Updates to documentation.
This commit is contained in:
parent
61bbe5312e
commit
8700497fb1
@ -1,4 +1,7 @@
|
|||||||
## <module name="devices" layer="kernel">
|
## <module name="devices" layer="kernel">
|
||||||
|
## <summary>
|
||||||
|
## Device nodes and interfaces for many basic system devices.
|
||||||
|
## </summary>
|
||||||
## <description>
|
## <description>
|
||||||
## <p>
|
## <p>
|
||||||
## This module creates the device node concept and provides
|
## This module creates the device node concept and provides
|
||||||
@ -24,10 +27,10 @@
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_node">
|
## <interface name="dev_node">
|
||||||
## <description>
|
## <summary>
|
||||||
## Make the passed in type a type appropriate for
|
## Make the passed in type a type appropriate for
|
||||||
## use on device nodes (usually files in /dev).
|
## use on device nodes (usually files in /dev).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="object_type">
|
## <parameter name="object_type">
|
||||||
## The object type that will be used on device nodes.
|
## The object type that will be used on device nodes.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -51,9 +54,9 @@ define(`dev_node_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_relabel_all_dev_nodes">
|
## <interface name="dev_relabel_all_dev_nodes">
|
||||||
## <description>
|
## <summary>
|
||||||
## Allow full relabeling (to and from) of all device nodes.
|
## Allow full relabeling (to and from) of all device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed to relabel.
|
## Domain allowed to relabel.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -87,9 +90,9 @@ define(`dev_relabel_all_dev_nodes_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_list_all_dev_nodes">
|
## <interface name="dev_list_all_dev_nodes">
|
||||||
## <description>
|
## <summary>
|
||||||
## List all of the device nodes in a device directory.
|
## List all of the device nodes in a device directory.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed to list device nodes.
|
## Domain allowed to list device nodes.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -111,9 +114,9 @@ define(`dev_list_all_dev_nodes_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_list_all_dev_nodes">
|
## <interface name="dev_dontaudit_list_all_dev_nodes">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit attempts to list all device nodes.
|
## Dontaudit attempts to list all device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit listing of device nodes.
|
## Domain to dontaudit listing of device nodes.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -133,9 +136,9 @@ define(`dev_dontaudit_list_all_dev_nodes_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_create_dir">
|
## <interface name="dev_create_dir">
|
||||||
## <description>
|
## <summary>
|
||||||
## Create a directory in the device directory.
|
## Create a directory in the device directory.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed to create the directory.
|
## Domain allowed to create the directory.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -155,9 +158,9 @@ define(`dev_create_dir_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_relabel_dev_dirs">
|
## <interface name="dev_relabel_dev_dirs">
|
||||||
## <description>
|
## <summary>
|
||||||
## Allow full relabeling (to and from) of directories in /dev.
|
## Allow full relabeling (to and from) of directories in /dev.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed to relabel.
|
## Domain allowed to relabel.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -177,9 +180,9 @@ define(`dev_relabel_dev_dirs_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_getattr_generic_pipe">
|
## <interface name="dev_dontaudit_getattr_generic_pipe">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit getattr on generic pipes.
|
## Dontaudit getattr on generic pipes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit.
|
## Domain to dontaudit.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -199,9 +202,9 @@ define(`dev_dontaudit_getattr_generic_pipe_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_getattr_generic_blk_file">
|
## <interface name="dev_getattr_generic_blk_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Allow getattr on generic block devices.
|
## Allow getattr on generic block devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -223,9 +226,9 @@ define(`ddev_getattr_generic_blk_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_getattr_generic_blk_file">
|
## <interface name="dev_dontaudit_getattr_generic_blk_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit getattr on generic block devices.
|
## Dontaudit getattr on generic block devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit access.
|
## Domain to dontaudit access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -245,10 +248,10 @@ define(`dev_dontaudit_getattr_generic_blk_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_manage_generic_blk_file">
|
## <interface name="dev_manage_generic_blk_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Allow read, write, create, and delete for generic
|
## Allow read, write, create, and delete for generic
|
||||||
## block files.
|
## block files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -269,9 +272,9 @@ define(`dev_manage_generic_blk_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_create_generic_chr_file">
|
## <interface name="dev_create_generic_chr_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Allow read, write, and create for generic character device files.
|
## Allow read, write, and create for generic character device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -296,9 +299,9 @@ define(`dev_create_generic_chr_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_getattr_generic_chr_file">
|
## <interface name="dev_getattr_generic_chr_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Allow getattr for generic character device files.
|
## Allow getattr for generic character device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -320,9 +323,9 @@ define(`dev_getattr_generic_chr_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_getattr_generic_chr_file">
|
## <interface name="dev_dontaudit_getattr_generic_chr_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit getattr for generic character device files.
