rename requires_block_tempalte to gen_require
This commit is contained in:
parent
34c8fabeeb
commit
fa7bea8feb
@ -4,7 +4,7 @@
|
|||||||
# consoletype_domtrans(domain)
|
# consoletype_domtrans(domain)
|
||||||
#
|
#
|
||||||
define(`consoletype_domtrans',`
|
define(`consoletype_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,consoletype_exec_t,consoletype_t)
|
domain_auto_trans($1,consoletype_exec_t,consoletype_t)
|
||||||
|
|
||||||
@ -28,7 +28,7 @@ define(`consoletype_domtrans_depend',`
|
|||||||
# consoletype_exec(domain)
|
# consoletype_exec(domain)
|
||||||
#
|
#
|
||||||
define(`consoletype_exec',`
|
define(`consoletype_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,consoletype_exec_t)
|
can_exec($1,consoletype_exec_t)
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dmesg_domtrans',`
|
define(`dmesg_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 dmesg_exec_t:file rx_file_perms;
|
allow $1 dmesg_exec_t:file rx_file_perms;
|
||||||
allow $1 dmesg_t:process transition;
|
allow $1 dmesg_t:process transition;
|
||||||
@ -45,7 +45,7 @@ define(`dmesg_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dmesg_exec',`
|
define(`dmesg_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,dmesg_exec_t)
|
can_exec($1,dmesg_exec_t)
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
# netutils_domtrans(domain)
|
# netutils_domtrans(domain)
|
||||||
#
|
#
|
||||||
define(`netutils_domtrans',`
|
define(`netutils_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 netutils_exec_t:file rx_file_perms;
|
allow $1 netutils_exec_t:file rx_file_perms;
|
||||||
allow $1 netutils_t:process transition;
|
allow $1 netutils_t:process transition;
|
||||||
@ -31,7 +31,7 @@ define(`netutils_domtrans_depend',`
|
|||||||
# netutils_exec(domain)
|
# netutils_exec(domain)
|
||||||
#
|
#
|
||||||
define(`netutils_exec',`
|
define(`netutils_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,netutils_exec_t)
|
can_exec($1,netutils_exec_t)
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`rpm_domtrans',`
|
define(`rpm_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpm_exec_t:file rx_file_perms;
|
allow $1 rpm_exec_t:file rx_file_perms;
|
||||||
allow $1 rpm_t:process transition;
|
allow $1 rpm_t:process transition;
|
||||||
@ -51,7 +51,7 @@ define(`rpm_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`rpm_run',`
|
define(`rpm_run',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
rpm_domtrans($1)
|
rpm_domtrans($1)
|
||||||
role $2 types rpm_t;
|
role $2 types rpm_t;
|
||||||
@ -76,7 +76,7 @@ define(`rpm_run_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`rpm_use_fd',`
|
define(`rpm_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpm_t:fd use;
|
allow $1 rpm_t:fd use;
|
||||||
')
|
')
|
||||||
@ -98,7 +98,7 @@ define(`rpm_use_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`rpm_read_pipe',`
|
define(`rpm_read_pipe',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpm_t:fifo_file r_file_perms;
|
allow $1 rpm_t:fifo_file r_file_perms;
|
||||||
')
|
')
|
||||||
@ -120,7 +120,7 @@ define(`rpm_read_pipe_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`rpm_read_db',`
|
define(`rpm_read_db',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpm_var_lib_t:dir r_dir_perms;
|
allow $1 rpm_var_lib_t:dir r_dir_perms;
|
||||||
allow $1 rpm_var_lib_t:file r_file_perms;
|
allow $1 rpm_var_lib_t:file r_file_perms;
|
||||||
@ -140,7 +140,7 @@ define(`rpm_read_db_depend',`
|
|||||||
# rpm_manage_db(domain)
|
# rpm_manage_db(domain)
|
||||||
#
|
#
|
||||||
define(`rpm_manage_db',`
|
define(`rpm_manage_db',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpm_var_lib_t:dir rw_dir_perms;
|
allow $1 rpm_var_lib_t:dir rw_dir_perms;
|
||||||
allow $1 rpm_var_lib_t:file { getattr create read write append unlink };
|
allow $1 rpm_var_lib_t:file { getattr create read write append unlink };
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_domtrans_chfn',`
|
define(`usermanage_domtrans_chfn',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 chfn_exec_t:file rx_file_perms;
|
allow $1 chfn_exec_t:file rx_file_perms;
|
||||||
allow $1 chfn_t:process transition;
|
allow $1 chfn_t:process transition;
|
||||||
@ -52,7 +52,7 @@ define(`usermanage_domtrans_chfn_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_run_chfn',`
|
define(`usermanage_run_chfn',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
usermanage_domtrans_chfn($1)
|
usermanage_domtrans_chfn($1)
|
||||||
role $2 types chfn_t;
|
role $2 types chfn_t;
|
||||||
@ -76,7 +76,7 @@ define(`usermanage_run_chfn_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_domtrans_groupadd',`
|
define(`usermanage_domtrans_groupadd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,groupadd_exec_t,groupadd_t)
|
domain_auto_trans($1,groupadd_exec_t,groupadd_t)
|
||||||
|
|
||||||
@ -113,7 +113,7 @@ define(`usermanage_domtrans_groupadd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_run_groupadd',`
|
define(`usermanage_run_groupadd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
usermanage_domtrans_groupadd($1)
|
usermanage_domtrans_groupadd($1)
|
||||||
role $2 types groupadd_t;
|
role $2 types groupadd_t;
|
||||||
@ -137,7 +137,7 @@ define(`usermanage_run_groupadd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_domtrans_passwd',`
|
define(`usermanage_domtrans_passwd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 passwd_exec_t:file rx_file_perms;
|
allow $1 passwd_exec_t:file rx_file_perms;
|
||||||
allow $1 passwd_t:process transition;
|
allow $1 passwd_t:process transition;
|
||||||
@ -177,7 +177,7 @@ define(`usermanage_domtrans_passwd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_run_passwd',`
|
define(`usermanage_run_passwd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
usermanage_domtrans_passwd($1)
|
usermanage_domtrans_passwd($1)
|
||||||
role $2 types passwd_t;
|
role $2 types passwd_t;
|
||||||
@ -201,7 +201,7 @@ define(`usermanage_run_passwd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_domtrans_useradd',`
|
define(`usermanage_domtrans_useradd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 useradd_exec_t:file rx_file_perms;
|
allow $1 useradd_exec_t:file rx_file_perms;
|
||||||
allow $1 useradd_t:process transition;
|
allow $1 useradd_t:process transition;
|
||||||
@ -241,7 +241,7 @@ define(`usermanage_domtrans_useradd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`usermanage_run_useradd',`
|
define(`usermanage_run_useradd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
usermanage_domtrans_useradd($1)
|
usermanage_domtrans_useradd($1)
|
||||||
role $2 types useradd_t;
