trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
This commit is contained in:
Chris PeBenito
parent
2d0c9cecaf
commit
f8233ab7b0
|
|
@ -1,3 +1,5 @@
|
|||
- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
|
||||
mls_write_all_levels() and mls_read_all_levels(), for consistency.
|
||||
- Add make kernel and init ranged interfaces pass the range transition MLS
|
||||
constraints. Also remove calls to mls_rangetrans_target() in modules that use
|
||||
the kernel and init interfaces, since its redundant.
|
||||
|
|
|
|||
|
|
@ -90,8 +90,8 @@ fs_read_tmpfs_symlinks(bootloader_t)
|
|||
#Needed for ia64
|
||||
fs_manage_dos_files(bootloader_t)
|
||||
|
||||
mls_file_read_up(bootloader_t)
|
||||
mls_file_write_down(bootloader_t)
|
||||
mls_file_read_all_levels(bootloader_t)
|
||||
mls_file_write_all_levels(bootloader_t)
|
||||
|
||||
|
||||
term_getattr_all_user_ttys(bootloader_t)
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ type consoletype_t;
|
|||
type consoletype_exec_t;
|
||||
application_executable_file(consoletype_exec_t)
|
||||
init_domain(consoletype_t,consoletype_exec_t)
|
||||
mls_file_read_up(consoletype_t)
|
||||
mls_file_write_down(consoletype_t)
|
||||
mls_file_read_all_levels(consoletype_t)
|
||||
mls_file_write_all_levels(consoletype_t)
|
||||
role system_r types consoletype_t;
|
||||
|
||||
ifdef(`targeted_policy',`',`
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ allow dmidecode_t self:capability sys_rawio;
|
|||
# Allow dmidecode to read /dev/mem
|
||||
dev_read_raw_memory(dmidecode_t)
|
||||
|
||||
mls_file_read_up(dmidecode_t)
|
||||
mls_file_read_all_levels(dmidecode_t)
|
||||
|
||||
term_list_ptys(dmidecode_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -126,8 +126,8 @@ fs_manage_nfs_symlinks(dpkg_t)
|
|||
fs_getattr_all_fs(dpkg_t)
|
||||
fs_search_auto_mountpoints(dpkg_t)
|
||||
|
||||
mls_file_read_up(dpkg_t)
|
||||
mls_file_write_down(dpkg_t)
|
||||
mls_file_read_all_levels(dpkg_t)
|
||||
mls_file_write_all_levels(dpkg_t)
|
||||
mls_file_upgrade(dpkg_t)
|
||||
|
||||
selinux_get_fs_mount(dpkg_t)
|
||||
|
|
@ -268,8 +268,8 @@ fs_mount_xattr_fs(dpkg_script_t)
|
|||
fs_unmount_xattr_fs(dpkg_script_t)
|
||||
fs_search_auto_mountpoints(dpkg_script_t)
|
||||
|
||||
mls_file_read_up(dpkg_script_t)
|
||||
mls_file_write_down(dpkg_script_t)
|
||||
mls_file_read_all_levels(dpkg_script_t)
|
||||
mls_file_write_all_levels(dpkg_script_t)
|
||||
|
||||
selinux_get_fs_mount(dpkg_script_t)
|
||||
selinux_validate_context(dpkg_script_t)
|
||||
|
|
|
|||
|
|
@ -62,8 +62,8 @@ fs_search_auto_mountpoints(kudzu_t)
|
|||
fs_search_ramfs(kudzu_t)
|
||||
fs_write_ramfs_sockets(kudzu_t)
|
||||
|
||||
mls_file_read_up(kudzu_t)
|
||||
mls_file_write_down(kudzu_t)
|
||||
mls_file_read_all_levels(kudzu_t)
|
||||
mls_file_write_all_levels(kudzu_t)
|
||||
|
||||
modutils_read_module_deps(kudzu_t)
|
||||
modutils_read_module_config(kudzu_t)
|
||||
|
|
|
|||
|
|
@ -72,8 +72,8 @@ dev_read_urand(logrotate_t)
|
|||
fs_search_auto_mountpoints(logrotate_t)
|
||||
fs_getattr_xattr_fs(logrotate_t)
