## <interface name="term_login_pty">
## <description> ## <desc>
## Transform specified type into a pty type ## Transform specified type into a pty type
## used by login programs, such as sshd. ## used by login programs, such as sshd.
## </description> ## </desc>
## <parameter name="pty_type"> ## <param name="pty_type">
## An object type that will applied to a pty. ## An object type that will applied to a pty.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_login_pty',` interface(`term_login_pty',`
@ -69,12 +69,12 @@ interface(`term_login_pty',`
######################################## ########################################
## <interface name="term_tty"> ## <interface name="term_tty">
## <description> ## <desc>
## Transform specified type into a tty type. ## Transform specified type into a tty type.
## </description> ## </desc>
## <parameter name="tty_type"> ## <param name="tty_type">
## An object type that will applied to a tty. ## An object type that will applied to a tty.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_tty',` interface(`term_tty',`
@ -99,15 +99,15 @@ interface(`term_tty',`
######################################## ########################################
## <interface name="term_create_pty"> ## <interface name="term_create_pty">
## <description> ## <desc>
## Create a pty in the /dev/pts directory. ## Create a pty in the /dev/pts directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process creating the pty. ## The type of the process creating the pty.
## </parameter> ## </param>
## <parameter name="pty_type"> ## <param name="pty_type">
## The type of the pty. ## The type of the pty.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_create_pty',` interface(`term_create_pty',`
@ -129,13 +129,13 @@ interface(`term_create_pty',`
######################################## ########################################
## <interface name="term_use_all_terms"> ## <interface name="term_use_all_terms">
## <description> ## <desc>
## Read and write the console, all ## Read and write the console, all
## ttys and all ptys. ## ttys and all ptys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_use_all_terms',` interface(`term_use_all_terms',`
@ -153,12 +153,12 @@ interface(`term_use_all_terms',`
######################################## ########################################
## <interface name="term_write_console"> ## <interface name="term_write_console">
## <description> ## <desc>
## Write to the console. ## Write to the console.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_write_console',` interface(`term_write_console',`
@ -173,12 +173,12 @@ interface(`term_write_console',`
######################################## ########################################
## <interface name="term_use_console"> ## <interface name="term_use_console">
## <description> ## <desc>
## Read from and write to the console. ## Read from and write to the console.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_use_console',` interface(`term_use_console',`
@ -193,13 +193,13 @@ interface(`term_use_console',`
######################################## ########################################
## <interface name="term_dontaudit_use_console"> ## <interface name="term_dontaudit_use_console">
## <description> ## <desc>
## Do not audit attemtps to read from ## Do not audit attemtps to read from
## or write to the console. ## or write to the console.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_use_console',` interface(`term_dontaudit_use_console',`
@ -213,13 +213,13 @@ interface(`term_dontaudit_use_console',`
######################################## ########################################
## <interface name="term_setattr_console"> ## <interface name="term_setattr_console">
## <description> ## <desc>
## Set the attributes of the console ## Set the attributes of the console
## device node. ## device node.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_setattr_console',` interface(`term_setattr_console',`
@ -234,13 +234,13 @@ interface(`term_setattr_console',`
######################################## ########################################
## <interface name="term_list_ptys"> ## <interface name="term_list_ptys">
## <description> ## <desc>
## Read the /dev/pts directory to ## Read the /dev/pts directory to
## list all ptys. ## list all ptys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_list_ptys',` interface(`term_list_ptys',`
@ -255,13 +255,13 @@ interface(`term_list_ptys',`
######################################## ########################################
## <interface name="term_dontaudit_list_ptys"> ## <interface name="term_dontaudit_list_ptys">
## <description> ## <desc>
## Do not audit attempts to read the ## Do not audit attempts to read the
## /dev/pts directory to. ## /dev/pts directory to.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_list_ptys',` interface(`term_dontaudit_list_ptys',`
@ -275,14 +275,14 @@ interface(`term_dontaudit_list_ptys',`
######################################## ########################################
## <interface name="term_use_generic_pty"> ## <interface name="term_use_generic_pty">
## <description> ## <desc>
## Read and write the generic pty ## Read and write the generic pty
## type. This is generally only used in ## type. This is generally only used in
## the targeted policy. ## the targeted policy.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_use_generic_pty',` interface(`term_use_generic_pty',`
@ -297,14 +297,14 @@ interface(`term_use_generic_pty',`
######################################## ########################################
## <interface name="term_dontaudit_use_generic_pty"> ## <interface name="term_dontaudit_use_generic_pty">
## <description> ## <desc>
## Dot not audit attempts to read and ## Dot not audit attempts to read and
## write the generic pty type. This is ## write the generic pty type. This is
## generally only used in the targeted policy. ## generally only used in the targeted policy.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_use_generic_pty',` interface(`term_dontaudit_use_generic_pty',`
@ -318,13 +318,13 @@ interface(`term_dontaudit_use_generic_pty',`
######################################## ########################################
## <interface name="term_use_controlling_term"> ## <interface name="term_use_controlling_term">
## <description> ## <desc>
## Read and write the controlling ## Read and write the controlling
## terminal (/dev/tty). ## terminal (/dev/tty).
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_use_controlling_term',` interface(`term_use_controlling_term',`
@ -339,13 +339,13 @@ interface(`term_use_controlling_term',`
######################################## ########################################
## <interface name="term_dontaudit_use_ptmx"> ## <interface name="term_dontaudit_use_ptmx">
## <description> ## <desc>
## Do not audit attempts to read and ## Do not audit attempts to read and
## write the pty multiplexor (/dev/ptmx). ## write the pty multiplexor (/dev/ptmx).
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_use_ptmx',` interface(`term_dontaudit_use_ptmx',`
@ -359,13 +359,13 @@ interface(`term_dontaudit_use_ptmx',`
######################################## ########################################
## <interface name="term_getattr_all_user_ptys"> ## <interface name="term_getattr_all_user_ptys">
## <description> ## <desc>
## Get the attributes of all user ## Get the attributes of all user
## pty device nodes. ## pty device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_getattr_all_user_ptys',` interface(`term_getattr_all_user_ptys',`
@ -382,12 +382,12 @@ interface(`term_getattr_all_user_ptys',`
######################################## ########################################
## <interface name="term_use_all_user_ptys"> ## <interface name="term_use_all_user_ptys">
## <description> ## <desc>
## Read and write all user ptys. ## Read and write all user ptys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_use_all_user_ptys',` interface(`term_use_all_user_ptys',`
@ -404,13 +404,13 @@ interface(`term_use_all_user_ptys',`
######################################## ########################################
## <interface name="term_dontaudit_use_all_user_ptys"> ## <interface name="term_dontaudit_use_all_user_ptys">
## <description> ## <desc>
## Do not audit attempts to read any ## Do not audit attempts to read any
## user ptys. ## user ptys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_use_all_user_ptys',` interface(`term_dontaudit_use_all_user_ptys',`
@ -424,13 +424,13 @@ interface(`term_dontaudit_use_all_user_ptys',`
######################################## ########################################
## <interface name="term_relabel_all_user_ptys"> ## <interface name="term_relabel_all_user_ptys">
## <description> ## <desc>
## Relabel from and to all user ## Relabel from and to all user
## user pty device nodes. ## user pty device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_relabel_all_user_ptys',` interface(`term_relabel_all_user_ptys',`
@ -445,13 +445,13 @@ interface(`term_relabel_all_user_ptys',`
######################################## ########################################
## <interface name="term_getattr_unallocated_ttys"> ## <interface name="term_getattr_unallocated_ttys">
## <description> ## <desc>
## Get the attributes of all unallocated ## Get the attributes of all unallocated
## tty device nodes. ## tty device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_getattr_unallocated_ttys',` interface(`term_getattr_unallocated_ttys',`
@ -466,13 +466,13 @@ interface(`term_getattr_unallocated_ttys',`
######################################## ########################################
## <interface name="term_setattr_unallocated_ttys"> ## <interface name="term_setattr_unallocated_ttys">
## <description> ## <desc>
## Set the attributes of all unallocated ## Set the attributes of all unallocated
## tty device nodes. ## tty device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_setattr_unallocated_ttys',` interface(`term_setattr_unallocated_ttys',`
@ -487,13 +487,13 @@ interface(`term_setattr_unallocated_ttys',`
######################################## ########################################
## <interface name="term_relabel_unallocated_ttys"> ## <interface name="term_relabel_unallocated_ttys">
## <description> ## <desc>
## Relabel from and to the unallocated ## Relabel from and to the unallocated
## tty type. ## tty type.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_relabel_unallocated_ttys',` interface(`term_relabel_unallocated_ttys',`
@ -508,13 +508,13 @@ interface(`term_relabel_unallocated_ttys',`
######################################## ########################################
## <interface name="term_reset_tty_labels"> ## <interface name="term_reset_tty_labels">
## <description> ## <desc>
## Relabel from all user tty types to ## Relabel from all user tty types to
## the unallocated tty type. ## the unallocated tty type.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_reset_tty_labels',` interface(`term_reset_tty_labels',`
@ -531,12 +531,12 @@ interface(`term_reset_tty_labels',`
######################################## ########################################
## <interface name="term_write_unallocated_ttys"> ## <interface name="term_write_unallocated_ttys">
## <description> ## <desc>
## Write to unallocated ttys. ## Write to unallocated ttys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_write_unallocated_ttys',` interface(`term_write_unallocated_ttys',`
@ -551,12 +551,12 @@ interface(`term_write_unallocated_ttys',`
######################################## ########################################
## <interface name="term_use_unallocated_tty"> ## <interface name="term_use_unallocated_tty">
## <description> ## <desc>
## Read and write unallocated ttys. ## Read and write unallocated ttys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_use_unallocated_tty',` interface(`term_use_unallocated_tty',`
@ -571,13 +571,13 @@ interface(`term_use_unallocated_tty',`
######################################## ########################################
## <interface name="term_dontaudit_use_unallocated_tty"> ## <interface name="term_dontaudit_use_unallocated_tty">
## <description> ## <desc>
## Do not audit attempts to read or ## Do not audit attempts to read or
## write unallocated ttys. ## write unallocated ttys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process to not audit. ## The type of the process to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_use_unallocated_tty',` interface(`term_dontaudit_use_unallocated_tty',`
@ -591,13 +591,13 @@ interface(`term_dontaudit_use_unallocated_tty',`
######################################## ########################################
## <interface name="term_getattr_all_user_ttys"> ## <interface name="term_getattr_all_user_ttys">
## <description> ## <desc>
## Get the attributes of all user tty ## Get the attributes of all user tty
## device nodes. ## device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_getattr_all_user_ttys',` interface(`term_getattr_all_user_ttys',`
@ -612,14 +612,14 @@ interface(`term_getattr_all_user_ttys',`
######################################## ########################################
## <interface name="term_dontaudit_getattr_all_user_ttys"> ## <interface name="term_dontaudit_getattr_all_user_ttys">
## <description> ## <desc>
## Do not audit attempts to get the ## Do not audit attempts to get the
## attributes of any user tty ## attributes of any user tty
## device nodes. ## device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_getattr_all_user_ttys',` interface(`term_dontaudit_getattr_all_user_ttys',`
@ -634,13 +634,13 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
######################################## ########################################
## <interface name="term_setattr_all_user_ttys"> ## <interface name="term_setattr_all_user_ttys">
## <description> ## <desc>
## Set the attributes of all user tty ## Set the attributes of all user tty
## device nodes. ## device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_setattr_all_user_ttys',` interface(`term_setattr_all_user_ttys',`
@ -655,13 +655,13 @@ interface(`term_setattr_all_user_ttys',`
######################################## ########################################
## <interface name="term_relabel_all_user_ttys"> ## <interface name="term_relabel_all_user_ttys">
## <description> ## <desc>
## Relabel from and to all user ## Relabel from and to all user
## user tty device nodes. ## user tty device nodes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_relabel_all_user_ttys',` interface(`term_relabel_all_user_ttys',`
@ -676,12 +676,12 @@ interface(`term_relabel_all_user_ttys',`
######################################## ########################################
## <interface name="term_write_all_user_ttys"> ## <interface name="term_write_all_user_ttys">
## <description> ## <desc>
## Write to all user ttys. ## Write to all user ttys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_write_all_user_ttys',` interface(`term_write_all_user_ttys',`
@ -696,12 +696,12 @@ interface(`term_write_all_user_ttys',`
######################################## ########################################
## <interface name="term_use_all_user_ttys"> ## <interface name="term_use_all_user_ttys">
## <description> ## <desc>
## Read and write all user to all user ttys. ## Read and write all user to all user ttys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_use_all_user_ttys',` interface(`term_use_all_user_ttys',`
@ -716,13 +716,13 @@ interface(`term_use_all_user_ttys',`
######################################## ########################################
## <interface name="term_dontaudit_use_all_user_ttys"> ## <interface name="term_dontaudit_use_all_user_ttys">
## <description> ## <desc>
## Do not audit attempts to read or write ## Do not audit attempts to read or write
## any user ttys. ## any user ttys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`term_dontaudit_use_all_user_ttys',` interface(`term_dontaudit_use_all_user_ttys',`

