change read_shared_libraries to use_shared_libraries, since the execute
permission is checked when using shared libs to execute code in them, which is not the same as just reading the shared libs.
This commit is contained in:
Chris PeBenito
parent
650e75c57d
commit
dd14d0d892
@ -49,7 +49,7 @@ domain_use_widely_inheritable_file_descriptors(consoletype_t)
|
||||
files_ignore_read_rootfs_file(consoletype_t)
|
||||
|
||||
libraries_use_dynamic_loader(consoletype_t)
|
||||
libraries_read_shared_libraries(consoletype_t)
|
||||
libraries_use_shared_libraries(consoletype_t)
|
||||
|
||||
optional_policy(`authlogin.te', `
|
||||
authlogin_pam_read_runtime_data(consoletype_t)
|
||||
|
||||
@ -70,7 +70,7 @@ files_read_general_system_config(netutils_t)
|
||||
files_ignore_search_system_state_data_directory(netutils_t)
|
||||
|
||||
libraries_use_dynamic_loader(netutils_t)
|
||||
libraries_read_shared_libraries(netutils_t)
|
||||
libraries_use_shared_libraries(netutils_t)
|
||||
|
||||
logging_send_system_log_message(netutils_t)
|
||||
|
||||
@ -124,7 +124,7 @@ files_read_general_system_config(ping_t)
|
||||
files_ignore_search_system_state_data_directory(ping_t)
|
||||
|
||||
libraries_use_dynamic_loader(ping_t)
|
||||
libraries_read_shared_libraries(ping_t)
|
||||
libraries_use_shared_libraries(ping_t)
|
||||
|
||||
sysnetwork_read_network_config(ping_t)
|
||||
|
||||
@ -182,7 +182,7 @@ files_read_general_system_config(traceroute_t)
|
||||
files_ignore_search_system_state_data_directory(traceroute_t)
|
||||
|
||||
libraries_use_dynamic_loader(traceroute_t)
|
||||
libraries_read_shared_libraries(traceroute_t)
|
||||
libraries_use_shared_libraries(traceroute_t)
|
||||
|
||||
logging_send_system_log_message(traceroute_t)
|
||||
|
||||
|
||||
@ -103,7 +103,7 @@ files_manage_general_system_config(chfn_t)
|
||||
files_read_runtime_system_config(chfn_t)
|
||||
|
||||
libraries_use_dynamic_loader(chfn_t)
|
||||
libraries_read_shared_libraries(chfn_t)
|
||||
libraries_use_shared_libraries(chfn_t)
|
||||
|
||||
miscfiles_read_localization(chfn_t)
|
||||
|
||||
@ -174,7 +174,7 @@ files_read_general_application_resources(crack_t)
|
||||
corecommands_execute_general_programs(crack_t)
|
||||
|
||||
libraries_use_dynamic_loader(crack_t)
|
||||
libraries_read_shared_libraries(crack_t)
|
||||
libraries_use_shared_libraries(crack_t)
|
||||
|
||||
logging_send_system_log_message(crack_t)
|
||||
|
||||
@ -231,7 +231,7 @@ domain_use_widely_inheritable_file_descriptors(groupadd_t)
|
||||
files_manage_general_system_config(groupadd_t)
|
||||
|
||||
libraries_use_dynamic_loader(groupadd_t)
|
||||
libraries_read_shared_libraries(groupadd_t)
|
||||
libraries_use_shared_libraries(groupadd_t)
|
||||
|
||||
# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
|
||||
corecommands_execute_general_programs(groupadd_t)
|
||||
@ -311,7 +311,7 @@ files_read_runtime_system_config(passwd_t)
|
||||
files_manage_general_system_config(passwd_t)
|
||||
|
||||
libraries_use_dynamic_loader(passwd_t)
|
||||
libraries_read_shared_libraries(passwd_t)
|
||||
libraries_use_shared_libraries(passwd_t)
|
||||
|
||||