|
||||
|
||||
mls_file_read_up(logrotate_t)
|
||||
mls_file_write_down(logrotate_t)
|
||||
mls_file_read_all_levels(logrotate_t)
|
||||
mls_file_write_all_levels(logrotate_t)
|
||||
mls_file_upgrade(logrotate_t)
|
||||
|
||||
selinux_get_fs_mount(logrotate_t)
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ fs_getattr_xattr_fs(quota_t)
|
|||
fs_remount_xattr_fs(quota_t)
|
||||
fs_search_auto_mountpoints(quota_t)
|
||||
|
||||
mls_file_read_up(quota_t)
|
||||
mls_file_read_all_levels(quota_t)
|
||||
|
||||
storage_raw_read_fixed_disk(quota_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ fs_dontaudit_read_ramfs_pipes(readahead_t)
|
|||
fs_dontaudit_read_ramfs_files(readahead_t)
|
||||
fs_read_tmpfs_symlinks(readahead_t)
|
||||
|
||||
mls_file_read_up(readahead_t)
|
||||
mls_file_read_all_levels(readahead_t)
|
||||
|
||||
term_dontaudit_use_console(readahead_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -115,8 +115,8 @@ fs_manage_nfs_symlinks(rpm_t)
|
|||
fs_getattr_all_fs(rpm_t)
|
||||
fs_search_auto_mountpoints(rpm_t)
|
||||
|
||||
mls_file_read_up(rpm_t)
|
||||
mls_file_write_down(rpm_t)
|
||||
mls_file_read_all_levels(rpm_t)
|
||||
mls_file_write_all_levels(rpm_t)
|
||||
mls_file_upgrade(rpm_t)
|
||||
mls_file_downgrade(rpm_t)
|
||||
|
||||
|
|
@ -276,8 +276,8 @@ fs_search_auto_mountpoints(rpm_script_t)
|
|||
mcs_killall(rpm_script_t)
|
||||
mcs_ptrace_all(rpm_script_t)
|
||||
|
||||
mls_file_read_up(rpm_script_t)
|
||||
mls_file_write_down(rpm_script_t)
|
||||
mls_file_read_all_levels(rpm_script_t)
|
||||
mls_file_write_all_levels(rpm_script_t)
|
||||
|
||||
selinux_get_fs_mount(rpm_script_t)
|
||||
selinux_validate_context(rpm_script_t)
|
||||
|
|
|
|||
|
|
@ -221,7 +221,7 @@ template(`su_per_role_template',`
|
|||
# Write to utmp.
|
||||
init_rw_utmp($1_su_t)
|
||||
|
||||
mls_file_write_down($1_su_t)
|
||||
mls_file_write_all_levels($1_su_t)
|
||||
|
||||
libs_use_ld_so($1_su_t)
|
||||
libs_use_shared_libs($1_su_t)
|
||||
|
|
|
|||
|
|
@ -29,8 +29,8 @@ files_purge_tmp(tmpreaper_t)
|
|||
# why does it need setattr?
|
||||
files_setattr_all_tmp_dirs(tmpreaper_t)
|
||||
|
||||
mls_file_read_up(tmpreaper_t)
|
||||
mls_file_write_down(tmpreaper_t)
|
||||
mls_file_read_all_levels(tmpreaper_t)
|
||||
mls_file_write_all_levels(tmpreaper_t)
|
||||
|
||||
libs_use_ld_so(tmpreaper_t)
|
||||
libs_use_shared_libs(tmpreaper_t)
|
||||
|
|
|
|||
|
|
@ -281,7 +281,7 @@ dev_read_urand(passwd_t)
|
|||
fs_getattr_xattr_fs(passwd_t)
|
||||
fs_search_auto_mountpoints(passwd_t)
|
||||
|
||||
mls_file_write_down(passwd_t)
|
||||
mls_file_write_all_levels(passwd_t)
|
||||
mls_file_downgrade(passwd_t)
|
||||
|
||||
selinux_get_fs_mount(passwd_t)
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ interface(`mls_file_read_to_clearance',`
|
|||
## </param>
|
||||
#
|
||||
interface(`mls_file_read_up',`
|
||||
# refpolicywarn(`$0($*) has been deprecated, please use mls_file_read_all_levels() instead.')
|
||||
refpolicywarn(`$0($*) has been deprecated, please use mls_file_read_all_levels() instead.')
