add source policy interfaces
This commit is contained in:
parent
5817e3a820
commit
ef373408a6
@ -280,8 +280,64 @@ typeattribute $1 can_write_binary_policy;
|
|||||||
')
|
')
|
||||||
|
|
||||||
define(`selinux_write_binary_policy_depend',`
|
define(`selinux_write_binary_policy_depend',`
|
||||||
type policy_config_t;
|
|
||||||
attribute can_write_binary_policy;
|
attribute can_write_binary_policy;
|
||||||
|
type policy_config_t;
|
||||||
class dir { getattr search read write add_name remove_name };
|
class dir { getattr search read write add_name remove_name };
|
||||||
class file { getattr create write unlink };
|
class file { getattr create write unlink };
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# selinux_manage_binary_policy(domain)
|
||||||
|
#
|
||||||
|
define(`selinux_manage_binary_policy',`
|
||||||
|
requires_block_template(`$0'_depend)
|
||||||
|
# FIXME: search etc_t:dir
|
||||||
|
allow $1 selinux_config_t:dir search;
|
||||||
|
allow $1 policy_config_t:dir { getattr search read };
|
||||||
|
allow $1 policy_config_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
typeattribute $1 can_write_binary_policy;
|
||||||
|
')
|
||||||
|
|
||||||
|
define(`selinux_manage_binary_policy_depend',`
|
||||||
|
attribute can_write_binary_policy;
|
||||||
|
type selinux_config_t, policy_config_t;
|
||||||
|
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||||
|
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# selinux_read_source_policy(domain)
|
||||||
|
#
|
||||||
|
define(`selinux_read_source_policy',`
|
||||||
|
requires_block_template(`$0'_depend)
|
||||||
|
# FIXME: search etc_t:dir
|
||||||
|
allow $1 selinux_config_t:dir search;
|
||||||
|
allow $1 policy_src_t:dir { getattr search read };
|
||||||
|
allow $1 policy_src_t:file { getattr read };
|
||||||
|
')
|
||||||
|
|
||||||
|
define(`selinux_read_source_policy_depend',`
|
||||||
|
type selinux_config_t, policy_src_t;
|
||||||
|
class dir { getattr search read };
|
||||||
|
class file { getattr read };
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# selinux_manage_source_policy(domain)
|
||||||
|
#
|
||||||
|
define(`selinux_manage_source_policy',`
|
||||||
|
requires_block_template(`$0'_depend)
|
||||||
|
# FIXME: search etc_t:dir
|
||||||
|
allow $1 selinux_config_t:dir search;
|
||||||
|
allow $1 policy_src_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||||
|
allow $1 policy_src_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
')
|
||||||
|
|
||||||
|
define(`selinux_manage_source_policy_depend',`
|
||||||
|
type selinux_config_t, policy_src_t;
|
||||||
|
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||||
|
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
')
|
||||||
|
@ -280,8 +280,64 @@ typeattribute $1 can_write_binary_policy;
|
|||||||
')
|
')
|
||||||
|
|
||||||
define(`selinux_write_binary_policy_depend',`
|
define(`selinux_write_binary_policy_depend',`
|
||||||
type policy_config_t;
|
|
||||||
attribute can_write_binary_policy;
|
attribute can_write_binary_policy;
|
||||||
|
type policy_config_t;
|
||||||
class dir { getattr search read write add_name remove_name };
|
class dir { getattr search read write add_name remove_name };
|
||||||
class file { getattr create write unlink };
|
class file { getattr create write unlink };
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# selinux_manage_binary_policy(domain)
|
||||||
|
#
|
||||||
|
define(`selinux_manage_binary_policy',`
|
||||||
|
requires_block_template(`$0'_depend)
|
||||||
|
# FIXME: search etc_t:dir
|
||||||
|
allow $1 selinux_config_t:dir search;
|
||||||
|
allow $1 policy_config_t:dir { getattr search read };
|
||||||
|
allow $1 policy_config_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
typeattribute $1 can_write_binary_policy;
|
||||||
|
')
|
||||||
|
|
||||||
|
define(`selinux_manage_binary_policy_depend',`
|
||||||
|
attribute can_write_binary_policy;
|
||||||
|
type selinux_config_t, policy_config_t;
|
||||||
|
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||||
|
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# selinux_read_source_policy(domain)
|
||||||
|
#
|
||||||
|
define(`selinux_read_source_policy',`
|
||||||
|
requires_block_template(`$0'_depend)
|
||||||
|
# FIXME: search etc_t:dir
|
||||||
|
allow $1 selinux_config_t:dir search;
|
||||||
|
allow $1 policy_src_t:dir { getattr search read };
|
||||||
|
allow $1 policy_src_t:file { getattr read };
|
||||||
|
')
|
||||||
|
|
||||||
|
define(`selinux_read_source_policy_depend',`
|
||||||
|
type selinux_config_t, policy_src_t;
|
||||||
|
class dir { getattr search read };
|
||||||
|
class file { getattr read };
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# selinux_manage_source_policy(domain)
|
||||||
|
#
|
||||||
|
define(`selinux_manage_source_policy',`
|
||||||
|
requires_block_template(`$0'_depend)
|
||||||
|
# FIXME: search etc_t:dir
|
||||||
|
allow $1 selinux_config_t:dir search;
|
||||||
|
allow $1 policy_src_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||||
|
allow $1 policy_src_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
')
|
||||||
|
|
||||||
|
define(`selinux_manage_source_policy_depend',`
|
||||||
|
type selinux_config_t, policy_src_t;
|
||||||
|
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
|
||||||
|
class file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user