logging_send_system_log_message(passwd_t)
|
||||
|
||||
@ -416,7 +416,7 @@ corecommands_execute_shell(sysadm_passwd_t)
|
||||
files_read_general_application_resources(sysadm_passwd_t)
|
||||
|
||||
libraries_use_dynamic_loader(sysadm_passwd_t)
|
||||
libraries_read_shared_libraries(sysadm_passwd_t)
|
||||
libraries_use_shared_libraries(sysadm_passwd_t)
|
||||
|
||||
miscfiles_read_localization(sysadm_passwd_t)
|
||||
|
||||
@ -498,7 +498,7 @@ domain_use_widely_inheritable_file_descriptors(useradd_t)
|
||||
files_manage_general_system_config(useradd_t)
|
||||
|
||||
libraries_use_dynamic_loader(useradd_t)
|
||||
libraries_read_shared_libraries(useradd_t)
|
||||
libraries_use_shared_libraries(useradd_t)
|
||||
|
||||
corecommands_execute_shell(useradd_t)
|
||||
# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
|
||||
|
||||
@ -79,7 +79,7 @@ filesystem_get_persistent_filesystem_attributes($1_gpg_t)
|
||||
files_read_general_system_config($1_gpg_t)
|
||||
files_read_general_application_resources($1_gpg_t)
|
||||
|
||||
libraries_read_shared_libraries($1_gpg_t)
|
||||
libraries_use_shared_libraries($1_gpg_t)
|
||||
libraries_use_dynamic_loader($1_gpg_t)
|
||||
|
||||
miscfiles_read_localization($1_gpg_t)
|
||||
@ -91,7 +91,7 @@ sysnetwork_read_network_config($1_gpg_t)
|
||||
# Legacy
|
||||
if (allow_gpg_execstack) {
|
||||
allow $1_gpg_t self:process execmem;
|
||||
libraries_legacy_read_shared_libraries($1_gpg_t)
|
||||
libraries_legacy_use_shared_libraries($1_gpg_t)
|
||||
libraries_legacy_use_dynamic_loader($1_gpg_t)
|
||||
miscfiles_legacy_read_localization($1_gpg_t)
|
||||
# Not quite sure why this is needed...
|
||||
@ -182,7 +182,7 @@ files_read_general_system_config($1_gpg_helper_t)
|
||||
files_ignore_search_system_state_data_directory($1_gpg_helper_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_gpg_helper_t)
|
||||
libraries_read_shared_libraries($1_gpg_helper_t)
|
||||
libraries_use_shared_libraries($1_gpg_helper_t)
|
||||
|
||||
sysnetwork_read_network_config($1_gpg_helper_t)
|
||||
|
||||
@ -224,7 +224,7 @@ files_create_private_tmp_data($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_fi
|
||||
domain_use_widely_inheritable_file_descriptors($1_gpg_agent_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_gpg_agent_t)
|
||||
libraries_read_shared_libraries($1_gpg_agent_t)
|
||||
libraries_use_shared_libraries($1_gpg_agent_t)
|
||||
|
||||
miscfiles_read_localization($1_gpg_agent_t)
|
||||
|
||||
@ -285,7 +285,7 @@ files_read_general_application_resources($1_gpg_pinentry_t)
|
||||
files_read_general_system_config($1_gpg_pinentry_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_gpg_pinentry_t)
|
||||
libraries_read_shared_libraries($1_gpg_pinentry_t)
|
||||
libraries_use_shared_libraries($1_gpg_pinentry_t)
|
||||
|
||||
miscfiles_read_fonts($1_gpg_pinentry_t)
|
||||
miscfiles_read_localization($1_gpg_pinentry_t)
|
||||
|
||||
@ -118,7 +118,7 @@ init_script_use_file_descriptors(bootloader_t)
|
||||
domain_use_widely_inheritable_file_descriptors(bootloader_t)
|
||||
|
||||
libraries_use_dynamic_loader(bootloader_t)
|
||||
