remove all class remaining lines with kernel object classes.
This commit is contained in:
parent
9d5606edf5
commit
6ada253855
@ -11,9 +11,6 @@
|
||||
interface(`acct_domtrans',`
|
||||
gen_require(`
|
||||
type acct_t, acct_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -72,9 +69,6 @@ interface(`acct_exec_data',`
|
||||
interface(`acct_manage_data',`
|
||||
gen_require(`
|
||||
type acct_data_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
|
@ -13,9 +13,6 @@
|
||||
interface(`consoletype_domtrans',`
|
||||
gen_require(`
|
||||
type consoletype_t, consoletype_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`kudzu_domtrans',`
|
||||
gen_require(`
|
||||
type kudzu_t, kudzu_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,kudzu_exec_t,kudzu_t)
|
||||
@ -42,7 +39,6 @@ interface(`kudzu_domtrans',`
|
||||
interface(`kudzu_run',`
|
||||
gen_require(`
|
||||
type kudzu_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
kudzu_domtrans($1)
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`netutils_domtrans',`
|
||||
gen_require(`
|
||||
type netutils_t, netutils_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,netutils_exec_t,netutils_t)
|
||||
@ -42,7 +39,6 @@ interface(`netutils_domtrans',`
|
||||
interface(`netutils_run',`
|
||||
gen_require(`
|
||||
type netutils_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
netutils_domtrans($1)
|
||||
@ -77,9 +73,6 @@ interface(`netutils_exec',`
|
||||
interface(`netutils_domtrans_ping',`
|
||||
gen_require(`
|
||||
type ping_t, ping_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,ping_exec_t,ping_t)
|
||||
@ -171,9 +164,6 @@ interface(`netutils_exec_ping',`
|
||||
interface(`netutils_domtrans_traceroute',`
|
||||
gen_require(`
|
||||
type traceroute_t, traceroute_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,traceroute_exec_t,traceroute_t)
|
||||
@ -202,7 +192,6 @@ interface(`netutils_domtrans_traceroute',`
|
||||
interface(`netutils_run_traceroute',`
|
||||
gen_require(`
|
||||
type traceroute_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
netutils_domtrans_traceroute($1)
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`quota_domtrans',`
|
||||
gen_require(`
|
||||
type quota_t, quota_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,quota_exec_t,quota_t)
|
||||
@ -42,7 +39,6 @@ interface(`quota_domtrans',`
|
||||
interface(`quota_run',`
|
||||
gen_require(`
|
||||
type quota_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
quota_domtrans($1)
|
||||
@ -62,7 +58,6 @@ interface(`quota_run',`
|
||||
interface(`quota_dontaudit_getattr_db',`
|
||||
gen_require(`
|
||||
type quota_db_t;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 quota_db_t:file getattr;
|
||||
@ -71,8 +66,6 @@ interface(`quota_dontaudit_getattr_db',`
|
||||
interface(`quota_manage_flags',`
|
||||
gen_require(`
|
||||
type quota_flag_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`rpm_domtrans',`
|
||||
gen_require(`
|
||||
type rpm_t, rpm_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -65,7 +62,6 @@ interface(`rpm_script_domtrans',`
|
||||
interface(`rpm_run',`
|
||||
gen_require(`
|
||||
type rpm_t, rpm_script_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
rpm_domtrans($1)
|
||||
@ -86,7 +82,6 @@ interface(`rpm_run',`
|
||||
interface(`rpm_use_fd',`
|
||||
gen_require(`
|
||||
type rpm_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 rpm_t:fd use;
|
||||
@ -103,7 +98,6 @@ interface(`rpm_use_fd',`
|
||||
interface(`rpm_read_pipe',`
|
||||
gen_require(`
|
||||
type rpm_t;
|
||||
class fifo_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 rpm_t:fifo_file r_file_perms;
|
||||
@ -120,7 +114,6 @@ interface(`rpm_read_pipe',`
|
||||
interface(`rpm_rw_pipe',`
|
||||
gen_require(`
|
||||
type rpm_t;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 rpm_t:fifo_file rw_file_perms;
|
||||
@ -137,7 +130,6 @@ interface(`rpm_rw_pipe',`
|
||||
interface(`rpm_manage_log',`
|
||||
gen_require(`
|
||||
type rpm_log_t;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
logging_rw_log_dir($1)
|
||||
@ -155,7 +147,6 @@ interface(`rpm_manage_log',`
|
||||
interface(`rpm_use_script_fd',`
|
||||
gen_require(`
|
||||
type rpm_script_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 rpm_script_t:fd use;
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`usermanage_domtrans_chfn',`
|
||||
gen_require(`
|
||||
type chfn_t, chfn_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -44,7 +41,6 @@ interface(`usermanage_domtrans_chfn',`
|
||||
interface(`usermanage_run_chfn',`
|
||||
gen_require(`
|
||||
type chfn_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
usermanage_domtrans_chfn($1)
|
||||
@ -63,9 +59,6 @@ interface(`usermanage_run_chfn',`
|
||||
interface(`usermanage_domtrans_groupadd',`
|
||||
gen_require(`
|
||||
type groupadd_t, groupadd_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -96,7 +89,6 @@ interface(`usermanage_domtrans_groupadd',`
|
||||
interface(`usermanage_run_groupadd',`
|
||||
gen_require(`
|
||||
type groupadd_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
usermanage_domtrans_groupadd($1)
|
||||
@ -115,9 +107,6 @@ interface(`usermanage_run_groupadd',`
|
||||
interface(`usermanage_domtrans_passwd',`
|
||||
gen_require(`
|
||||
type passwd_t, passwd_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -148,7 +137,6 @@ interface(`usermanage_domtrans_passwd',`
|
||||
interface(`usermanage_run_passwd',`
|
||||
gen_require(`
|
||||
type passwd_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
usermanage_domtrans_passwd($1)
|
||||
@ -217,9 +205,6 @@ interface(`usermanage_run_admin_passwd',`
|
||||
interface(`usermanage_domtrans_useradd',`
|
||||
gen_require(`
|
||||
type useradd_t, useradd_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -250,7 +235,6 @@ interface(`usermanage_domtrans_useradd',`
|
||||
interface(`usermanage_run_useradd',`
|
||||
gen_require(`
|
||||
type useradd_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
usermanage_domtrans_useradd($1)
|
||||
@ -269,7 +253,6 @@ interface(`usermanage_run_useradd',`
|
||||
interface(`usermanage_read_crack_db',`
|
||||
gen_require(`
|
||||
type crack_db_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 crack_db_t:file r_file_perms;
|
||||
|
@ -59,7 +59,6 @@ interface(`corecmd_shell_entry_type',`
|
||||
interface(`corecmd_search_bin',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir search;
|
||||
@ -72,7 +71,6 @@ interface(`corecmd_search_bin',`
|
||||
interface(`corecmd_list_bin',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir r_dir_perms;
|
||||
@ -89,7 +87,6 @@ interface(`corecmd_list_bin',`
|
||||
interface(`corecmd_getattr_bin_file',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
allow $1 bin_t:file getattr;
|
||||
@ -106,8 +103,6 @@ interface(`corecmd_getattr_bin_file',`
|
||||
interface(`corecmd_read_bin_file',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class dir search;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir search;
|
||||
@ -125,8 +120,6 @@ interface(`corecmd_read_bin_file',`
|
||||
interface(`corecmd_read_bin_symlink',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class dir search;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir search;
|
||||
@ -144,8 +137,6 @@ interface(`corecmd_read_bin_symlink',`
|
||||
interface(`corecmd_read_bin_pipe',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class dir search;
|
||||
class fifo_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir search;
|
||||
@ -163,8 +154,6 @@ interface(`corecmd_read_bin_pipe',`
|
||||
interface(`corecmd_read_bin_socket',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class dir search;
|
||||
class sock_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir search;
|
||||
@ -178,8 +167,6 @@ interface(`corecmd_read_bin_socket',`
|
||||
interface(`corecmd_exec_bin',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir r_dir_perms;
|
||||
@ -357,7 +344,6 @@ interface(`corecmd_dontaudit_search_sbin',`
|
||||
interface(`corecmd_list_sbin',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 sbin_t:dir r_dir_perms;
|
||||
@ -370,7 +356,6 @@ interface(`corecmd_list_sbin',`
|
||||
interface(`corecmd_getattr_sbin_file',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
allow $1 sbin_t:file getattr;
|
||||
@ -383,7 +368,6 @@ interface(`corecmd_getattr_sbin_file',`
|
||||
interface(`corecmd_dontaudit_getattr_sbin_file',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 sbin_t:file getattr;
|
||||
@ -400,8 +384,6 @@ interface(`corecmd_dontaudit_getattr_sbin_file',`
|
||||
interface(`corecmd_read_sbin_file',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class dir search;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 sbin_t:dir search;
|
||||
@ -419,8 +401,6 @@ interface(`corecmd_read_sbin_file',`
|
||||
interface(`corecmd_read_sbin_symlink',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class dir search;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 sbin_t:dir search;
|
||||
@ -438,8 +418,6 @@ interface(`corecmd_read_sbin_symlink',`
|
||||
interface(`corecmd_read_sbin_pipe',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class dir search;
|
||||
class fifo_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 sbin_t:dir search;
|
||||
@ -457,8 +435,6 @@ interface(`corecmd_read_sbin_pipe',`
|
||||
interface(`corecmd_read_sbin_socket',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class dir search;
|
||||
class sock_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 sbin_t:dir search;
|
||||
@ -472,8 +448,6 @@ interface(`corecmd_read_sbin_socket',`
|
||||
interface(`corecmd_exec_sbin',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 sbin_t:dir r_dir_perms;
|
||||
@ -568,8 +542,6 @@ interface(`corecmd_mmap_sbin_files',`
|
||||
interface(`corecmd_sbin_domtrans',`
|
||||
gen_require(`
|
||||
type sbin_t;
|
||||
class dir search;
|
||||
class lnk_file { getattr read };
|
||||
')
|
||||
|
||||
allow $1 sbin_t:dir search;
|
||||
@ -740,7 +712,6 @@ interface(`corecmd_shell_domtrans',`
|
||||
interface(`corecmd_exec_chroot',`
|
||||
gen_require(`
|
||||
type chroot_exec_t;
|
||||
class capability sys_chroot;
|
||||
')
|
||||
|
||||
can_exec($1,chroot_exec_t)
|
||||
|
@ -24,10 +24,6 @@
|
||||
interface(`domain_base_type',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
class file rw_file_perms;
|
||||
class process { fork sigchld };
|
||||
')
|
||||
|
||||
# mark as a domain
|
||||
@ -121,7 +117,6 @@ interface(`domain_type',`
|
||||
interface(`domain_entry_file',`
|
||||
gen_require(`
|
||||
attribute entry_type;
|
||||
class file entrypoint;
|
||||
')
|
||||
|
||||
files_type($2)
|
||||
@ -331,7 +326,6 @@ interface(`domain_cron_exemption_target',`
|
||||
interface(`domain_use_wide_inherit_fd',`
|
||||
gen_require(`
|
||||
attribute privfd;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 privfd:fd use;
|
||||
@ -344,7 +338,6 @@ interface(`domain_use_wide_inherit_fd',`
|
||||
interface(`domain_dontaudit_use_wide_inherit_fd',`
|
||||
gen_require(`
|
||||
attribute privfd;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
dontaudit $1 privfd:fd use;
|
||||
@ -375,7 +368,6 @@ interface(`domain_sigchld_wide_inherit_fd',`
|
||||
interface(`domain_setpriority_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process setsched;
|
||||
')
|
||||
|
||||
allow $1 domain:process setsched;
|
||||
@ -392,7 +384,6 @@ interface(`domain_setpriority_all_domains',`
|
||||
interface(`domain_signal_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process signal;
|
||||
')
|
||||
|
||||
allow $1 domain:process signal;
|
||||
@ -409,7 +400,6 @@ interface(`domain_signal_all_domains',`
|
||||
interface(`domain_signull_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process signull;
|
||||
')
|
||||
|
||||
allow $1 domain:process signull;
|
||||
@ -426,7 +416,6 @@ interface(`domain_signull_all_domains',`
|
||||
interface(`domain_sigstop_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process sigstop;
|
||||
')
|
||||
|
||||
allow $1 domain:process sigstop;
|
||||
@ -443,7 +432,6 @@ interface(`domain_sigstop_all_domains',`
|
||||
interface(`domain_sigchld_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
allow $1 domain:process sigchld;
|
||||
@ -460,8 +448,6 @@ interface(`domain_sigchld_all_domains',`
|
||||
interface(`domain_kill_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process sigkill;
|
||||
class capability kill;
|
||||
')
|
||||
|
||||
allow $1 domain:process sigkill;
|
||||
@ -479,7 +465,6 @@ interface(`domain_kill_all_domains',`
|
||||
interface(`domain_search_all_domains_state',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
kernel_search_proc($1)
|
||||
@ -514,9 +499,6 @@ interface(`domain_dontaudit_search_all_domains_state',`
|
||||
interface(`domain_read_all_domains_state',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
kernel_search_proc($1)
|
||||
@ -536,7 +518,6 @@ interface(`domain_read_all_domains_state',`
|
||||
interface(`domain_getattr_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process getattr;
|
||||
')
|
||||
|
||||
allow $1 domain:process getattr;
|
||||
@ -591,7 +572,6 @@ interface(`domain_read_confined_domains_state',`
|
||||
interface(`domain_getattr_confined_domains',`
|
||||
gen_require(`
|
||||
attribute domain, unconfined_domain;
|
||||
class process getattr;
|
||||
')
|
||||
|
||||
allow $1 { domain -unconfined_domain }:process getattr;
|
||||
@ -661,7 +641,6 @@ interface(`domain_dontaudit_ptrace_all_domains',`
|
||||
interface(`domain_dontaudit_ptrace_confined_domains',`
|
||||
gen_require(`
|
||||
attribute domain, unconfined_domain;
|
||||
class process ptrace;
|
||||
')
|
||||
|
||||
dontaudit $1 { domain -unconfined_domain }:process ptrace;
|
||||