View File

@ -195,12 +195,12 @@ interface(`mta_exec',`
######################################## ########################################
## <interface name="mta_read_aliases"> ## <interface name="mta_read_aliases">
## <description> ## <desc>
## Read mail address aliases. ## Read mail address aliases.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`mta_read_aliases',` interface(`mta_read_aliases',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="remotelogin_domtrans"> ## <interface name="remotelogin_domtrans">
## <description> ## <desc>
## Domain transition to the remote login domain. ## Domain transition to the remote login domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`remotelogin_domtrans',` interface(`remotelogin_domtrans',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="sendmail_domtrans"> ## <interface name="sendmail_domtrans">
## <description> ## <desc>
## Domain transition to sendmail. ## Domain transition to sendmail.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`sendmail_domtrans',` interface(`sendmail_domtrans',`

View File

@ -90,12 +90,12 @@ interface(`authlogin_per_userdomain_template',`
######################################## ########################################
## <interface name="auth_login_entry_type"> ## <interface name="auth_login_entry_type">
## <description> ## <desc>
## Use the login program as an entry point program. ## Use the login program as an entry point program.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of process using the login program as entry point. ## The type of process using the login program as entry point.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_login_entry_type',` interface(`auth_login_entry_type',`
@ -108,15 +108,15 @@ interface(`auth_login_entry_type',`
######################################## ########################################
## <interface name="auth_domtrans_login_program"> ## <interface name="auth_domtrans_login_program">
## <description> ## <desc>
## Execute a login_program in the target domain. ## Execute a login_program in the target domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="target_domain"> ## <param name="target_domain">
## The type of the login_program process. ## The type of the login_program process.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_domtrans_login_program',` interface(`auth_domtrans_login_program',`
@ -138,12 +138,12 @@ interface(`auth_domtrans_login_program',`
######################################## ########################################
## <interface name="auth_domtrans_chk_passwd"> ## <interface name="auth_domtrans_chk_passwd">
## <description> ## <desc>
## Run unix_chkpwd to check a password. ## Run unix_chkpwd to check a password.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_domtrans_chk_passwd',` interface(`auth_domtrans_chk_passwd',`
@ -182,12 +182,12 @@ interface(`auth_domtrans_chk_passwd',`
######################################## ########################################
## <interface name="auth_dontaudit_getattr_shadow"> ## <interface name="auth_dontaudit_getattr_shadow">
## <description> ## <desc>
## ##
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_dontaudit_getattr_shadow',` interface(`auth_dontaudit_getattr_shadow',`
@ -201,12 +201,12 @@ interface(`auth_dontaudit_getattr_shadow',`
######################################## ########################################
## <interface name="auth_read_shadow"> ## <interface name="auth_read_shadow">
## <description> ## <desc>
## Read the shadow passwords file (/etc/shadow) ## Read the shadow passwords file (/etc/shadow)
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_read_shadow',` interface(`auth_read_shadow',`
@ -223,13 +223,13 @@ interface(`auth_read_shadow',`
######################################## ########################################
## <interface name="auth_dontaudit_read_shadow"> ## <interface name="auth_dontaudit_read_shadow">
## <description> ## <desc>
## Do not audit attempts to read the shadow ## Do not audit attempts to read the shadow
## password file (/etc/shadow). ## password file (/etc/shadow).
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the domain to not audit. ## The type of the domain to not audit.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_dontaudit_read_shadow',` interface(`auth_dontaudit_read_shadow',`
@ -243,12 +243,12 @@ interface(`auth_dontaudit_read_shadow',`
######################################## ########################################
## <interface name="auth_rw_shadow"> ## <interface name="auth_rw_shadow">
## <description> ## <desc>
## Read and write the shadow password file (/etc/shadow). ## Read and write the shadow password file (/etc/shadow).
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_rw_shadow',` interface(`auth_rw_shadow',`
@ -326,12 +326,12 @@ interface(`auth_rw_lastlog',`
######################################## ########################################
## <interface name="auth_domtrans_pam"> ## <interface name="auth_domtrans_pam">
## <description> ## <desc>
## Execute pam programs in the pam domain. ## Execute pam programs in the pam domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_domtrans_pam',` interface(`auth_domtrans_pam',`
@ -352,18 +352,18 @@ interface(`auth_domtrans_pam',`
######################################## ########################################
## <interface name="auth_run_pam"> ## <interface name="auth_run_pam">
## <description> ## <desc>
## Execute pam programs in the PAM domain. ## Execute pam programs in the PAM domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to allow the PAM domain. ## The role to allow the PAM domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the PAM domain to use. ## The type of the terminal allow the PAM domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_run_pam',` interface(`auth_run_pam',`
@ -379,12 +379,12 @@ interface(`auth_run_pam',`
######################################## ########################################
## <interface name="auth_exec_pam"> ## <interface name="auth_exec_pam">
## <description> ## <desc>
## Execute the pam program. ## Execute the pam program.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_exec_pam',` interface(`auth_exec_pam',`
@ -414,12 +414,12 @@ interface(`auth_read_pam_pid',`
######################################## ########################################
## <interface name="auth_delete_pam_pid"> ## <interface name="auth_delete_pam_pid">
## <description> ## <desc>
## Delete pam PID files. ## Delete pam PID files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_delete_pam_pid',` interface(`auth_delete_pam_pid',`
@ -508,17 +508,17 @@ interface(`auth_manage_pam_console_data',`
######################################## ########################################
## <interface name="auth_relabel_all_files_except_shadow"> ## <interface name="auth_relabel_all_files_except_shadow">
## <description> ## <desc>
## Relabel all files on the filesystem, except ## Relabel all files on the filesystem, except
## the shadow passwords and listed exceptions. ## the shadow passwords and listed exceptions.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the domain perfoming this action. ## The type of the domain perfoming this action.
## </parameter> ## </param>
## <parameter name="exception_types" optional="true"> ## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute ## The types to be excluded. Each type or attribute
## must be negated by the caller. ## must be negated by the caller.
## </parameter> ## </param>
## </interface> ## </interface>
# #
@ -532,17 +532,17 @@ interface(`auth_relabel_all_files_except_shadow',`
######################################## ########################################
## <interface name="auth_manage_all_files_except_shadow"> ## <interface name="auth_manage_all_files_except_shadow">
## <description> ## <desc>
## Manage all files on the filesystem, except ## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions. ## the shadow passwords and listed exceptions.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the domain perfoming this action. ## The type of the domain perfoming this action.
## </parameter> ## </param>
## <parameter name="exception_types" optional="true"> ## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute ## The types to be excluded. Each type or attribute
## must be negated by the caller. ## must be negated by the caller.
## </parameter> ## </param>
## </interface> ## </interface>
# #
@ -556,12 +556,12 @@ interface(`auth_manage_all_files_except_shadow',`
######################################## ########################################
## <interface name="auth_domtrans_utempter"> ## <interface name="auth_domtrans_utempter">
## <description> ## <desc>
## Execute utempter programs in the utempter domain. ## Execute utempter programs in the utempter domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_domtrans_utempter',` interface(`auth_domtrans_utempter',`
@ -582,18 +582,18 @@ interface(`auth_domtrans_utempter',`
######################################## ########################################
## <interface name="auth_run_utempter"> ## <interface name="auth_run_utempter">
## <description> ## <desc>
## Execute utempter programs in the utempter domain. ## Execute utempter programs in the utempter domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to allow the utempter domain. ## The role to allow the utempter domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the utempter domain to use. ## The type of the terminal allow the utempter domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`auth_run_utempter',` interface(`auth_run_utempter',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="clock_domtrans"> ## <interface name="clock_domtrans">
## <description> ## <desc>
## Execute hwclock in the clock domain. ## Execute hwclock in the clock domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`clock_domtrans',` interface(`clock_domtrans',`
@ -28,19 +28,19 @@ interface(`clock_domtrans',`
######################################## ########################################
## <interface name="clock_run"> ## <interface name="clock_run">
## <description> ## <desc>
## Execute hwclock in the clock domain, and ## Execute hwclock in the clock domain, and
## allow the specified role the hwclock domain. ## allow the specified role the hwclock domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the clock domain. ## The role to be allowed the clock domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the clock domain to use. ## The type of the terminal allow the clock domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`clock_run',` interface(`clock_run',`
@ -56,12 +56,12 @@ interface(`clock_run',`