libraries_read_shared_libraries(bootloader_t)
|
||||
libraries_use_shared_libraries(bootloader_t)
|
||||
libraries_read_library_resources(bootloader_t)
|
||||
|
||||
files_read_general_system_config(bootloader_t)
|
||||
|
||||
@ -177,7 +177,7 @@ allow kernel_t security_t:security load_policy;
|
||||
auditallow kernel_t security_t:security load_policy;
|
||||
|
||||
libraries_use_dynamic_loader(kernel_t)
|
||||
libraries_read_shared_libraries(kernel_t)
|
||||
libraries_use_shared_libraries(kernel_t)
|
||||
|
||||
corecommands_execute_shell(kernel_t)
|
||||
|
||||
|
||||
@ -80,7 +80,7 @@ corecommands_execute_general_programs($1_crond_t)
|
||||
corecommands_execute_system_programs($1_crond_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_crond_t)
|
||||
libraries_read_shared_libraries($1_crond_t)
|
||||
libraries_use_shared_libraries($1_crond_t)
|
||||
libraries_execute_library_scripts($1_crond_t)
|
||||
libraries_execute_dynamic_loader($1_crond_t)
|
||||
|
||||
@ -157,7 +157,7 @@ domain_use_widely_inheritable_file_descriptors($1_crontab_t)
|
||||
files_read_general_system_config($1_crontab_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_crontab_t)
|
||||
libraries_read_shared_libraries($1_crontab_t)
|
||||
libraries_use_shared_libraries($1_crontab_t)
|
||||
|
||||
logging_send_system_log_message($1_crontab_t)
|
||||
|
||||
|
||||
@ -105,7 +105,7 @@ corecommands_execute_shell(crond_t)
|
||||
corecommands_read_system_programs_directory(crond_t)
|
||||
|
||||
libraries_use_dynamic_loader(crond_t)
|
||||
libraries_read_shared_libraries(crond_t)
|
||||
libraries_use_shared_libraries(crond_t)
|
||||
|
||||
logging_send_system_log_message(crond_t)
|
||||
|
||||
@ -274,7 +274,7 @@ corecommands_execute_general_programs(system_crond_t)
|
||||
corecommands_execute_system_programs(system_crond_t)
|
||||
|
||||
libraries_use_dynamic_loader(system_crond_t)
|
||||
libraries_read_shared_libraries(system_crond_t)
|
||||
libraries_use_shared_libraries(system_crond_t)
|
||||
libraries_execute_library_scripts(system_crond_t)
|
||||
libraries_execute_dynamic_loader(system_crond_t)
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ corenetwork_bind_tcp_on_all_nodes($1_mail_t)
|
||||
domain_use_widely_inheritable_file_descriptors($1_mail_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_mail_t)
|
||||
libraries_read_shared_libraries($1_mail_t)
|
||||
libraries_use_shared_libraries($1_mail_t)
|
||||
|
||||
corecommands_execute_general_programs($1_mail_t)
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ files_ignore_search_runtime_data_directory(system_mail_t)
|
||||
corecommands_execute_general_programs(system_mail_t)
|
||||
|
||||
libraries_use_dynamic_loader(system_mail_t)
|
||||
libraries_read_shared_libraries(system_mail_t)
|
||||
libraries_use_shared_libraries(system_mail_t)
|
||||
|
||||
logging_send_system_log_message(system_mail_t)
|
||||
|
||||
@ -150,7 +150,7 @@ files_execute_system_config_script(system_mail_t)
|
||||
corecommands_execute_general_programs(system_mail_t)
|
||||
corecommands_execute_system_programs(system_mail_t)
|
||||
libraries_use_dynamic_loader(system_mail_t)