|
## Dontaudit getattr for generic character device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit access.
|
## Domain to dontaudit access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -342,9 +345,9 @@ define(`dev_dontaudit_getattr_generic_chr_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_del_generic_symlinks">
|
## <interface name="dev_del_generic_symlinks">
|
||||||
## <description>
|
## <summary>
|
||||||
## Delete symbolic links in device directories.
|
## Delete symbolic links in device directories.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -368,9 +371,9 @@ define(`dev_del_generic_symlinks_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_manage_generic_symlinks">
|
## <interface name="dev_manage_generic_symlinks">
|
||||||
## <description>
|
## <summary>
|
||||||
## Create, delete, read, and write symbolic links in device directories.
|
## Create, delete, read, and write symbolic links in device directories.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -392,9 +395,9 @@ define(`dev_manage_generic_symlinks_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_manage_dev_nodes">
|
## <interface name="dev_manage_dev_nodes">
|
||||||
## <description>
|
## <summary>
|
||||||
## Create, delete, read, and write device nodes in device directories.
|
## Create, delete, read, and write device nodes in device directories.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -434,9 +437,9 @@ define(`dev_manage_dev_nodes_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_rw_generic_dev_nodes">
|
## <interface name="dev_dontaudit_rw_generic_dev_nodes">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit getattr for generic device files.
|
## Dontaudit getattr for generic device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit access.
|
## Domain to dontaudit access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -457,9 +460,9 @@ define(`dev_dontaudit_rw_generic_dev_nodes_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_manage_generic_blk_file">
|
## <interface name="dev_manage_generic_blk_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Create, delete, read, and write block device files.
|
## Create, delete, read, and write block device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -481,9 +484,9 @@ define(`dev_manage_generic_blk_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_manage_generic_chr_file">
|
## <interface name="dev_manage_generic_chr_file">
|
||||||
## <description>
|
## <summary>
|
||||||
## Create, delete, read, and write character device files.
|
## Create, delete, read, and write character device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -505,10 +508,10 @@ define(`dev_manage_generic_chr_file_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_create_dev_node">
|
## <interface name="dev_create_dev_node">
|
||||||
## <description>
|
## <summary>
|
||||||
## Create, read, and write device nodes. The node
|
## Create, read, and write device nodes. The node
|
||||||
## will be transitioned to the type provided.
|
## will be transitioned to the type provided.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -540,9 +543,9 @@ define(`dev_create_dev_node_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_getattr_all_blk_files">
|
## <interface name="dev_getattr_all_blk_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Getattr on all block file device nodes.
|
## Getattr on all block file device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -564,9 +567,9 @@ define(`dev_getattr_all_blk_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_getattr_all_blk_files">
|
## <interface name="dev_dontaudit_getattr_all_blk_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit getattr on all block file device nodes.
|
## Dontaudit getattr on all block file device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit access.
|
## Domain to dontaudit access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -586,9 +589,9 @@ define(`dev_dontaudit_getattr_all_blk_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_getattr_all_chr_files">
|
## <interface name="dev_getattr_all_chr_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Getattr on all character file device nodes.
|
## Getattr on all character file device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -610,9 +613,9 @@ define(`dev_getattr_all_chr_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_getattr_all_chr_files">
|
## <interface name="dev_dontaudit_getattr_all_chr_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit getattr on all character file device nodes.
|
## Dontaudit getattr on all character file device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit access.
|
## Domain to dontaudit access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -632,9 +635,9 @@ define(`dev_dontaudit_getattr_all_chr_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_setattr_all_blk_files">
|
## <interface name="dev_setattr_all_blk_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Setattr on all block file device nodes.
|
## Setattr on all block file device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -656,9 +659,9 @@ define(`dev_setattr_all_blk_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_setattr_all_chr_files">
|
## <interface name="dev_setattr_all_chr_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Setattr on all character file device nodes.
|
## Setattr on all character file device nodes.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -680,9 +683,9 @@ define(`dev_setattr_all_chr_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_manage_all_blk_files">
|
## <interface name="dev_manage_all_blk_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read, write, create, and delete all block device files.
|
## Read, write, create, and delete all block device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -710,9 +713,9 @@ define(`dev_manage_all_blk_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_manage_all_chr_files">
|
## <interface name="dev_manage_all_chr_files">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read, write, create, and delete all character device files.
|
## Read, write, create, and delete all character device files.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -736,9 +739,9 @@ define(`dev_manage_all_chr_files_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_raw_memory">
|
## <interface name="dev_read_raw_memory">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read raw memory devices (e.g. /dev/mem).
|
## Read raw memory devices (e.g. /dev/mem).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -764,9 +767,9 @@ define(`dev_read_raw_memory_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_raw_memory">
|
## <interface name="dev_write_raw_memory">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write raw memory devices (e.g. /dev/mem).
|
## Write raw memory devices (e.g. /dev/mem).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -792,9 +795,9 @@ define(`dev_write_raw_memory_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rx_raw_memory">
|
## <interface name="dev_rx_raw_memory">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and execute raw memory devices (e.g. /dev/mem).
|
## Read and execute raw memory devices (e.g. /dev/mem).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -815,9 +818,9 @@ define(`dev_rx_raw_memory_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_wx_raw_memory">
|
## <interface name="dev_wx_raw_memory">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write and execute raw memory devices (e.g. /dev/mem).
|
## Write and execute raw memory devices (e.g. /dev/mem).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -838,9 +841,9 @@ define(`dev_wx_raw_memory_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_rand">
|
## <interface name="dev_read_rand">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read from random devices (e.g., /dev/random)
|
## Read from random devices (e.g., /dev/random)
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -862,9 +865,9 @@ define(`dev_read_rand_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_urand">
|
## <interface name="dev_read_urand">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read from pseudo random devices (e.g., /dev/urandom)
|
## Read from pseudo random devices (e.g., /dev/urandom)
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -886,11 +889,11 @@ define(`dev_read_urand_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_rand">
|
## <interface name="dev_write_rand">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write to the random device (e.g., /dev/random). This adds
|
## Write to the random device (e.g., /dev/random). This adds
|
||||||
## entropy used to generate the random data read from the
|
## entropy used to generate the random data read from the
|
||||||
## random device.
|
## random device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -912,10 +915,10 @@ define(`dev_write_rand_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_urand">
|
## <interface name="dev_write_urand">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write to the pseudo random device (e.g., /dev/urandom). This
|
## Write to the pseudo random device (e.g., /dev/urandom). This
|
||||||
## sets the random number generator seed.
|
## sets the random number generator seed.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -937,9 +940,9 @@ define(`dev_write_urand_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_null_dev">
|
## <interface name="dev_rw_null_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write to the null device (/dev/null).
|
## Read and write to the null device (/dev/null).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -961,9 +964,9 @@ define(`dev_rw_null_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_zero_dev">
|
## <interface name="dev_rw_zero_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write to the zero device (/dev/zero).
|
## Read and write to the zero device (/dev/zero).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -985,9 +988,9 @@ define(`dev_rw_zero_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rwx_zero_dev">
|
## <interface name="dev_rwx_zero_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read, write, and execute the zero device (/dev/zero).
|
## Read, write, and execute the zero device (/dev/zero).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1008,9 +1011,9 @@ define(`dev_rwx_zero_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_realtime_clock">
|
## <interface name="dev_read_realtime_clock">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the realtime clock (/dev/rtc).
|
## Read the realtime clock (/dev/rtc).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1031,9 +1034,9 @@ class chr_file r_file_perms;
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_realtime_clock">
|
## <interface name="dev_write_realtime_clock">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the realtime clock (/dev/rtc).
|
## Read the realtime clock (/dev/rtc).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1055,9 +1058,9 @@ define(`dev_write_realtime_clock_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_realtime_clock">
|
## <interface name="dev_rw_realtime_clock">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the realtime clock (/dev/rtc).
|
## Read the realtime clock (/dev/rtc).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1070,9 +1073,9 @@ define(`dev_rw_realtime_clock',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_snd_dev">
|
## <interface name="dev_read_snd_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the sound devices.
|
## Read the sound devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1093,9 +1096,9 @@ define(`dev_read_snd_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_snd_dev">
|
## <interface name="dev_write_snd_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write the sound devices.
|
## Write the sound devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1117,9 +1120,9 @@ define(`dev_write_snd_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_snd_mixer_dev">
|
## <interface name="dev_read_snd_mixer_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the sound mixer devices.
|
## Read the sound mixer devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1141,9 +1144,9 @@ define(`dev_read_snd_mixer_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_snd_mixer_dev">
|
## <interface name="dev_write_snd_mixer_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write the sound mixer devices.
|
## Write the sound mixer devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1165,9 +1168,9 @@ define(`dev_write_snd_mixer_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_agp_dev">
|
## <interface name="dev_rw_agp_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write the agp devices.
|
## Read and write the agp devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1189,9 +1192,9 @@ define(`dev_rw_agp_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_getattr_agp_dev">
|
## <interface name="dev_getattr_agp_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Getattr the agp devices.
|
## Getattr the agp devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1213,9 +1216,9 @@ define(`dev_getattr_agp_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_dri_dev">
|
## <interface name="dev_rw_dri_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write the dri devices.
|
## Read and write the dri devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1237,9 +1240,9 @@ define(`dev_rw_dri_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_dontaudit_rw_dri_dev">
|
## <interface name="dev_dontaudit_rw_dri_dev">
|
||||||
## <description>
|
## <summary>
|
||||||
## Dontaudit read and write on the dri devices.
|
## Dontaudit read and write on the dri devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain to dontaudit access.
|
## Domain to dontaudit access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1259,9 +1262,9 @@ define(`dev_dontaudit_rw_dri_dev_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_mtrr">
|
## <interface name="dev_read_mtrr">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the mtrr device.
|
## Read the mtrr device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1283,9 +1286,9 @@ define(`dev_read_mtrr_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_mtrr">
|
## <interface name="dev_write_mtrr">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write the mtrr device.
|
## Write the mtrr device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1307,9 +1310,9 @@ define(`dev_write_mtrr_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_framebuffer">
|
## <interface name="dev_read_framebuffer">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the framebuffer device.
|
## Read the framebuffer device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1331,9 +1334,9 @@ define(`dev_read_framebuffer_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_framebuffer">
|
## <interface name="dev_write_framebuffer">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write the framebuffer device.
|
## Write the framebuffer device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1355,9 +1358,9 @@ define(`dev_write_framebuffer_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_lvm_control">
|
## <interface name="dev_read_lvm_control">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the lvm comtrol device.
|
## Read the lvm comtrol device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1379,9 +1382,9 @@ define(`dev_read_lvm_control_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_lvm_control">
|
## <interface name="dev_rw_lvm_control">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write the lvm control device.
|
## Read and write the lvm control device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1403,9 +1406,9 @@ define(`dev_rw_lvm_control_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_delete_lvm_control">
|
## <interface name="dev_delete_lvm_control">
|
||||||
## <description>
|
## <summary>
|
||||||
## Delete the lvm control device.
|
## Delete the lvm control device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1427,9 +1430,9 @@ define(`dev_delete_lvm_control_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_misc">
|
## <interface name="dev_read_misc">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read miscellaneous devices.
|
## Read miscellaneous devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1451,9 +1454,9 @@ define(`dev_read_misc_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_write_misc">
|
## <interface name="dev_write_misc">
|
||||||
## <description>
|
## <summary>
|
||||||
## Write miscellaneous devices.
|
## Write miscellaneous devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1475,9 +1478,9 @@ define(`dev_write_misc_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_mouse">
|
## <interface name="dev_read_mouse">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the mouse devices.
|
## Read the mouse devices.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1499,9 +1502,9 @@ define(`dev_read_mouse_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_input">
|
## <interface name="dev_read_input">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the multiplexed input device (/dev/input).
|
## Read the multiplexed input device (/dev/input).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1523,9 +1526,9 @@ define(`dev_read_input_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_read_cpuid">
|
## <interface name="dev_read_cpuid">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read the multiplexed input device (/dev/input).
|
## Read the multiplexed input device (/dev/input).
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1547,10 +1550,10 @@ define(`dev_read_cpuid_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_cpu_microcode">
|
## <interface name="dev_rw_cpu_microcode">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write the the cpu microcode device. This
|
## Read and write the the cpu microcode device. This
|
||||||
## is required to load cpu microcode.
|
## is required to load cpu microcode.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1572,9 +1575,9 @@ define(`dev_rw_cpu_microcode_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_scanner">
|
## <interface name="dev_rw_scanner">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write the the scanner device.
|
## Read and write the the scanner device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
@ -1596,9 +1599,9 @@ define(`dev_rw_scanner_depend',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="dev_rw_power_management">
|
## <interface name="dev_rw_power_management">
|
||||||
## <description>
|
## <summary>
|
||||||
## Read and write the the power management device.
|
## Read and write the the power management device.
|
||||||
## </description>
|
## </summary>
|
||||||
## <parameter name="domain">
|
## <parameter name="domain">
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
|
@ -1,5 +1,20 @@
|
|||||||
## <module name="files" layer="system">
|
## <module name="files" layer="system">
|
||||||
## <summary>Policy controlling access to general files</summary>
|
## <summary>
|
||||||
|
## Basic filesystem types and interfaces.
|
||||||
|
## </summary>
|
||||||
|
## <description>
|
||||||
|
## <p>
|
||||||
|
## This module contains basic filesystem types and interfaces. This
|
||||||
|
## includes:
|
||||||
|
## <ul>
|
||||||
|
## <li>The concept of different file types including basic
|
||||||
|
## files, mount points, tmp files, etc.</li>
|
||||||
|
## <li>Access to groups of files and all files.</li>
|
||||||
|
## <li>Types and interfaces for the basic filesystem layout
|
||||||
|
## (/, /etc, /tmp, /usr, etc.).</li>
|
||||||
|
## </ul>
|
||||||
|
## </p>
|
||||||
|
## </description>
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user