@ -702,7 +681,6 @@ interface(`domain_dontaudit_read_all_domains_state',`
|
||||
interface(`domain_dontaudit_list_all_domains_proc',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:dir r_dir_perms;
|
||||
@ -719,7 +697,6 @@ interface(`domain_dontaudit_list_all_domains_proc',`
|
||||
interface(`domain_getsession_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process getsession;
|
||||
')
|
||||
|
||||
allow $1 domain:process getsession;
|
||||
@ -737,7 +714,6 @@ interface(`domain_getsession_all_domains',`
|
||||
interface(`domain_dontaudit_getsession_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class process getsession;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:process getsession;
|
||||
@ -809,7 +785,6 @@ interface(`domain_dontaudit_getattr_all_sockets',`
|
||||
interface(`domain_dontaudit_getattr_all_tcp_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class tcp_socket getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:tcp_socket getattr;
|
||||
@ -827,7 +802,6 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
|
||||
interface(`domain_dontaudit_getattr_all_udp_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class udp_socket getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:udp_socket getattr;
|
||||
@ -845,7 +819,6 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
|
||||
interface(`domain_dontaudit_rw_all_udp_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class udp_socket { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 domain:udp_socket { read write };
|
||||
@ -914,7 +887,6 @@ interface(`domain_dontaudit_getattr_all_raw_sockets',`
|
||||
interface(`domain_dontaudit_rw_all_key_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class key_socket { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 domain:key_socket { read write };
|
||||
@ -966,7 +938,6 @@ interface(`domain_dontaudit_getattr_all_stream_sockets',`
|
||||
interface(`domain_dontaudit_getattr_all_pipes',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class fifo_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:fifo_file getattr;
|
||||
@ -984,8 +955,6 @@ interface(`domain_dontaudit_getattr_all_pipes',`
|
||||
interface(`domain_getattr_all_entry_files',`
|
||||
gen_require(`
|
||||
attribute entry_type;
|
||||
class file getattr;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 entry_type:lnk_file getattr;
|
||||
@ -999,8 +968,6 @@ interface(`domain_getattr_all_entry_files',`
|
||||
interface(`domain_read_all_entry_files',`
|
||||
gen_require(`
|
||||
attribute entry_type;
|
||||
class file r_file_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 entry_type:lnk_file r_file_perms;
|
||||
|
@ -252,7 +252,6 @@ interface(`files_tmpfs_file',`
|
||||
interface(`files_getattr_all_dirs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir { getattr search };
|
||||
')
|
||||
|
||||
allow $1 file_type:dir { getattr search };
|
||||
@ -270,7 +269,6 @@ interface(`files_getattr_all_dirs',`
|
||||
interface(`files_dontaudit_getattr_all_dirs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 file_type:dir getattr;
|
||||
@ -423,8 +421,6 @@ interface(`files_dontaudit_getattr_non_security_files',`
|
||||
interface(`files_read_all_files',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir search;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 file_type:dir search;
|
||||
@ -531,8 +527,6 @@ interface(`files_read_all_symlinks_except',`
|
||||
interface(`files_getattr_all_symlinks',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir search;
|
||||
class lnk_file getattr;
|
||||
')
|
||||
|
||||
allow $1 file_type:dir search;
|
||||
@ -551,7 +545,6 @@ interface(`files_getattr_all_symlinks',`
|
||||
interface(`files_dontaudit_getattr_all_symlinks',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class lnk_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 file_type:lnk_file getattr;
|
||||
@ -619,8 +612,6 @@ interface(`files_dontaudit_getattr_non_security_chr_dev',`
|
||||
interface(`files_read_all_symlinks',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir search;
|
||||
class lnk_file { getattr read };
|
||||
')
|
||||
|
||||
allow $1 file_type:dir search;
|
||||
@ -638,8 +629,6 @@ interface(`files_read_all_symlinks',`
|
||||
interface(`files_getattr_all_pipes',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir search;
|
||||
class fifo_file getattr;
|
||||
')
|
||||
|
||||
allow $1 file_type:dir search;
|
||||
@ -658,7 +647,6 @@ interface(`files_getattr_all_pipes',`
|
||||
interface(`files_dontaudit_getattr_all_pipes',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class fifo_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 file_type:fifo_file getattr;
|
||||
@ -692,8 +680,6 @@ interface(`files_dontaudit_getattr_non_security_pipes',`
|
||||
interface(`files_getattr_all_sockets',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir search;
|
||||
class sock_file getattr;
|
||||
')
|
||||
|
||||
allow $1 file_type:dir search;
|
||||
@ -712,7 +698,6 @@ interface(`files_getattr_all_sockets',`
|
||||
interface(`files_dontaudit_getattr_all_sockets',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class sock_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 file_type:sock_file getattr;
|
||||
@ -785,13 +770,6 @@ interface(`files_read_all_chr_nodes',`
|
||||
interface(`files_relabel_all_files',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir { r_dir_perms relabelfrom relabelto };
|
||||
class file { relabelfrom relabelto };
|
||||
class lnk_file { relabelfrom relabelto };
|
||||
class fifo_file { relabelfrom relabelto };
|
||||
class sock_file { relabelfrom relabelto };
|
||||
class blk_file relabelfrom;
|
||||
class chr_file relabelfrom;
|
||||
')
|
||||
|
||||
allow $1 { file_type $2 }:dir { r_dir_perms relabelfrom relabelto };
|
||||
@ -822,11 +800,6 @@ interface(`files_relabel_all_files',`
|
||||
interface(`files_manage_all_files',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir create_dir_perms;
|
||||
class file create_file_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
class fifo_file create_file_perms;
|
||||
class sock_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 { file_type $2 }:dir create_dir_perms;
|
||||
@ -847,7 +820,6 @@ interface(`files_manage_all_files',`
|
||||
interface(`files_search_all_dirs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 file_type:dir search;
|
||||
@ -860,7 +832,6 @@ interface(`files_search_all_dirs',`
|
||||
interface(`files_list_all_dirs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 file_type:dir r_dir_perms;
|
||||
@ -873,7 +844,6 @@ interface(`files_list_all_dirs',`
|
||||
interface(`files_dontaudit_search_all_dirs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
dontaudit $1 file_type:dir search;
|
||||
@ -886,7 +856,6 @@ interface(`files_dontaudit_search_all_dirs',`
|
||||
interface(`files_relabelto_all_file_type_fs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class filesystem relabelto;
|
||||
')
|
||||
|
||||
allow $1 file_type:filesystem relabelto;
|
||||
@ -899,7 +868,6 @@ interface(`files_relabelto_all_file_type_fs',`
|
||||
interface(`files_mount_all_file_type_fs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 file_type:filesystem mount;
|
||||
@ -912,7 +880,6 @@ interface(`files_mount_all_file_type_fs',`
|
||||
interface(`files_unmount_all_file_type_fs',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 file_type:filesystem unmount;
|
||||
@ -925,8 +892,6 @@ interface(`files_unmount_all_file_type_fs',`
|
||||
interface(`files_mounton_all_mountpoints',`
|
||||
gen_require(`
|
||||
attribute mountpoint;
|
||||
class dir { getattr search mounton };
|
||||
class file { getattr mounton };
|
||||
')
|
||||
|
||||
allow $1 mountpoint:dir { getattr search mounton };
|
||||
@ -940,8 +905,6 @@ interface(`files_mounton_all_mountpoints',`
|
||||
interface(`files_list_root',`
|
||||
gen_require(`
|
||||
type root_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 root_t:dir r_dir_perms;
|
||||
@ -967,7 +930,6 @@ interface(`files_list_root',`
|
||||
interface(`files_filetrans_root',`
|
||||
gen_require(`
|
||||
type root_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 root_t:dir rw_dir_perms;
|
||||
@ -998,7 +960,6 @@ interface(`files_dontaudit_read_root_file',`
|
||||
interface(`files_dontaudit_rw_root_file',`
|
||||
gen_require(`
|
||||
type root_t;
|
||||
class file { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 root_t:file { read write };
|
||||
@ -1011,7 +972,6 @@ interface(`files_dontaudit_rw_root_file',`
|
||||
interface(`files_dontaudit_rw_root_chr_dev',`
|
||||
gen_require(`
|
||||
type root_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 root_t:chr_file { read write };
|
||||
@ -1024,7 +984,6 @@ interface(`files_dontaudit_rw_root_chr_dev',`
|
||||
interface(`files_delete_root_dir_entry',`
|
||||
gen_require(`
|
||||
type root_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 root_t:dir rw_dir_perms;
|
||||
@ -1037,7 +996,6 @@ interface(`files_delete_root_dir_entry',`
|
||||
interface(`files_unmount_rootfs',`
|
||||
gen_require(`
|
||||
type root_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 root_t:filesystem unmount;
|
||||
@ -1202,7 +1160,6 @@ interface(`files_dontaudit_read_default_files',`
|
||||
interface(`files_read_default_symlinks',`
|
||||
gen_require(`
|
||||
type default_t;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 default_t:lnk_file r_file_perms;
|
||||
@ -1219,7 +1176,6 @@ interface(`files_read_default_symlinks',`
|
||||
interface(`files_read_default_sockets',`
|
||||
gen_require(`
|
||||
type default_t;
|
||||
class sock_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 default_t:sock_file r_file_perms;
|
||||
@ -1236,7 +1192,6 @@ interface(`files_read_default_sockets',`
|
||||
interface(`files_read_default_pipes',`
|
||||
gen_require(`
|
||||
type default_t;
|
||||
class fifo_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 default_t:fifo_file r_file_perms;
|
||||
@ -1249,7 +1204,6 @@ interface(`files_read_default_pipes',`
|
||||
interface(`files_search_etc',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir search;
|
||||
@ -1266,7 +1220,6 @@ interface(`files_search_etc',`
|
||||
interface(`files_setattr_etc_dir',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir setattr;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir setattr;
|
||||
@ -1279,7 +1232,6 @@ interface(`files_setattr_etc_dir',`
|
||||
interface(`files_list_etc',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir r_dir_perms;
|
||||
@ -1292,9 +1244,6 @@ interface(`files_list_etc',`
|
||||
interface(`files_read_etc_files',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir r_dir_perms;
|
||||
@ -1309,9 +1258,6 @@ interface(`files_read_etc_files',`
|
||||
interface(`files_rw_etc_files',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir r_dir_perms;
|
||||
class file rw_file_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir r_dir_perms;
|
||||
@ -1326,9 +1272,6 @@ interface(`files_rw_etc_files',`
|
||||
interface(`files_manage_etc_files',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir rw_dir_perms;
|
||||
@ -1347,8 +1290,6 @@ interface(`files_manage_etc_files',`
|
||||
interface(`files_delete_etc_files',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir rw_dir_perms;
|
||||
class file unlink;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir rw_dir_perms;
|
||||
@ -1362,8 +1303,6 @@ interface(`files_delete_etc_files',`
|
||||
interface(`files_exec_etc_files',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir r_dir_perms;
|
||||
@ -1398,8 +1337,6 @@ interface(`files_relabel_etc_files',`
|
||||
interface(`files_create_boot_flag',`
|
||||
gen_require(`
|
||||
type root_t, etc_runtime_t;
|
||||
class dir rw_dir_perms;
|
||||
class file { create read write setattr unlink};
|
||||
')
|
||||
|
||||
allow $1 root_t:dir rw_dir_perms;
|
||||
@ -1439,7 +1376,6 @@ interface(`files_read_etc_runtime_files',`
|
||||
interface(`files_dontaudit_read_etc_runtime_files',`
|
||||
gen_require(`
|
||||
type etc_runtime_t;
|
||||
class file { getattr read };
|
||||
')
|
||||
|
||||
dontaudit $1 etc_runtime_t:file { getattr read };
|
||||
@ -1457,8 +1393,6 @@ interface(`files_dontaudit_read_etc_runtime_files',`
|
||||
interface(`files_rw_etc_runtime_files',`
|
||||
gen_require(`
|
||||
type etc_t, etc_runtime_t;
|
||||
class dir r_dir_perms;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir r_dir_perms;
|
||||
@ -1478,8 +1412,6 @@ interface(`files_rw_etc_runtime_files',`
|
||||
interface(`files_manage_etc_runtime_files',`
|
||||
gen_require(`
|
||||
type etc_t, etc_runtime_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir rw_dir_perms;
|
||||
@ -1494,7 +1426,6 @@ interface(`files_manage_etc_runtime_files',`
|
||||
interface(`files_filetrans_etc',`
|
||||
gen_require(`
|
||||
type etc_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 etc_t:dir rw_dir_perms;
|
||||
@ -1551,7 +1482,6 @@ interface(`files_dontaudit_search_isid_type_dir',`
|
||||
interface(`files_list_isid_type_dir',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir r_dir_perms;
|
||||
@ -1569,7 +1499,6 @@ interface(`files_list_isid_type_dir',`
|
||||
interface(`files_rw_isid_type_dir',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir rw_dir_perms;
|
||||
@ -1587,7 +1516,6 @@ interface(`files_rw_isid_type_dir',`
|
||||
interface(`files_manage_isid_type_dir',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir create_dir_perms;
|
||||
@ -1605,7 +1533,6 @@ interface(`files_manage_isid_type_dir',`
|
||||
interface(`files_mounton_isid_type_dir',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir { getattr search mounton };
|
||||
')
|
||||
|
||||
allow $1 file_t:dir { getattr search mounton };