|
role $2 types useradd_t;
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
# gpg_per_userdomain_template(userdomain_prefix)
|
# gpg_per_userdomain_template(userdomain_prefix)
|
||||||
#
|
#
|
||||||
define(`gpg_per_userdomain_template',`
|
define(`gpg_per_userdomain_template',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_domtrans',`
|
define(`bootloader_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, bootloader_exec_t, bootloader_t)
|
domain_auto_trans($1, bootloader_exec_t, bootloader_t)
|
||||||
|
|
||||||
@ -49,7 +49,7 @@ define(`bootloader_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_run',`
|
define(`bootloader_run',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
bootloader_domtrans($1)
|
bootloader_domtrans($1)
|
||||||
|
|
||||||
@ -73,7 +73,7 @@ define(`bootloader_run_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_search_boot_dir',`
|
define(`bootloader_search_boot_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir search;
|
allow $1 boot_t:dir search;
|
||||||
')
|
')
|
||||||
@ -95,7 +95,7 @@ define(`bootloader_search_boot_dir_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_dontaudit_search_boot',`
|
define(`bootloader_dontaudit_search_boot',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 boot_t:dir search;
|
dontaudit $1 boot_t:dir search;
|
||||||
')
|
')
|
||||||
@ -118,7 +118,7 @@ define(`bootloader_dontaudit_search_boot_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_rw_boot_symlinks',`
|
define(`bootloader_rw_boot_symlinks',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir r_dir_perms;
|
allow $1 boot_t:dir r_dir_perms;
|
||||||
allow $1 boot_t:lnk_file rw_file_perms;
|
allow $1 boot_t:lnk_file rw_file_perms;
|
||||||
@ -142,7 +142,7 @@ define(`bootloader_rw_boot_symlinks_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_create_kernel',`
|
define(`bootloader_create_kernel',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir ra_dir_perms;
|
allow $1 boot_t:dir ra_dir_perms;
|
||||||
allow $1 boot_t:file { getattr read write create };
|
allow $1 boot_t:file { getattr read write create };
|
||||||
@ -168,7 +168,7 @@ define(`bootloader_create_kernel_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_create_kernel_symbol_table',`
|
define(`bootloader_create_kernel_symbol_table',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir ra_dir_perms;
|
allow $1 boot_t:dir ra_dir_perms;
|
||||||
allow $1 system_map_t:file { rw_file_perms create };
|
allow $1 system_map_t:file { rw_file_perms create };
|
||||||
@ -192,7 +192,7 @@ define(`bootloader_create_kernel_symbol_table_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_read_kernel_symbol_table',`
|
define(`bootloader_read_kernel_symbol_table',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir r_dir_perms;
|
allow $1 boot_t:dir r_dir_perms;
|
||||||
allow $1 system_map_t:file r_file_perms;
|
allow $1 system_map_t:file r_file_perms;
|
||||||
@ -216,7 +216,7 @@ define(`bootloader_read_kernel_symbol_table_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_delete_kernel',`
|
define(`bootloader_delete_kernel',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir { r_dir_perms write remove_name };
|
allow $1 boot_t:dir { r_dir_perms write remove_name };
|
||||||
allow $1 boot_t:file { getattr unlink };
|
allow $1 boot_t:file { getattr unlink };
|
||||||
@ -240,7 +240,7 @@ define(`bootloader_delete_kernel_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_delete_kernel_symbol_table',`
|
define(`bootloader_delete_kernel_symbol_table',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir { r_dir_perms write remove_name };
|
allow $1 boot_t:dir { r_dir_perms write remove_name };
|
||||||
allow $1 system_map_t:file { getattr unlink };
|
allow $1 system_map_t:file { getattr unlink };
|
||||||
@ -264,7 +264,7 @@ define(`bootloader_delete_kernel_symbol_table_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_read_config',`
|
define(`bootloader_read_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bootloader_etc_t:file r_file_perms;
|
allow $1 bootloader_etc_t:file r_file_perms;
|
||||||
')
|
')
|
||||||
@ -287,7 +287,7 @@ define(`bootloader_read_config_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_rw_config',`
|
define(`bootloader_rw_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bootloader_etc_t:file rw_file_perms;
|
allow $1 bootloader_etc_t:file rw_file_perms;
|
||||||
')
|
')
|
||||||
@ -310,7 +310,7 @@ define(`bootloader_rw_config_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_rw_tmp_file',`
|
define(`bootloader_rw_tmp_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: read tmp_t
|
# FIXME: read tmp_t
|
||||||
allow $1 bootloader_tmp_t:file rw_file_perms;
|
allow $1 bootloader_tmp_t:file rw_file_perms;
|
||||||
@ -334,7 +334,7 @@ define(`bootloader_rw_tmp_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_create_runtime_file',`
|
define(`bootloader_create_runtime_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 boot_t:dir rw_dir_perms;
|
allow $1 boot_t:dir rw_dir_perms;
|
||||||
allow $1 boot_runtime_t:file { rw_file_perms create unlink };
|
allow $1 boot_runtime_t:file { rw_file_perms create unlink };
|
||||||
@ -359,7 +359,7 @@ define(`bootloader_create_runtime_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_list_kernel_modules',`
|
define(`bootloader_list_kernel_modules',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 modules_object_t:dir r_dir_perms;
|
allow $1 modules_object_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -381,7 +381,7 @@ define(`bootloader_list_kernel_modules_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_read_kernel_modules',`
|
define(`bootloader_read_kernel_modules',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 modules_object_t:dir r_dir_perms;
|
allow $1 modules_object_t:dir r_dir_perms;
|
||||||
allow $1 modules_object_t:lnk_file r_file_perms;
|
allow $1 modules_object_t:lnk_file r_file_perms;
|
||||||
@ -407,7 +407,7 @@ define(`bootloader_read_kernel_modules_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_write_kernel_modules',`
|
define(`bootloader_write_kernel_modules',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 modules_object_t:dir r_dir_perms;
|
allow $1 modules_object_t:dir r_dir_perms;
|
||||||
allow $1 modules_object_t:file { write append };
|
allow $1 modules_object_t:file { write append };
|
||||||
@ -436,7 +436,7 @@ define(`bootloader_write_kernel_modules_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`bootloader_manage_kernel_modules',`
|