|
||||
mls_file_read_all_levels($1)
|
||||
')
|
||||
|
||||
|
|
@ -119,7 +119,7 @@ interface(`mls_file_write_to_clearance',`
|
|||
## </param>
|
||||
#
|
||||
interface(`mls_file_write_down',`
|
||||
# refpolicywarn(`$0($*) has been deprecated, please use mls_file_write_all_levels() instead.')
|
||||
refpolicywarn(`$0($*) has been deprecated, please use mls_file_write_all_levels() instead.')
|
||||
mls_file_write_all_levels($1)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -167,8 +167,8 @@ fs_search_auto_mountpoints(cupsd_t)
|
|||
|
||||
mls_fd_use_all_levels(cupsd_t)
|
||||
mls_file_downgrade(cupsd_t)
|
||||
mls_file_write_down(cupsd_t)
|
||||
mls_file_read_up(cupsd_t)
|
||||
mls_file_write_all_levels(cupsd_t)
|
||||
mls_file_read_all_levels(cupsd_t)
|
||||
mls_socket_write_all_levels(cupsd_t)
|
||||
|
||||
term_use_unallocated_ttys(cupsd_t)
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ fs_list_inotifyfs(hald_t)
|
|||
fs_list_auto_mountpoints(hald_t)
|
||||
files_getattr_all_mountpoints(hald_t)
|
||||
|
||||
mls_file_read_up(hald_t)
|
||||
mls_file_read_all_levels(hald_t)
|
||||
|
||||
selinux_get_fs_mount(hald_t)
|
||||
selinux_validate_context(hald_t)
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ dev_read_urand(NetworkManager_t)
|
|||
fs_getattr_all_fs(NetworkManager_t)
|
||||
fs_search_auto_mountpoints(NetworkManager_t)
|
||||
|
||||
mls_file_read_up(NetworkManager_t)
|
||||
mls_file_read_all_levels(NetworkManager_t)
|
||||
|
||||
selinux_dontaudit_search_fs(NetworkManager_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ files_read_etc_files(fsdaemon_t)
|
|||
fs_getattr_all_fs(fsdaemon_t)
|
||||
fs_search_auto_mountpoints(fsdaemon_t)
|
||||
|
||||
mls_file_read_up(fsdaemon_t)
|
||||
mls_file_read_all_levels(fsdaemon_t)
|
||||
|
||||
storage_raw_read_fixed_disk(fsdaemon_t)
|
||||
storage_raw_write_fixed_disk(fsdaemon_t)
|
||||
|
|
|
|||
|
|
@ -197,8 +197,8 @@ interface(`auth_login_pgm_domain',`
|
|||
selinux_compute_relabel_context($1)
|
||||
selinux_compute_user_contexts($1)
|
||||
|
||||
mls_file_read_up($1)
|
||||
mls_file_write_down($1)
|
||||
mls_file_read_all_levels($1)
|
||||
mls_file_write_all_levels($1)
|
||||
mls_file_upgrade($1)
|
||||
mls_file_downgrade($1)
|
||||
mls_process_set_level($1)
|
||||
|
|
|
|||
|
|
@ -169,8 +169,8 @@ dev_getattr_xserver_misc_dev(pam_console_t)
|
|||
dev_setattr_xserver_misc_dev(pam_console_t)
|
||||
dev_read_urand(pam_console_t)
|
||||
|
||||
mls_file_read_up(pam_console_t)
|
||||
mls_file_write_down(pam_console_t)
|
||||
mls_file_read_all_levels(pam_console_t)
|
||||
mls_file_write_all_levels(pam_console_t)
|
||||
|
||||
storage_getattr_fixed_disk_dev(pam_console_t)
|
||||
storage_setattr_fixed_disk_dev(pam_console_t)
|
||||
|
|
|
|||
|
|
@ -96,8 +96,8 @@ fs_search_tmpfs(fsadm_t)
|
|||
fs_getattr_tmpfs_dirs(fsadm_t)
|
||||
fs_read_tmpfs_symlinks(fsadm_t)
|
||||
|
||||
mls_file_read_up(fsadm_t)
|
||||
mls_file_write_down(fsadm_t)
|
||||
mls_file_read_all_levels(fsadm_t)
|
||||
mls_file_write_all_levels(fsadm_t)
|
||||
|
||||
storage_raw_read_fixed_disk(fsadm_t)
|
||||
storage_raw_write_fixed_disk(fsadm_t)
|
||||
|
|
|
|||
|
|
@ -66,8 +66,8 @@ fs_getattr_xattr_fs(getty_t)
|
|||
|
||||
mcs_process_set_categories(getty_t)
|
||||
|
||||
mls_file_read_up(getty_t)
|
||||
mls_file_write_down(getty_t)
|
||||
mls_file_read_all_levels(getty_t)
|
||||
mls_file_write_all_levels(getty_t)