|
||||
@ -1623,8 +1550,6 @@ interface(`files_mounton_isid_type_dir',`
|
||||
interface(`files_read_isid_type_file',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir search;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir search;
|
||||
@ -1643,8 +1568,6 @@ interface(`files_read_isid_type_file',`
|
||||
interface(`files_manage_isid_type_file',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir rw_dir_perms;
|
||||
@ -1663,8 +1586,6 @@ interface(`files_manage_isid_type_file',`
|
||||
interface(`files_manage_isid_type_symlink',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir rw_dir_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir rw_dir_perms;
|
||||
@ -1683,8 +1604,6 @@ interface(`files_manage_isid_type_symlink',`
|
||||
interface(`files_rw_isid_type_blk_node',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir search;
|
||||
class blk_file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir search;
|
||||
@ -1703,8 +1622,6 @@ interface(`files_rw_isid_type_blk_node',`
|
||||
interface(`files_manage_isid_type_blk_node',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir rw_dir_perms;
|
||||
class blk_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir rw_dir_perms;
|
||||
@ -1723,8 +1640,6 @@ interface(`files_manage_isid_type_blk_node',`
|
||||
interface(`files_manage_isid_type_chr_node',`
|
||||
gen_require(`
|
||||
type file_t;
|
||||
class dir rw_dir_perms;
|
||||
class chr_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 file_t:dir rw_dir_perms;
|
||||
@ -1827,7 +1742,6 @@ interface(`files_dontaudit_list_home',`
|
||||
interface(`files_list_home',`
|
||||
gen_require(`
|
||||
type home_root_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 home_root_t:dir r_dir_perms;
|
||||
@ -1875,11 +1789,6 @@ interface(`files_filetrans_home',`
|
||||
interface(`files_manage_lost_found',`
|
||||
gen_require(`
|
||||
type lost_found_t;
|
||||
class dir create_dir_perms;
|
||||
class file create_file_perms;
|
||||
class sock_file create_file_perms;
|
||||
class fifo_file create_file_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
allow $1 lost_found_t:dir create_dir_perms;
|
||||
@ -1908,7 +1817,6 @@ interface(`files_search_mnt',`
|
||||
interface(`files_list_mnt',`
|
||||
gen_require(`
|
||||
type mnt_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 mnt_t:dir r_dir_perms;
|
||||
@ -1925,7 +1833,6 @@ interface(`files_list_mnt',`
|
||||
interface(`files_mounton_mnt',`
|
||||
gen_require(`
|
||||
type mnt_t;
|
||||
class dir { search mounton };
|
||||
')
|
||||
|
||||
allow $1 mnt_t:dir { search mounton };
|
||||
@ -1942,7 +1849,6 @@ interface(`files_mounton_mnt',`
|
||||
interface(`files_manage_mnt_dirs',`
|
||||
gen_require(`
|
||||
type mnt_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 mnt_t:dir create_dir_perms;
|
||||
@ -1959,8 +1865,6 @@ interface(`files_manage_mnt_dirs',`
|
||||
interface(`files_manage_mnt_files',`
|
||||
gen_require(`
|
||||
type mnt_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 mnt_t:dir rw_dir_perms;
|
||||
@ -1978,8 +1882,6 @@ interface(`files_manage_mnt_files',`
|
||||
interface(`files_manage_mnt_symlinks',`
|
||||
gen_require(`
|
||||
type mnt_t;
|
||||
class dir rw_dir_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
allow $1 mnt_t:dir rw_dir_perms;
|
||||
@ -1997,7 +1899,6 @@ interface(`files_manage_mnt_symlinks',`
|
||||
interface(`files_list_world_readable',`
|
||||
gen_require(`
|
||||
type readable_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 readable_t:dir r_dir_perms;
|
||||
@ -2014,7 +1915,6 @@ interface(`files_list_world_readable',`
|
||||
interface(`files_read_world_readable_files',`
|
||||
gen_require(`
|
||||
type readable_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 readable_t:file r_file_perms;
|
||||
@ -2031,7 +1931,6 @@ interface(`files_read_world_readable_files',`
|
||||
interface(`files_read_world_readable_symlinks',`
|
||||
gen_require(`
|
||||
type readable_t;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 readable_t:lnk_file r_file_perms;
|
||||
@ -2048,7 +1947,6 @@ interface(`files_read_world_readable_symlinks',`
|
||||
interface(`files_read_world_readable_pipes',`
|
||||
gen_require(`
|
||||
type readable_t;
|
||||
class fifo_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 readable_t:fifo_file r_file_perms;
|
||||
@ -2065,7 +1963,6 @@ interface(`files_read_world_readable_pipes',`
|
||||
interface(`files_read_world_readable_sockets',`
|
||||
gen_require(`
|
||||
type readable_t;
|
||||
class sock_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 readable_t:sock_file r_file_perms;
|
||||
@ -2117,7 +2014,6 @@ interface(`files_getattr_tmp_dir',`
|
||||
interface(`files_dontaudit_getattr_tmp_dir',`
|
||||
gen_require(`
|
||||
type tmp_t;
|
||||
class dir getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 tmp_t:dir getattr;
|
||||
@ -2233,7 +2129,6 @@ interface(`files_rw_generic_tmp_sockets',`
|
||||
interface(`files_setattr_all_tmp_dirs',`
|
||||
gen_require(`
|
||||
attribute tmpfile;
|
||||
class dir { search setattr };
|
||||
')
|
||||
|
||||
allow $1 tmpfile:dir { search getattr };
|
||||
@ -2246,7 +2141,6 @@ interface(`files_setattr_all_tmp_dirs',`
|
||||
interface(`files_filetrans_tmp',`
|
||||
gen_require(`
|
||||
type tmp_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 tmp_t:dir rw_dir_perms;
|
||||
@ -2265,7 +2159,6 @@ interface(`files_filetrans_tmp',`
|
||||
interface(`files_purge_tmp',`
|
||||
gen_require(`
|
||||
attribute tmpfile;
|
||||
class dir { rw_dir_perms rmdir };
|
||||
gen_require_set({ getattr unlink },notdevfile_class_set)
|
||||
')
|
||||
|
||||
@ -2280,7 +2173,6 @@ interface(`files_purge_tmp',`
|
||||
interface(`files_search_usr',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 usr_t:dir search;
|
||||
@ -2298,7 +2190,6 @@ interface(`files_search_usr',`
|
||||
interface(`files_list_usr',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 usr_t:dir r_dir_perms;
|
||||
@ -2315,8 +2206,6 @@ interface(`files_list_usr',`
|
||||
interface(`files_getattr_usr_files',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
class dir search;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
allow $1 usr_t:dir search;
|
||||
@ -2330,9 +2219,6 @@ interface(`files_getattr_usr_files',`
|
||||
interface(`files_read_usr_files',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 usr_t:dir r_dir_perms;
|
||||
@ -2369,7 +2255,6 @@ interface(`files_exec_usr_files',`
|
||||
interface(`files_relabelto_usr_files',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
class file relabelto;
|
||||
')
|
||||
|
||||
allow $1 usr_t:file relabelto;
|
||||
@ -2386,8 +2271,6 @@ interface(`files_relabelto_usr_files',`
|
||||
interface(`files_read_usr_symlinks',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
class dir search;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 usr_t:dir search;
|
||||
@ -2411,7 +2294,6 @@ interface(`files_read_usr_symlinks',`
|
||||
interface(`files_filetrans_usr',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 usr_t:dir rw_dir_perms;
|
||||
@ -2545,7 +2427,6 @@ interface(`files_list_var',`
|
||||
interface(`files_manage_var_dirs',`
|
||||
gen_require(`
|
||||
type var_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir create_dir_perms;
|
||||
@ -2579,8 +2460,6 @@ interface(`files_read_var_files',`
|
||||
interface(`files_manage_var_files',`
|
||||
gen_require(`
|
||||
type var_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir rw_dir_perms;
|
||||
@ -2639,7 +2518,6 @@ interface(`files_manage_var_symlinks',`
|
||||
interface(`files_filetrans_var',`
|
||||
gen_require(`
|
||||
type var_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir rw_dir_perms;
|
||||
@ -2662,7 +2540,6 @@ interface(`files_filetrans_var',`
|
||||
interface(`files_search_var_lib_dir',`
|
||||
gen_require(`
|
||||
type var_t, var_lib_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
@ -2736,7 +2613,6 @@ interface(`files_list_var_lib',`
|
||||
interface(`files_filetrans_var_lib',`
|
||||
gen_require(`
|
||||
type var_t, var_lib_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search_dir_perms;
|
||||
@ -2900,8 +2776,6 @@ interface(`files_manage_generic_locks',`
|
||||
interface(`files_delete_all_locks',`
|
||||
gen_require(`
|
||||
attribute lockfile;
|
||||
class dir rw_dir_perms;
|
||||
class file { getattr unlink };
|
||||
')
|
||||
|
||||
allow $1 lockfile:dir rw_dir_perms;
|
||||
@ -2935,7 +2809,6 @@ interface(`files_read_all_locks',`
|
||||
interface(`files_filetrans_lock',`
|
||||
gen_require(`
|
||||
type var_t, var_lock_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
@ -2960,7 +2833,6 @@ interface(`files_filetrans_lock',`
|
||||
interface(`files_dontaudit_getattr_pid_dir',`
|
||||
gen_require(`
|
||||
type var_run_t;
|
||||
class dir getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 var_run_t:dir getattr;
|
||||
@ -3003,7 +2875,6 @@ interface(`files_dontaudit_search_pids',`
|
||||
interface(`files_list_pids',`
|
||||
gen_require(`
|
||||
type var_t, var_run_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search_dir_perms;
|
||||
@ -3017,7 +2888,6 @@ interface(`files_list_pids',`
|
||||
interface(`files_filetrans_pid',`
|
||||
gen_require(`
|
||||
type var_t, var_run_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search_dir_perms;
|
||||
@ -3037,8 +2907,6 @@ interface(`files_filetrans_pid',`
|
||||
interface(`files_rw_generic_pids',`
|
||||
gen_require(`
|
||||
type var_t, var_run_t;
|
||||
class dir r_dir_perms;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
@ -3118,10 +2986,6 @@ interface(`files_delete_all_pids',`
|
||||
gen_require(`
|
||||
attribute pidfile;
|
||||
type var_t, var_run_t;
|
||||
class dir rw_dir_perms;
|
||||
class file { getattr unlink };
|
||||
class lnk_file { getattr unlink };
|
||||
class sock_file { getattr unlink };
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
@ -3166,7 +3030,6 @@ interface(`files_search_spool',`
|
||||
interface(`files_list_spool',`
|
||||
gen_require(`
|
||||
type var_t, var_spool_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
@ -3180,7 +3043,6 @@ interface(`files_list_spool',`
|
||||
interface(`files_manage_generic_spool_dirs',`
|
||||
gen_require(`
|
||||
type var_t, var_spool_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
@ -3194,8 +3056,6 @@ interface(`files_manage_generic_spool_dirs',`
|
||||
interface(`files_read_generic_spools',`
|
||||
gen_require(`
|
||||
type var_t, var_spool_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
@ -3210,8 +3070,6 @@ interface(`files_read_generic_spools',`
|
||||
interface(`files_manage_generic_spools',`
|
||||
gen_require(`
|
||||
type var_t, var_spool_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 var_t:dir search;
|
||||
|
@ -55,7 +55,6 @@ interface(`fs_make_noxattr_fs',`
|
||||
interface(`fs_associate',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem associate;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem associate;
|
||||
@ -76,7 +75,6 @@ interface(`fs_associate',`
|
||||
interface(`fs_associate_noxattr',`
|
||||
gen_require(`
|
||||
attribute noxattrfs;
|
||||
class filesystem associate;
|
||||
')
|
||||
|
||||
allow $1 noxattrfs:filesystem associate;
|
||||
@ -112,7 +110,6 @@ interface(`fs_exec_noxattr',`
|
||||
interface(`fs_mount_xattr_fs',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem mount;
|
||||
@ -132,7 +129,6 @@ interface(`fs_mount_xattr_fs',`
|
||||
interface(`fs_remount_xattr_fs',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem remount;
|
||||
@ -151,7 +147,6 @@ interface(`fs_remount_xattr_fs',`
|
||||
interface(`fs_unmount_xattr_fs',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem mount;
|
||||
@ -171,7 +166,6 @@ interface(`fs_unmount_xattr_fs',`
|
||||
interface(`fs_getattr_xattr_fs',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem getattr;
|
||||
@ -209,7 +203,6 @@ interface(`fs_get_xattr_fs_quotas',`
|
||||
interface(`fs_dontaudit_getattr_xattr_fs',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 fs_t:filesystem getattr;
|
||||
@ -228,7 +221,6 @@ interface(`fs_dontaudit_getattr_xattr_fs',`
|
||||
interface(`fs_relabelfrom_xattr_fs',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem relabelfrom;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem relabelfrom;
|
||||
@ -246,7 +238,6 @@ interface(`fs_relabelfrom_xattr_fs',`
|
||||
interface(`fs_get_xattr_fs_quota',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem quotaget;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem quotaget;
|
||||
@ -264,7 +255,6 @@ interface(`fs_get_xattr_fs_quota',`
|
||||
interface(`fs_set_xattr_fs_quota',`
|
||||
gen_require(`
|
||||
type fs_t;
|
||||
class filesystem quotamod;
|
||||
')
|
||||
|
||||
allow $1 fs_t:filesystem quotamod;
|
||||
@ -281,7 +271,6 @@ interface(`fs_set_xattr_fs_quota',`
|
||||
interface(`fs_mount_autofs',`
|
||||
gen_require(`
|
||||
type autofs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 autofs_t:filesystem mount;
|
||||
@ -300,7 +289,6 @@ interface(`fs_mount_autofs',`
|
||||
interface(`fs_remount_autofs',`
|
||||
gen_require(`
|
||||
type autofs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 autofs_t:filesystem remount;
|
||||
@ -317,7 +305,6 @@ interface(`fs_remount_autofs',`
|
||||
interface(`fs_unmount_autofs',`
|
||||
gen_require(`
|
||||
type autofs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 autofs_t:filesystem mount;
|
||||
@ -336,7 +323,6 @@ interface(`fs_unmount_autofs',`
|
||||
interface(`fs_getattr_autofs',`
|
||||
gen_require(`
|
||||
type autofs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 autofs_t:filesystem getattr;
|
||||
@ -354,7 +340,6 @@ interface(`fs_getattr_autofs',`
|
||||
interface(`fs_search_auto_mountpoints',`
|
||||
gen_require(`
|
||||
type autofs_t;
|
||||
class dir { getattr search };
|
||||
')
|
||||
|
||||
allow $1 autofs_t:dir { getattr search };
|
||||
@ -412,8 +397,6 @@ interface(`fs_dontaudit_list_auto_mountpoints',`
|
||||
interface(`fs_register_binary_executable_type',`
|
||||
gen_require(`
|
||||
type binfmt_misc_fs_t;
|
||||
class dir { getattr search };
|
||||
class file { getattr ioctl write };
|
||||
')
|
||||
|
||||
allow $1 binfmt_misc_fs_t:dir { getattr search };
|
||||
@ -431,7 +414,6 @@ interface(`fs_register_binary_executable_type',`
|
||||
interface(`fs_mount_cifs',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:filesystem mount;
|
||||
@ -449,7 +431,6 @@ interface(`fs_mount_cifs',`
|
||||
interface(`fs_remount_cifs',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:filesystem remount;
|
||||
@ -466,7 +447,6 @@ interface(`fs_remount_cifs',`
|
||||
interface(`fs_unmount_cifs',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:filesystem unmount;
|
||||
@ -485,7 +465,6 @@ interface(`fs_unmount_cifs',`
|
||||
interface(`fs_getattr_cifs',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:filesystem getattr;
|
||||
@ -502,7 +481,6 @@ interface(`fs_getattr_cifs',`
|
||||
interface(`fs_search_cifs',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir search;
|
||||
@ -520,7 +498,6 @@ interface(`fs_search_cifs',`
|
||||
interface(`fs_list_cifs',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir r_dir_perms;
|
||||
@ -657,8 +634,6 @@ interface(`fs_dontaudit_rw_cifs_files',`
|
||||
interface(`fs_read_cifs_symlinks',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir r_dir_perms;
|
||||
@ -678,7 +653,6 @@ interface(`fs_read_cifs_symlinks',`
|
||||
interface(`fs_execute_cifs_files',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir r_dir_perms;
|
||||
@ -732,8 +706,6 @@ interface(`fs_dontaudit_manage_cifs_dirs',`
|
||||
interface(`fs_manage_cifs_files',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir rw_dir_perms;
|
||||
@ -770,8 +742,6 @@ interface(`fs_dontaudit_manage_cifs_files',`
|
||||
interface(`fs_manage_cifs_symlinks',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir rw_dir_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir rw_dir_perms;
|
||||
@ -790,8 +760,6 @@ interface(`fs_manage_cifs_symlinks',`
|
||||
interface(`fs_manage_cifs_named_pipes',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir rw_dir_perms;
|
||||
class fifo_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir rw_dir_perms;
|
||||
@ -810,8 +778,6 @@ interface(`fs_manage_cifs_named_pipes',`
|
||||
interface(`fs_manage_cifs_named_sockets',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir rw_dir_perms;
|
||||
class sock_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir rw_file_perms;
|
||||
@ -852,7 +818,6 @@ interface(`fs_manage_cifs_named_sockets',`
|
||||
interface(`fs_cifs_domtrans',`
|
||||
gen_require(`
|
||||
type cifs_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 cifs_t:dir search;
|
||||
@ -872,7 +837,6 @@ interface(`fs_cifs_domtrans',`
|
||||
interface(`fs_mount_dos_fs',`
|
||||
gen_require(`
|
||||
type dosfs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 dosfs_t:filesystem mount;
|
||||
@ -891,7 +855,6 @@ interface(`fs_mount_dos_fs',`
|
||||
interface(`fs_remount_dos_fs',`
|
||||
gen_require(`
|
||||
type dosfs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 dosfs_t:filesystem remount;
|
||||
@ -909,7 +872,6 @@ interface(`fs_remount_dos_fs',`
|
||||
interface(`fs_unmount_dos_fs',`
|
||||
gen_require(`
|
||||
type dosfs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 dosfs_t:filesystem mount;
|
||||
@ -928,7 +890,6 @@ interface(`fs_unmount_dos_fs',`
|
||||
interface(`fs_getattr_dos_fs',`
|
||||
gen_require(`
|
||||
type dosfs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 dosfs_t:filesystem getattr;
|
||||
@ -946,7 +907,6 @@ interface(`fs_getattr_dos_fs',`
|
||||
interface(`fs_relabelfrom_dos_fs',`
|
||||
gen_require(`
|
||||
type dosfs_t;
|
||||
class filesystem relabelfrom;
|
||||
')
|
||||
|
||||
allow $1 dosfs_t:filesystem relabelfrom;
|
||||
@ -997,7 +957,6 @@ interface(`fs_search_inotifyfs',`
|
||||
interface(`fs_mount_iso9660_fs',`
|
||||
gen_require(`
|
||||
type iso9660_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 iso9660_t:filesystem mount;
|
||||
@ -1016,7 +975,6 @@ interface(`fs_mount_iso9660_fs',`
|
||||
interface(`fs_remount_iso9660_fs',`
|
||||
gen_require(`
|
||||
type iso9660_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 iso9660_t:filesystem remount;
|
||||
@ -1034,7 +992,6 @@ interface(`fs_remount_iso9660_fs',`
|
||||
interface(`fs_unmount_iso9660_fs',`
|
||||
gen_require(`
|
||||
type iso9660_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 iso9660_t:filesystem mount;
|
||||
@ -1053,7 +1010,6 @@ interface(`fs_unmount_iso9660_fs',`
|
||||
interface(`fs_getattr_iso9660_fs',`
|
||||
gen_require(`
|
||||
type iso9660_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 iso9660_t:filesystem getattr;
|
||||
@ -1070,7 +1026,6 @@ interface(`fs_getattr_iso9660_fs',`
|
||||
interface(`fs_mount_nfs',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:filesystem mount;
|
||||
@ -1088,7 +1043,6 @@ interface(`fs_mount_nfs',`
|
||||
interface(`fs_remount_nfs',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:filesystem remount;
|
||||
@ -1105,7 +1059,6 @@ interface(`fs_remount_nfs',`
|
||||
interface(`fs_unmount_nfs',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:filesystem mount;
|
||||
@ -1123,7 +1076,6 @@ interface(`fs_unmount_nfs',`
|
||||
interface(`fs_getattr_nfs',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:filesystem getattr;
|
||||
@ -1140,7 +1092,6 @@ interface(`fs_getattr_nfs',`
|
||||
interface(`fs_search_nfs',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir search;
|
||||
@ -1190,8 +1141,6 @@ interface(`fs_dontaudit_list_nfs',`
|
||||
interface(`fs_read_nfs_files',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir r_dir_perms;
|
||||
@ -1243,7 +1192,6 @@ interface(`fs_write_nfs_files',`
|
||||
interface(`fs_execute_nfs_files',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir r_dir_perms;
|
||||
@ -1278,8 +1226,6 @@ interface(`fs_dontaudit_rw_nfs_files',`
|
||||
interface(`fs_read_nfs_symlinks',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir r_dir_perms;
|
||||
@ -1428,7 +1374,6 @@ interface(`fs_read_rpc_dirs',`
|
||||
interface(`fs_read_rpc_files',`
|
||||
gen_require(`
|
||||
type rpc_pipefs_t;
|
||||
class file { read getattr };
|
||||
')
|
||||
|
||||
allow $1 rpc_pipefs_t:file { read getattr };
|
||||
@ -1446,7 +1391,6 @@ interface(`fs_read_rpc_files',`
|
||||
interface(`fs_read_rpc_symlinks',`
|
||||
gen_require(`
|
||||
type rpc_pipefs_t;
|
||||
class lnk_file { getattr read };
|
||||
')
|
||||
|
||||
allow $1 rpc_pipefs_t:lnk_file { getattr read };
|
||||
@ -1464,7 +1408,6 @@ interface(`fs_read_rpc_symlinks',`
|
||||
interface(`fs_read_rpc_sockets',`
|
||||
gen_require(`
|
||||
type rpc_pipefs_t;
|
||||
class sock_file { read write };
|
||||
')
|
||||
|
||||
allow $1 rpc_pipefs_t:sock_file { read write };
|
||||
@ -1483,7 +1426,6 @@ interface(`fs_read_rpc_sockets',`
|
||||
interface(`fs_manage_nfs_dirs',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir create_dir_perms;
|
||||
@ -1519,8 +1461,6 @@ interface(`fs_dontaudit_manage_nfs_dirs',`
|
||||
interface(`fs_manage_nfs_files',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir rw_dir_perms;
|
||||
@ -1557,8 +1497,6 @@ interface(`fs_dontaudit_manage_nfs_files',`
|
||||
interface(`fs_manage_nfs_symlinks',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir rw_dir_perms;
|
||||
@ -1577,8 +1515,6 @@ interface(`fs_manage_nfs_symlinks',`
|
||||
interface(`fs_manage_nfs_named_pipes',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class fifo_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir rw_dir_perms;
|
||||
@ -1597,8 +1533,6 @@ interface(`fs_manage_nfs_named_pipes',`
|
||||
interface(`fs_manage_nfs_named_sockets',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class sock_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir rw_dir_perms;
|
||||
@ -1639,7 +1573,6 @@ interface(`fs_manage_nfs_named_sockets',`
|
||||
interface(`fs_nfs_domtrans',`
|
||||
gen_require(`
|
||||
type nfs_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 nfs_t:dir search;
|
||||
@ -1658,7 +1591,6 @@ interface(`fs_nfs_domtrans',`
|
||||
interface(`fs_mount_nfsd_fs',`
|
||||
gen_require(`
|
||||
type nfsd_fs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 nfsd_fs_t:filesystem mount;
|
||||
@ -1676,7 +1608,6 @@ interface(`fs_mount_nfsd_fs',`
|
||||
interface(`fs_remount_nfsd_fs',`
|
||||
gen_require(`
|
||||
type nfsd_fs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 nfsd_fs_t:filesystem remount;
|
||||
@ -1693,7 +1624,6 @@ interface(`fs_remount_nfsd_fs',`
|
||||
interface(`fs_unmount_nfsd_fs',`
|
||||
gen_require(`
|
||||
type nfsd_fs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 nfsd_fs_t:filesystem mount;
|
||||
@ -1712,7 +1642,6 @@ interface(`fs_unmount_nfsd_fs',`
|
||||
interface(`fs_getattr_nfsd_fs',`
|
||||
gen_require(`
|
||||
type nfsd_fs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 nfsd_fs_t:filesystem getattr;
|
||||
@ -1730,7 +1659,6 @@ interface(`fs_getattr_nfsd_fs',`
|
||||
interface(`fs_search_nfsd_fs',`
|
||||
gen_require(`
|
||||
type nfsd_fs_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 nfsd_fs_t:dir search;
|
||||
@ -1748,7 +1676,6 @@ interface(`fs_search_nfsd_fs',`
|
||||
interface(`fs_rw_nfsd_fs',`
|
||||
gen_require(`
|
||||
type nfsd_fs_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 nfsd_fs_t:file rw_file_perms;
|
||||
@ -1765,7 +1692,6 @@ interface(`fs_rw_nfsd_fs',`
|
||||
interface(`fs_mount_ramfs',`
|
||||
gen_require(`
|
||||
type ramfs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 ramfs_t:filesystem mount;
|
||||
@ -1783,7 +1709,6 @@ interface(`fs_mount_ramfs',`
|
||||
interface(`fs_remount_ramfs',`
|
||||
gen_require(`
|
||||
type ramfs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 ramfs_t:filesystem remount;
|
||||
@ -1800,7 +1725,6 @@ interface(`fs_remount_ramfs',`
|
||||
interface(`fs_unmount_ramfs',`
|
||||
gen_require(`
|
||||
type ramfs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 ramfs_t:filesystem mount;
|
||||
@ -1818,7 +1742,6 @@ interface(`fs_unmount_ramfs',`
|
||||
interface(`fs_getattr_ramfs',`
|
||||
gen_require(`
|
||||
type ramfs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 ramfs_t:filesystem getattr;
|
||||
@ -1915,7 +1838,6 @@ interface(`fs_write_ramfs_socket',`
|
||||
interface(`fs_mount_romfs',`
|
||||
gen_require(`
|
||||
type romfs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 romfs_t:filesystem mount;
|
||||
@ -1933,7 +1855,6 @@ interface(`fs_mount_romfs',`
|
||||
interface(`fs_remount_romfs',`
|
||||
gen_require(`
|
||||
type romfs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 romfs_t:filesystem remount;
|
||||
@ -1950,7 +1871,6 @@ interface(`fs_remount_romfs',`
|
||||
interface(`fs_unmount_romfs',`
|
||||
gen_require(`
|
||||
type romfs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 romfs_t:filesystem mount;
|
||||
@ -1969,7 +1889,6 @@ interface(`fs_unmount_romfs',`
|
||||
interface(`fs_getattr_romfs',`
|
||||
gen_require(`
|
||||
type romfs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 romfs_t:filesystem getattr;
|
||||
@ -1986,7 +1905,6 @@ interface(`fs_getattr_romfs',`
|
||||
interface(`fs_mount_rpc_pipefs',`
|
||||
gen_require(`
|
||||
type rpc_pipefs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 rpc_pipefs_t:filesystem mount;
|
||||
@ -2004,7 +1922,6 @@ interface(`fs_mount_rpc_pipefs',`
|
||||
interface(`fs_remount_rpc_pipefs',`
|
||||
gen_require(`
|
||||
type rpc_pipefs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 rpc_pipefs_t:filesystem remount;
|
||||
@ -2021,7 +1938,6 @@ interface(`fs_remount_rpc_pipefs',`
|
||||
interface(`fs_unmount_rpc_pipefs',`
|
||||
gen_require(`
|
||||
type rpc_pipefs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 rpc_pipefs_t:filesystem mount;
|
||||
@ -2040,7 +1956,6 @@ interface(`fs_unmount_rpc_pipefs',`
|
||||
interface(`fs_getattr_rpc_pipefs',`
|
||||
gen_require(`
|
||||
type rpc_pipefs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 rpc_pipefs_t:filesystem getattr;
|
||||
@ -2057,7 +1972,6 @@ interface(`fs_getattr_rpc_pipefs',`
|
||||
interface(`fs_mount_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:filesystem mount;
|
||||
@ -2074,7 +1988,6 @@ interface(`fs_mount_tmpfs',`
|
||||
interface(`fs_remount_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:filesystem remount;
|
||||
@ -2091,7 +2004,6 @@ interface(`fs_remount_tmpfs',`
|
||||
interface(`fs_unmount_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:filesystem mount;
|
||||
@ -2110,7 +2022,6 @@ interface(`fs_unmount_tmpfs',`
|
||||
interface(`fs_getattr_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:filesystem getattr;
|
||||
@ -2127,7 +2038,6 @@ interface(`fs_getattr_tmpfs',`
|
||||
interface(`fs_associate_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class filesystem associate;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:filesystem associate;
|
||||
@ -2144,7 +2054,6 @@ interface(`fs_associate_tmpfs',`
|
||||
interface(`fs_getattr_tmpfs_dir',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir getattr;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir getattr;
|
||||
@ -2161,7 +2070,6 @@ interface(`fs_getattr_tmpfs_dir',`
|
||||
interface(`fs_setattr_tmpfs_dir',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir setattr;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir setattr;
|
||||
@ -2178,7 +2086,6 @@ interface(`fs_setattr_tmpfs_dir',`