######################################## ########################################
## <interface name="clock_exec"> ## <interface name="clock_exec">
## <description> ## <desc>
## Execute hwclock ## Execute hwclock
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`clock_exec',` interface(`clock_exec',`
@ -74,12 +74,12 @@ interface(`clock_exec',`
######################################## ########################################
## <interface name="clock_rw_adjtime"> ## <interface name="clock_rw_adjtime">
## <description> ## <desc>
## Allow executing domain to modify clock drift ## Allow executing domain to modify clock drift
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`clock_rw_adjtime',` interface(`clock_rw_adjtime',`

View File

@ -149,17 +149,17 @@ interface(`corecmd_exec_ls',`
######################################## ########################################
## <interface name="corecmd_shell_spec_domtrans"> ## <interface name="corecmd_shell_spec_domtrans">
## <description> ## <desc>
## Execute a shell in the target domain. This ## Execute a shell in the target domain. This
## is an explicit transition, requiring the ## is an explicit transition, requiring the
## caller to use setexeccon(). ## caller to use setexeccon().
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="target_domain"> ## <param name="target_domain">
## The type of the shell process. ## The type of the shell process.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`corecmd_shell_spec_domtrans',` interface(`corecmd_shell_spec_domtrans',`
@ -185,15 +185,15 @@ interface(`corecmd_shell_spec_domtrans',`
######################################## ########################################
## <interface name="corecmd_domtrans_shell"> ## <interface name="corecmd_domtrans_shell">
## <description> ## <desc>
## Execute a shell in the target domain. ## Execute a shell in the target domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="target_domain"> ## <param name="target_domain">
## The type of the shell process. ## The type of the shell process.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`corecmd_domtrans_shell',` interface(`corecmd_domtrans_shell',`

View File

@ -93,13 +93,13 @@ interface(`domain_dyntrans_type',`
######################################## ########################################
## <interface name="domain_subj_id_change_exempt"> ## <interface name="domain_subj_id_change_exempt">
## <description> ## <desc>
## Makes caller an exception to the constraint preventing ## Makes caller an exception to the constraint preventing
## changing of user identity. ## changing of user identity.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to make an exception to the constraint. ## The process type to make an exception to the constraint.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_subj_id_change_exempt',` interface(`domain_subj_id_change_exempt',`
@ -112,13 +112,13 @@ interface(`domain_subj_id_change_exempt',`
######################################## ########################################
## <interface name="domain_role_change_exempt"> ## <interface name="domain_role_change_exempt">
## <description> ## <desc>
## Makes caller an exception to the constraint preventing ## Makes caller an exception to the constraint preventing
## changing of role. ## changing of role.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to make an exception to the constraint. ## The process type to make an exception to the constraint.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_role_change_exempt',` interface(`domain_role_change_exempt',`
@ -131,13 +131,13 @@ interface(`domain_role_change_exempt',`
######################################## ########################################
## <interface name="domain_obj_id_change_exempt"> ## <interface name="domain_obj_id_change_exempt">
## <description> ## <desc>
## Makes caller an exception to the constraint preventing ## Makes caller an exception to the constraint preventing
## changing the user identity in object contexts. ## changing the user identity in object contexts.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The process type to make an exception to the constraint. ## The process type to make an exception to the constraint.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_obj_id_change_exempt',` interface(`domain_obj_id_change_exempt',`
@ -189,12 +189,12 @@ interface(`domain_setpriority_all_domains',`
######################################## ########################################
## <interface name="domain_signal_all_domains"> ## <interface name="domain_signal_all_domains">
## <description> ## <desc>
## Send general signals to all domains. ## Send general signals to all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_signal_all_domains',` interface(`domain_signal_all_domains',`
@ -208,12 +208,12 @@ interface(`domain_signal_all_domains',`
######################################## ########################################
## <interface name="domain_signull_all_domains"> ## <interface name="domain_signull_all_domains">
## <description> ## <desc>
## Send a null signal to all domains. ## Send a null signal to all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_signull_all_domains',` interface(`domain_signull_all_domains',`
@ -227,12 +227,12 @@ interface(`domain_signull_all_domains',`
######################################## ########################################
## <interface name="domain_sigstop_all_domains"> ## <interface name="domain_sigstop_all_domains">
## <description> ## <desc>
## Send a stop signal to all domains. ## Send a stop signal to all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_sigstop_all_domains',` interface(`domain_sigstop_all_domains',`
@ -246,12 +246,12 @@ interface(`domain_sigstop_all_domains',`
######################################## ########################################
## <interface name="domain_sigchld_all_domains"> ## <interface name="domain_sigchld_all_domains">
## <description> ## <desc>
## Send a child terminated signal to all domains. ## Send a child terminated signal to all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_sigchld_all_domains',` interface(`domain_sigchld_all_domains',`
@ -265,12 +265,12 @@ interface(`domain_sigchld_all_domains',`
######################################## ########################################
## <interface name="domain_kill_all_domains"> ## <interface name="domain_kill_all_domains">
## <description> ## <desc>
## Send a kill signal to all domains. ## Send a kill signal to all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_kill_all_domains',` interface(`domain_kill_all_domains',`
@ -286,12 +286,12 @@ interface(`domain_kill_all_domains',`
######################################## ########################################
## <interface name="domain_read_all_domains_state"> ## <interface name="domain_read_all_domains_state">
## <description> ## <desc>
## Read the process state (/proc/pid) of all domains. ## Read the process state (/proc/pid) of all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_read_all_domains_state',` interface(`domain_read_all_domains_state',`
@ -317,13 +317,13 @@ interface(`domain_read_all_domains_state',`
######################################## ########################################
## <interface name="domain_dontaudit_list_all_domains_proc"> ## <interface name="domain_dontaudit_list_all_domains_proc">
## <description> ## <desc>
## Do not audit attempts to read the process state ## Do not audit attempts to read the process state
## directories of all domains. ## directories of all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_dontaudit_list_all_domains_proc',` interface(`domain_dontaudit_list_all_domains_proc',`
@ -337,12 +337,12 @@ interface(`domain_dontaudit_list_all_domains_proc',`
######################################## ########################################
## <interface name="domain_getsession_all_domains"> ## <interface name="domain_getsession_all_domains">
## <description> ## <desc>
## Get the session ID of all domains. ## Get the session ID of all domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_getsession_all_domains',` interface(`domain_getsession_all_domains',`
@ -356,13 +356,13 @@ interface(`domain_getsession_all_domains',`
######################################## ########################################
## <interface name="domain_dontaudit_getattr_all_udp_sockets"> ## <interface name="domain_dontaudit_getattr_all_udp_sockets">
## <description> ## <desc>
## Do not audit attempts to get the attributes ## Do not audit attempts to get the attributes
## of all domains UDP sockets. ## of all domains UDP sockets.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_dontaudit_getattr_all_udp_sockets',` interface(`domain_dontaudit_getattr_all_udp_sockets',`
@ -376,13 +376,13 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
######################################## ########################################
## <interface name="domain_dontaudit_getattr_all_tcp_sockets"> ## <interface name="domain_dontaudit_getattr_all_tcp_sockets">
## <description> ## <desc>
## Do not audit attempts to get the attributes ## Do not audit attempts to get the attributes
## of all domains TCP sockets. ## of all domains TCP sockets.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_dontaudit_getattr_all_tcp_sockets',` interface(`domain_dontaudit_getattr_all_tcp_sockets',`
@ -396,13 +396,13 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
######################################## ########################################
## <interface name="domain_dontaudit_getattr_all_unix_dgram_sockets"> ## <interface name="domain_dontaudit_getattr_all_unix_dgram_sockets">
## <description> ## <desc>
## Do not audit attempts to get the attributes ## Do not audit attempts to get the attributes
## of all domains unix datagram sockets. ## of all domains unix datagram sockets.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',` interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
@ -416,13 +416,13 @@ interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
######################################## ########################################
## <interface name="domain_dontaudit_getattr_all_unnamed_pipes"> ## <interface name="domain_dontaudit_getattr_all_unnamed_pipes">
## <description> ## <desc>
## Do not audit attempts to get the attributes ## Do not audit attempts to get the attributes
## of all domains unnamed pipes. ## of all domains unnamed pipes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`domain_dontaudit_getattr_all_unnamed_pipes',` interface(`domain_dontaudit_getattr_all_unnamed_pipes',`

