rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

add xml

Browse Source
This commit is contained in:
Chris PeBenito 2005-06-07 22:36:07 +00:00
parent ddea18b0ad
commit 3865d6b95e
9 changed files with 1059 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

946
refpolicy/policy/modules/kernel/kernel.if
View File

File diff suppressed because it is too large Load Diff

28
refpolicy/policy/modules/system/clock.if
View File

@ -1,4 +1,4 @@
## <module name="clock" layer="keyservices">
## <module name="clock" layer="system">
## <summary>Policy for reading and setting the hardware clock.</summary>
########################################
@ -67,9 +67,16 @@ define(`clock_transition_add_role_use_terminal_depend',`
class chr_file { getattr read write ioctl };
')
#######################################
#
# clock_execute(domain)
########################################
## <interface name="clock_execute">
## <description>
## Execute hwclock
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="execute" weight="10"/>
## </interface>
#
define(`clock_execute',`
requires_block_template(`$0'_depend)
@ -83,9 +90,16 @@ define(`clock_execute_depend',`
class file { getattr read execute execute_no_trans };
')
#######################################
#
# clock_modify_drift_records(domain)
########################################
## <interface name="clock_modify_drift_records">
## <description>
## Allow executing domain to modify clock drift
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`clock_modify_drift_records',`
requires_block_template(`$0'_depend)

56
refpolicy/policy/modules/system/getty.if
View File

@ -1,7 +1,16 @@
## <module name="getty" layer="system">
## <summary>Policy for getty.</summary>
#######################################
#
# getty_transition(domain)
########################################
## <interface name="getty_transition">
## <description>
## Execute gettys in the getty domain.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`getty_transition',`
requires_block_template(`$0'_depend)
@ -26,9 +35,16 @@ define(`getty_transition_depend',`
class fifo_file rw_file_perms;
')
#######################################
#
# getty_read_log_file(domain)
########################################
## <interface name="getty_read_log_file">
## <description>
## Allow process to read getty log file.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`getty_read_log_file',`
requires_block_template(`$0'_depend)
@ -42,9 +58,16 @@ define(`getty_read_log_file_depend',`
class file { getattr read };
')
#######################################
#
# getty_read_config_file(domain)
########################################
## <interface name="getty_read_config_file">
## <description>
## Allow process to read getty config file.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`getty_read_config_file',`
requires_block_template(`$0'_depend)
@ -58,9 +81,16 @@ define(`getty_read_config_file_depend',`
class file { getattr read };
')
#######################################
#
# getty_modify_config_file(domain)
########################################
## <interface name="getty_modify_config_file">
## <description>
## Allow process to edit getty config file.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read write" weight="10"/>
## </interface>
#
define(`getty_modify_config_file',`
requires_block_template(`$0'_depend)
@ -73,3 +103,5 @@ define(`getty_modify_config_file_depend',`
class file { getattr read write };
')
## </module>

14
refpolicy/policy/modules/system/hostname.if
View File

@ -1,4 +1,4 @@
## <module name="hostname" layer="keyservices">
## <module name="hostname" layer="system">
## <summary>Policy for changing the system host name.</summary>
########################################
@ -69,6 +69,18 @@ define(`hostname_transition_add_role_use_terminal_depend',`
class chr_file { getattr read write ioctl };
')
########################################
## <interface name="hostname_execute">
## <description>
## Execute hostname in the hostname domain, and
## Has a sigchld signal backchannel.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="write" weight="10"/>
## </interface>
#
#######################################
#
# hostname_execute(domain)

28
refpolicy/policy/modules/system/locallogin.if
View File

@ -1,7 +1,16 @@
## <module name="locallogin" layer="system">
## <summary>Policy for local logins.</summary>
#######################################
#
# locallogin_transition(domain)
########################################
## <interface name="locallogin_transition">
## <description>
## Execute local logins in the locallogin domain.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`locallogin_transition',`
requires_block_template(`$0'_depend)
@ -13,6 +22,17 @@ define(`locallogin_transition_depend',`
type local_login_t;
')
########################################
## <interface name="locallogin_use_file_descriptors">
## <description>
## Allow processes to inherit local login file descriptors
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
########################################
#
# locallogin_use_file_descriptors(domain)
@ -28,3 +48,5 @@ define(`locallogin_use_file_descriptors_depend',`
class fd use;
')
## </module>

