add some indentation
This commit is contained in:
Chris PeBenito
parent
d115660e3b
commit
4196997813
@ -9,8 +9,11 @@
|
|||||||
#
|
#
|
||||||
define(`devices_make_device_node',`
|
define(`devices_make_device_node',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $1 device_node;
|
typeattribute $1 device_node;
|
||||||
|
|
||||||
filesystem_associate($1)
|
filesystem_associate($1)
|
||||||
|
|
||||||
optional_policy(`distro_redhat',`
|
optional_policy(`distro_redhat',`
|
||||||
filesystem_tmpfs_associate($1)
|
filesystem_tmpfs_associate($1)
|
||||||
')
|
')
|
||||||
@ -26,6 +29,7 @@ attribute device_node;
|
|||||||
#
|
#
|
||||||
define(`devices_manage_all_devices_labels',`
|
define(`devices_manage_all_devices_labels',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_node:dir { getattr relabelfrom };
|
allow $1 device_node:dir { getattr relabelfrom };
|
||||||
allow $1 device_node:file { getattr relabelfrom };
|
allow $1 device_node:file { getattr relabelfrom };
|
||||||
allow $1 device_node:lnk_file { getattr relabelfrom };
|
allow $1 device_node:lnk_file { getattr relabelfrom };
|
||||||
@ -37,7 +41,9 @@ allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
|
|||||||
|
|
||||||
define(`devices_manage_all_devices_labels_depend',`
|
define(`devices_manage_all_devices_labels_depend',`
|
||||||
attribute device_node;
|
attribute device_node;
|
||||||
|
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir { getattr relabelfrom };
|
class dir { getattr relabelfrom };
|
||||||
class file { getattr relabelfrom };
|
class file { getattr relabelfrom };
|
||||||
class lnk_file { getattr relabelfrom };
|
class lnk_file { getattr relabelfrom };
|
||||||
@ -53,12 +59,14 @@ class chr_file { getattr relabelfrom relabelto };
|
|||||||
#
|
#
|
||||||
define(`devices_list_device_nodes',`
|
define(`devices_list_device_nodes',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_t:lnk_file { getattr read };
|
allow $1 device_t:lnk_file { getattr read };
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_list_device_nodes_depend',`
|
define(`devices_list_device_nodes_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir r_dir_perms;
|
class dir r_dir_perms;
|
||||||
class lnk_file { getattr read };
|
class lnk_file { getattr read };
|
||||||
')
|
')
|
||||||
@ -69,11 +77,13 @@ class lnk_file { getattr read };
|
|||||||
#
|
#
|
||||||
define(`devices_ignore_list_device_nodes',`
|
define(`devices_ignore_list_device_nodes',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:dir r_dir_perms;
|
dontaudit $1 device_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_ignore_list_device_nodes_depend',`
|
define(`devices_ignore_list_device_nodes_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir r_dir_perms;
|
class dir r_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -83,11 +93,13 @@ class dir r_dir_perms;
|
|||||||
#
|
#
|
||||||
define(`devices_add_dev_dir',`
|
define(`devices_add_dev_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { ra_dir_perms create };
|
allow $1 device_t:dir { ra_dir_perms create };
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_add_dev_dir_depend',`
|
define(`devices_add_dev_dir_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir { ra_dir_perms create };
|
class dir { ra_dir_perms create };
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -97,11 +109,13 @@ class dir { ra_dir_perms create };
|
|||||||
#
|
#
|
||||||
define(`devices_ignore_get_generic_pipe_attributes',`
|
define(`devices_ignore_get_generic_pipe_attributes',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:fifo_file getattr;
|
dontaudit $1 device_t:fifo_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_ignore_get_generic_pipe_attributes_depend',`
|
define(`devices_ignore_get_generic_pipe_attributes_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class fifo_file getattr;
|
class fifo_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -111,12 +125,14 @@ class fifo_file getattr;
|
|||||||
#
|
#
|
||||||
define(`devices_get_generic_block_device_attributes',`
|
define(`devices_get_generic_block_device_attributes',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_t:blk_file getattr;
|
allow $1 device_t:blk_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_get_generic_block_device_attributes_depend',`
|
define(`devices_get_generic_block_device_attributes_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir r_dir_perms;
|
class dir r_dir_perms;
|
||||||
class blk_file getattr;
|
class blk_file getattr;
|
||||||
')
|
')
|
||||||
@ -127,11 +143,13 @@ class blk_file getattr;
|
|||||||
#
|
#
|
||||||
define(`devices_ignore_get_generic_block_device_attributes',`
|
define(`devices_ignore_get_generic_block_device_attributes',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:blk_file getattr;
|