|
||||
|
||||
# Chown, chmod, read and write ttys.
|
||||
term_use_all_user_ttys(getty_t)
|
||||
|
|
|
|||
|
|
@ -140,8 +140,8 @@ fs_write_ramfs_sockets(init_t)
|
|||
mcs_process_set_categories(init_t)
|
||||
mcs_killall(init_t)
|
||||
|
||||
mls_file_read_up(init_t)
|
||||
mls_file_write_down(init_t)
|
||||
mls_file_read_all_levels(init_t)
|
||||
mls_file_write_all_levels(init_t)
|
||||
mls_process_write_down(init_t)
|
||||
mls_fd_use_all_levels(init_t)
|
||||
|
||||
|
|
@ -287,8 +287,8 @@ mcs_ptrace_all(initrc_t)
|
|||
mcs_killall(initrc_t)
|
||||
mcs_process_set_categories(initrc_t)
|
||||
|
||||
mls_file_read_up(initrc_t)
|
||||
mls_file_write_down(initrc_t)
|
||||
mls_file_read_all_levels(initrc_t)
|
||||
mls_file_write_all_levels(initrc_t)
|
||||
mls_process_read_up(initrc_t)
|
||||
mls_process_write_down(initrc_t)
|
||||
mls_rangetrans_source(initrc_t)
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ dev_read_sysfs(iptables_t)
|
|||
fs_getattr_xattr_fs(iptables_t)
|
||||
fs_search_auto_mountpoints(iptables_t)
|
||||
|
||||
mls_file_read_up(iptables_t)
|
||||
mls_file_read_all_levels(iptables_t)
|
||||
|
||||
term_dontaudit_use_console(iptables_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ kernel_read_proc_symlinks(auditctl_t)
|
|||
domain_read_all_domains_state(auditctl_t)
|
||||
domain_use_interactive_fds(auditctl_t)
|
||||
|
||||
mls_file_read_up(auditctl_t)
|
||||
mls_file_read_all_levels(auditctl_t)
|
||||
|
||||
term_use_all_terms(auditctl_t)
|
||||
|
||||
|
|
@ -153,8 +153,8 @@ libs_use_shared_libs(auditd_t)
|
|||
|
||||
miscfiles_read_localization(auditd_t)
|
||||
|
||||
mls_file_read_up(auditd_t)
|
||||
mls_file_write_down(auditd_t) # Need to be able to write to /var/run/ directory
|
||||
mls_file_read_all_levels(auditd_t)
|
||||
mls_file_write_all_levels(auditd_t) # Need to be able to write to /var/run/ directory
|
||||
mls_fd_use_all_levels(auditd_t)
|
||||
|
||||
seutil_dontaudit_read_config(auditd_t)
|
||||
|
|
@ -222,7 +222,7 @@ logging_send_syslog_msg(klogd_t)
|
|||
|
||||
miscfiles_read_localization(klogd_t)
|
||||
|
||||
mls_file_read_up(klogd_t)
|
||||
mls_file_read_all_levels(klogd_t)
|
||||
|
||||
userdom_dontaudit_search_sysadm_home_dirs(klogd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ files_type(modules_dep_t)
|
|||
type insmod_t;
|
||||
type insmod_exec_t;
|
||||
application_domain(insmod_t,insmod_exec_t)
|
||||
mls_file_write_down(insmod_t)
|
||||
mls_file_write_all_levels(insmod_t)
|
||||
role system_r types insmod_t;
|
||||
|
||||
type depmod_t;
|
||||
|
|
|
|||
|
|
@ -110,8 +110,8 @@ logging_send_syslog_msg(mount_t)
|
|||
|
||||
miscfiles_read_localization(mount_t)
|
||||
|
||||
mls_file_read_up(mount_t)
|
||||
mls_file_write_down(mount_t)
|
||||
mls_file_read_all_levels(mount_t)
|
||||
mls_file_write_all_levels(mount_t)
|
||||
|
||||
sysnet_use_portmap(mount_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -178,7 +178,7 @@ files_read_etc_runtime_files(load_policy_t)
|
|||
|
||||
fs_getattr_xattr_fs(load_policy_t)
