rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

additional mls interfaces from chad hanson.

This commit is contained in:
Chris PeBenito 2006-03-15 16:27:39 +00:00
parent efc94af8cf
commit 405efe1637
2 changed files with 203 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
refpolicy/Changelog
View File

@ -1,3 +1,4 @@
- Additional MLS interfaces from Chad Hanson.
- Move some rules out of domain_type() and domain_base_type() - Move some rules out of domain_type() and domain_base_type()
to the TE file, to use the domain attribute to take advantage to the TE file, to use the domain attribute to take advantage
of space savings from attribute use. of space savings from attribute use.

211
refpolicy/policy/modules/kernel/mls.if
View File

@ -18,7 +18,7 @@
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -37,7 +37,7 @@ interface(`mls_file_read_up',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -56,7 +56,7 @@ interface(`mls_file_write_down',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -75,7 +75,7 @@ interface(`mls_file_upgrade',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -87,6 +87,124 @@ interface(`mls_file_downgrade',`
typeattribute $1 mlsfiledowngrade; typeattribute $1 mlsfiledowngrade;
') ')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from sockets at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_socket_read_all_levels',`
gen_require(`
attribute mlsnetread;
')
typeattribute $1 mlsnetread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from sockets at any level
## that is dominated by the process clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_socket_read_to_clearance',`
gen_require(`
attribute mlsnetreadtoclr;
')
typeattribute $1 mlsnetreadtoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to sockets at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_socket_write_all_levels',`
gen_require(`
attribute mlsnetwrite;
')
typeattribute $1 mlsnetwrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for receiving network data from
## network interfaces or hosts at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_net_receive_all_levels',`
gen_require(`
attribute mlsnetrecvall;
')
typeattribute $1 mlsnetrecvall;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from System V IPC objects
## at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_sysvipc_read_all_levels',`
gen_require(`
attribute mlsipcread;
')
typeattribute $1 mlsipcread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to System V IPC objects
## at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_sysvipc_write_all_levels',`
gen_require(`
attribute mlsipcwrite;
')
typeattribute $1 mlsipcwrite;
')
######################################## ########################################
## <summary> ## <summary>
## Allow the specified domain to do a MLS ## Allow the specified domain to do a MLS
@ -95,7 +213,7 @@ interface(`mls_file_downgrade',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -115,7 +233,7 @@ interface(`mls_rangetrans_source',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -134,7 +252,7 @@ interface(`mls_rangetrans_target',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -153,7 +271,7 @@ interface(`mls_process_read_up',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -173,7 +291,7 @@ interface(`mls_process_write_down',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## The type of the process performing this action. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
# #
@ -185,6 +303,81 @@ interface(`mls_process_set_level',`
typeattribute $1 mlsprocsetsl; typeattribute $1 mlsprocsetsl;
') ')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from X objects at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_xwin_read_all_levels',`
gen_require(`
attribute mlsxwinread;
')
typeattribute $1 mlsxwinread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to X objects at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_xwin_write_all_levels',`
gen_require(`
attribute mlsxwinwrite;
')
typeattribute $1 mlsxwinwrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from X colormaps at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_colormap_read_all_levels',`
gen_require(`
attribute mlsxwinreadcolormap;
')
typeattribute $1 mlsxwinreadcolormap;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to X colormaps at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_colormap_write_all_levels',`
gen_require(`
attribute mlsxwinwritecolormap;
')
typeattribute $1 mlsxwinwritecolormap;
')
######################################## ########################################
## <summary> ## <summary>