|
||||
libraries_read_shared_libraries(system_mail_t)
|
||||
libraries_use_shared_libraries(system_mail_t)
|
||||
libraries_execute_dynamic_loader(system_mail_t)
|
||||
libraries_execute_library_scripts(system_mail_t)
|
||||
')
|
||||
|
||||
@ -66,7 +66,7 @@ files_list_home_directories(remote_login_t)
|
||||
files_read_general_application_resources(remote_login_t)
|
||||
|
||||
libraries_use_dynamic_loader(remote_login_t)
|
||||
libraries_read_shared_libraries(remote_login_t)
|
||||
libraries_use_shared_libraries(remote_login_t)
|
||||
|
||||
logging_send_system_log_message(remote_login_t)
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ files_search_system_spool_directory(sendmail_t)
|
||||
logging_send_system_log_message(sendmail_t)
|
||||
|
||||
libraries_use_dynamic_loader(sendmail_t)
|
||||
libraries_read_shared_libraries(sendmail_t)
|
||||
libraries_use_shared_libraries(sendmail_t)
|
||||
# Read /usr/lib/sasl2/.*
|
||||
libraries_read_library_resources(sendmail_t)
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ files_read_general_system_config(auditd_t)
|
||||
logging_send_system_log_message(auditd_t)
|
||||
|
||||
libraries_use_dynamic_loader(auditd_t)
|
||||
libraries_read_shared_libraries(auditd_t)
|
||||
libraries_use_shared_libraries(auditd_t)
|
||||
|
||||
miscfiles_read_localization(auditd_t)
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@ filesystem_ignore_get_persistent_filesystem_attributes($1_chkpwd_t)
|
||||
domain_use_widely_inheritable_file_descriptors($1_chkpwd_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_chkpwd_t)
|
||||
libraries_read_shared_libraries($1_chkpwd_t)
|
||||
libraries_use_shared_libraries($1_chkpwd_t)
|
||||
|
||||
files_read_general_system_config($1_chkpwd_t)
|
||||
# for nscd
|
||||
|
||||
@ -103,7 +103,7 @@ files_read_general_system_config(pam_t)
|
||||
files_read_runtime_data_directory(pam_t)
|
||||
|
||||
libraries_use_dynamic_loader(pam_t)
|
||||
libraries_read_shared_libraries(pam_t)
|
||||
libraries_use_shared_libraries(pam_t)
|
||||
|
||||
logging_send_system_log_message(pam_t)
|
||||
|
||||
@ -163,7 +163,7 @@ files_read_general_system_config(pam_console_t)
|
||||
files_search_runtime_data_directory(pam_console_t)
|
||||
|
||||
libraries_use_dynamic_loader(pam_console_t)
|
||||
libraries_read_shared_libraries(pam_console_t)
|
||||
libraries_use_shared_libraries(pam_console_t)
|
||||
|
||||
logging_send_system_log_message(pam_console_t)
|
||||
|
||||
@ -251,7 +251,7 @@ files_read_general_system_config(system_chkpwd_t)
|
||||
files_ignore_search_system_state_data_directory(system_chkpwd_t)
|
||||
|
||||
libraries_use_dynamic_loader(system_chkpwd_t)
|
||||
libraries_read_shared_libraries(system_chkpwd_t)
|
||||
libraries_use_shared_libraries(system_chkpwd_t)
|
||||
|
||||
logging_send_system_log_message(system_chkpwd_t)
|
||||
|
||||
@ -301,7 +301,7 @@ files_read_general_system_config(utempter_t)
|
||||
domain_use_widely_inheritable_file_descriptors(utempter_t)
|
||||
|
||||
libraries_use_dynamic_loader(utempter_t)
|
||||
libraries_read_shared_libraries(utempter_t)
|