|
||||
interface(`fs_search_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir search;
|
||||
@ -2195,7 +2102,6 @@ interface(`fs_search_tmpfs',`
|
||||
interface(`fs_list_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir r_dir_perms;
|
||||
@ -2213,7 +2119,6 @@ interface(`fs_list_tmpfs',`
|
||||
interface(`fs_dontaudit_list_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
dontaudit $1 tmpfs_t:dir r_dir_perms;
|
||||
@ -2231,7 +2136,6 @@ interface(`fs_dontaudit_list_tmpfs',`
|
||||
interface(`fs_manage_tmpfs_dirs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir create_dir_perms;
|
||||
@ -2244,8 +2148,6 @@ interface(`fs_manage_tmpfs_dirs',`
|
||||
interface(`fs_filetrans_tmpfs',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class filesystem associate;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $2 tmpfs_t:filesystem associate;
|
||||
@ -2337,8 +2239,6 @@ interface(`fs_read_tmpfs_symlinks',`
|
||||
interface(`fs_use_tmpfs_chr_dev',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir r_dir_perms;
|
||||
class chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir r_dir_perms;
|
||||
@ -2356,8 +2256,6 @@ interface(`fs_use_tmpfs_chr_dev',`
|
||||
interface(`fs_dontaudit_use_tmpfs_chr_dev',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir r_dir_perms;
|
||||
class chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
dontaudit $1 tmpfs_t:dir r_dir_perms;
|
||||
@ -2375,8 +2273,6 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
|
||||
interface(`fs_relabel_tmpfs_chr_dev',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir r_dir_perms;
|
||||
class chr_file { getattr relabelfrom relabelto };
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir r_dir_perms;
|
||||
@ -2394,8 +2290,6 @@ interface(`fs_relabel_tmpfs_chr_dev',`
|
||||
interface(`fs_use_tmpfs_blk_dev',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir r_dir_perms;
|
||||
class blk_file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir r_dir_perms;
|
||||
@ -2413,8 +2307,6 @@ interface(`fs_use_tmpfs_blk_dev',`
|
||||
interface(`fs_relabel_tmpfs_blk_dev',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir r_dir_perms;
|
||||
class blk_file { getattr relabelfrom relabelto };
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir r_dir_perms;
|
||||
@ -2433,8 +2325,6 @@ interface(`fs_relabel_tmpfs_blk_dev',`
|
||||
interface(`fs_manage_tmpfs_files',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||
@ -2453,8 +2343,6 @@ interface(`fs_manage_tmpfs_files',`
|
||||
interface(`fs_manage_tmpfs_symlinks',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class chr_file create_lnk_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||
@ -2473,8 +2361,6 @@ interface(`fs_manage_tmpfs_symlinks',`
|
||||
interface(`fs_manage_tmpfs_sockets',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class sock_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||
@ -2493,8 +2379,6 @@ interface(`fs_manage_tmpfs_sockets',`
|
||||
interface(`fs_manage_tmpfs_chr_dev',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class chr_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||
@ -2513,8 +2397,6 @@ interface(`fs_manage_tmpfs_chr_dev',`
|
||||
interface(`fs_manage_tmpfs_blk_dev',`
|
||||
gen_require(`
|
||||
type tmpfs_t;
|
||||
class dir rw_dir_perms;
|
||||
class blk_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||
@ -2532,7 +2414,6 @@ interface(`fs_manage_tmpfs_blk_dev',`
|
||||
interface(`fs_mount_all_fs',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class filesystem mount;
|
||||
')
|
||||
|
||||
allow $1 filesystem_type:filesystem mount;
|
||||
@ -2550,7 +2431,6 @@ interface(`fs_mount_all_fs',`
|
||||
interface(`fs_remount_all_fs',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class filesystem remount;
|
||||
')
|
||||
|
||||
allow $1 filesystem_type:filesystem remount;
|
||||
@ -2567,7 +2447,6 @@ interface(`fs_remount_all_fs',`
|
||||
interface(`fs_unmount_all_fs',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class filesystem unmount;
|
||||
')
|
||||
|
||||
allow $1 filesystem_type:filesystem unmount;
|
||||
@ -2586,7 +2465,6 @@ interface(`fs_unmount_all_fs',`
|
||||
interface(`fs_getattr_all_fs',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
allow $1 filesystem_type:filesystem getattr;
|
||||
@ -2604,7 +2482,6 @@ interface(`fs_getattr_all_fs',`
|
||||
interface(`fs_dontaudit_getattr_all_fs',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class filesystem getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 filesystem_type:filesystem getattr;
|
||||
@ -2621,7 +2498,6 @@ interface(`fs_dontaudit_getattr_all_fs',`
|
||||
interface(`fs_get_all_fs_quotas',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class filesystem quotaget;
|
||||
')
|
||||
|
||||
allow $1 filesystem_type:filesystem quotaget;
|
||||
@ -2638,7 +2514,6 @@ interface(`fs_get_all_fs_quotas',`
|
||||
interface(`fs_set_all_quotas',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class filesystem quotamod;
|
||||
')
|
||||
|
||||
allow $1 filesystem_type:filesystem quotamod;
|
||||
@ -2705,7 +2580,6 @@ interface(`fs_search_all',`
|
||||
interface(`fs_list_all',`
|
||||
gen_require(`
|
||||
attribute filesystem_type;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 filesystem_type:dir r_dir_perms;
|
||||
|
@ -12,7 +12,6 @@
|
||||
interface(`storage_getattr_fixed_disk',`
|
||||
gen_require(`
|
||||
type fixed_disk_device_t;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -31,7 +30,6 @@ interface(`storage_getattr_fixed_disk',`
|
||||
interface(`storage_dontaudit_getattr_fixed_disk',`
|
||||
gen_require(`
|
||||
type fixed_disk_device_t;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 fixed_disk_device_t:blk_file getattr;
|
||||
@ -49,7 +47,6 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
|
||||
interface(`storage_setattr_fixed_disk',`
|
||||
gen_require(`
|
||||
type fixed_disk_device_t;
|
||||
class blk_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -88,7 +85,6 @@ interface(`storage_raw_read_fixed_disk',`
|
||||
gen_require(`
|
||||
attribute fixed_disk_raw_read;
|
||||
type fixed_disk_device_t;
|
||||
class blk_file r_file_perms;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -166,7 +162,6 @@ interface(`storage_create_fixed_disk',`
|
||||
gen_require(`
|
||||
attribute fixed_disk_raw_read, fixed_disk_raw_write;
|
||||
type fixed_disk_device_t;
|
||||
class blk_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 fixed_disk_device_t:blk_file create_file_perms;
|
||||
@ -186,7 +181,6 @@ interface(`storage_manage_fixed_disk',`
|
||||
gen_require(`
|
||||
attribute fixed_disk_raw_read, fixed_disk_raw_write;
|
||||
type fixed_disk_device_t;
|
||||
class blk_file create_file_perms;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -206,7 +200,6 @@ interface(`storage_create_fixed_disk_tmpfs',`
|
||||
gen_require(`
|
||||
attribute fixed_disk_raw_read, fixed_disk_raw_write;
|
||||
type fixed_disk_device_t;
|
||||
class blk_file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 fixed_disk_device_t:blk_file create_file_perms;
|
||||
@ -226,7 +219,6 @@ interface(`storage_create_fixed_disk_tmpfs',`
|
||||
interface(`storage_relabel_fixed_disk',`
|
||||
gen_require(`
|
||||
type fixed_disk_device_t;
|
||||
class blk_file { relabelfrom relabelto };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -244,7 +236,6 @@ interface(`storage_relabel_fixed_disk',`
|
||||
interface(`storage_swapon_fixed_disk',`
|
||||
gen_require(`
|
||||
type fixed_disk_device_t;
|
||||
class blk_file { getattr swapon };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -266,7 +257,6 @@ interface(`storage_raw_read_lvm_volume',`
|
||||
gen_require(`
|
||||
attribute fixed_disk_raw_read;
|
||||
type lvm_vg_t;
|
||||
class blk_file r_file_perms;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -289,7 +279,6 @@ interface(`storage_raw_write_lvm_volume',`
|
||||
gen_require(`
|
||||
attribute fixed_disk_raw_write;
|
||||
type lvm_vg_t;
|
||||
class blk_file { getattr write ioctl };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -426,7 +415,6 @@ interface(`storage_dontaudit_rw_scsi_generic',`
|
||||
interface(`storage_getattr_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -445,7 +433,6 @@ interface(`storage_getattr_removable_device',`
|
||||
interface(`storage_dontaudit_getattr_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 removable_device_t:blk_file getattr;
|
||||
@ -463,7 +450,6 @@ interface(`storage_dontaudit_getattr_removable_device',`
|
||||
interface(`storage_dontaudit_read_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
class blk_file { getattr ioctl read };
|
||||
|
||||
')
|
||||
|
||||
@ -482,7 +468,6 @@ interface(`storage_dontaudit_read_removable_device',`
|
||||
interface(`storage_setattr_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
class blk_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -501,7 +486,6 @@ interface(`storage_setattr_removable_device',`
|
||||
interface(`storage_dontaudit_setattr_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
class blk_file setattr;
|
||||
')
|
||||
|
||||
dontaudit $1 removable_device_t:blk_file setattr;
|
||||
@ -522,7 +506,6 @@ interface(`storage_dontaudit_setattr_removable_device',`
|
||||
interface(`storage_raw_read_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
class blk_file r_file_perms;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -560,7 +543,6 @@ interface(`storage_dontaudit_raw_read_removable_device',`
|
||||
interface(`storage_raw_write_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
class blk_file { getattr write ioctl };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
|
@ -240,7 +240,6 @@ interface(`term_setattr_console',`
|
||||
interface(`term_dontaudit_getattr_pty_dir',`
|
||||
gen_require(`
|
||||
type devpts_t;
|
||||
class dir getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 devpts_t:dir getattr;
|
||||
@ -293,7 +292,6 @@ interface(`term_dontaudit_search_ptys',`
|
||||
interface(`term_list_ptys',`
|
||||
gen_require(`
|
||||
type devpts_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -312,7 +310,6 @@ interface(`term_list_ptys',`
|
||||
interface(`term_dontaudit_list_ptys',`
|
||||
gen_require(`
|
||||
type devpts_t;
|
||||
class dir { getattr search read };
|
||||
')
|
||||
|
||||
dontaudit $1 devpts_t:dir { getattr search read };
|
||||
@ -330,7 +327,6 @@ interface(`term_dontaudit_list_ptys',`
|
||||
interface(`term_dontaudit_manage_pty_dir',`
|
||||
gen_require(`
|
||||
type devpts_t;
|
||||
class dir create_dir_perms;
|
||||
')
|
||||
|
||||
dontaudit $1 devpts_t:dir create_dir_perms;
|
||||
@ -388,7 +384,6 @@ interface(`term_use_generic_pty',`
|
||||
interface(`term_dontaudit_use_generic_pty',`
|
||||
gen_require(`
|
||||
type devpts_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 devpts_t:chr_file { read write };
|
||||
@ -440,7 +435,6 @@ interface(`term_use_ptmx',`
|
||||
interface(`term_dontaudit_use_ptmx',`
|
||||
gen_require(`
|
||||
type ptmx_t;
|
||||
class chr_file { getattr read write };
|
||||
')
|
||||
|
||||
dontaudit $1 ptmx_t:chr_file { getattr read write };
|
||||
@ -458,8 +452,6 @@ interface(`term_dontaudit_use_ptmx',`
|
||||
interface(`term_getattr_all_user_ptys',`
|
||||
gen_require(`
|
||||
attribute ptynode;
|
||||
class dir r_dir_perms;
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -480,7 +472,6 @@ interface(`term_getattr_all_user_ptys',`
|
||||
interface(`term_dontaudit_getattr_all_user_ptys',`
|
||||
gen_require(`
|
||||
attribute ptynode;
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -500,8 +491,6 @@ interface(`term_dontaudit_getattr_all_user_ptys',`
|
||||
interface(`term_setattr_all_user_ptys',`
|
||||
gen_require(`
|
||||
attribute ptynode;
|
||||
class dir r_dir_perms;
|
||||
class chr_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -520,7 +509,6 @@ interface(`term_setattr_all_user_ptys',`
|
||||
interface(`term_relabelto_all_user_ptys',`
|
||||
gen_require(`
|
||||
attribute ptynode;
|
||||
class chr_file relabelto;
|
||||
')
|
||||
|
||||
allow $1 ptynode:chr_file relabelto;
|
||||
@ -575,7 +563,6 @@ interface(`term_relabel_all_user_ptys',`
|
||||
gen_require(`
|
||||
attribute ptynode;
|
||||
type devpts_t;
|
||||
class chr_file { relabelfrom relabelto };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -595,7 +582,6 @@ interface(`term_relabel_all_user_ptys',`
|
||||
interface(`term_getattr_unallocated_ttys',`
|
||||
gen_require(`
|
||||
type tty_device_t;
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -614,7 +600,6 @@ interface(`term_getattr_unallocated_ttys',`
|
||||
interface(`term_dontaudit_getattr_unallocated_ttys',`
|
||||
gen_require(`
|
||||
type tty_device_t;
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 tty_device_t:chr_file getattr;
|
||||
@ -632,7 +617,6 @@ interface(`term_dontaudit_getattr_unallocated_ttys',`
|
||||
interface(`term_setattr_unallocated_ttys',`
|
||||
gen_require(`
|
||||
type tty_device_t;
|
||||
class chr_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -668,7 +652,6 @@ interface(`term_dontaudit_ioctl_unallocated_ttys',`
|
||||
interface(`term_relabel_unallocated_ttys',`
|
||||
gen_require(`
|
||||
type tty_device_t;
|
||||
class chr_file { relabelfrom relabelto };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -688,7 +671,6 @@ interface(`term_reset_tty_labels',`
|
||||
gen_require(`
|
||||
attribute ttynode;
|
||||
type tty_device_t;
|
||||
class chr_file { relabelfrom relabelto };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -707,7 +689,6 @@ interface(`term_reset_tty_labels',`
|
||||
interface(`term_write_unallocated_ttys',`
|
||||
gen_require(`
|
||||
type tty_device_t;
|
||||