define(`bootloader_manage_kernel_modules',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 modules_object_t:file { rw_file_perms create setattr unlink };
|
allow $1 modules_object_t:file { rw_file_perms create setattr unlink };
|
||||||
allow $1 modules_object_t:dir rw_dir_perms;
|
allow $1 modules_object_t:dir rw_dir_perms;
|
||||||
@ -458,7 +458,7 @@ define(`bootloader_manage_kernel_modules_depend',`
|
|||||||
# bootloader_create_private_module_dir_entry(domain,privatetype,[class(es)])
|
# bootloader_create_private_module_dir_entry(domain,privatetype,[class(es)])
|
||||||
#
|
#
|
||||||
define(`bootloader_create_private_module_dir_entry',`
|
define(`bootloader_create_private_module_dir_entry',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 modules_object_t:dir { getattr search read write add_name remove_name };
|
allow $1 modules_object_t:dir { getattr search read write add_name remove_name };
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_node',`
|
define(`dev_node',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $1 device_node;
|
typeattribute $1 device_node;
|
||||||
|
|
||||||
@ -63,7 +63,7 @@ define(`dev_node_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_relabel_all_dev_nodes',`
|
define(`dev_relabel_all_dev_nodes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_node:dir { getattr relabelfrom };
|
allow $1 device_node:dir { getattr relabelfrom };
|
||||||
allow $1 device_node:file { getattr relabelfrom };
|
allow $1 device_node:file { getattr relabelfrom };
|
||||||
@ -99,7 +99,7 @@ define(`dev_relabel_all_dev_nodes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_list_all_dev_nodes',`
|
define(`dev_list_all_dev_nodes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_t:lnk_file { getattr read };
|
allow $1 device_t:lnk_file { getattr read };
|
||||||
@ -123,7 +123,7 @@ define(`dev_list_all_dev_nodes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_list_all_dev_nodes',`
|
define(`dev_dontaudit_list_all_dev_nodes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:dir r_dir_perms;
|
dontaudit $1 device_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -145,7 +145,7 @@ define(`dev_dontaudit_list_all_dev_nodes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_create_dir',`
|
define(`dev_create_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { ra_dir_perms create };
|
allow $1 device_t:dir { ra_dir_perms create };
|
||||||
')
|
')
|
||||||
@ -167,7 +167,7 @@ define(`dev_create_dir_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_relabel_dev_dirs',`
|
define(`dev_relabel_dev_dirs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { r_dir_perms relabelfrom relabelto };
|
allow $1 device_t:dir { r_dir_perms relabelfrom relabelto };
|
||||||
')
|
')
|
||||||
@ -189,7 +189,7 @@ define(`dev_relabel_dev_dirs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_getattr_generic_pipe',`
|
define(`dev_dontaudit_getattr_generic_pipe',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:fifo_file getattr;
|
dontaudit $1 device_t:fifo_file getattr;
|
||||||
')
|
')
|
||||||
@ -211,7 +211,7 @@ define(`dev_dontaudit_getattr_generic_pipe_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_getattr_generic_blk_file',`
|
define(`dev_getattr_generic_blk_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_t:blk_file getattr;
|
allow $1 device_t:blk_file getattr;
|
||||||
@ -235,7 +235,7 @@ define(`ddev_getattr_generic_blk_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_getattr_generic_blk_file',`
|
define(`dev_dontaudit_getattr_generic_blk_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:blk_file getattr;
|
dontaudit $1 device_t:blk_file getattr;
|
||||||
')
|
')
|
||||||
@ -258,7 +258,7 @@ define(`dev_dontaudit_getattr_generic_blk_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_manage_generic_blk_file',`
|
define(`dev_manage_generic_blk_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir rw_dir_perms;
|
allow $1 device_t:dir rw_dir_perms;
|
||||||
allow $1 device_t:blk_file create_file_perms;
|
allow $1 device_t:blk_file create_file_perms;
|
||||||
@ -281,7 +281,7 @@ define(`dev_manage_generic_blk_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_create_generic_chr_file',`
|
define(`dev_create_generic_chr_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir ra_dir_perms;
|
allow $1 device_t:dir ra_dir_perms;
|
||||||
allow $1 device_t:chr_file create;
|
allow $1 device_t:chr_file create;
|
||||||
@ -308,7 +308,7 @@ define(`dev_create_generic_chr_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_getattr_generic_chr_file',`
|
define(`dev_getattr_generic_chr_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_t:chr_file getattr;
|
allow $1 device_t:chr_file getattr;
|
||||||
@ -332,7 +332,7 @@ define(`dev_getattr_generic_chr_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_getattr_generic_chr_file',`
|
define(`dev_dontaudit_getattr_generic_chr_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:chr_file getattr;
|
dontaudit $1 device_t:chr_file getattr;
|
||||||
')
|
')
|
||||||
@ -354,7 +354,7 @@ define(`dev_dontaudit_getattr_generic_chr_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_del_generic_symlinks',`
|
define(`dev_del_generic_symlinks',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { getattr read write remove_name };
|
allow $1 device_t:dir { getattr read write remove_name };
|
||||||
allow $1 device_t:lnk_file unlink;
|
allow $1 device_t:lnk_file unlink;
|
||||||
@ -380,7 +380,7 @@ define(`dev_del_generic_symlinks_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_manage_generic_symlinks',`
|
define(`dev_manage_generic_symlinks',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||||
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
allow $1 device_t:lnk_file { create read getattr setattr link unlink rename };
|
||||||
@ -404,7 +404,7 @@ define(`dev_manage_generic_symlinks_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_manage_dev_nodes',`
|
define(`dev_manage_dev_nodes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
|
||||||
allow $1 device_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
|
allow $1 device_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
@ -446,7 +446,7 @@ define(`dev_manage_dev_nodes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_rw_generic_dev_nodes',`
|
define(`dev_dontaudit_rw_generic_dev_nodes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
|
dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
|
||||||
')
|
')
|
||||||
@ -469,7 +469,7 @@ define(`dev_dontaudit_rw_generic_dev_nodes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_manage_generic_blk_file',`
|
define(`dev_manage_generic_blk_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir rw_dir_perms;
|
allow $1 device_t:dir rw_dir_perms;
|
||||||
allow $1 device_t:blk_file create_file_perms;
|
allow $1 device_t:blk_file create_file_perms;
|
||||||
@ -493,7 +493,7 @@ define(`dev_manage_generic_blk_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_manage_generic_chr_file',`
|
define(`dev_manage_generic_chr_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir rw_dir_perms;
|
allow $1 device_t:dir rw_dir_perms;
|
||||||
allow $1 device_t:chr_file create_file_perms;
|
allow $1 device_t:chr_file create_file_perms;
|
||||||
@ -525,7 +525,7 @@ define(`dev_manage_generic_chr_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_create_dev_node',`
|
define(`dev_create_dev_node',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir rw_dir_perms;
|
allow $1 device_t:dir rw_dir_perms;
|
||||||
type_transition $1 device_t:$3 $2;
|
type_transition $1 device_t:$3 $2;
|
||||||
@ -552,7 +552,7 @@ define(`dev_create_dev_node_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_getattr_all_blk_files',`
|
define(`dev_getattr_all_blk_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_node:blk_file getattr;
|
allow $1 device_node:blk_file getattr;
|
||||||
@ -576,7 +576,7 @@ define(`dev_getattr_all_blk_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_getattr_all_blk_files',`
|
define(`dev_dontaudit_getattr_all_blk_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_node:blk_file getattr;
|
allow $1 device_node:blk_file getattr;
|
||||||
')
|
')
|
||||||
@ -598,7 +598,7 @@ define(`dev_dontaudit_getattr_all_blk_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_getattr_all_chr_files',`
|
define(`dev_getattr_all_chr_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_node:chr_file getattr;
|
allow $1 device_node:chr_file getattr;
|
||||||
@ -622,7 +622,7 @@ define(`dev_getattr_all_chr_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_getattr_all_chr_files',`
|
define(`dev_dontaudit_getattr_all_chr_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 device_node:chr_file getattr;
|
dontaudit $1 device_node:chr_file getattr;
|
||||||
')
|
')
|
||||||
@ -644,7 +644,7 @@ define(`dev_dontaudit_getattr_all_chr_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_setattr_all_blk_files',`
|
define(`dev_setattr_all_blk_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_node:blk_file setattr;
|
allow $1 device_node:blk_file setattr;
|
||||||
@ -668,7 +668,7 @@ define(`dev_setattr_all_blk_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_setattr_all_chr_files',`
|
define(`dev_setattr_all_chr_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 device_node:chr_file setattr;
|
allow $1 device_node:chr_file setattr;
|
||||||
@ -692,7 +692,7 @@ define(`dev_setattr_all_chr_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_manage_all_blk_files',`
|
define(`dev_manage_all_blk_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir rw_dir_perms;
|
allow $1 device_t:dir rw_dir_perms;
|
||||||
allow $1 device_node:blk_file create_file_perms;
|
allow $1 device_node:blk_file create_file_perms;
|
||||||
@ -722,7 +722,7 @@ define(`dev_manage_all_blk_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_manage_all_chr_files',`
|
define(`dev_manage_all_chr_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir rw_dir_perms;
|
allow $1 device_t:dir rw_dir_perms;
|
||||||
allow $1 device_node:chr_file create_file_perms;
|
allow $1 device_node:chr_file create_file_perms;
|
||||||
@ -748,7 +748,7 @@ define(`dev_manage_all_chr_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_raw_memory',`
|
define(`dev_read_raw_memory',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 memory_device_t:chr_file r_file_perms;
|
allow $1 memory_device_t:chr_file r_file_perms;
|
||||||
@ -776,7 +776,7 @@ define(`dev_read_raw_memory_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_raw_memory',`
|
define(`dev_write_raw_memory',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 memory_device_t:chr_file write;
|
allow $1 memory_device_t:chr_file write;
|
||||||
@ -804,7 +804,7 @@ define(`dev_write_raw_memory_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rx_raw_memory',`
|
define(`dev_rx_raw_memory',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_read_raw_memory($1)
|
dev_read_raw_memory($1)
|
||||||
allow $1 memory_device_t:chr_file execute;
|
allow $1 memory_device_t:chr_file execute;
|
||||||
@ -827,7 +827,7 @@ define(`dev_rx_raw_memory_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_wx_raw_memory',`
|
define(`dev_wx_raw_memory',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_write_raw_memory($1)
|
dev_write_raw_memory($1)
|
||||||
allow $1 memory_device_t:chr_file execute;
|
allow $1 memory_device_t:chr_file execute;
|
||||||
@ -850,7 +850,7 @@ define(`dev_wx_raw_memory_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_rand',`
|
define(`dev_read_rand',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 random_device_t:chr_file r_file_perms;
|
allow $1 random_device_t:chr_file r_file_perms;
|
||||||
@ -874,7 +874,7 @@ define(`dev_read_rand_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_urand',`
|
define(`dev_read_urand',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 urandom_device_t:chr_file r_file_perms;
|
allow $1 urandom_device_t:chr_file r_file_perms;
|
||||||
@ -900,7 +900,7 @@ define(`dev_read_urand_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_rand',`
|
define(`dev_write_rand',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 random_device_t:chr_file { getattr write ioctl };
|
allow $1 random_device_t:chr_file { getattr write ioctl };
|
||||||
@ -925,7 +925,7 @@ define(`dev_write_rand_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_urand',`
|
define(`dev_write_urand',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 urandom_device_t:chr_file { getattr write ioctl };
|
allow $1 urandom_device_t:chr_file { getattr write ioctl };
|
||||||
@ -949,7 +949,7 @@ define(`dev_write_urand_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_null_dev',`
|
define(`dev_rw_null_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 null_device_t:chr_file rw_file_perms;
|
allow $1 null_device_t:chr_file rw_file_perms;
|
||||||
@ -973,7 +973,7 @@ define(`dev_rw_null_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_zero_dev',`
|
define(`dev_rw_zero_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 zero_device_t:chr_file rw_file_perms;
|
allow $1 zero_device_t:chr_file rw_file_perms;
|
||||||
@ -997,7 +997,7 @@ define(`dev_rw_zero_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rwx_zero_dev',`