||||
libraries_use_shared_libraries(utempter_t)
|
||||
|
||||
logging_search_system_log_directory(utempter_t)
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ init_script_use_pseudoterminal(hwclock_t)
|
||||
domain_use_widely_inheritable_file_descriptors(hwclock_t)
|
||||
|
||||
libraries_use_dynamic_loader(hwclock_t)
|
||||
libraries_read_shared_libraries(hwclock_t)
|
||||
libraries_use_shared_libraries(hwclock_t)
|
||||
|
||||
logging_send_system_log_message(hwclock_t)
|
||||
|
||||
|
||||
@ -44,7 +44,7 @@ init_script_use_pseudoterminal(hostname_t)
|
||||
domain_use_widely_inheritable_file_descriptors(hostname_t)
|
||||
|
||||
libraries_use_dynamic_loader(hostname_t)
|
||||
libraries_read_shared_libraries(hostname_t)
|
||||
libraries_use_shared_libraries(hostname_t)
|
||||
|
||||
logging_send_system_log_message(hostname_t)
|
||||
|
||||
|
||||
@ -81,7 +81,7 @@ corecommands_execute_system_programs(hotplug_t)
|
||||
logging_send_system_log_message(hotplug_t)
|
||||
|
||||
libraries_use_dynamic_loader(hotplug_t)
|
||||
libraries_read_shared_libraries(hotplug_t)
|
||||
libraries_use_shared_libraries(hotplug_t)
|
||||
# Read /usr/lib/gconv/.*
|
||||
libraries_read_library_resources(hotplug_t)
|
||||
|
||||
|
||||
@ -108,7 +108,7 @@ files_ignore_modify_rootfs_file(init_t)
|
||||
files_ignore_modify_rootfs_device(init_t)
|
||||
|
||||
libraries_use_dynamic_loader(init_t)
|
||||
libraries_read_shared_libraries(init_t)
|
||||
libraries_use_shared_libraries(init_t)
|
||||
|
||||
corecommands_chroot(init_t)
|
||||
corecommands_execute_general_programs(init_t)
|
||||
@ -236,7 +236,7 @@ domain_use_widely_inheritable_file_descriptors(initrc_t)
|
||||
|
||||
libraries_modify_dynamic_loader_cache(initrc_t)
|
||||
libraries_use_dynamic_loader(initrc_t)
|
||||
libraries_read_shared_libraries(initrc_t)
|
||||
libraries_use_shared_libraries(initrc_t)
|
||||
libraries_execute_library_scripts(initrc_t)
|
||||
|
||||
files_get_all_file_attributes(initrc_t)
|
||||
@ -410,7 +410,7 @@ corecommands_execute_shell(run_init_t)
|
||||
files_read_general_system_config(run_init_t)
|
||||
|
||||
libraries_use_dynamic_loader(run_init_t)
|
||||
libraries_read_shared_libraries(run_init_t)
|
||||
libraries_use_shared_libraries(run_init_t)
|
||||
|
||||
selinux_read_config(run_init_t)
|
||||
selinux_read_default_contexts(run_init_t)
|
||||
|
||||
@ -57,7 +57,7 @@ domain_use_widely_inheritable_file_descriptors(iptables_t)
|
||||
files_read_general_system_config(iptables_t)
|
||||
|
||||
libraries_use_dynamic_loader(iptables_t)
|
||||
libraries_read_shared_libraries(iptables_t)
|
||||
libraries_use_shared_libraries(iptables_t)
|
||||
|
||||
logging_send_system_log_message(iptables_t)
|
||||
# system-config-network appends to /var/log
|
||||
|
||||
@ -72,9 +72,9 @@ class file { getattr read write };
|
||||
|
||||
########################################
|
||||
#
|
||||
# libraries_read_shared_libraries(domain)
|
||||
# libraries_use_shared_libraries(domain)
|
||||
#
|
||||
define(`libraries_read_shared_libraries',`
|
||||
define(`libraries_use_shared_libraries',`
|
||||
requires_block_template(`$0'_depend)