|
||||
|
||||
mls_file_read_up(load_policy_t)
|
||||
mls_file_read_all_levels(load_policy_t)
|
||||
|
||||
selinux_get_fs_mount(load_policy_t)
|
||||
selinux_load_policy(load_policy_t)
|
||||
|
|
@ -243,8 +243,8 @@ dev_read_urand(newrole_t)
|
|||
fs_getattr_xattr_fs(newrole_t)
|
||||
fs_search_auto_mountpoints(newrole_t)
|
||||
|
||||
mls_file_read_up(newrole_t)
|
||||
mls_file_write_down(newrole_t)
|
||||
mls_file_read_all_levels(newrole_t)
|
||||
mls_file_write_all_levels(newrole_t)
|
||||
mls_file_upgrade(newrole_t)
|
||||
mls_file_downgrade(newrole_t)
|
||||
mls_process_set_level(newrole_t)
|
||||
|
|
@ -472,8 +472,8 @@ files_read_etc_runtime_files(semanage_t)
|
|||
files_read_usr_files(semanage_t)
|
||||
files_list_pids(semanage_t)
|
||||
|
||||
mls_file_write_down(semanage_t)
|
||||
mls_file_read_up(semanage_t)
|
||||
mls_file_write_all_levels(semanage_t)
|
||||
mls_file_read_all_levels(semanage_t)
|
||||
|
||||
selinux_validate_context(semanage_t)
|
||||
selinux_get_enforce_mode(semanage_t)
|
||||
|
|
@ -551,8 +551,8 @@ fs_list_all(setfiles_t)
|
|||
fs_search_auto_mountpoints(setfiles_t)
|
||||
fs_relabelfrom_noxattr_fs(setfiles_t)
|
||||
|
||||
mls_file_read_up(setfiles_t)
|
||||
mls_file_write_down(setfiles_t)
|
||||
mls_file_read_all_levels(setfiles_t)
|
||||
mls_file_write_all_levels(setfiles_t)
|
||||
mls_file_upgrade(setfiles_t)
|
||||
mls_file_downgrade(setfiles_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -52,8 +52,8 @@ domain_getsession_all_domains(setrans_t)
|
|||
|
||||
files_read_etc_runtime_files(setrans_t)
|
||||
|
||||
mls_file_read_up(setrans_t)
|
||||
mls_file_write_down(setrans_t)
|
||||
mls_file_read_all_levels(setrans_t)
|
||||
mls_file_write_all_levels(setrans_t)
|
||||
mls_net_receive_all_levels(setrans_t)
|
||||
mls_socket_write_all_levels(setrans_t)
|
||||
mls_process_read_up(setrans_t)
|
||||
|
|
|
|||
|
|
@ -105,8 +105,8 @@ fs_list_inotifyfs(udev_t)
|
|||
|
||||
mcs_ptrace_all(udev_t)
|
||||
|
||||
mls_file_read_up(udev_t)
|
||||
mls_file_write_down(udev_t)
|
||||
mls_file_read_all_levels(udev_t)
|
||||
mls_file_write_all_levels(udev_t)
|
||||
mls_file_upgrade(udev_t)
|
||||
mls_file_downgrade(udev_t)
|
||||
mls_process_write_down(udev_t)
|
||||
|
|
|
|||
|
|
@ -1282,7 +1282,7 @@ template(`userdom_security_admin_template',`
|
|||
fs_manage_dos_files($1)
|
||||
|
||||
mls_process_read_up($1)
|
||||
mls_file_read_up($1)
|
||||
mls_file_read_all_levels($1)
|
||||
mls_file_upgrade($1)
|
||||
mls_file_downgrade($1)
|
||||
|
||||
|
|
|
|||
|
|
@ -198,8 +198,8 @@ ifdef(`strict_policy',`
|
|||
corecmd_exec_shell(secadm_t)
|
||||
domain_obj_id_change_exemption(secadm_t)
|
||||
mls_process_read_up(secadm_t)
|
||||
mls_file_read_up(secadm_t)
|
||||
mls_file_write_down(secadm_t)
|
||||
mls_file_read_all_levels(secadm_t)
|
||||
mls_file_write_all_levels(secadm_t)
|
||||
mls_file_upgrade(secadm_t)
|
||||
mls_file_downgrade(secadm_t)
|
||||
auth_relabel_all_files_except_shadow(secadm_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue