add some indentation
This commit is contained in:
Chris PeBenito
parent
d115660e3b
commit
4196997813
@ -8,16 +8,19 @@
|
||||
# devices_make_device_node(type)
|
||||
#
|
||||
define(`devices_make_device_node',`
|
||||
requires_block_template(`$0'_depend)
|
||||
typeattribute $1 device_node;
|
||||
filesystem_associate($1)
|
||||
optional_policy(`distro_redhat',`
|
||||
filesystem_tmpfs_associate($1)
|
||||
')
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
typeattribute $1 device_node;
|
||||
|
||||
filesystem_associate($1)
|
||||
|
||||
optional_policy(`distro_redhat',`
|
||||
filesystem_tmpfs_associate($1)
|
||||
')
|
||||
')
|
||||
|
||||
define(`devices_make_device_node_depend',`
|
||||
attribute device_node;
|
||||
attribute device_node;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -25,26 +28,29 @@ attribute device_node;
|
||||
# devices_manage_all_devices_labels(domain)
|
||||
#
|
||||
define(`devices_manage_all_devices_labels',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_node:dir { getattr relabelfrom };
|
||||
allow $1 device_node:file { getattr relabelfrom };
|
||||
allow $1 device_node:lnk_file { getattr relabelfrom };
|
||||
allow $1 device_node:fifo_file { getattr relabelfrom };
|
||||
allow $1 device_node:sock_file { getattr relabelfrom };
|
||||
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
|
||||
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_node:dir { getattr relabelfrom };
|
||||
allow $1 device_node:file { getattr relabelfrom };
|
||||
allow $1 device_node:lnk_file { getattr relabelfrom };
|
||||
allow $1 device_node:fifo_file { getattr relabelfrom };
|
||||
allow $1 device_node:sock_file { getattr relabelfrom };
|
||||
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
|
||||
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
|
||||
')
|
||||
|
||||
define(`devices_manage_all_devices_labels_depend',`
|
||||
attribute device_node;
|
||||
type device_t;
|
||||
class dir { getattr relabelfrom };
|
||||
class file { getattr relabelfrom };
|
||||
class lnk_file { getattr relabelfrom };
|
||||
class fifo_file { getattr relabelfrom };
|
||||
class sock_file { getattr relabelfrom };
|
||||
class blk_file { getattr relabelfrom relabelto };
|
||||
class chr_file { getattr relabelfrom relabelto };
|
||||
attribute device_node;
|
||||
|
||||
type device_t;
|
||||
|
||||
class dir { getattr relabelfrom };
|
||||
class file { getattr relabelfrom };
|
||||
class lnk_file { getattr relabelfrom };
|
||||
class fifo_file { getattr relabelfrom };
|
||||
class sock_file { getattr relabelfrom };
|
||||
class blk_file { getattr relabelfrom relabelto };
|
||||
class chr_file { getattr relabelfrom relabelto };
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -52,15 +58,17 @@ class chr_file { getattr relabelfrom relabelto };
|
||||
# devices_list_device_nodes(domain)
|
||||
#
|
||||
define(`devices_list_device_nodes',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir r_dir_perms;
|
||||
allow $1 device_t:lnk_file { getattr read };
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir r_dir_perms;
|
||||
allow $1 device_t:lnk_file { getattr read };
|
||||
')
|
||||
|
||||
define(`devices_list_device_nodes_depend',`
|
||||
type device_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file { getattr read };
|
||||
type device_t;
|
||||
|
||||
class dir r_dir_perms;
|
||||
class lnk_file { getattr read };
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -68,13 +76,15 @@ class lnk_file { getattr read };
|
||||
# devices_ignore_list_device_nodes(domain)
|
||||
#
|
||||
define(`devices_ignore_list_device_nodes',`
|
||||
requires_block_template(`$0'_depend)
|
||||
dontaudit $1 device_t:dir r_dir_perms;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
dontaudit $1 device_t:dir r_dir_perms;
|
||||
')
|
||||
|
||||
define(`devices_ignore_list_device_nodes_depend',`
|
||||
type device_t;
|
||||
class dir r_dir_perms;
|
||||
type device_t;
|
||||
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -82,13 +92,15 @@ class dir r_dir_perms;
|
||||
# devices_add_dev_dir(domain)
|
||||
#
|
||||
define(`devices_add_dev_dir',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir { ra_dir_perms create };
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir { ra_dir_perms create };
|
||||
')
|
||||
|
||||
define(`devices_add_dev_dir_depend',`
|
||||
type device_t;
|
||||
class dir { ra_dir_perms create };
|
||||
type device_t;
|
||||
|
||||
class dir { ra_dir_perms create };
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -96,13 +108,15 @@ class dir { ra_dir_perms create };
|
||||
# devices_ignore_get_generic_pipe_attributes(domain)
|
||||
#
|
||||
define(`devices_ignore_get_generic_pipe_attributes',`
|
||||
requires_block_template(`$0'_depend)
|
||||
dontaudit $1 device_t:fifo_file getattr;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
dontaudit $1 device_t:fifo_file getattr;
|
||||
')
|
||||
|
||||
define(`devices_ignore_get_generic_pipe_attributes_depend',`
|
||||
type device_t;
|
||||
class fifo_file getattr;
|
||||
type device_t;
|
||||
|
||||
class fifo_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -110,15 +124,17 @@ class fifo_file getattr;
|
||||
# devices_get_generic_block_device_attributes(domain)
|
||||
#
|
||||
define(`devices_get_generic_block_device_attributes',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir r_dir_perms;
|
||||
allow $1 device_t:blk_file getattr;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir r_dir_perms;