class chr_file { getattr write };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -743,7 +724,6 @@ interface(`term_use_unallocated_tty',`
|
||||
interface(`term_dontaudit_use_unallocated_tty',`
|
||||
gen_require(`
|
||||
type tty_device_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 tty_device_t:chr_file { read write };
|
||||
@ -761,7 +741,6 @@ interface(`term_dontaudit_use_unallocated_tty',`
|
||||
interface(`term_getattr_all_user_ttys',`
|
||||
gen_require(`
|
||||
attribute ttynode;
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -781,7 +760,6 @@ interface(`term_getattr_all_user_ttys',`
|
||||
interface(`term_dontaudit_getattr_all_user_ttys',`
|
||||
gen_require(`
|
||||
attribute ttynode;
|
||||
class chr_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -800,7 +778,6 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
|
||||
interface(`term_setattr_all_user_ttys',`
|
||||
gen_require(`
|
||||
attribute ttynode;
|
||||
class chr_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -819,7 +796,6 @@ interface(`term_setattr_all_user_ttys',`
|
||||
interface(`term_relabel_all_user_ttys',`
|
||||
gen_require(`
|
||||
attribute ttynode;
|
||||
class chr_file { relabelfrom relabelto };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -837,7 +813,6 @@ interface(`term_relabel_all_user_ttys',`
|
||||
interface(`term_write_all_user_ttys',`
|
||||
gen_require(`
|
||||
attribute ttynode;
|
||||
class chr_file { getattr write };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -873,7 +848,6 @@ interface(`term_use_all_user_ttys',`
|
||||
interface(`term_dontaudit_use_all_user_ttys',`
|
||||
gen_require(`
|
||||
attribute ttynode;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 ttynode:chr_file { read write };
|
||||
|
@ -77,7 +77,6 @@ interface(`arpwatch_manage_tmp_files',`
|
||||
interface(`arpwatch_dontaudit_rw_packet_socket',`
|
||||
gen_require(`
|
||||
type arpwatch_t;
|
||||
class packet_socket { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 arpwatch_t:packet_socket { read write };
|
||||
|
@ -313,9 +313,6 @@ template(`cron_admin_template',`
|
||||
interface(`cron_system_entry',`
|
||||
gen_require(`
|
||||
type crond_t, system_crond_t;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
domain_auto_trans(system_crond_t, $2, $1)
|
||||
@ -344,7 +341,6 @@ interface(`cron_system_entry',`
|
||||
interface(`cron_use_fd',`
|
||||
gen_require(`
|
||||
type crond_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 crond_t:fd use;
|
||||
@ -361,7 +357,6 @@ interface(`cron_use_fd',`
|
||||
interface(`cron_sigchld',`
|
||||
gen_require(`
|
||||
type crond_t;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
allow $1 crond_t:process sigchld;
|
||||
@ -443,7 +438,6 @@ interface(`cron_crw_tcp_socket',`
|
||||
interface(`cron_search_spool',`
|
||||
gen_require(`
|
||||
type cron_spool_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
@ -499,7 +493,6 @@ interface(`cron_use_system_job_fd',`
|
||||
interface(`cron_write_system_job_pipe',`
|
||||
gen_require(`
|
||||
type system_crond_t;
|
||||
class file write;
|
||||
')
|
||||
|
||||
allow $1 system_crond_t:file write;
|
||||
@ -532,7 +525,6 @@ interface(`cron_rw_system_job_pipe',`
|
||||
interface(`cron_read_system_job_tmp_files',`
|
||||
gen_require(`
|
||||
type system_crond_tmp_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_tmp($1)
|
||||
|
@ -12,7 +12,6 @@
|
||||
interface(`dhcpd_setattr_state_files',`
|
||||
gen_require(`
|
||||
type dhcpd_state_t;
|
||||
class file setattr;
|
||||
')
|
||||
|
||||
sysnet_search_dhcp_state($1)
|
||||
|
@ -12,7 +12,6 @@
|
||||
interface(`dictd_use',`
|
||||
gen_require(`
|
||||
type dictd_t;
|
||||
class tcp_socket { connectto acceptfrom recvfrom };
|
||||
')
|
||||
|
||||
allow $1 dictd_t:tcp_socket { connectto recvfrom };
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`dovecot_manage_spool',`
|
||||
gen_require(`
|
||||
type dovecot_spool_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
allow $1 dovecot_spool_t:dir rw_dir_perms;
|
||||
|
@ -24,9 +24,6 @@ interface(`inetd_core_service_domain',`
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
role system_r;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
class process { sigchld sigkill };
|
||||
')
|
||||
|
||||
domain_type($1)
|
||||
@ -92,7 +89,6 @@ interface(`inetd_tcp_service_domain',`
|
||||
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
class tcp_socket rw_stream_socket_perms;
|
||||
')
|
||||
|
||||
inetd_core_service_domain($1,$2)
|
||||
@ -114,7 +110,6 @@ interface(`inetd_tcp_service_domain',`
|
||||
interface(`inetd_udp_service_domain',`
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
class udp_socket rw_socket_perms;
|
||||
')
|
||||
|
||||
inetd_core_service_domain($1,$2)
|
||||
@ -136,8 +131,6 @@ interface(`inetd_udp_service_domain',`
|
||||
interface(`inetd_service_domain',`
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
class tcp_socket rw_stream_socket_perms;
|
||||
class udp_socket rw_socket_perms;
|
||||
')
|
||||
|
||||
inetd_core_service_domain($1,$2)
|
||||
@ -157,7 +150,6 @@ interface(`inetd_service_domain',`
|
||||
interface(`inetd_use_fd',`
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 inetd_t:fd use;
|
||||
@ -174,7 +166,6 @@ interface(`inetd_use_fd',`
|
||||
interface(`inetd_tcp_connect',`
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
class tcp_socket { connectto acceptfrom recvfrom };
|
||||
')
|
||||
|
||||
allow $1 inetd_t:tcp_socket { connectto recvfrom };
|
||||
@ -193,9 +184,6 @@ interface(`inetd_tcp_connect',`
|
||||
interface(`inetd_domtrans_child',`
|
||||
gen_require(`
|
||||
type inetd_child_t, inetd_child_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
|
@ -45,7 +45,6 @@ interface(`inn_exec_config',`
|
||||
interface(`inn_manage_log',`
|
||||
gen_require(`
|
||||
type innd_log_t;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
logging_rw_log_dir($1)
|
||||
@ -64,8 +63,6 @@ interface(`inn_manage_log',`
|
||||
interface(`inn_manage_pid',`
|
||||
gen_require(`
|
||||
type innd_var_run_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
@ -85,9 +82,6 @@ interface(`inn_manage_pid',`
|
||||
interface(`inn_read_config',`
|
||||
gen_require(`
|
||||
type innd_etc_t;
|
||||
class dir { getattr read search };
|
||||
class file { read getattr };
|
||||
class lnk_file { getattr read };
|
||||
')
|
||||
|
||||
allow $1 innd_etc_t:dir { getattr read search };
|
||||
@ -106,9 +100,6 @@ interface(`inn_read_config',`
|
||||
interface(`inn_read_news_lib',`
|
||||
gen_require(`
|
||||
type innd_var_lib_t;
|
||||
class dir { getattr read search };
|
||||
class file { read getattr };
|
||||
class lnk_file { getattr read };
|
||||
')
|
||||
|
||||
allow $1 innd_var_lib_t:dir { getattr read search };
|
||||
@ -127,9 +118,6 @@ interface(`inn_read_news_lib',`
|
||||
interface(`inn_read_news_spool',`
|
||||
gen_require(`
|
||||
type news_spool_t;
|
||||
class dir { getattr read search };
|
||||
class file { read getattr };
|
||||
class lnk_file { getattr read };
|
||||
')
|
||||
|
||||
allow $1 news_spool_t:dir { getattr read search };
|
||||
@ -148,7 +136,6 @@ interface(`inn_read_news_spool',`
|
||||
interface(`inn_sendto_unix_dgram_socket',`
|
||||
gen_require(`
|
||||
type innd_t;
|
||||
class unix_dgram_socket sendto;
|
||||
')
|
||||
|
||||
allow $1 innd_t:unix_dgram_socket sendto;
|
||||
|
@ -12,7 +12,6 @@
|
||||
interface(`ldap_list_db_dir',`
|
||||
gen_require(`
|
||||
type slapd_db_t;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 slapd_db_t:dir r_dir_perms;
|
||||
@ -29,7 +28,6 @@ interface(`ldap_list_db_dir',`
|
||||
interface(`ldap_read_config',`
|
||||
gen_require(`
|
||||
type slapd_etc_t;
|
||||
class file { getattr read };
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
|
@ -492,7 +492,6 @@ interface(`mta_read_config',`
|
||||
interface(`mta_read_aliases',`
|
||||
gen_require(`
|
||||
type etc_aliases_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -523,7 +522,6 @@ interface(`mta_filetrans_etc_aliases',`
|
||||
interface(`mta_rw_aliases',`
|
||||
gen_require(`
|
||||
type etc_aliases_t;
|
||||
class file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -577,7 +575,6 @@ interface(`mta_tcp_connect_all_mailservers',`
|
||||
interface(`mta_dontaudit_read_spool_symlink',`
|
||||
gen_require(`
|
||||
type mail_spool_t;
|
||||
class lnk_file read;
|
||||
')
|
||||
|
||||
dontaudit $1 mail_spool_t:lnk_file read;
|
||||
@ -590,9 +587,6 @@ interface(`mta_dontaudit_read_spool_symlink',`
|
||||
interface(`mta_getattr_spool',`
|
||||
gen_require(`
|
||||
type mail_spool_t;
|
||||
class dir r_dir_perms;
|
||||
class file getattr;
|
||||
class lnk_file read;
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
@ -639,9 +633,6 @@ interface(`mta_filetrans_spool',`
|
||||
interface(`mta_rw_spool',`
|
||||
gen_require(`
|
||||
type mail_spool_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file { getattr read };
|
||||
class file { rw_file_perms setattr };
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
@ -661,9 +652,6 @@ interface(`mta_rw_spool',`
|
||||
interface(`mta_append_spool',`
|
||||
gen_require(`
|
||||
type mail_spool_t;
|
||||
class dir ra_dir_perms;
|
||||
class lnk_file { getattr read };
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
@ -729,8 +717,6 @@ interface(`mta_dontaudit_rw_queue',`
|
||||
interface(`mta_manage_queue',`
|
||||
gen_require(`
|
||||
type mqueue_spool_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_spool($1)
|
||||
|
@ -25,9 +25,6 @@ interface(`ntp_stub',`
|
||||
interface(`ntp_domtrans',`
|
||||
gen_require(`
|
||||
type ntpd_t, ntpd_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -50,9 +47,6 @@ interface(`ntp_domtrans',`
|
||||
interface(`ntp_domtrans_ntpdate',`
|
||||
gen_require(`
|
||||
type ntpd_t, ntpdate_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`portmap_domtrans_helper',`
|
||||
gen_require(`
|
||||
type portmap_helper_t, portmap_helper_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
@ -44,7 +41,6 @@ interface(`portmap_domtrans_helper',`
|
||||
interface(`portmap_run_helper',`
|
||||
gen_require(`
|
||||
type portmap_t, portmap_helper_t;
|
||||
class chr_file { getattr read write ioctl };
|
||||
')
|
||||
|
||||
portmap_domtrans_helper($1)
|
||||
@ -71,7 +67,6 @@ interface(`portmap_run_helper',`
|
||||
interface(`portmap_udp_sendto',`
|
||||
gen_require(`
|
||||
type portmap_t;
|
||||
class udp_socket { sendto recvfrom };
|
||||
')
|
||||
|
||||
allow $1 portmap_t:udp_socket sendto;
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`rshd_domtrans',`
|
||||
gen_require(`
|
||||
type rshd_exec_t, rshd_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`zebra_read_config',`
|
||||
gen_require(`
|
||||
type zebra_conf_t;
|
||||
class file r_file_perms;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
|
@ -210,9 +210,6 @@ interface(`auth_login_entry_type',`
|
||||
interface(`auth_domtrans_login_program',`
|
||||
gen_require(`
|
||||
type login_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
@ -235,10 +232,6 @@ interface(`auth_domtrans_login_program',`
|
||||
interface(`auth_domtrans_chk_passwd',`
|
||||
gen_require(`
|
||||
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
|
||||
class process sigchld;
|
||||
class udp_socket create_socket_perms;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -286,7 +279,6 @@ interface(`auth_domtrans_chk_passwd',`
|
||||
interface(`auth_getattr_shadow',`
|
||||
gen_require(`
|
||||
type shadow_t;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -305,7 +297,6 @@ interface(`auth_getattr_shadow',`
|
||||
interface(`auth_dontaudit_getattr_shadow',`
|
||||
gen_require(`
|
||||
type shadow_t;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 shadow_t:file getattr;
|
||||
@ -339,7 +330,6 @@ interface(`auth_can_read_shadow_passwords',`
|
||||
interface(`auth_tunable_read_shadow',`
|
||||
gen_require(`
|
||||
type shadow_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_list_etc($1)
|
||||
@ -358,7 +348,6 @@ interface(`auth_tunable_read_shadow',`
|
||||
interface(`auth_dontaudit_read_shadow',`
|
||||
gen_require(`
|
||||
type shadow_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
dontaudit $1 shadow_t:file { getattr read };
|
||||
@ -376,7 +365,6 @@ interface(`auth_rw_shadow',`
|
||||
gen_require(`
|
||||
attribute can_read_shadow_passwords, can_write_shadow_passwords;
|
||||
type shadow_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
files_list_etc($1)
|
||||
@ -392,7 +380,6 @@ interface(`auth_manage_shadow',`
|
||||
gen_require(`
|
||||
attribute can_read_shadow_passwords, can_write_shadow_passwords;
|
||||
type shadow_t;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 shadow_t:file create_file_perms;
|
||||
@ -452,7 +439,6 @@ interface(`auth_relabel_shadow',`
|
||||
interface(`auth_append_faillog',`
|
||||
gen_require(`
|
||||
type faillog_t;
|
||||
class file { getattr append };
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
@ -466,7 +452,6 @@ interface(`auth_append_faillog',`
|
||||
interface(`auth_rw_faillog',`
|
||||
gen_require(`
|
||||
type faillog_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
@ -562,7 +547,6 @@ interface(`auth_domtrans_pam',`
|
||||
interface(`auth_run_pam',`
|
||||
gen_require(`
|
||||
type pam_t;
|
||||
class chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
auth_domtrans_pam($1)
|
||||
@ -648,8 +632,6 @@ interface(`auth_dontaudit_read_pam_pid',`
|
||||
interface(`auth_delete_pam_pid',`
|
||||
gen_require(`
|
||||
type pam_var_run_t;
|
||||
class dir { getattr search read write remove_name };
|
||||
class file { getattr unlink };
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -683,9 +665,6 @@ interface(`auth_manage_pam_pid',`
|
||||
