add source policy interfaces
This commit is contained in:
parent
5817e3a820
commit
ef373408a6
@ -280,8 +280,64 @@ typeattribute $1 can_write_binary_policy;
|
||||
')
|
||||
|
||||
define(`selinux_write_binary_policy_depend',`
|
||||
type policy_config_t;
|
||||
attribute can_write_binary_policy;
|
||||
type policy_config_t;
|
||||
class dir { getattr search read write add_name remove_name };
|
||||
class file { getattr create write unlink };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# selinux_manage_binary_policy(domain)
|
||||
#
|
||||
define(`selinux_manage_binary_policy',`
|
||||
requires_block_template(`$0'_depend)
|
||||
# FIXME: search etc_t:dir
|
||||
allow $1 selinux_config_t:dir search;
|
||||
allow $1 policy_config_t:dir { getattr search read };
|
||||
allow $1 policy_config_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
typeattribute $1 can_write_binary_policy;
|
||||
')
|
||||
|
||||
define(`selinux_manage_binary_policy_depend',`
|
||||
attribute can_write_binary_policy;
|
||||
type selinux_config_t, policy_config_t;
|
||||
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# selinux_read_source_policy(domain)
|
||||
#
|
||||
define(`selinux_read_source_policy',`
|
||||
requires_block_template(`$0'_depend)
|
||||
# FIXME: search etc_t:dir
|
||||
allow $1 selinux_config_t:dir search;
|
||||
allow $1 policy_src_t:dir { getattr search read };
|
||||
allow $1 policy_src_t:file { getattr read };
|
||||
')
|
||||
|
||||
define(`selinux_read_source_policy_depend',`
|
||||
type selinux_config_t, policy_src_t;
|
||||
class dir { getattr search read };
|
||||
class file { getattr read };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# selinux_manage_source_policy(domain)
|
||||
#
|
||||
define(`selinux_manage_source_policy',`
|
||||
requires_block_template(`$0'_depend)
|
||||
# FIXME: search etc_t:dir
|
||||
allow $1 selinux_config_t:dir search;
|
||||
allow $1 policy_src_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||
allow $1 policy_src_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
')
|
||||
|
||||
define(`selinux_manage_source_policy_depend',`
|
||||
type selinux_config_t, policy_src_t;
|
||||
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
')
|
||||
|
@ -280,8 +280,64 @@ typeattribute $1 can_write_binary_policy;
|
||||
')
|
||||
|
||||
define(`selinux_write_binary_policy_depend',`
|
||||
type policy_config_t;
|
||||
attribute can_write_binary_policy;
|
||||
type policy_config_t;
|
||||
class dir { getattr search read write add_name remove_name };
|
||||
class file { getattr create write unlink };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# selinux_manage_binary_policy(domain)
|
||||
#
|
||||
define(`selinux_manage_binary_policy',`
|
||||
requires_block_template(`$0'_depend)
|
||||
# FIXME: search etc_t:dir
|
||||
allow $1 selinux_config_t:dir search;
|
||||
allow $1 policy_config_t:dir { getattr search read };
|
||||
allow $1 policy_config_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
typeattribute $1 can_write_binary_policy;
|
||||
')
|
||||
|
||||
define(`selinux_manage_binary_policy_depend',`
|
||||
attribute can_write_binary_policy;
|
||||
type selinux_config_t, policy_config_t;
|
||||
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# selinux_read_source_policy(domain)
|
||||
#
|
||||
define(`selinux_read_source_policy',`
|
||||
requires_block_template(`$0'_depend)
|
||||
# FIXME: search etc_t:dir
|
||||
allow $1 selinux_config_t:dir search;
|
||||
allow $1 policy_src_t:dir { getattr search read };
|
||||
allow $1 policy_src_t:file { getattr read };
|
||||
')
|
||||
|
||||
define(`selinux_read_source_policy_depend',`
|
||||
type selinux_config_t, policy_src_t;
|
||||
class dir { getattr search read };
|
||||
class file { getattr read };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# selinux_manage_source_policy(domain)
|
||||
#
|
||||
define(`selinux_manage_source_policy',`
|
||||
requires_block_template(`$0'_depend)
|
||||
# FIXME: search etc_t:dir
|
||||
allow $1 selinux_config_t:dir search;
|
||||
allow $1 policy_src_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||
allow $1 policy_src_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
')
|
||||
|
||||
define(`selinux_manage_source_policy_depend',`
|
||||
type selinux_config_t, policy_src_t;
|
||||
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user