dontaudit $1 device_t:blk_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_ignore_get_generic_block_device_attributes_depend',`
|
define(`devices_ignore_get_generic_block_device_attributes_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class blk_file getattr;
|
class blk_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -141,12 +159,14 @@ class blk_file getattr;
|
|||||||
#
|
#
|
||||||
define(`devices_manage_generic_block_device',`
|
define(`devices_manage_generic_block_device',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir rw_dir_perms;
|
allow $1 device_t:dir rw_dir_perms;
|
||||||
allow $1 device_t:blk_file create_file_perms;
|
allow $1 device_t:blk_file create_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_manage_generic_block_device_depend',`
|
define(`devices_manage_generic_block_device_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class blk_file create_file_perms;
|
class blk_file create_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -156,13 +176,16 @@ class blk_file create_file_perms;
|
|||||||
#
|
#
|
||||||
define(`devices_add_generic_character_device',`
|
define(`devices_add_generic_character_device',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { getattr search read write add_name };
|
allow $1 device_t:dir { getattr search read write add_name };
|
||||||
allow $1 device_t:chr_file create;
|
allow $1 device_t:chr_file create;
|
||||||
|
|
||||||
allow $1 self:capability mknod;
|
allow $1 self:capability mknod;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_add_generic_character_device_depend',`
|
define(`devices_add_generic_character_device_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir { getattr search read write add_name };
|
class dir { getattr search read write add_name };
|
||||||
class chr_file create;
|
class chr_file create;
|
||||||
class capability mknod;
|
class capability mknod;
|
||||||
@ -174,12 +197,14 @@ class capability mknod;
|
|||||||
#
|
#
|
||||||
define(`devices_get_generic_character_device_attributes',`
|
define(`devices_get_generic_character_device_attributes',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_t:chr_file getattr;
|
allow $1 device_t:chr_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_get_generic_character_device_attributes_depend',`
|
define(`devices_get_generic_character_device_attributes_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir r_dir_perms;
|
class dir r_dir_perms;
|
||||||
class chr_file getattr;
|
class chr_file getattr;
|
||||||
')
|
')
|
||||||
@ -190,11 +215,13 @@ class chr_file getattr;
|
|||||||
#
|
#
|
||||||
define(`devices_ignore_get_generic_character_device_attributes',`
|
define(`devices_ignore_get_generic_character_device_attributes',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:chr_file getattr;
|
dontaudit $1 device_t:chr_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_ignore_get_generic_character_device_attributes_depend',`
|
define(`devices_ignore_get_generic_character_device_attributes_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class chr_file getattr;
|
class chr_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -211,13 +238,16 @@ class chr_file getattr;
|
|||||||
#
|
#
|
||||||
define(`devices_remove_dev_symbolic_links',`
|
define(`devices_remove_dev_symbolic_links',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { getattr read write remove_name };
|
allow $1 device_t:dir { getattr read write remove_name };
|
||||||
allow $1 device_t:lnk_file unlink;
|
allow $1 device_t:lnk_file unlink;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_remove_dev_symbolic_links_depend',`
|
define(`devices_remove_dev_symbolic_links_depend',`
|
||||||
attribute device_node, memory_raw_read, memory_raw_write;
|
attribute device_node, memory_raw_read, memory_raw_write;
|
||||||
|
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir { getattr read write remove_name };
|
class dir { getattr read write remove_name };
|
||||||
class lnk_file unlink;
|
class lnk_file unlink;
|
||||||
')
|
')
|
||||||
@ -228,12 +258,14 @@ class lnk_file unlink;
|
|||||||
#
|
#
|
||||||
define(`devices_manage_dev_symbolic_links',`
|
define(`devices_manage_dev_symbolic_links',`
|
||||||
requires_block_template(`$0'_depend)
|
requires_block_template(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||||
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`devices_manage_dev_symbolic_links_depend',`
|
define(`devices_manage_dev_symbolic_links_depend',`
|
||||||
type device_t;
|
type device_t;
|
||||||
|
|
||||||
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||||
class lnk_file { create read getattr setattr link unlink rename };
|
class lnk_file { create read getattr setattr link unlink rename };
|
||||||
')
|
')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user