|
||||
allow $1 lib_t:dir { getattr read search };
|
||||
allow $1 lib_t:lnk_file { getattr read };
|
||||
@ -82,7 +82,7 @@ allow $1 { shlib_t texrel_shlib_t }:lnk_file { getattr read };
|
||||
allow $1 { shlib_t texrel_shlib_t }:file { getattr read execute };
|
||||
')
|
||||
|
||||
define(`libraries_read_shared_libraries_depend',`
|
||||
define(`libraries_use_shared_libraries_depend',`
|
||||
type lib_t, shlib_t, texrel_shlib_t;
|
||||
class dir { getattr read search };
|
||||
class lnk_file { getattr read };
|
||||
@ -91,15 +91,15 @@ class file { getattr read execute };
|
||||
|
||||
########################################
|
||||
#
|
||||
# libraries_legacy_read_shared_libraries(domain)
|
||||
# libraries_legacy_use_shared_libraries(domain)
|
||||
#
|
||||
define(`libraries_legacy_read_shared_libraries',`
|
||||
define(`libraries_legacy_use_shared_libraries',`
|
||||
requires_block_template(`$0'_depend)
|
||||
libraries_read_shared_libraries($1)
|
||||
libraries_use_shared_libraries($1)
|
||||
allow $1 { shlib_t texrel_shlib_t }:file execmod;
|
||||
')
|
||||
|
||||
define(`libraries_legacy_read_shared_libraries_depend',`
|
||||
define(`libraries_legacy_use_shared_libraries_depend',`
|
||||
type shlib_t, texrel_shlib_t;
|
||||
class file execmod;
|
||||
')
|
||||
|
||||
@ -79,7 +79,7 @@ files_list_home_directories(local_login_t)
|
||||
files_read_general_application_resources(local_login_t)
|
||||
|
||||
libraries_use_dynamic_loader(local_login_t)
|
||||
libraries_read_shared_libraries(local_login_t)
|
||||
libraries_use_shared_libraries(local_login_t)
|
||||
|
||||
logging_send_system_log_message(local_login_t)
|
||||
|
||||
@ -231,7 +231,7 @@ init_script_get_process_group(sulogin_t)
|
||||
files_read_general_system_config(sulogin_t)
|
||||
|
||||
libraries_use_dynamic_loader(sulogin_t)
|
||||
libraries_read_shared_libraries(sulogin_t)
|
||||
libraries_use_shared_libraries(sulogin_t)
|
||||
|
||||
logging_send_system_log_message(sulogin_t)
|
||||
|
||||
|
||||
@ -53,7 +53,7 @@ filesystem_get_all_filesystems_attributes(klogd_t)
|
||||
bootloader_read_kernel_symbol_table(klogd_t)
|
||||
|
||||
libraries_use_dynamic_loader(klogd_t)
|
||||
libraries_read_shared_libraries(klogd_t)
|
||||
libraries_use_shared_libraries(klogd_t)
|
||||
|
||||
files_create_daemon_runtime_data(klogd_t,klogd_var_run_t)
|
||||
files_create_private_tmp_data(klogd_t,klogd_tmp_t)
|
||||
@ -126,7 +126,7 @@ files_create_daemon_runtime_data(syslogd_t,devlog_t,sock_file)
|
||||
files_create_private_tmp_data(syslogd_t,syslogd_tmp_t)
|
||||
|
||||
libraries_use_dynamic_loader(syslogd_t)
|
||||
libraries_read_shared_libraries(syslogd_t)
|
||||
libraries_use_shared_libraries(syslogd_t)
|
||||
|
||||
sysnetwork_read_network_config(syslogd_t)
|
||||
|
||||
|
||||
@ -111,7 +111,7 @@ init_script_use_pseudoterminal(lvm_t)
|
||||
init_use_file_descriptors(lvm_t)
|
||||
|
||||
libraries_use_dynamic_loader(lvm_t)
|
||||
libraries_read_shared_libraries(lvm_t)
|
||||
libraries_use_shared_libraries(lvm_t)
|
||||
|
||||
logging_send_system_log_message(lvm_t)
|
||||
|
||||
|
||||