|
define(`dev_rwx_zero_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_rw_zero_dev($1)
|
dev_rw_zero_dev($1)
|
||||||
allow $1 zero_device_t:chr_file execute;
|
allow $1 zero_device_t:chr_file execute;
|
||||||
@ -1020,7 +1020,7 @@ define(`dev_rwx_zero_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_realtime_clock',`
|
define(`dev_read_realtime_clock',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 clock_device_t:chr_file r_file_perms;
|
allow $1 clock_device_t:chr_file r_file_perms;
|
||||||
@ -1043,7 +1043,7 @@ class chr_file r_file_perms;
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_realtime_clock',`
|
define(`dev_write_realtime_clock',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 clock_device_t:chr_file { setattr lock write append ioctl };
|
allow $1 clock_device_t:chr_file { setattr lock write append ioctl };
|
||||||
@ -1082,7 +1082,7 @@ define(`dev_rw_realtime_clock',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_snd_dev',`
|
define(`dev_read_snd_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 sound_device_t:chr_file r_file_perms;
|
allow $1 sound_device_t:chr_file r_file_perms;
|
||||||
@ -1105,7 +1105,7 @@ define(`dev_read_snd_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_snd_dev',`
|
define(`dev_write_snd_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 sound_device_t:chr_file { getattr write ioctl };
|
allow $1 sound_device_t:chr_file { getattr write ioctl };
|
||||||
@ -1129,7 +1129,7 @@ define(`dev_write_snd_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_snd_mixer_dev',`
|
define(`dev_read_snd_mixer_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 sound_device_t:chr_file { getattr read ioctl };
|
allow $1 sound_device_t:chr_file { getattr read ioctl };
|
||||||
@ -1153,7 +1153,7 @@ define(`dev_read_snd_mixer_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_snd_mixer_dev',`
|
define(`dev_write_snd_mixer_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 sound_device_t:chr_file { getattr write ioctl };
|
allow $1 sound_device_t:chr_file { getattr write ioctl };
|
||||||
@ -1177,7 +1177,7 @@ define(`dev_write_snd_mixer_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_agp_dev',`
|
define(`dev_rw_agp_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 agp_device_t:chr_file rw_file_perms;
|
allow $1 agp_device_t:chr_file rw_file_perms;
|
||||||
@ -1201,7 +1201,7 @@ define(`dev_rw_agp_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_getattr_agp_dev',`
|
define(`dev_getattr_agp_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 dri_device_t:chr_file getattr;
|
allow $1 dri_device_t:chr_file getattr;
|
||||||
@ -1225,7 +1225,7 @@ define(`dev_getattr_agp_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_dri_dev',`
|
define(`dev_rw_dri_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 dri_device_t:chr_file rw_file_perms;
|
allow $1 dri_device_t:chr_file rw_file_perms;
|
||||||
@ -1249,7 +1249,7 @@ define(`dev_rw_dri_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_dontaudit_rw_dri_dev',`
|
define(`dev_dontaudit_rw_dri_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 dri_device_t:chr_file { getattr read write ioctl };
|
dontaudit $1 dri_device_t:chr_file { getattr read write ioctl };
|
||||||
')
|
')
|
||||||
@ -1271,7 +1271,7 @@ define(`dev_dontaudit_rw_dri_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_mtrr',`
|
define(`dev_read_mtrr',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 mtrr_device_t:chr_file r_file_perms;
|
allow $1 mtrr_device_t:chr_file r_file_perms;
|
||||||
@ -1295,7 +1295,7 @@ define(`dev_read_mtrr_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_mtrr',`
|
define(`dev_write_mtrr',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 mtrr_device_t:chr_file { getattr write ioctl };
|
allow $1 mtrr_device_t:chr_file { getattr write ioctl };
|
||||||
@ -1319,7 +1319,7 @@ define(`dev_write_mtrr_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_framebuffer',`
|
define(`dev_read_framebuffer',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 framebuf_device_t:chr_file r_file_perms;
|
allow $1 framebuf_device_t:chr_file r_file_perms;
|
||||||
@ -1343,7 +1343,7 @@ define(`dev_read_framebuffer_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_framebuffer',`
|
define(`dev_write_framebuffer',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 framebuf_device_t:chr_file { getattr write ioctl };
|
allow $1 framebuf_device_t:chr_file { getattr write ioctl };
|
||||||
@ -1367,7 +1367,7 @@ define(`dev_write_framebuffer_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_lvm_control',`
|
define(`dev_read_lvm_control',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 lvm_control_t:chr_file r_file_perms;
|
allow $1 lvm_control_t:chr_file r_file_perms;
|
||||||
@ -1391,7 +1391,7 @@ define(`dev_read_lvm_control_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_lvm_control',`
|
define(`dev_rw_lvm_control',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 lvm_control_t:chr_file rw_file_perms;
|
allow $1 lvm_control_t:chr_file rw_file_perms;
|
||||||
@ -1415,7 +1415,7 @@ define(`dev_rw_lvm_control_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_delete_lvm_control',`
|
define(`dev_delete_lvm_control',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir { getattr search read write remove_name };
|
allow $1 device_t:dir { getattr search read write remove_name };
|
||||||
allow $1 lvm_control_t:chr_file unlink;
|
allow $1 lvm_control_t:chr_file unlink;
|
||||||
@ -1439,7 +1439,7 @@ define(`dev_delete_lvm_control_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_misc',`
|
define(`dev_read_misc',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 misc_device_t:chr_file r_file_perms;
|
allow $1 misc_device_t:chr_file r_file_perms;
|
||||||
@ -1463,7 +1463,7 @@ define(`dev_read_misc_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_write_misc',`
|
define(`dev_write_misc',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 misc_device_t:chr_file { getattr write ioctl };
|
allow $1 misc_device_t:chr_file { getattr write ioctl };
|
||||||
@ -1487,7 +1487,7 @@ define(`dev_write_misc_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_mouse',`
|
define(`dev_read_mouse',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 mouse_device_t:chr_file r_file_perms;
|
allow $1 mouse_device_t:chr_file r_file_perms;
|
||||||
@ -1511,7 +1511,7 @@ define(`dev_read_mouse_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_input',`
|
define(`dev_read_input',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 event_device_t:chr_file r_file_perms;
|
allow $1 event_device_t:chr_file r_file_perms;
|
||||||
@ -1535,7 +1535,7 @@ define(`dev_read_input_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_read_cpuid',`
|
define(`dev_read_cpuid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 cpu_device_t:chr_file r_file_perms;
|
allow $1 cpu_device_t:chr_file r_file_perms;
|
||||||
@ -1560,7 +1560,7 @@ define(`dev_read_cpuid_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_cpu_microcode',`
|
define(`dev_rw_cpu_microcode',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 cpu_device_t:chr_file rw_file_perms;
|
allow $1 cpu_device_t:chr_file rw_file_perms;
|
||||||
@ -1584,7 +1584,7 @@ define(`dev_rw_cpu_microcode_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_scanner',`
|
define(`dev_rw_scanner',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 scanner_device_t:chr_file rw_file_perms;
|
allow $1 scanner_device_t:chr_file rw_file_perms;
|
||||||
@ -1608,7 +1608,7 @@ define(`dev_rw_scanner_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`dev_rw_power_management',`
|
define(`dev_rw_power_management',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 device_t:dir r_dir_perms;
|
allow $1 device_t:dir r_dir_perms;
|
||||||
allow $1 power_device_t:chr_file rw_file_perms;
|
allow $1 power_device_t:chr_file rw_file_perms;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_make_fs',`
|
define(`fs_make_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $1 fs_type;
|
typeattribute $1 fs_type;
|
||||||
')
|
')
|
||||||
@ -34,7 +34,7 @@ define(`fs_make_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_make_noxattr_fs',`
|
define(`fs_make_noxattr_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
fs_make_fs($1)
|
fs_make_fs($1)
|
||||||
|
|
||||||
@ -59,7 +59,7 @@ define(`fs_make_noxattr_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_associate',`
|
define(`fs_associate',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_t:filesystem associate;
|
allow $1 fs_t:filesystem associate;
|
||||||
')
|
')
|
||||||
@ -85,7 +85,7 @@ define(`fs_associate_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_associate_noxattr',`
|
define(`fs_associate_noxattr',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 noxattrfs:filesystem associate;
|
allow $1 noxattrfs:filesystem associate;
|
||||||
')
|
')
|
||||||
@ -109,7 +109,7 @@ define(`fs_associate_noxattr_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_xattr_fs',`
|
define(`fs_mount_xattr_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_t:filesystem mount;
|
allow $1 fs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -134,7 +134,7 @@ define(`fs_mount_xattr_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_xattr_fs',`
|
define(`fs_remount_xattr_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_t:filesystem remount;
|
allow $1 fs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -158,7 +158,7 @@ define(`fs_remount_xattr_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_xattr_fs',`
|
define(`fs_unmount_xattr_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_t:filesystem mount;
|
allow $1 fs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -183,7 +183,7 @@ define(`fs_unmount_xattr_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_xattr_fs',`
|
define(`fs_getattr_xattr_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_t:filesystem getattr;
|
allow $1 fs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -208,7 +208,7 @@ define(`fs_getattr_xattr_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_dontaudit_getattr_xattr_fs',`
|
define(`fs_dontaudit_getattr_xattr_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 fs_t:filesystem getattr;
|
dontaudit $1 fs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -232,7 +232,7 @@ define(`fs_dontaudit_getattr_xattr_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_relabelfrom_xattr_fs',`
|
define(`fs_relabelfrom_xattr_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_t:filesystem relabelfrom;
|
allow $1 fs_t:filesystem relabelfrom;
|
||||||
')
|
')
|
||||||
@ -254,7 +254,7 @@ define(`fs_relabelfrom_xattr_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_autofs',`
|
define(`fs_mount_autofs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 autofs_t:filesystem mount;
|
allow $1 autofs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -277,7 +277,7 @@ define(`fs_mount_autofs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_autofs',`
|
define(`fs_remount_autofs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 autofs_t:filesystem remount;
|
allow $1 autofs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -299,7 +299,7 @@ define(`fs_remount_autofs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_autofs',`
|
define(`fs_unmount_autofs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 autofs_t:filesystem mount;
|
allow $1 autofs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -323,7 +323,7 @@ define(`fs_unmount_autofs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_autofs',`
|
define(`fs_getattr_autofs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 autofs_t:filesystem getattr;
|
allow $1 autofs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -352,7 +352,7 @@ define(`fs_getattr_autofs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_register_binary_executable_type',`
|
define(`fs_register_binary_executable_type',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 binfmt_misc_fs_t:dir { getattr search };
|
allow $1 binfmt_misc_fs_t:dir { getattr search };
|
||||||
allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
|
allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
|
||||||
@ -376,7 +376,7 @@ define(`fs_register_binary_executable_type_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_cifs',`
|
define(`fs_mount_cifs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:filesystem mount;
|
allow $1 cifs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -399,7 +399,7 @@ define(`fs_mount_cifs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_cifs',`
|
define(`fs_remount_cifs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:filesystem remount;
|
allow $1 cifs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -421,7 +421,7 @@ define(`fs_remount_cifs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_cifs',`
|
define(`fs_unmount_cifs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:filesystem mount;
|
allow $1 cifs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -445,7 +445,7 @@ define(`fs_unmount_cifs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_cifs',`
|
define(`fs_getattr_cifs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:filesystem getattr;
|
allow $1 cifs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -469,7 +469,7 @@ define(`fs_getattr_cifs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_execute_cifs_files',`
|
define(`fs_execute_cifs_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:dir r_dir_perms;
|
allow $1 cifs_t:dir r_dir_perms;
|
||||||
can_exec($1, cifs_t)
|
can_exec($1, cifs_t)
|
||||||
@ -494,7 +494,7 @@ define(`fs_execute_cifs_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_cifs_dirs',`
|
define(`fs_manage_cifs_dirs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:dir create_file_perms;
|
allow $1 cifs_t:dir create_file_perms;
|
||||||
')
|
')
|
||||||
@ -517,7 +517,7 @@ define(`fs_manage_cifs_dirs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_cifs_files',`
|
define(`fs_manage_cifs_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:dir rw_dir_perms;
|
allow $1 cifs_t:dir rw_dir_perms;
|
||||||
allow $1 cifs_t:file create_file_perms;
|
allow $1 cifs_t:file create_file_perms;
|
||||||
@ -542,7 +542,7 @@ define(`fs_manage_cifs_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_cifs_symlinks',`
|
define(`fs_manage_cifs_symlinks',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:dir rw_dir_perms;
|
allow $1 cifs_t:dir rw_dir_perms;
|
||||||
allow $1 cifs_t:lnk_file create_lnk_perms;
|
allow $1 cifs_t:lnk_file create_lnk_perms;
|
||||||
@ -567,7 +567,7 @@ define(`fs_manage_cifs_symlinks_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_cifs_named_pipes',`
|
define(`fs_manage_cifs_named_pipes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:dir rw_dir_perms;
|
allow $1 cifs_t:dir rw_dir_perms;
|
||||||
allow $1 cifs_t:fifo_file create_file_perms;
|
allow $1 cifs_t:fifo_file create_file_perms;
|
||||||
@ -592,7 +592,7 @@ define(`fs_manage_cifs_named_pipes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_cifs_named_sockets',`
|
define(`fs_manage_cifs_named_sockets',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 cifs_t:dir rw_file_perms;
|
allow $1 cifs_t:dir rw_file_perms;
|
||||||
allow $1 cifs_t:sock_file create_file_perms;
|
allow $1 cifs_t:sock_file create_file_perms;
|
||||||
@ -617,7 +617,7 @@ define(`fs_manage_cifs_named_sockets_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_dos_fs',`
|
define(`fs_mount_dos_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 dosfs_t:filesystem mount;
|
allow $1 dosfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -641,7 +641,7 @@ define(`fs_mount_dos_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_dos_fs',`
|
define(`fs_remount_dos_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 dosfs_t:filesystem remount;
|
allow $1 dosfs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -664,7 +664,7 @@ define(`fs_remount_dos_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_dos_fs',`
|
define(`fs_unmount_dos_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 dosfs_t:filesystem mount;
|
allow $1 dosfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -688,7 +688,7 @@ define(`fs_unmount_dos_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_dos_fs',`
|
define(`fs_getattr_dos_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 dosfs_t:filesystem getattr;
|
allow $1 dosfs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -711,7 +711,7 @@ define(`fs_getattr_dos_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_relabelfrom_dos_fs',`
|
define(`fs_relabelfrom_dos_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 dosfs_t:filesystem relabelfrom;
|
allow $1 dosfs_t:filesystem relabelfrom;
|
||||||
')
|
')
|
||||||
@ -734,7 +734,7 @@ define(`fs_relabelfrom_dos_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_iso9660_fs',`
|
define(`fs_mount_iso9660_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 iso9660_t:filesystem mount;
|
allow $1 iso9660_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -758,7 +758,7 @@ define(`fs_mount_iso9660_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_iso9660_fs',`
|
define(`fs_remount_iso9660_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 iso9660_t:filesystem remount;
|
allow $1 iso9660_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -781,7 +781,7 @@ define(`fs_remount_iso9660_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_iso9660_fs',`
|
define(`fs_unmount_iso9660_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 iso9660_t:filesystem mount;
|
allow $1 iso9660_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -805,7 +805,7 @@ define(`fs_unmount_iso9660_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_iso9660_fs',`
|
define(`fs_getattr_iso9660_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 iso9660_t:filesystem getattr;
|
allow $1 iso9660_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -827,7 +827,7 @@ define(`fs_getattr_iso9660_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_nfs',`
|
define(`fs_mount_nfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:filesystem mount;
|
allow $1 nfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -850,7 +850,7 @@ define(`fs_mount_nfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_nfs',`
|
define(`fs_remount_nfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:filesystem remount;
|
allow $1 nfs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -872,7 +872,7 @@ define(`fs_remount_nfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_nfs',`
|
define(`fs_unmount_nfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:filesystem mount;
|
allow $1 nfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -895,7 +895,7 @@ define(`fs_unmount_nfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_nfs',`
|
define(`fs_getattr_nfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:filesystem getattr;
|
allow $1 nfs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -917,7 +917,7 @@ define(`fs_getattr_nfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_execute_nfs_files',`
|
define(`fs_execute_nfs_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:dir r_dir_perms;
|
allow $1 nfs_t:dir r_dir_perms;
|
||||||
can_exec($1, nfs_t)
|
can_exec($1, nfs_t)
|
||||||
@ -942,7 +942,7 @@ define(`fs_execute_nfs_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_nfs_dirs',`
|
define(`fs_manage_nfs_dirs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:dir create_dir_perms;
|
allow $1 nfs_t:dir create_dir_perms;
|
||||||
')
|
')
|
||||||
@ -965,7 +965,7 @@ define(`fs_manage_nfs_dirs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_nfs_files',`
|
define(`fs_manage_nfs_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:dir rw_dir_perms;