interface(`auth_domtrans_pam_console',`
|
||||
gen_require(`
|
||||
type pam_console_t, pam_console_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,pam_console_exec_t,pam_console_t)
|
||||
@ -736,8 +715,6 @@ interface(`auth_list_pam_console_data',`
|
||||
interface(`auth_read_pam_console_data',`
|
||||
gen_require(`
|
||||
type pam_var_console_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -753,9 +730,6 @@ interface(`auth_read_pam_console_data',`
|
||||
interface(`auth_manage_pam_console_data',`
|
||||
gen_require(`
|
||||
type pam_var_console_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
class lnk_file create_lnk_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -902,9 +876,6 @@ interface(`auth_manage_all_files_except_shadow',`
|
||||
interface(`auth_domtrans_utempter',`
|
||||
gen_require(`
|
||||
type utempter_t, utempter_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,utempter_exec_t,utempter_t)
|
||||
@ -932,7 +903,6 @@ interface(`auth_domtrans_utempter',`
|
||||
interface(`auth_run_utempter',`
|
||||
gen_require(`
|
||||
type utempter_t;
|
||||
class chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
auth_domtrans_utempter($1)
|
||||
@ -976,7 +946,6 @@ interface(`auth_setattr_login_records',`
|
||||
interface(`auth_read_login_records',`
|
||||
gen_require(`
|
||||
type wtmp_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
@ -990,7 +959,6 @@ interface(`auth_read_login_records',`
|
||||
interface(`auth_dontaudit_write_login_records',`
|
||||
gen_require(`
|
||||
type wtmp_t;
|
||||
class file write;
|
||||
')
|
||||
|
||||
dontaudit $1 wtmp_t:file write;
|
||||
@ -1035,7 +1003,6 @@ interface(`auth_write_login_records',`
|
||||
interface(`auth_rw_login_records',`
|
||||
gen_require(`
|
||||
type wtmp_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 wtmp_t:file rw_file_perms;
|
||||
@ -1061,7 +1028,6 @@ interface(`auth_filetrans_login_records',`
|
||||
interface(`auth_manage_login_records',`
|
||||
gen_require(`
|
||||
type wtmp_t;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
logging_rw_log_dir($1)
|
||||
|
@ -11,8 +11,6 @@
|
||||
interface(`clock_domtrans',`
|
||||
gen_require(`
|
||||
type hwclock_t, hwclock_exec_t;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,hwclock_exec_t,hwclock_t)
|
||||
@ -41,7 +39,6 @@ interface(`clock_domtrans',`
|
||||
interface(`clock_run',`
|
||||
gen_require(`
|
||||
type hwclock_t;
|
||||
class chr_file { getattr read write ioctl };
|
||||
')
|
||||
|
||||
clock_domtrans($1)
|
||||
@ -76,7 +73,6 @@ interface(`clock_exec',`
|
||||
interface(`clock_rw_adjtime',`
|
||||
gen_require(`
|
||||
type adjtime_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 adjtime_t:file rw_file_perms;
|
||||
|
@ -11,8 +11,6 @@
|
||||
interface(`fstools_domtrans',`
|
||||
gen_require(`
|
||||
type fsadm_t, fsadm_exec_t;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -42,7 +40,6 @@ interface(`fstools_domtrans',`
|
||||
interface(`fstools_run',`
|
||||
gen_require(`
|
||||
type fsadm_t;
|
||||
class chr_file { getattr read write ioctl };
|
||||
')
|
||||
|
||||
fstools_domtrans($1)
|
||||
@ -95,7 +92,6 @@ interface(`fstools_relabelto_entry_files',`
|
||||
interface(`fstools_manage_entry_files',`
|
||||
gen_require(`
|
||||
type fsadm_exec_t;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
allow $1 fsadm_exec_t:file create_file_perms;
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`hostname_domtrans',`
|
||||
gen_require(`
|
||||
type hostname_t, hostname_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
@ -43,7 +40,6 @@ interface(`hostname_domtrans',`
|
||||
interface(`hostname_run',`
|
||||
gen_require(`
|
||||
type hostname_t;
|
||||
class chr_file { getattr read write ioctl };
|
||||
')
|
||||
|
||||
hostname_domtrans($1)
|
||||
|
@ -10,9 +10,6 @@
|
||||
interface(`hotplug_domtrans',`
|
||||
gen_require(`
|
||||
type hotplug_t, hotplug_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -44,7 +41,6 @@ interface(`hotplug_exec',`
|
||||
interface(`hotplug_use_fd',`
|
||||
gen_require(`
|
||||
type hotplug_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 hotplug_t:fd use;
|
||||
@ -57,7 +53,6 @@ interface(`hotplug_use_fd',`
|
||||
interface(`hotplug_dontaudit_use_fd',`
|
||||
gen_require(`
|
||||
type hotplug_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
dontaudit $1 hotplug_t:fd use;
|
||||
@ -70,7 +65,6 @@ interface(`hotplug_dontaudit_use_fd',`
|
||||
interface(`hotplug_dontaudit_search_config',`
|
||||
gen_require(`
|
||||
type hotplug_etc_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
dontaudit $1 hotplug_etc_t:dir search;
|
||||
@ -87,7 +81,6 @@ interface(`hotplug_dontaudit_search_config',`
|
||||
interface(`hotplug_getattr_config_dir',`
|
||||
gen_require(`
|
||||
type hotplug_etc_t;
|
||||
class dir getattr;
|
||||
')
|
||||
|
||||
allow $1 hotplug_etc_t:dir getattr;
|
||||
@ -104,7 +97,6 @@ interface(`hotplug_getattr_config_dir',`
|
||||
interface(`hotplug_search_config',`
|
||||
gen_require(`
|
||||
type hotplug_etc_t;
|
||||
class dir { getattr search };
|
||||
')
|
||||
|
||||
allow $1 hotplug_etc_t:dir { getattr search };
|
||||
@ -121,9 +113,6 @@ interface(`hotplug_search_config',`
|
||||
interface(`hotplug_read_config',`
|
||||
gen_require(`
|
||||
type hotplug_etc_t;
|
||||
class file r_file_perms;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
|
@ -15,9 +15,6 @@ interface(`init_domain',`
|
||||
gen_require(`
|
||||
type init_t;
|
||||
role system_r;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
domain_type($1)
|
||||
@ -125,9 +122,6 @@ interface(`init_system_domain',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
role system_r;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
domain_type($1)
|
||||
@ -150,9 +144,6 @@ interface(`init_system_domain',`
|
||||
interface(`init_domtrans',`
|
||||
gen_require(`
|
||||
type init_t, init_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,init_exec_t,init_t)
|
||||
@ -187,7 +178,6 @@ interface(`init_exec',`
|
||||
interface(`init_get_process_group',`
|
||||
gen_require(`
|
||||
type init_t;
|
||||
class process getpgid;
|
||||
')
|
||||
|
||||
allow $1 init_t:process getpgid;
|
||||
@ -200,7 +190,6 @@ interface(`init_get_process_group',`
|
||||
interface(`init_getattr_initctl',`
|
||||
gen_require(`
|
||||
type initctl_t;
|
||||
class fifo_file getattr;
|
||||
')
|
||||
|
||||
allow $1 initctl_t:fifo_file getattr;
|
||||
@ -213,7 +202,6 @@ interface(`init_getattr_initctl',`
|
||||
interface(`init_dontaudit_getattr_initctl',`
|
||||
gen_require(`
|
||||
type initctl_t;
|
||||
class fifo_file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 initctl_t:fifo_file getattr;
|
||||
@ -226,7 +214,6 @@ interface(`init_dontaudit_getattr_initctl',`
|
||||
interface(`init_write_initctl',`
|
||||
gen_require(`
|
||||
type initctl_t;
|
||||
class fifo_file write;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -240,7 +227,6 @@ interface(`init_write_initctl',`
|
||||
interface(`init_use_initctl',`
|
||||
gen_require(`
|
||||
type initctl_t;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
@ -254,7 +240,6 @@ interface(`init_use_initctl',`
|
||||
interface(`init_dontaudit_use_initctl',`
|
||||
gen_require(`
|
||||
type initctl_t;
|
||||
class fifo_file { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 initctl_t:fifo_file { read write };
|
||||
@ -271,7 +256,6 @@ interface(`init_dontaudit_use_initctl',`
|
||||
interface(`init_signull',`
|
||||
gen_require(`
|
||||
type init_t;
|
||||
class process signull;
|
||||
')
|
||||
|
||||
allow $1 init_t:process signull;
|
||||
@ -288,7 +272,6 @@ interface(`init_signull',`
|
||||
interface(`init_sigchld',`
|
||||
gen_require(`
|
||||
type init_t;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
allow $1 init_t:process sigchld;
|
||||
@ -301,7 +284,6 @@ interface(`init_sigchld',`
|
||||
interface(`init_use_fd',`
|
||||
gen_require(`
|
||||
type init_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 init_t:fd use;
|
||||
@ -314,7 +296,6 @@ interface(`init_use_fd',`
|
||||
interface(`init_dontaudit_use_fd',`
|
||||
gen_require(`
|
||||
type init_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
dontaudit $1 init_t:fd use;
|
||||
@ -331,7 +312,6 @@ interface(`init_dontaudit_use_fd',`
|
||||
interface(`init_udp_sendto',`
|
||||
gen_require(`
|
||||
type init_t;
|
||||
class udp_socket { sendto recvfrom };
|
||||
')
|
||||
|
||||
allow $1 init_t:udp_socket sendto;
|
||||
@ -381,7 +361,6 @@ interface(`init_run_daemon',`
|
||||
gen_require(`
|
||||
attribute direct_run_init, direct_init, direct_init_entry;
|
||||
role system_r;
|
||||
class chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
typeattribute $1 direct_run_init;
|
||||
@ -433,7 +412,6 @@ interface(`init_getattr_script_entry_file',`
|
||||
interface(`init_read_script',`
|
||||
gen_require(`
|
||||
type initrc_exec_t;
|
||||
class file { getattr read };
|
||||
')
|
||||
|
||||
files_list_etc($1)
|
||||
@ -464,10 +442,6 @@ interface(`init_exec_script',`
|
||||
interface(`init_read_script_process_state',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
class lnk_file r_file_perms;
|
||||
class process { getattr ptrace };
|
||||
')
|
||||
|
||||
#FIXME: search proc dir
|
||||
@ -489,7 +463,6 @@ interface(`init_read_script_process_state',`
|
||||
interface(`init_use_script_fd',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 initrc_t:fd use;
|
||||
@ -502,7 +475,6 @@ interface(`init_use_script_fd',`
|
||||
interface(`init_dontaudit_use_script_fd',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
dontaudit $1 initrc_t:fd use;
|
||||
@ -515,7 +487,6 @@ interface(`init_dontaudit_use_script_fd',`
|
||||
interface(`init_get_script_process_group',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
class process getpgid;
|
||||
')
|
||||
|
||||
allow $1 initrc_t:process getpgid;
|
||||
@ -580,7 +551,6 @@ interface(`init_signull_script',`
|
||||
interface(`init_rw_script_pipe',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
allow $1 initrc_t:fifo_file { read write };
|
||||
@ -597,7 +567,6 @@ interface(`init_rw_script_pipe',`
|
||||
interface(`init_udp_sendto_script',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
class udp_socket { sendto recvfrom };
|
||||
')
|
||||
|
||||
allow $1 initrc_t:udp_socket sendto;
|
||||
@ -711,7 +680,6 @@ interface(`init_dontaudit_use_script_pty',`
|
||||
interface(`init_read_script_file',`
|
||||
gen_require(`
|
||||
type initrc_exec_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -777,7 +745,6 @@ interface(`init_filetrans_script_tmp',`
|
||||
interface(`init_getattr_utmp',`
|
||||
gen_require(`
|
||||
type initrc_var_run_t;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
allow $1 initrc_var_run_t:file getattr;
|
||||
@ -790,7 +757,6 @@ interface(`init_getattr_utmp',`
|
||||
interface(`init_read_utmp',`
|
||||
gen_require(`
|
||||
type initrc_var_run_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_list_pids($1)
|
||||
@ -804,7 +770,6 @@ interface(`init_read_utmp',`
|
||||
interface(`init_dontaudit_write_utmp',`
|
||||
gen_require(`
|
||||
type initrc_var_run_t;
|
||||
class file { write lock };
|
||||
')
|
||||
|
||||
dontaudit $1 initrc_var_run_t:file { write lock };
|
||||
@ -834,7 +799,6 @@ interface(`init_dontaudit_lock_utmp',`
|
||||
interface(`init_rw_utmp',`
|
||||
gen_require(`
|
||||
type initrc_var_run_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
files_list_pids($1)
|
||||
@ -848,7 +812,6 @@ interface(`init_rw_utmp',`
|
||||
interface(`init_dontaudit_rw_utmp',`
|
||||
gen_require(`
|
||||
type initrc_var_run_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
dontaudit $1 initrc_var_run_t:file { getattr read write append };
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`ipsec_domtrans',`
|
||||
gen_require(`
|
||||
type ipsec_t, ipsec_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,ipsec_exec_t,ipsec_t)
|
||||
@ -35,9 +32,6 @@ interface(`ipsec_domtrans',`
|
||||
interface(`ipsec_stream_connect',`
|
||||
gen_require(`
|
||||
type ipsec_t, ipsec_var_run_t;
|
||||
class dir search;
|
||||
class sock_file write;
|
||||
class unix_stream_socket connectto;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
@ -57,7 +51,6 @@ interface(`ipsec_stream_connect',`
|
||||
interface(`ipsec_getattr_key_socket',`
|
||||
gen_require(`
|
||||
type ipsec_t;
|
||||
class key_socket getattr;
|
||||
')
|
||||
|
||||
allow $1 ipsec_t:key_socket getattr;
|
||||
@ -90,7 +83,6 @@ interface(`ipsec_exec_mgmt',`
|
||||
interface(`ipsec_read_config',`
|
||||
gen_require(`
|
||||
type ipsec_conf_file_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -108,8 +100,6 @@ interface(`ipsec_read_config',`
|
||||
interface(`ipsec_manage_pid',`
|
||||
gen_require(`
|
||||
type ipsec_var_run_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
|
@ -39,7 +39,6 @@ interface(`libs_domtrans_ldconfig',`
|
||||
interface(`libs_run_ldconfig',`
|
||||
gen_require(`
|
||||
type ldconfig_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
libs_domtrans_ldconfig($1)
|
||||
@ -59,9 +58,6 @@ interface(`libs_run_ldconfig',`
|
||||
interface(`libs_use_ld_so',`
|
||||
gen_require(`
|
||||
type lib_t, ld_so_t, ld_so_cache_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
class file rx_file_perms;
|
||||
')
|
||||
|
||||
files_list_etc($1)
|
||||
@ -84,7 +80,6 @@ interface(`libs_use_ld_so',`
|
||||
interface(`libs_legacy_use_ld_so',`
|
||||
gen_require(`
|
||||
type ld_so_t, ld_so_cache_t;
|
||||
class file { execute execmod };
|
||||
')
|
||||
|
||||
libs_use_ld_so($1)
|
||||
@ -103,8 +98,6 @@ interface(`libs_legacy_use_ld_so',`
|
||||
interface(`libs_exec_ld_so',`
|
||||
gen_require(`
|
||||
type lib_t, ld_so_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
allow $1 lib_t:dir r_dir_perms;
|
||||
@ -163,7 +156,6 @@ interface(`libs_relabel_ld_so',`
|
||||
interface(`libs_rw_ld_so_cache',`
|
||||
gen_require(`
|
||||
type ld_so_cache_t;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
files_list_etc($1)
|
||||
@ -181,7 +173,6 @@ interface(`libs_rw_ld_so_cache',`
|
||||
interface(`libs_search_lib',`
|
||||
gen_require(`
|
||||
type lib_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
allow $1 lib_t:dir search;
|
||||
@ -199,9 +190,6 @@ interface(`libs_search_lib',`
|
||||
interface(`libs_read_lib',`
|
||||
gen_require(`
|
||||
type lib_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -220,8 +208,6 @@ interface(`libs_read_lib',`
|
||||
interface(`libs_exec_lib_files',`
|
||||
gen_require(`
|
||||
type lib_t;
|
||||
class dir r_dir_perms;
|
||||
class lnk_file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -280,7 +266,6 @@ interface(`libs_manage_lib_files',`
|
||||
interface(`libs_relabelto_lib_files',`
|
||||
gen_require(`
|
||||
type lib_t;
|
||||
class file relabelto;
|
||||
')
|
||||
|
||||
allow $1 lib_t:dir search_dir_perms;
|
||||
@ -357,7 +342,6 @@ interface(`libs_use_shared_libs',`
|
||||
interface(`libs_legacy_use_shared_libs',`
|
||||
gen_require(`
|
||||
type shlib_t, textrel_shlib_t;
|
||||
class file execmod;
|
||||
')
|
||||
|
||||
libs_use_shared_libs($1)
|
||||
|
@ -27,7 +27,6 @@ interface(`locallogin_domtrans',`
|
||||
interface(`locallogin_use_fd',`
|
||||
gen_require(`
|
||||
type local_login_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 local_login_t:fd use;
|
||||
@ -44,7 +43,6 @@ interface(`locallogin_use_fd',`
|
||||
interface(`locallogin_dontaudit_use_fd',`
|
||||
gen_require(`
|
||||
type local_login_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
dontaudit $1 local_login_t:fd use;
|
||||
@ -61,7 +59,6 @@ interface(`locallogin_dontaudit_use_fd',`
|
||||
interface(`locallogin_signull',`
|
||||
gen_require(`
|
||||
type local_login_t;
|
||||
class process signull;
|
||||
')
|
||||
|
||||
allow $1 local_login_t:process signull;
|
||||
|
@ -70,9 +70,6 @@ interface(`logging_domtrans_auditctl',`
|
||||
interface(`logging_domtrans_syslog',`
|
||||
gen_require(`
|
||||
type syslogd_t, syslogd_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -91,7 +88,6 @@ interface(`logging_domtrans_syslog',`
|
||||
interface(`logging_filetrans_log',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
allow $1 var_log_t:dir rw_dir_perms;
|
||||
@ -110,10 +106,6 @@ interface(`logging_filetrans_log',`
|
||||
interface(`logging_send_syslog_msg',`
|
||||
gen_require(`
|
||||
type syslogd_t, devlog_t;
|
||||
class lnk_file read;
|
||||
class sock_file rw_file_perms;
|
||||
class unix_dgram_socket { create_socket_perms sendto };
|
||||
class unix_stream_socket { create_socket_perms connectto };
|
||||
')
|
||||
|
||||
allow $1 devlog_t:lnk_file read;
|
||||
@ -140,7 +132,6 @@ interface(`logging_send_syslog_msg',`
|
||||
interface(`logging_read_auditd_config',`
|
||||
gen_require(`
|
||||
type auditd_etc_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -160,7 +151,6 @@ interface(`logging_read_auditd_config',`
|
||||
interface(`logging_search_logs',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -195,7 +185,6 @@ interface(`logging_list_logs',`
|
||||
interface(`logging_rw_log_dir',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
class dir rw_dir_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -209,7 +198,6 @@ interface(`logging_rw_log_dir',`
|
||||
interface(`logging_dontaudit_getattr_all_logs',`
|
||||
gen_require(`
|
||||
attribute logfile;
|
||||
class file getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 logfile:file getattr;
|
||||
@ -223,8 +211,6 @@ interface(`logging_append_all_logs',`
|
||||
gen_require(`
|
||||
attribute logfile;
|
||||
type var_log_t;
|
||||
class dir r_dir_perms;
|
||||
class file { getattr append };
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -240,8 +226,6 @@ interface(`logging_read_all_logs',`
|
||||
gen_require(`
|
||||
attribute logfile;
|
||||
type var_log_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -262,7 +246,6 @@ interface(`logging_read_all_logs',`
|
||||
interface(`logging_exec_all_logs',`
|
||||
gen_require(`
|
||||
attribute logfile;
|
||||
class dir r_dir_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -277,8 +260,6 @@ interface(`logging_exec_all_logs',`
|
||||
interface(`logging_manage_all_logs',`
|
||||
gen_require(`
|
||||
attribute logfile;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -294,8 +275,6 @@ interface(`logging_manage_all_logs',`
|
||||
interface(`logging_read_generic_logs',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -310,8 +289,6 @@ interface(`logging_read_generic_logs',`
|
||||
interface(`logging_write_generic_logs',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
class dir r_dir_perms;
|
||||
class file { getattr write };
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -330,8 +307,6 @@ interface(`logging_write_generic_logs',`
|
||||
interface(`logging_rw_generic_logs',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
class dir r_dir_perms;
|
||||
class file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
@ -351,8 +326,6 @@ interface(`logging_rw_generic_logs',`
|
||||
interface(`logging_manage_generic_logs',`
|
||||
gen_require(`
|
||||
type var_log_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_var($1)
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`mount_domtrans',`
|
||||
gen_require(`
|
||||
type mount_t, mount_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,mount_exec_t,mount_t)
|
||||
@ -43,7 +40,6 @@ interface(`mount_domtrans',`
|
||||
interface(`mount_run',`
|
||||
gen_require(`
|
||||
type mount_t;
|
||||
class chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
mount_domtrans($1)
|
||||
@ -81,7 +77,6 @@ interface(`mount_exec',`
|
||||
interface(`mount_use_fd',`
|
||||
gen_require(`
|
||||
type mount_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 mount_t:fd use;
|
||||
@ -99,7 +94,6 @@ interface(`mount_use_fd',`
|
||||
interface(`mount_send_nfs_client_request',`
|
||||
gen_require(`
|
||||
type mount_t;
|
||||
class udp_socket rw_socket_perms;
|
||||
')
|
||||
|
||||
allow $1 mount_t:udp_socket rw_socket_perms;
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`raid_domtrans_mdadm',`
|
||||
gen_require(`
|
||||
type mdadm_t, mdadm_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -44,7 +41,6 @@ interface(`raid_domtrans_mdadm',`
|
||||
interface(`raid_manage_mdadm_pid',`
|
||||
gen_require(`
|
||||
type mdadm_var_run_t;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
# FIXME: maybe should have a type_transition. not
|
||||
|
@ -11,9 +11,6 @@
|
||||
interface(`seutil_domtrans_checkpol',`
|
||||
gen_require(`
|
||||
type checkpolicy_t, checkpolicy_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -45,7 +42,6 @@ interface(`seutil_domtrans_checkpol',`
|
||||
interface(`seutil_run_checkpol',`
|
||||
gen_require(`
|
||||
type checkpolicy_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
seutil_domtrans_checkpol($1)
|
||||
@ -78,9 +74,6 @@ interface(`seutil_exec_checkpol',`
|
||||
interface(`seutil_domtrans_loadpol',`
|
||||
gen_require(`
|
||||
type load_policy_t, load_policy_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -112,7 +105,6 @@ interface(`seutil_domtrans_loadpol',`
|
||||
interface(`seutil_run_loadpol',`
|
||||
gen_require(`
|
||||
type load_policy_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
seutil_domtrans_loadpol($1)
|
||||
@ -140,7 +132,6 @@ interface(`seutil_exec_loadpol',`
|
||||
interface(`seutil_read_loadpol',`
|
||||
gen_require(`
|
||||
type load_policy_exec_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -158,9 +149,6 @@ interface(`seutil_read_loadpol',`
|
||||
interface(`seutil_domtrans_newrole',`
|
||||
gen_require(`
|
||||
type newrole_t, newrole_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -192,7 +180,6 @@ interface(`seutil_domtrans_newrole',`
|
||||
interface(`seutil_run_newrole',`
|
||||
gen_require(`
|
||||
type newrole_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
seutil_domtrans_newrole($1)
|
||||
@ -226,7 +213,6 @@ interface(`seutil_exec_newrole',`
|
||||
interface(`seutil_dontaudit_signal_newrole',`
|
||||
gen_require(`
|
||||
type newrole_t;
|
||||
class process signal;
|
||||
')
|
||||
|
||||
dontaudit $1 newrole_t:process signal;
|
||||
@ -239,7 +225,6 @@ interface(`seutil_dontaudit_signal_newrole',`
|
||||
interface(`seutil_sigchld_newrole',`
|
||||
gen_require(`
|
||||
type newrole_t;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
allow $1 newrole_t:process sigchld;
|
||||
@ -252,7 +237,6 @@ interface(`seutil_sigchld_newrole',`
|
||||
interface(`seutil_use_newrole_fd',`
|
||||
gen_require(`
|
||||
type newrole_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 newrole_t:fd use;
|
||||
@ -269,9 +253,6 @@ interface(`seutil_use_newrole_fd',`
|
||||
interface(`seutil_domtrans_restorecon',`
|
||||
gen_require(`
|
||||
type restorecon_t, restorecon_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
corecmd_search_sbin($1)
|
||||
@ -302,7 +283,6 @@ interface(`seutil_domtrans_restorecon',`
|
||||
interface(`seutil_run_restorecon',`
|
||||
gen_require(`
|
||||
type restorecon_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
seutil_domtrans_restorecon($1)
|
||||
@ -334,9 +314,6 @@ interface(`seutil_exec_restorecon',`
|
||||
interface(`seutil_domtrans_runinit',`
|
||||
gen_require(`
|
||||
type run_init_t, run_init_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -384,7 +361,6 @@ interface(`seutil_run_runinit',`
|
||||
interface(`seutil_use_runinit_fd',`
|
||||
gen_require(`
|
||||
type run_init_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 run_init_t:fd use;
|
||||
@ -401,9 +377,6 @@ interface(`seutil_use_runinit_fd',`
|
||||
interface(`seutil_domtrans_setfiles',`
|
||||
gen_require(`
|
||||
type setfiles_t, setfiles_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
@ -435,7 +408,6 @@ interface(`seutil_domtrans_setfiles',`
|
||||
interface(`seutil_run_setfiles',`
|
||||
gen_require(`
|
||||
type setfiles_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
seutil_domtrans_setfiles($1)
|
||||
@ -469,7 +441,6 @@ interface(`seutil_exec_setfiles',`
|
||||
interface(`seutil_dontaudit_search_config',`
|
||||
gen_require(`
|
||||
type selinux_config_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
dontaudit $1 selinux_config_t:dir search;
|
||||
@ -519,7 +490,6 @@ interface(`seutil_read_config',`
|
||||
interface(`seutil_search_default_contexts',`
|
||||
gen_require(`
|
||||
type selinux_config_t, default_context_t;
|
||||
class dir search;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -566,8 +536,6 @@ interface(`seutil_read_file_contexts',`
|
||||
interface(`seutil_read_binary_pol',`
|
||||
gen_require(`
|
||||
type selinux_config_t, policy_config_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -584,8 +552,6 @@ interface(`seutil_create_binary_pol',`
|
||||
gen_require(`
|
||||
# attribute can_write_binary_policy;
|
||||
type selinux_config_t, policy_config_t;
|
||||
class dir ra_dir_perms;
|
||||
class file { getattr create write };
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -607,7 +573,6 @@ interface(`seutil_relabelto_binary_pol',`
|
||||
gen_require(`
|
||||
attribute can_relabelto_binary_policy;
|
||||
type policy_config_t;
|
||||
class file relabelto;
|
||||
')
|
||||
|
||||
allow $1 policy_config_t:file relabelto;
|
||||
@ -622,8 +587,6 @@ interface(`seutil_manage_binary_pol',`
|
||||
gen_require(`
|
||||
attribute can_write_binary_policy;
|
||||
type selinux_config_t, policy_config_t;
|
||||
class dir rw_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -640,8 +603,6 @@ interface(`seutil_manage_binary_pol',`
|
||||
interface(`seutil_read_src_pol',`
|
||||
gen_require(`
|
||||
type selinux_config_t, policy_src_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -657,8 +618,6 @@ interface(`seutil_read_src_pol',`
|
||||
interface(`seutil_manage_src_pol',`
|
||||
gen_require(`
|
||||
type selinux_config_t, policy_src_t;
|
||||
class dir create_dir_perms;
|
||||
class file create_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
|
@ -112,9 +112,6 @@ template(`unconfined_domain_template',`
|
||||
interface(`unconfined_domtrans',`
|
||||
gen_require(`
|
||||
type unconfined_t, unconfined_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,unconfined_exec_t,unconfined_t)
|
||||
@ -142,7 +139,6 @@ interface(`unconfined_domtrans',`
|
||||
interface(`unconfined_run',`
|
||||
gen_require(`
|
||||
type unconfined_t;
|
||||
class chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
unconfined_domtrans($1)
|
||||
@ -177,7 +173,6 @@ interface(`unconfined_shell_domtrans',`
|
||||
interface(`unconfined_use_fd',`
|
||||
gen_require(`
|
||||
type unconfined_t;
|
||||
class fd use;
|
||||
')
|
||||
|
||||
allow $1 unconfined_t:fd use;
|
||||
@ -194,7 +189,6 @@ interface(`unconfined_use_fd',`
|
||||
interface(`unconfined_sigchld',`
|
||||
gen_require(`
|
||||
type unconfined_t;
|
||||
class process sigchld;
|
||||
')
|
||||
|
||||
allow $1 unconfined_t:process sigchld;
|
||||
@ -259,7 +253,6 @@ interface(`unconfined_dontaudit_read_pipe',`
|
||||
interface(`unconfined_rw_pipe',`
|
||||
gen_require(`
|
||||
type unconfined_t;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
allow $1 unconfined_t:fifo_file rw_file_perms;
|
||||
@ -287,7 +280,6 @@ interface(`unconfined_rw_pipe',`
|
||||
interface(`unconfined_dontaudit_rw_tcp_socket',`
|
||||
gen_require(`
|
||||
type unconfined_t;
|
||||
class tcp_socket { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 unconfined_t:tcp_socket { read write };
|
||||
|
Loading…
Reference in New Issue
Block a user