|
||||
allow $1 device_t:blk_file getattr;
|
||||
')
|
||||
|
||||
define(`devices_get_generic_block_device_attributes_depend',`
|
||||
type device_t;
|
||||
class dir r_dir_perms;
|
||||
class blk_file getattr;
|
||||
type device_t;
|
||||
|
||||
class dir r_dir_perms;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -126,13 +142,15 @@ class blk_file getattr;
|
||||
# devices_ignore_get_generic_block_device_attributes(domain)
|
||||
#
|
||||
define(`devices_ignore_get_generic_block_device_attributes',`
|
||||
requires_block_template(`$0'_depend)
|
||||
dontaudit $1 device_t:blk_file getattr;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
dontaudit $1 device_t:blk_file getattr;
|
||||
')
|
||||
|
||||
define(`devices_ignore_get_generic_block_device_attributes_depend',`
|
||||
type device_t;
|
||||
class blk_file getattr;
|
||||
type device_t;
|
||||
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -140,14 +158,16 @@ class blk_file getattr;
|
||||
# devices_manage_generic_block_device(domain)
|
||||
#
|
||||
define(`devices_manage_generic_block_device',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir rw_dir_perms;
|
||||
allow $1 device_t:blk_file create_file_perms;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir rw_dir_perms;
|
||||
allow $1 device_t:blk_file create_file_perms;
|
||||
')
|
||||
|
||||
define(`devices_manage_generic_block_device_depend',`
|
||||
type device_t;
|
||||
class blk_file create_file_perms;
|
||||
type device_t;
|
||||
|
||||
class blk_file create_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -155,17 +175,20 @@ class blk_file create_file_perms;
|
||||
# devices_add_generic_character_device(domain)
|
||||
#
|
||||
define(`devices_add_generic_character_device',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir { getattr search read write add_name };
|
||||
allow $1 device_t:chr_file create;
|
||||
allow $1 self:capability mknod;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir { getattr search read write add_name };
|
||||
allow $1 device_t:chr_file create;
|
||||
|
||||
allow $1 self:capability mknod;
|
||||
')
|
||||
|
||||
define(`devices_add_generic_character_device_depend',`
|
||||
type device_t;
|
||||
class dir { getattr search read write add_name };
|
||||
class chr_file create;
|
||||
class capability mknod;
|
||||
type device_t;
|
||||
|
||||
class dir { getattr search read write add_name };
|
||||
class chr_file create;
|
||||
class capability mknod;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -173,15 +196,17 @@ class capability mknod;
|
||||
# devices_get_generic_character_device_attributes(domain)
|
||||
#
|
||||
define(`devices_get_generic_character_device_attributes',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir r_dir_perms;
|
||||
allow $1 device_t:chr_file getattr;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir r_dir_perms;
|
||||
allow $1 device_t:chr_file getattr;
|
||||
')
|
||||
|
||||
define(`devices_get_generic_character_device_attributes_depend',`
|
||||
type device_t;
|
||||
class dir r_dir_perms;
|
||||
class chr_file getattr;
|
||||
type device_t;
|
||||
|
||||
class dir r_dir_perms;
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -189,13 +214,15 @@ class chr_file getattr;
|
||||
# devices_ignore_get_generic_character_device_attributes(domain)
|
||||
#
|
||||
define(`devices_ignore_get_generic_character_device_attributes',`
|
||||
requires_block_template(`$0'_depend)
|
||||
dontaudit $1 device_t:chr_file getattr;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
dontaudit $1 device_t:chr_file getattr;
|
||||
')
|
||||
|
||||
define(`devices_ignore_get_generic_character_device_attributes_depend',`
|
||||
type device_t;
|
||||
class chr_file getattr;
|
||||
type device_t;
|
||||
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -210,16 +237,19 @@ class chr_file getattr;
|
||||
## </interface>
|
||||
#
|
||||
define(`devices_remove_dev_symbolic_links',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir { getattr read write remove_name };
|
||||
allow $1 device_t:lnk_file unlink;
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir { getattr read write remove_name };
|
||||
allow $1 device_t:lnk_file unlink;
|
||||
')
|
||||
|
||||
define(`devices_remove_dev_symbolic_links_depend',`
|
||||
attribute device_node, memory_raw_read, memory_raw_write;
|
||||
type device_t;
|
||||
class dir { getattr read write remove_name };
|
||||
class lnk_file unlink;
|
||||
attribute device_node, memory_raw_read, memory_raw_write;
|
||||
|
||||
type device_t;
|
||||
|
||||
class dir { getattr read write remove_name };
|
||||
class lnk_file unlink;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -227,15 +257,17 @@ class lnk_file unlink;
|
||||
# devices_manage_dev_symbolic_links(domain)
|
||||
#
|
||||
define(`devices_manage_dev_symbolic_links',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
||||
requires_block_template(`$0'_depend)
|
||||
|
||||
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
||||
')
|
||||
|
||||
define(`devices_manage_dev_symbolic_links_depend',`
|
||||
type device_t;
|
||||
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||
class lnk_file { create read getattr setattr link unlink rename };
|
||||
type device_t;
|
||||
|
||||
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||
class lnk_file { create read getattr setattr link unlink rename };
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
Loading…
Reference in New Issue
Block a user