View File

@ -2,7 +2,7 @@
## <summary> ## <summary>
## Basic filesystem types and interfaces. ## Basic filesystem types and interfaces.
## </summary> ## </summary>
## <description> ## <desc>
## <p> ## <p>
## This module contains basic filesystem types and interfaces. This ## This module contains basic filesystem types and interfaces. This
## includes: ## includes:
@ -14,7 +14,7 @@
## (/, /etc, /tmp, /usr, etc.).</li> ## (/, /etc, /tmp, /usr, etc.).</li>
## </ul> ## </ul>
## </p> ## </p>
## </description> ## </desc>
######################################## ########################################
# #
@ -84,13 +84,13 @@ interface(`files_tmp_file',`
######################################## ########################################
## <interface name="files_tmpfs_file"> ## <interface name="files_tmpfs_file">
## <description> ## <desc>
## Transform the type into a file, for use on a ## Transform the type into a file, for use on a
## virtual memory filesystem (tmpfs). ## virtual memory filesystem (tmpfs).
## </description> ## </desc>
## <parameter name="type"> ## <param name="type">
## The type to be transformed. ## The type to be transformed.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_tmpfs_file',` interface(`files_tmpfs_file',`
@ -126,17 +126,17 @@ interface(`files_getattr_all_files',`
######################################## ########################################
## <interface name="files_relabel_all_files"> ## <interface name="files_relabel_all_files">
## <description> ## <desc>
## Relabel all files on the filesystem, except ## Relabel all files on the filesystem, except
## the listed exceptions. ## the listed exceptions.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the domain perfoming this action. ## The type of the domain perfoming this action.
## </parameter> ## </param>
## <parameter name="exception_types" optional="true"> ## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute ## The types to be excluded. Each type or attribute
## must be negated by the caller. ## must be negated by the caller.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_relabel_all_files',` interface(`files_relabel_all_files',`
@ -165,17 +165,17 @@ interface(`files_relabel_all_files',`
######################################## ########################################
## <interface name="files_manage_all_files"> ## <interface name="files_manage_all_files">
## <description> ## <desc>
## Manage all files on the filesystem, except ## Manage all files on the filesystem, except
## the listed exceptions. ## the listed exceptions.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the domain perfoming this action. ## The type of the domain perfoming this action.
## </parameter> ## </param>
## <parameter name="exception_types" optional="true"> ## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute ## The types to be excluded. Each type or attribute
## must be negated by the caller. ## must be negated by the caller.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_manage_all_files',` interface(`files_manage_all_files',`
@ -307,23 +307,23 @@ interface(`files_list_root',`
######################################## ########################################
## <interface name="files_create_root"> ## <interface name="files_create_root">
## <description> ## <desc>
## Create an object in the root directory, with a private ## Create an object in the root directory, with a private
## type. If no object class is specified, the ## type. If no object class is specified, the
## default is file. ## default is file.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="private type" optional="true"> ## <param name="private type" optional="true">
## The type of the object to be created. If no type ## The type of the object to be created. If no type
## is specified, the type of the root directory will ## is specified, the type of the root directory will
## be used. ## be used.
## </parameter> ## </param>
## <parameter name="object" optional="true"> ## <param name="object" optional="true">
## The object class of the object being created. If ## The object class of the object being created. If
## no class is specified, file will be used. ## no class is specified, file will be used.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_create_root',` interface(`files_create_root',`
@ -499,12 +499,12 @@ interface(`files_manage_generic_etc_files',`
######################################## ########################################
## <interface name="files_delete_generic_etc_files"> ## <interface name="files_delete_generic_etc_files">
## <description> ## <desc>
## Delete system configuration files in /etc. ## Delete system configuration files in /etc.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_delete_generic_etc_files',` interface(`files_delete_generic_etc_files',`
@ -643,12 +643,12 @@ interface(`files_dontaudit_search_isid_type_dir',`
######################################## ########################################
## <interface name="files_list_home"> ## <interface name="files_list_home">
## <description> ## <desc>
## Get listing home home directories. ## Get listing home home directories.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_list_home',` interface(`files_list_home',`
@ -744,12 +744,12 @@ interface(`files_read_usr_files',`
######################################## ########################################
## <interface name="files_exec_usr_files"> ## <interface name="files_exec_usr_files">
## <description> ## <desc>
## Execute programs in /usr/src in the caller domain. ## Execute programs in /usr/src in the caller domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_exec_usr_files',` interface(`files_exec_usr_files',`
@ -811,12 +811,12 @@ interface(`files_dontaudit_search_var',`
######################################## ########################################
## <interface name="files_search_var_lib"> ## <interface name="files_search_var_lib">
## <description> ## <desc>
## Search the /var/lib directory. ## Search the /var/lib directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_search_var_lib',` interface(`files_search_var_lib',`
@ -988,12 +988,12 @@ interface(`files_rw_generic_pids',`
######################################## ########################################
## <interface name="files_dontaudit_write_all_pids"> ## <interface name="files_dontaudit_write_all_pids">
## <description> ## <desc>
## Do not audit attempts to write to daemon runtime data files. ## Do not audit attempts to write to daemon runtime data files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_dontaudit_write_all_pids',` interface(`files_dontaudit_write_all_pids',`
@ -1007,12 +1007,12 @@ interface(`files_dontaudit_write_all_pids',`
######################################## ########################################
## <interface name="files_dontaudit_ioctl_all_pids"> ## <interface name="files_dontaudit_ioctl_all_pids">
## <description> ## <desc>
## Do not audit attempts to ioctl daemon runtime data files. ## Do not audit attempts to ioctl daemon runtime data files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`files_dontaudit_ioctl_all_pids',` interface(`files_dontaudit_ioctl_all_pids',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="getty_domtrans"> ## <interface name="getty_domtrans">
## <description> ## <desc>
## Execute gettys in the getty domain. ## Execute gettys in the getty domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`getty_domtrans',` interface(`getty_domtrans',`
@ -30,12 +30,12 @@ interface(`getty_domtrans',`
######################################## ########################################
## <interface name="getty_read_log"> ## <interface name="getty_read_log">
## <description> ## <desc>
## Allow process to read getty log file. ## Allow process to read getty log file.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`getty_read_log',` interface(`getty_read_log',`
@ -50,12 +50,12 @@ interface(`getty_read_log',`
######################################## ########################################
## <interface name="getty_read_config"> ## <interface name="getty_read_config">
## <description> ## <desc>
## Allow process to read getty config file. ## Allow process to read getty config file.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`getty_read_config',` interface(`getty_read_config',`
@ -70,12 +70,12 @@ interface(`getty_read_config',`
######################################## ########################################
## <interface name="getty_modify_config"> ## <interface name="getty_modify_config">
## <description> ## <desc>
## Allow process to edit getty config file. ## Allow process to edit getty config file.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`getty_modify_config',` interface(`getty_modify_config',`

View File

@ -3,13 +3,13 @@
######################################## ########################################
## <interface name="hostname_domtrans"> ## <interface name="hostname_domtrans">
## <description> ## <desc>
## Execute hostname in the hostname domain. ## Execute hostname in the hostname domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## Has a sigchld signal backchannel. ## Has a sigchld signal backchannel.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`hostname_domtrans',` interface(`hostname_domtrans',`
@ -31,20 +31,20 @@ interface(`hostname_domtrans',`
######################################## ########################################
## <interface name="hostname_run"> ## <interface name="hostname_run">
## <description> ## <desc>
## Execute hostname in the hostname domain, and ## Execute hostname in the hostname domain, and
## allow the specified role the hostname domain. ## allow the specified role the hostname domain.
## Has a sigchld signal backchannel. ## Has a sigchld signal backchannel.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the hostname domain. ## The role to be allowed the hostname domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the hostname domain to use. ## The type of the terminal allow the hostname domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`hostname_run',` interface(`hostname_run',`
@ -60,13 +60,13 @@ interface(`hostname_run',`
######################################## ########################################
## <interface name="hostname_exec"> ## <interface name="hostname_exec">
## <description> ## <desc>
## Execute hostname in the hostname domain, and ## Execute hostname in the hostname domain, and
## Has a sigchld signal backchannel. ## Has a sigchld signal backchannel.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`hostname_exec',` interface(`hostname_exec',`

View File

@ -79,12 +79,12 @@ interface(`hotplug_dontaudit_search_config',`
######################################## ########################################
## <interface name="hotplug_read_config"> ## <interface name="hotplug_read_config">
## <description> ## <desc>
## Read the configuration files for hotplug. ## Read the configuration files for hotplug.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`hotplug_read_config',` interface(`hotplug_read_config',`

View File

@ -261,12 +261,12 @@ interface(`init_exec_script',`
######################################## ########################################
## <interface name="init_read_script_process_state"> ## <interface name="init_read_script_process_state">
## <description> ## <desc>
## Read the process state (/proc/pid) of the init scripts. ## Read the process state (/proc/pid) of the init scripts.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`init_read_script_process_state',` interface(`init_read_script_process_state',`
@ -331,12 +331,12 @@ interface(`init_get_script_process_group',`
######################################## ########################################
## <interface name="init_rw_script_pipe"> ## <interface name="init_rw_script_pipe">
## <description> ## <desc>
## Read and write init script unnamed pipes. ## Read and write init script unnamed pipes.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`init_rw_script_pipe',` interface(`init_rw_script_pipe',`
@ -377,12 +377,12 @@ interface(`init_dontaudit_use_script_pty',`
######################################## ########################################
## <interface name="init_rw_script_tmp_files"> ## <interface name="init_rw_script_tmp_files">
## <description> ## <desc>
## Read and write init script temporary data. ## Read and write init script temporary data.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`init_rw_script_tmp_files',` interface(`init_rw_script_tmp_files',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="iptables_domtrans"> ## <interface name="iptables_domtrans">
## <description> ## <desc>
## Execute iptables in the iptables domain. ## Execute iptables in the iptables domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`iptables_domtrans',` interface(`iptables_domtrans',`
@ -30,19 +30,19 @@ interface(`iptables_domtrans',`
######################################## ########################################
## <interface name="iptables_run"> ## <interface name="iptables_run">
## <description> ## <desc>
## Execute iptables in the iptables domain, and ## Execute iptables in the iptables domain, and
## allow the specified role the iptables domain. ## allow the specified role the iptables domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the iptables domain. ## The role to be allowed the iptables domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the iptables domain to use. ## The type of the terminal allow the iptables domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`iptables_run',` interface(`iptables_run',`
@ -58,12 +58,12 @@ interface(`iptables_run',`
######################################## ########################################
## <interface name="iptables_exec"> ## <interface name="iptables_exec">
## <description> ## <desc>
## Execute iptables in the caller domain. ## Execute iptables in the caller domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`iptables_exec',` interface(`iptables_exec',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="libs_domtrans_ldconfig"> ## <interface name="libs_domtrans_ldconfig">
## <description> ## <desc>
## Execute ldconfig in the ldconfig domain. ## Execute ldconfig in the ldconfig domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_domtrans_ldconfig',` interface(`libs_domtrans_ldconfig',`
@ -30,18 +30,18 @@ interface(`libs_domtrans_ldconfig',`
######################################## ########################################
## <interface name="libs_run_ldconfig"> ## <interface name="libs_run_ldconfig">
## <description> ## <desc>
## Execute ldconfig in the ldconfig domain. ## Execute ldconfig in the ldconfig domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to allow the ldconfig domain. ## The role to allow the ldconfig domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the ldconfig domain to use. ## The type of the terminal allow the ldconfig domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_run_ldconfig',` interface(`libs_run_ldconfig',`
@ -57,13 +57,13 @@ interface(`libs_run_ldconfig',`
######################################## ########################################
## <interface name="libs_use_ld_so"> ## <interface name="libs_use_ld_so">
## <description> ## <desc>
## Use the dynamic link/loader for automatic loading ## Use the dynamic link/loader for automatic loading
## of shared libraries. ## of shared libraries.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_use_ld_so',` interface(`libs_use_ld_so',`
@ -84,13 +84,13 @@ interface(`libs_use_ld_so',`
######################################## ########################################
## <interface name="libs_legacy_use_ld_so"> ## <interface name="libs_legacy_use_ld_so">
## <description> ## <desc>
## Use the dynamic link/loader for automatic loading ## Use the dynamic link/loader for automatic loading
## of shared libraries with legacy support. ## of shared libraries with legacy support.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_legacy_use_ld_so',` interface(`libs_legacy_use_ld_so',`
@ -106,14 +106,14 @@ interface(`libs_legacy_use_ld_so',`
######################################## ########################################
## <interface name="libs_exec_ld_so"> ## <interface name="libs_exec_ld_so">
## <description> ## <desc>
## Execute the dynamic link/loader in the caller's ## Execute the dynamic link/loader in the caller's
## domain. This is commonly needed for the ## domain. This is commonly needed for the
## /usr/bin/ldd program. ## /usr/bin/ldd program.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_exec_ld_so',` interface(`libs_exec_ld_so',`
@ -131,13 +131,13 @@ interface(`libs_exec_ld_so',`
######################################## ########################################
## <interface name="libs_rw_ld_so_cache"> ## <interface name="libs_rw_ld_so_cache">
## <description> ## <desc>
## Modify the dynamic link/loader's cached listing ## Modify the dynamic link/loader's cached listing
## of shared libraries. ## of shared libraries.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_rw_ld_so_cache',` interface(`libs_rw_ld_so_cache',`
@ -152,12 +152,12 @@ interface(`libs_rw_ld_so_cache',`
######################################## ########################################
## <interface name="libs_search_lib"> ## <interface name="libs_search_lib">
## <description> ## <desc>
## Search lib directories. ## Search lib directories.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_search_lib',` interface(`libs_search_lib',`
@ -171,13 +171,13 @@ interface(`libs_search_lib',`
######################################## ########################################
## <interface name="libs_read_lib"> ## <interface name="libs_read_lib">
## <description> ## <desc>
## Read files in the library directories, such ## Read files in the library directories, such
## as static libraries. ## as static libraries.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_read_lib',` interface(`libs_read_lib',`
@ -195,12 +195,12 @@ interface(`libs_read_lib',`
######################################## ########################################
## <interface name="libs_exec_lib_files"> ## <interface name="libs_exec_lib_files">
## <description> ## <desc>
## Execute library scripts in the caller domain. ## Execute library scripts in the caller domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_exec_lib_files',` interface(`libs_exec_lib_files',`
@ -218,12 +218,12 @@ interface(`libs_exec_lib_files',`
######################################## ########################################
## <interface name="libs_use_shared_libs"> ## <interface name="libs_use_shared_libs">
## <description> ## <desc>
## Load and execute functions from shared libraries. ## Load and execute functions from shared libraries.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_use_shared_libs',` interface(`libs_use_shared_libs',`
@ -243,13 +243,13 @@ interface(`libs_use_shared_libs',`
######################################## ########################################
## <interface name="libs_legacy_use_shared_libs"> ## <interface name="libs_legacy_use_shared_libs">
## <description> ## <desc>
## Load and execute functions from shared libraries, ## Load and execute functions from shared libraries,
## with legacy support. ## with legacy support.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`libs_legacy_use_shared_libs',` interface(`libs_legacy_use_shared_libs',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="locallogin_domtrans"> ## <interface name="locallogin_domtrans">
## <description> ## <desc>
## Execute local logins in the locallogin domain. ## Execute local logins in the locallogin domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`locallogin_domtrans',` interface(`locallogin_domtrans',`
@ -21,12 +21,12 @@ interface(`locallogin_domtrans',`
######################################## ########################################
## <interface name="locallogin_use_fd"> ## <interface name="locallogin_use_fd">
## <description> ## <desc>
## Allow processes to inherit local login file descriptors ## Allow processes to inherit local login file descriptors
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`locallogin_use_fd',` interface(`locallogin_use_fd',`

View File

@ -61,14 +61,14 @@ interface(`logging_send_syslog_msg',`
######################################## ########################################
## <interface name="logging_search_logs"> ## <interface name="logging_search_logs">
## <description> ## <desc>
## Allows the domain to open a file in the ## Allows the domain to open a file in the
## log directory, but does not allow the listing ## log directory, but does not allow the listing
## of the contents of the log directory. ## of the contents of the log directory.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`logging_search_logs',` interface(`logging_search_logs',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="lvm_domtrans"> ## <interface name="lvm_domtrans">
## <description> ## <desc>
## Execute lvm programs in the lvm domain. ## Execute lvm programs in the lvm domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`lvm_domtrans',` interface(`lvm_domtrans',`
@ -30,18 +30,18 @@ interface(`lvm_domtrans',`
######################################## ########################################
## <interface name="lvm_run"> ## <interface name="lvm_run">
## <description> ## <desc>
## Execute lvm programs in the lvm domain. ## Execute lvm programs in the lvm domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to allow the LVM domain. ## The role to allow the LVM domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the LVM domain to use. ## The type of the terminal allow the LVM domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`lvm_run',` interface(`lvm_run',`
@ -57,12 +57,12 @@ interface(`lvm_run',`
######################################## ########################################
## <interface name="lvm_read_config"> ## <interface name="lvm_read_config">
## <description> ## <desc>
## Read LVM configuration files. ## Read LVM configuration files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`lvm_read_config',` interface(`lvm_read_config',`

View File

@ -3,13 +3,13 @@
######################################## ########################################
## <interface name="miscfiles_rw_man_cache"> ## <interface name="miscfiles_rw_man_cache">
## <description> ## <desc>
## Allow process to create files and dirs in /var/cache/man ## Allow process to create files and dirs in /var/cache/man
## and /var/catman/ ## and /var/catman/
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## Type type of the process performing this action. ## Type type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`miscfiles_rw_man_cache',` interface(`miscfiles_rw_man_cache',`
@ -26,12 +26,12 @@ interface(`miscfiles_rw_man_cache',`
######################################## ########################################
## <interface name="miscfiles_read_fonts"> ## <interface name="miscfiles_read_fonts">
## <description> ## <desc>
## Allow process to read fonts files ## Allow process to read fonts files
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## Type type of the process performing this action. ## Type type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`miscfiles_read_fonts',` interface(`miscfiles_read_fonts',`
@ -51,12 +51,12 @@ interface(`miscfiles_read_fonts',`
######################################## ########################################
## <interface name="miscfiles_read_localization"> ## <interface name="miscfiles_read_localization">
## <description> ## <desc>
## Allow process to read localization info ## Allow process to read localization info
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## Type type of the process performing this action. ## Type type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`miscfiles_read_localization',` interface(`miscfiles_read_localization',`
@ -80,12 +80,12 @@ interface(`miscfiles_read_localization',`
######################################## ########################################
## <interface name="miscfiles_legacy_read_localization"> ## <interface name="miscfiles_legacy_read_localization">
## <description> ## <desc>
## Allow process to read legacy time localization info ## Allow process to read legacy time localization info
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## Type type of the process performing this action. ## Type type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`miscfiles_legacy_read_localization',` interface(`miscfiles_legacy_read_localization',`
@ -100,12 +100,12 @@ interface(`miscfiles_legacy_read_localization',`
######################################## ########################################
## <interface name="miscfiles_read_man_pages"> ## <interface name="miscfiles_read_man_pages">
## <description> ## <desc>
## Allow process to read manpages ## Allow process to read manpages
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## Type type of the process performing this action. ## Type type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`miscfiles_read_man_pages',` interface(`miscfiles_read_man_pages',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="modutils_read_kernel_module_dependencies"> ## <interface name="modutils_read_kernel_module_dependencies">
## <description> ## <desc>
## Read the dependencies of kernel modules. ## Read the dependencies of kernel modules.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_read_kernel_module_dependencies',` interface(`modutils_read_kernel_module_dependencies',`
@ -23,13 +23,13 @@ interface(`modutils_read_kernel_module_dependencies',`
######################################## ########################################
## <interface name="modutils_read_module_conf"> ## <interface name="modutils_read_module_conf">
## <description> ## <desc>
## Read the configuration options used when ## Read the configuration options used when
## loading modules. ## loading modules.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_read_module_conf',` interface(`modutils_read_module_conf',`
@ -48,12 +48,12 @@ interface(`modutils_read_module_conf',`
######################################## ########################################
## <interface name="modutils_domtrans_insmod"> ## <interface name="modutils_domtrans_insmod">
## <description> ## <desc>
## Execute insmod in the insmod domain. ## Execute insmod in the insmod domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_domtrans_insmod',` interface(`modutils_domtrans_insmod',`
@ -75,21 +75,21 @@ interface(`modutils_domtrans_insmod',`
######################################## ########################################
## <interface name="modutils_run_insmod"> ## <interface name="modutils_run_insmod">
## <description> ## <desc>
## Execute insmod in the insmod domain, and ## Execute insmod in the insmod domain, and
## allow the specified role the insmod domain, ## allow the specified role the insmod domain,
## and use the caller's terminal. Has a sigchld ## and use the caller's terminal. Has a sigchld
## backchannel. ## backchannel.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the insmod domain. ## The role to be allowed the insmod domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the insmod domain to use. ## The type of the terminal allow the insmod domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_run_insmod',` interface(`modutils_run_insmod',`
@ -118,12 +118,12 @@ interface(`modutils_exec_insmod',`
######################################## ########################################
## <interface name="modutils_domtrans_depmod"> ## <interface name="modutils_domtrans_depmod">
## <description> ## <desc>
## Execute depmod in the depmod domain. ## Execute depmod in the depmod domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_domtrans_depmod',` interface(`modutils_domtrans_depmod',`
@ -145,18 +145,18 @@ interface(`modutils_domtrans_depmod',`
######################################## ########################################
## <interface name="modutils_run_depmod"> ## <interface name="modutils_run_depmod">
## <description> ## <desc>
## Execute depmod in the depmod domain. ## Execute depmod in the depmod domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the depmod domain. ## The role to be allowed the depmod domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the depmod domain to use. ## The type of the terminal allow the depmod domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_run_depmod',` interface(`modutils_run_depmod',`
@ -185,12 +185,12 @@ interface(`modutils_exec_depmod',`
######################################## ########################################
## <interface name="modutils_domtrans_update_mods"> ## <interface name="modutils_domtrans_update_mods">
## <description> ## <desc>
## Execute depmod in the depmod domain. ## Execute depmod in the depmod domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_domtrans_update_mods',` interface(`modutils_domtrans_update_mods',`
@ -212,18 +212,18 @@ interface(`modutils_domtrans_update_mods',`
######################################## ########################################
## <interface name="modutils_run_update_mods"> ## <interface name="modutils_run_update_mods">
## <description> ## <desc>
## Execute update_modules in the update_modules domain. ## Execute update_modules in the update_modules domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the update_modules domain. ## The role to be allowed the update_modules domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the update_modules domain to use. ## The type of the terminal allow the update_modules domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`modutils_run_update_mods',` interface(`modutils_run_update_mods',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="mount_domtrans"> ## <interface name="mount_domtrans">
## <description> ## <desc>
## Execute mount in the mount domain. ## Execute mount in the mount domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`mount_domtrans',` interface(`mount_domtrans',`
@ -29,20 +29,20 @@ interface(`mount_domtrans',`
######################################## ########################################
## <interface name="mount_run"> ## <interface name="mount_run">
## <description> ## <desc>
## Execute mount in the mount domain, and ## Execute mount in the mount domain, and
## allow the specified role the mount domain, ## allow the specified role the mount domain,
## and use the caller's terminal. ## and use the caller's terminal.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the mount domain. ## The role to be allowed the mount domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the mount domain to use. ## The type of the terminal allow the mount domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`mount_run',` interface(`mount_run',`
@ -58,12 +58,12 @@ interface(`mount_run',`
######################################## ########################################
## <interface name="mount_use_fd"> ## <interface name="mount_use_fd">
## <description> ## <desc>
## Use file descriptors for mount. ## Use file descriptors for mount.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`mount_use_fd',` interface(`mount_use_fd',`
@ -77,13 +77,13 @@ interface(`mount_use_fd',`
######################################## ########################################
## <interface name="mount_send_nfs_client_request"> ## <interface name="mount_send_nfs_client_request">
## <description> ## <desc>
## Allow the mount domain to send nfs requests for mounting ## Allow the mount domain to send nfs requests for mounting
## network drives ## network drives
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`mount_send_nfs_client_request',` interface(`mount_send_nfs_client_request',`

View File

@ -3,12 +3,12 @@
####################################### #######################################
## <interface name="seutil_domtrans_checkpol"> ## <interface name="seutil_domtrans_checkpol">
## <description> ## <desc>
## Execute checkpolicy in the checkpolicy domain. ## Execute checkpolicy in the checkpolicy domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_domtrans_checkpol',` interface(`seutil_domtrans_checkpol',`
@ -31,21 +31,21 @@ interface(`seutil_domtrans_checkpol',`
######################################## ########################################
## <interface name="seutil_run_checkpol"> ## <interface name="seutil_run_checkpol">
## <description> ## <desc>
## Execute checkpolicy in the checkpolicy domain, and ## Execute checkpolicy in the checkpolicy domain, and
## allow the specified role the checkpolicy domain, ## allow the specified role the checkpolicy domain,
## and use the caller's terminal. ## and use the caller's terminal.
## Has a SIGCHLD signal backchannel. ## Has a SIGCHLD signal backchannel.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the checkpolicy domain. ## The role to be allowed the checkpolicy domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the checkpolicy domain to use. ## The type of the terminal allow the checkpolicy domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_run_checkpol',` interface(`seutil_run_checkpol',`
@ -75,12 +75,12 @@ interface(`seutil_exec_checkpol',`
####################################### #######################################
## <interface name="seutil_domtrans_loadpol"> ## <interface name="seutil_domtrans_loadpol">
## <description> ## <desc>
## Execute load_policy in the load_policy domain. ## Execute load_policy in the load_policy domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_domtrans_loadpol',` interface(`seutil_domtrans_loadpol',`
@ -102,21 +102,21 @@ interface(`seutil_domtrans_loadpol',`
######################################## ########################################
## <interface name="seutil_run_loadpol"> ## <interface name="seutil_run_loadpol">
## <description> ## <desc>
## Execute load_policy in the load_policy domain, and ## Execute load_policy in the load_policy domain, and
## allow the specified role the load_policy domain, ## allow the specified role the load_policy domain,
## and use the caller's terminal. ## and use the caller's terminal.
## Has a SIGCHLD signal backchannel. ## Has a SIGCHLD signal backchannel.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the load_policy domain. ## The role to be allowed the load_policy domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the load_policy domain to use. ## The type of the terminal allow the load_policy domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_run_loadpol',` interface(`seutil_run_loadpol',`
@ -159,12 +159,12 @@ interface(`seutil_read_loadpol',`
####################################### #######################################
## <interface name="seutil_domtrans_newrole"> ## <interface name="seutil_domtrans_newrole">
## <description> ## <desc>
## Execute newrole in the load_policy domain. ## Execute newrole in the load_policy domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_domtrans_newrole',` interface(`seutil_domtrans_newrole',`
@ -187,20 +187,20 @@ interface(`seutil_domtrans_newrole',`
######################################## ########################################
## <interface name="seutil_run_newrole"> ## <interface name="seutil_run_newrole">
## <description> ## <desc>
## Execute newrole in the newrole domain, and ## Execute newrole in the newrole domain, and
## allow the specified role the newrole domain, ## allow the specified role the newrole domain,
## and use the caller's terminal. ## and use the caller's terminal.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the newrole domain. ## The role to be allowed the newrole domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the newrole domain to use. ## The type of the terminal allow the newrole domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_run_newrole',` interface(`seutil_run_newrole',`
@ -230,13 +230,13 @@ interface(`seutil_exec_newrole',`
######################################## ########################################
## <interface name="seutil_dontaudit_newrole_signal"> ## <interface name="seutil_dontaudit_newrole_signal">
## <description> ## <desc>
## Do not audit the caller attempts to send ## Do not audit the caller attempts to send
## a signal to newrole. ## a signal to newrole.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_dontaudit_newrole_signal',` interface(`seutil_dontaudit_newrole_signal',`
@ -276,12 +276,12 @@ interface(`seutil_use_newrole_fd',`
####################################### #######################################
## <interface name="seutil_domtrans_restorecon"> ## <interface name="seutil_domtrans_restorecon">
## <description> ## <desc>
## Execute restorecon in the restorecon domain. ## Execute restorecon in the restorecon domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_domtrans_restorecon',` interface(`seutil_domtrans_restorecon',`
@ -303,20 +303,20 @@ interface(`seutil_domtrans_restorecon',`
######################################## ########################################
## <interface name="seutil_run_restorecon"> ## <interface name="seutil_run_restorecon">
## <description> ## <desc>
## Execute restorecon in the restorecon domain, and ## Execute restorecon in the restorecon domain, and
## allow the specified role the restorecon domain, ## allow the specified role the restorecon domain,
## and use the caller's terminal. ## and use the caller's terminal.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the restorecon domain. ## The role to be allowed the restorecon domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the restorecon domain to use. ## The type of the terminal allow the restorecon domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_run_restorecon',` interface(`seutil_run_restorecon',`
@ -345,12 +345,12 @@ interface(`seutil_exec_restorecon',`
######################################## ########################################
## <interface name="seutil_domtrans_runinit"> ## <interface name="seutil_domtrans_runinit">
## <description> ## <desc>
## Execute run_init in the run_init domain. ## Execute run_init in the run_init domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_domtrans_runinit',` interface(`seutil_domtrans_runinit',`
@ -373,20 +373,20 @@ interface(`seutil_domtrans_runinit',`
######################################## ########################################
## <interface name="seutil_run_runinit"> ## <interface name="seutil_run_runinit">
## <description> ## <desc>
## Execute run_init in the run_init domain, and ## Execute run_init in the run_init domain, and
## allow the specified role the run_init domain, ## allow the specified role the run_init domain,
## and use the caller's terminal. ## and use the caller's terminal.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the run_init domain. ## The role to be allowed the run_init domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the run_init domain to use. ## The type of the terminal allow the run_init domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_run_runinit',` interface(`seutil_run_runinit',`
@ -415,12 +415,12 @@ interface(`seutil_use_runinit_fd',`
######################################## ########################################
## <interface name="seutil_domtrans_setfiles"> ## <interface name="seutil_domtrans_setfiles">
## <description> ## <desc>
## Execute setfiles in the setfiles domain. ## Execute setfiles in the setfiles domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_domtrans_setfiles',` interface(`seutil_domtrans_setfiles',`
@ -443,20 +443,20 @@ interface(`seutil_domtrans_setfiles',`
######################################## ########################################
## <interface name="seutil_run_setfiles"> ## <interface name="seutil_run_setfiles">
## <description> ## <desc>
## Execute setfiles in the setfiles domain, and ## Execute setfiles in the setfiles domain, and
## allow the specified role the setfiles domain, ## allow the specified role the setfiles domain,
## and use the caller's terminal. ## and use the caller's terminal.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the setfiles domain. ## The role to be allowed the setfiles domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the setfiles domain to use. ## The type of the terminal allow the setfiles domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_run_setfiles',` interface(`seutil_run_setfiles',`
@ -572,12 +572,12 @@ interface(`seutil_create_binary_pol',`
######################################## ########################################
## <interface name="seutil_relabelto_binary_pol"> ## <interface name="seutil_relabelto_binary_pol">
## <description> ## <desc>
## Allow the caller to relabel a file to the binary policy type. ## Allow the caller to relabel a file to the binary policy type.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`seutil_relabelto_binary_pol',` interface(`seutil_relabelto_binary_pol',`

View File

@ -3,12 +3,12 @@
####################################### #######################################
## <interface name="sysnet_domtrans_dhcpc"> ## <interface name="sysnet_domtrans_dhcpc">
## <description> ## <desc>
## Execute dhcp client in dhcpc domain. ## Execute dhcp client in dhcpc domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`sysnet_domtrans_dhcpc',` interface(`sysnet_domtrans_dhcpc',`
@ -30,12 +30,12 @@ interface(`sysnet_domtrans_dhcpc',`
####################################### #######################################
## <interface name="sysnet_domtrans_ifconfig"> ## <interface name="sysnet_domtrans_ifconfig">
## <description> ## <desc>
## Execute ifconfig in the ifconfig domain. ## Execute ifconfig in the ifconfig domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`sysnet_domtrans_ifconfig',` interface(`sysnet_domtrans_ifconfig',`
@ -57,20 +57,20 @@ interface(`sysnet_domtrans_ifconfig',`
######################################## ########################################
## <interface name="sysnet_run_ifconfig"> ## <interface name="sysnet_run_ifconfig">
## <description> ## <desc>
## Execute ifconfig in the ifconfig domain, and ## Execute ifconfig in the ifconfig domain, and
## allow the specified role the ifconfig domain, ## allow the specified role the ifconfig domain,
## and use the caller's terminal. ## and use the caller's terminal.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## <parameter name="role"> ## <param name="role">
## The role to be allowed the ifconfig domain. ## The role to be allowed the ifconfig domain.
## </parameter> ## </param>
## <parameter name="terminal"> ## <param name="terminal">
## The type of the terminal allow the ifconfig domain to use. ## The type of the terminal allow the ifconfig domain to use.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`sysnet_run_ifconfig',` interface(`sysnet_run_ifconfig',`
@ -87,12 +87,12 @@ interface(`sysnet_run_ifconfig',`
####################################### #######################################
## <interface name="sysnet_read_config"> ## <interface name="sysnet_read_config">
## <description> ## <desc>
## Allow network init to read network config files. ## Allow network init to read network config files.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`sysnet_read_config',` interface(`sysnet_read_config',`

View File

@ -3,12 +3,12 @@
######################################## ########################################
## <interface name="udev_domtrans"> ## <interface name="udev_domtrans">
## <description> ## <desc>
## Execute udev in the udev domain. ## Execute udev in the udev domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`udev_domtrans',` interface(`udev_domtrans',`
@ -29,12 +29,12 @@ interface(`udev_domtrans',`
######################################## ########################################
## <interface name="udev_read_db"> ## <interface name="udev_read_db">
## <description> ## <desc>
## Allow process to read list of devices. ## Allow process to read list of devices.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`udev_read_db',` interface(`udev_read_db',`
@ -49,12 +49,12 @@ interface(`udev_read_db',`
######################################## ########################################
## <interface name="udev_rw_db"> ## <interface name="udev_rw_db">
## <description> ## <desc>
## Allow process to modify list of devices. ## Allow process to modify list of devices.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`udev_rw_db',` interface(`udev_rw_db',`

View File

@ -810,14 +810,14 @@ template(`admin_domain_template',`
######################################## ########################################
## <interface name="userdom_spec_domtrans_all_users"> ## <interface name="userdom_spec_domtrans_all_users">
## <description> ## <desc>
## Execute a shell in all user domains. This ## Execute a shell in all user domains. This
## is an explicit transition, requiring the ## is an explicit transition, requiring the
## caller to use setexeccon(). ## caller to use setexeccon().
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_spec_domtrans_all_users',` interface(`userdom_spec_domtrans_all_users',`
@ -830,14 +830,14 @@ interface(`userdom_spec_domtrans_all_users',`
######################################## ########################################
## <interface name="userdom_spec_domtrans_unpriv_users"> ## <interface name="userdom_spec_domtrans_unpriv_users">
## <description> ## <desc>
## Execute a shell in all unprivileged user domains. This ## Execute a shell in all unprivileged user domains. This
## is an explicit transition, requiring the ## is an explicit transition, requiring the
## caller to use setexeccon(). ## caller to use setexeccon().
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_spec_domtrans_unpriv_users',` interface(`userdom_spec_domtrans_unpriv_users',`
@ -850,12 +850,12 @@ interface(`userdom_spec_domtrans_unpriv_users',`
######################################## ########################################
## <interface name="userdom_shell_domtrans_sysadm"> ## <interface name="userdom_shell_domtrans_sysadm">
## <description> ## <desc>
## Execute a shell in the sysadm domain. ## Execute a shell in the sysadm domain.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_shell_domtrans_sysadm',` interface(`userdom_shell_domtrans_sysadm',`
@ -868,12 +868,12 @@ interface(`userdom_shell_domtrans_sysadm',`
######################################## ########################################
## <interface name="userdom_use_sysadm_tty"> ## <interface name="userdom_use_sysadm_tty">
## <description> ## <desc>
## Read and write sysadm ttys. ## Read and write sysadm ttys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_use_sysadm_tty',` interface(`userdom_use_sysadm_tty',`
@ -889,12 +889,12 @@ interface(`userdom_use_sysadm_tty',`
######################################## ########################################
## <interface name="userdom_use_sysadm_terms"> ## <interface name="userdom_use_sysadm_terms">
## <description> ## <desc>
## Read and write sysadm ttys and ptys. ## Read and write sysadm ttys and ptys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_use_sysadm_terms',` interface(`userdom_use_sysadm_terms',`
@ -910,12 +910,12 @@ interface(`userdom_use_sysadm_terms',`
######################################## ########################################
## <interface name="userdom_dontaudit_use_sysadm_terms"> ## <interface name="userdom_dontaudit_use_sysadm_terms">
## <description> ## <desc>
## Do not audit attempts to use admin ttys and ptys. ## Do not audit attempts to use admin ttys and ptys.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_dontaudit_use_sysadm_terms',` interface(`userdom_dontaudit_use_sysadm_terms',`
@ -929,12 +929,12 @@ interface(`userdom_dontaudit_use_sysadm_terms',`
######################################## ########################################
## <interface name="userdom_search_all_users_home"> ## <interface name="userdom_search_all_users_home">
## <description> ## <desc>
## Search all users home directories. ## Search all users home directories.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_search_all_users_home',` interface(`userdom_search_all_users_home',`
@ -949,12 +949,12 @@ interface(`userdom_search_all_users_home',`
######################################## ########################################
## <interface name="userdom_read_all_user_data"> ## <interface name="userdom_read_all_user_data">
## <description> ## <desc>
## Read all files in all users home directories. ## Read all files in all users home directories.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_read_all_user_data',` interface(`userdom_read_all_user_data',`
@ -971,12 +971,12 @@ interface(`userdom_read_all_user_data',`
######################################## ########################################
## <interface name="userdom_use_all_user_fd"> ## <interface name="userdom_use_all_user_fd">
## <description> ## <desc>
## Inherit the file descriptors from all user domains ## Inherit the file descriptors from all user domains
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_use_all_user_fd',` interface(`userdom_use_all_user_fd',`
@ -990,12 +990,12 @@ interface(`userdom_use_all_user_fd',`
######################################## ########################################
## <interface name="userdom_signal_all_users"> ## <interface name="userdom_signal_all_users">
## <description> ## <desc>
## Send general signals to all user domains. ## Send general signals to all user domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_signal_all_users',` interface(`userdom_signal_all_users',`
@ -1009,12 +1009,12 @@ interface(`userdom_signal_all_users',`
######################################## ########################################
## <interface name="userdom_signal_unpriv_users"> ## <interface name="userdom_signal_unpriv_users">
## <description> ## <desc>
## Send general signals to unprivileged user domains. ## Send general signals to unprivileged user domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_signal_unpriv_users',` interface(`userdom_signal_unpriv_users',`
@ -1028,12 +1028,12 @@ interface(`userdom_signal_unpriv_users',`
######################################## ########################################
## <interface name="userdom_use_unpriv_users_fd"> ## <interface name="userdom_use_unpriv_users_fd">
## <description> ## <desc>
## Inherit the file descriptors from all user domains. ## Inherit the file descriptors from all user domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_use_unpriv_users_fd',` interface(`userdom_use_unpriv_users_fd',`
@ -1047,13 +1047,13 @@ interface(`userdom_use_unpriv_users_fd',`
######################################## ########################################
## <interface name="userdom_dontaudit_use_unpriv_user_fd"> ## <interface name="userdom_dontaudit_use_unpriv_user_fd">
## <description> ## <desc>
## Do not audit attempts to inherit the ## Do not audit attempts to inherit the
## file descriptors from all user domains. ## file descriptors from all user domains.
## </description> ## </desc>
## <parameter name="domain"> ## <param name="domain">
## The type of the process performing this action. ## The type of the process performing this action.
## </parameter> ## </param>
## </interface> ## </interface>
# #
interface(`userdom_dontaudit_use_unpriv_user_fd',` interface(`userdom_dontaudit_use_unpriv_user_fd',`