@ -78,7 +78,7 @@ domain_signal_all_domains(insmod_t)
|
||||
domain_use_widely_inheritable_file_descriptors(insmod_t)
|
||||
|
||||
libraries_use_dynamic_loader(insmod_t)
|
||||
libraries_read_shared_libraries(insmod_t)
|
||||
libraries_use_shared_libraries(insmod_t)
|
||||
|
||||
corecommands_execute_general_programs(insmod_t)
|
||||
corecommands_execute_system_programs(insmod_t)
|
||||
@ -153,7 +153,7 @@ files_read_general_system_config(depmod_t)
|
||||
files_read_system_source_code(depmod_t)
|
||||
|
||||
libraries_use_dynamic_loader(depmod_t)
|
||||
libraries_read_shared_libraries(depmod_t)
|
||||
libraries_use_shared_libraries(depmod_t)
|
||||
|
||||
ifdef(`TODO',`
|
||||
|
||||
@ -221,7 +221,7 @@ corecommands_execute_system_programs(update_modules_t)
|
||||
corecommands_execute_shell(update_modules_t)
|
||||
|
||||
libraries_use_dynamic_loader(update_modules_t)
|
||||
libraries_read_shared_libraries(update_modules_t)
|
||||
libraries_use_shared_libraries(update_modules_t)
|
||||
|
||||
logging_send_system_log_message(update_modules_t)
|
||||
|
||||
|
||||
@ -52,7 +52,7 @@ files_create_runtime_system_config(mount_t)
|
||||
files_mount_on_all_mountpoints(mount_t)
|
||||
|
||||
libraries_use_dynamic_loader(mount_t)
|
||||
libraries_read_shared_libraries(mount_t)
|
||||
libraries_use_shared_libraries(mount_t)
|
||||
|
||||
# required for mount.smbfs
|
||||
corecommands_execute_system_programs(mount_t)
|
||||
|
||||
@ -115,7 +115,7 @@ init_script_use_pseudoterminal(checkpolicy_t)
|
||||
domain_use_widely_inheritable_file_descriptors(checkpolicy_t)
|
||||
|
||||
libraries_use_dynamic_loader(checkpolicy_t)
|
||||
libraries_read_shared_libraries(checkpolicy_t)
|
||||
libraries_use_shared_libraries(checkpolicy_t)
|
||||
|
||||
ifdef(`TODO',`
|
||||
role sysadm_r types checkpolicy_t;
|
||||
@ -168,7 +168,7 @@ init_script_use_pseudoterminal(load_policy_t)
|
||||
domain_use_widely_inheritable_file_descriptors(load_policy_t)
|
||||
|
||||
libraries_use_dynamic_loader(load_policy_t)
|
||||
libraries_read_shared_libraries(load_policy_t)
|
||||
libraries_use_shared_libraries(load_policy_t)
|
||||
|
||||
miscfiles_read_localization(load_policy_t)
|
||||
|
||||
@ -230,7 +230,7 @@ domain_use_widely_inheritable_file_descriptors(newrole_t)
|
||||
files_read_general_system_config(newrole_t)
|
||||
|
||||
libraries_use_dynamic_loader(newrole_t)
|
||||
libraries_read_shared_libraries(newrole_t)
|
||||
libraries_use_shared_libraries(newrole_t)
|
||||
|
||||
logging_send_system_log_message(newrole_t)
|
||||
|
||||
@ -317,7 +317,7 @@ files_read_runtime_system_config(restorecon_t)
|
||||
files_read_general_system_config(restorecon_t)
|
||||
|
||||
libraries_use_dynamic_loader(restorecon_t)
|
||||
libraries_read_shared_libraries(restorecon_t)
|
||||
libraries_use_shared_libraries(restorecon_t)
|
||||
|
||||
logging_send_system_log_message(restorecon_t)
|
||||
|
||||
@ -385,7 +385,7 @@ init_script_use_pseudoterminal(setfiles_t)
|
||||
domain_use_widely_inheritable_file_descriptors(setfiles_t)
|
||||
|
||||
libraries_use_dynamic_loader(setfiles_t)
|
||||
libraries_read_shared_libraries(setfiles_t)