75
refpolicy/policy/modules/system/miscfiles.if
View File

@ -1,7 +1,20 @@
## <module name="miscfiles" layer="system">
## <summary>Miscelaneous files.</summary>
########################################
#
# miscfiles_manage_man_page_cache(domain)
## <interface name="miscfiles_manage_man_page_cache">
## <description>
## Allow process to create files and dirs in /var/cache/man
## and /var/catman/
## </description>
## <securitydesc>
## ...
## </securitydesc>
## <parameter name="domain">
## Type type of the process performing this action.
## </parameter>
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`miscfiles_manage_man_page_cache',`
requires_block_template(`$0'_depend)
@ -19,8 +32,18 @@ define(`miscfiles_manage_man_page_cache_depend',`
')
########################################
#
# miscfiles_read_fonts(domain)
## <interface name="miscfiles_read_fonts">
## <description>
## Allow process to read fonts files
## </description>
## <securitydesc>
## ...
## </securitydesc>
## <parameter name="domain">
## Type type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`miscfiles_read_fonts',`
requires_block_template(`$0'_depend)
@ -40,8 +63,18 @@ define(`miscfiles_read_fonts_depend',`
')
########################################
#
# miscfiles_read_localization(domain)
## <interface name="miscfiles_read_localization">
## <description>
## Allow process to read localization info
## </description>
## <securitydesc>
## ...
## </securitydesc>
## <parameter name="domain">
## Type type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`miscfiles_read_localization',`
requires_block_template(`$0'_depend)
@ -65,8 +98,18 @@ define(`miscfiles_read_localization_depend',`
')
########################################
#
# miscfiles_legacy_read_localization(domain)
## <interface name="miscfiles_legacy_read_localization">
## <description>
## Allow process to read legacy time localization info
## </description>
## <securitydesc>
## ...
## </securitydesc>
## <parameter name="domain">
## Type type of the process performing this action.
## </parameter>
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`miscfiles_legacy_read_localization',`
requires_block_template(`$0'_depend)
@ -82,8 +125,18 @@ define(`miscfiles_read_localization_depend',`
')
########################################
#
# miscfiles_read_man_pages(domain)
## <interface name="miscfiles_read_man_pages">
## <description>
## Allow process to read manpages
## </description>
## <securitydesc>
## ...
## </securitydesc>
## <parameter name="domain">
## Type type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="10"/>
## </interface>
#
define(`miscfiles_read_man_pages',`
requires_block_template(`$0'_depend)
@ -101,3 +154,5 @@ define(`miscfiles_read_man_pages_depend',`
class file { getattr read };
class lnk_file { getattr read };
')
## </module>

27
refpolicy/policy/modules/system/mount.if
View File

@ -68,9 +68,16 @@ define(`mount_transition_add_role_use_terminal_depend',`
class chr_file { getattr read write ioctl };
')
#######################################
#
# mount_use_file_descriptors(domain)
########################################
## <interface name="mount_use_file_descriptors">
## <description>
## Use file descriptors for mount.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="use" weight="4"/>
## </interface>
#
define(`mount_use_file_descriptors',`
requires_block_template(`$0'_depend)
@ -84,9 +91,17 @@ define(`mount_use_file_descriptors_depend',`
class fd use;
')
#######################################
#
# mount_send_nfs_client_request(domain)
########################################
## <interface name="mount_send_nfs_client_request">
## <description>
## Allow the mount domain to send nfs requests for mounting
## network drives
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="write read " weight="10"/>
## </interface>
#
define(`mount_send_nfs_client_request',`
requires_block_template(`$0'_depend)

26
refpolicy/policy/modules/system/sysnetwork.if
View File

@ -1,9 +1,16 @@
## <module name="sysnetwork" layer="system">
## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
########################################
#
# sysnetwork_dhcpc_transition(domain)
#######################################
## <interface name="sysnetwork_dhcpc_transition">
## <description>
## Execute dhcp client in dhcpc domain.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="3"/>
## </interface>
#
define(`sysnetwork_dhcpc_transition',`
requires_block_template(`$0'_depend)
@ -95,9 +102,16 @@ define(`sysnetwork_ifconfig_transition_add_role_use_terminal_depend',`
class chr_file { getattr read write ioctl };
')
########################################
#
# sysnetwork_read_network_config(domain)
#######################################
## <interface name="sysnetwork_read_network_config">
## <description>
## Allow network init to read network config files.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="3"/>
## </interface>
#
define(`sysnetwork_read_network_config',`
requires_block_template(`$0'_depend)

39
refpolicy/policy/modules/system/udev.if
View File

@ -1,7 +1,16 @@
## <module name="udev" layer="system">
## <summary>Policy for udev.</summary>
#######################################
#
# udev_transition(domain)
########################################
## <interface name="udev_transition">
## <description>
## Execute udev in the udev domain.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="execute" weight="10"/>
## </interface>
#
define(`udev_transition',`
requires_block_template(`$0'_depend)
@ -27,8 +36,15 @@ define(`udev_transition_depend',`
')
########################################
#
# udev_read_database(domain)
## <interface name="udev_read_database">
## <description>
## Allow process to read list of devices.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="read" weight="3"/>
## </interface>
#
define(`udev_read_database',`
requires_block_template(`$0'_depend)
@ -43,8 +59,15 @@ define(`udev_read_database_depend',`
')
########################################
#
# udev_modify_database(domain)
## <interface name="udev_modify_database">
## <description>
## Allow process to modify list of devices.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
## </parameter>
## <infoflow type="write" weight="10"/>
## </interface>
#
define(`udev_modify_database',`
requires_block_template(`$0'_depend)
@ -57,3 +80,5 @@ define(`udev_modify_database_depend',`
class file { getattr read write append };
')
## </module>