|
||||
libraries_use_shared_libraries(setfiles_t)
|
||||
|
||||
files_read_runtime_system_config(setfiles_t)
|
||||
files_read_general_system_config(setfiles_t)
|
||||
|
||||
@ -115,7 +115,7 @@ init_script_use_pseudoterminal(checkpolicy_t)
|
||||
domain_use_widely_inheritable_file_descriptors(checkpolicy_t)
|
||||
|
||||
libraries_use_dynamic_loader(checkpolicy_t)
|
||||
libraries_read_shared_libraries(checkpolicy_t)
|
||||
libraries_use_shared_libraries(checkpolicy_t)
|
||||
|
||||
ifdef(`TODO',`
|
||||
role sysadm_r types checkpolicy_t;
|
||||
@ -168,7 +168,7 @@ init_script_use_pseudoterminal(load_policy_t)
|
||||
domain_use_widely_inheritable_file_descriptors(load_policy_t)
|
||||
|
||||
libraries_use_dynamic_loader(load_policy_t)
|
||||
libraries_read_shared_libraries(load_policy_t)
|
||||
libraries_use_shared_libraries(load_policy_t)
|
||||
|
||||
miscfiles_read_localization(load_policy_t)
|
||||
|
||||
@ -230,7 +230,7 @@ domain_use_widely_inheritable_file_descriptors(newrole_t)
|
||||
files_read_general_system_config(newrole_t)
|
||||
|
||||
libraries_use_dynamic_loader(newrole_t)
|
||||
libraries_read_shared_libraries(newrole_t)
|
||||
libraries_use_shared_libraries(newrole_t)
|
||||
|
||||
logging_send_system_log_message(newrole_t)
|
||||
|
||||
@ -317,7 +317,7 @@ files_read_runtime_system_config(restorecon_t)
|
||||
files_read_general_system_config(restorecon_t)
|
||||
|
||||
libraries_use_dynamic_loader(restorecon_t)
|
||||
libraries_read_shared_libraries(restorecon_t)
|
||||
libraries_use_shared_libraries(restorecon_t)
|
||||
|
||||
logging_send_system_log_message(restorecon_t)
|
||||
|
||||
@ -385,7 +385,7 @@ init_script_use_pseudoterminal(setfiles_t)
|
||||
domain_use_widely_inheritable_file_descriptors(setfiles_t)
|
||||
|
||||
libraries_use_dynamic_loader(setfiles_t)
|
||||
libraries_read_shared_libraries(setfiles_t)
|
||||
libraries_use_shared_libraries(setfiles_t)
|
||||
|
||||
files_read_runtime_system_config(setfiles_t)
|
||||
files_read_general_system_config(setfiles_t)
|
||||
|
||||
@ -110,7 +110,7 @@ corecommands_execute_shell(dhcpc_t)
|
||||
logging_send_system_log_message(dhcpc_t)
|
||||
|
||||
libraries_use_dynamic_loader(dhcpc_t)
|
||||
libraries_read_shared_libraries(dhcpc_t)
|
||||
libraries_use_shared_libraries(dhcpc_t)
|
||||
|
||||
modutils_insmod_transition(dhcpc_t)
|
||||
|
||||
@ -266,7 +266,7 @@ domain_use_widely_inheritable_file_descriptors(ifconfig_t)
|
||||
files_ignore_read_rootfs_file(ifconfig_t)
|
||||
|
||||
libraries_use_dynamic_loader(ifconfig_t)
|
||||
libraries_read_shared_libraries(ifconfig_t)
|
||||
libraries_use_shared_libraries(ifconfig_t)
|
||||
|
||||
logging_send_system_log_message(ifconfig_t)
|
||||
|
||||
|
||||
@ -117,7 +117,7 @@ files_read_system_source_code($1_t)
|
||||
init_script_ignore_use_pseudoterminal($1_t)
|
||||
|
||||
libraries_use_dynamic_loader($1_t)
|
||||
libraries_read_shared_libraries($1_t)
|
||||
libraries_use_shared_libraries($1_t)
|
||||
libraries_execute_dynamic_loader($1_t)
|
||||
libraries_execute_library_scripts($1_t)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user