|
allow $1 nfs_t:dir rw_dir_perms;
|
||||||
allow $1 nfs_t:file create_file_perms;
|
allow $1 nfs_t:file create_file_perms;
|
||||||
@ -990,7 +990,7 @@ define(`fs_manage_nfs_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_nfs_symlinks',`
|
define(`fs_manage_nfs_symlinks',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:dir rw_dir_perms;
|
allow $1 nfs_t:dir rw_dir_perms;
|
||||||
allow $1 nfs_t:lnk_file create_lnk_perms;
|
allow $1 nfs_t:lnk_file create_lnk_perms;
|
||||||
@ -1015,7 +1015,7 @@ define(`fs_manage_nfs_symlinks_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_nfs_named_pipes',`
|
define(`fs_manage_nfs_named_pipes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:dir rw_dir_perms;
|
allow $1 nfs_t:dir rw_dir_perms;
|
||||||
allow $1 nfs_t:fifo_file create_file_perms;
|
allow $1 nfs_t:fifo_file create_file_perms;
|
||||||
@ -1040,7 +1040,7 @@ define(`fs_manage_nfs_named_pipes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_nfs_named_sockets',`
|
define(`fs_manage_nfs_named_sockets',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfs_t:dir rw_dir_perms;
|
allow $1 nfs_t:dir rw_dir_perms;
|
||||||
allow $1 nfs_t:sock_file create_file_perms;
|
allow $1 nfs_t:sock_file create_file_perms;
|
||||||
@ -1064,7 +1064,7 @@ define(`fs_manage_nfs_named_sockets_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_nfsd_fs',`
|
define(`fs_mount_nfsd_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfsd_fs_t:filesystem mount;
|
allow $1 nfsd_fs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1087,7 +1087,7 @@ define(`fs_mount_nfsd_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_nfsd_fs',`
|
define(`fs_remount_nfsd_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfsd_fs_t:filesystem remount;
|
allow $1 nfsd_fs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -1109,7 +1109,7 @@ define(`fs_remount_nfsd_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_nfsd_fs',`
|
define(`fs_unmount_nfsd_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfsd_fs_t:filesystem mount;
|
allow $1 nfsd_fs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1133,7 +1133,7 @@ define(`fs_unmount_nfsd_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_nfsd_fs',`
|
define(`fs_getattr_nfsd_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 nfsd_fs_t:filesystem getattr;
|
allow $1 nfsd_fs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -1155,7 +1155,7 @@ define(`fs_getattr_nfsd_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_ramfs',`
|
define(`fs_mount_ramfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 ramfs_t:filesystem mount;
|
allow $1 ramfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1178,7 +1178,7 @@ define(`fs_mount_ramfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_ramfs',`
|
define(`fs_remount_ramfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 ramfs_t:filesystem remount;
|
allow $1 ramfs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -1200,7 +1200,7 @@ define(`fs_remount_ramfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_ramfs',`
|
define(`fs_unmount_ramfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 ramfs_t:filesystem mount;
|
allow $1 ramfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1223,7 +1223,7 @@ define(`fs_unmount_ramfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_ramfs',`
|
define(`fs_getattr_ramfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 ramfs_t:filesystem getattr;
|
allow $1 ramfs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -1245,7 +1245,7 @@ define(`fs_getattr_ramfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_romfs',`
|
define(`fs_mount_romfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 romfs_t:filesystem mount;
|
allow $1 romfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1268,7 +1268,7 @@ define(`fs_mount_romfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_romfs',`
|
define(`fs_remount_romfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 romfs_t:filesystem remount;
|
allow $1 romfs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -1290,7 +1290,7 @@ define(`fs_remount_romfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_romfs',`
|
define(`fs_unmount_romfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 romfs_t:filesystem mount;
|
allow $1 romfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1314,7 +1314,7 @@ define(`fs_unmount_romfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_romfs',`
|
define(`fs_getattr_romfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 romfs_t:filesystem getattr;
|
allow $1 romfs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -1336,7 +1336,7 @@ define(`fs_getattr_romfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_rpc_pipefs',`
|
define(`fs_mount_rpc_pipefs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpc_pipefs_t:filesystem mount;
|
allow $1 rpc_pipefs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1359,7 +1359,7 @@ define(`fs_mount_rpc_pipefs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_rpc_pipefs',`
|
define(`fs_remount_rpc_pipefs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpc_pipefs_t:filesystem remount;
|
allow $1 rpc_pipefs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -1381,7 +1381,7 @@ define(`fs_remount_rpc_pipefs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_rpc_pipefs',`
|
define(`fs_unmount_rpc_pipefs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpc_pipefs_t:filesystem mount;
|
allow $1 rpc_pipefs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1405,7 +1405,7 @@ define(`fs_unmount_rpc_pipefs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_rpc_pipefs',`
|
define(`fs_getattr_rpc_pipefs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 rpc_pipefs_t:filesystem getattr;
|
allow $1 rpc_pipefs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -1427,7 +1427,7 @@ define(`fs_getattr_rpc_pipefs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_tmpfs',`
|
define(`fs_mount_tmpfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:filesystem mount;
|
allow $1 tmpfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1449,7 +1449,7 @@ define(`fs_mount_tmpfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_tmpfs',`
|
define(`fs_remount_tmpfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:filesystem remount;
|
allow $1 tmpfs_t:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -1471,7 +1471,7 @@ define(`fs_remount_tmpfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_tmpfs',`
|
define(`fs_unmount_tmpfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:filesystem mount;
|
allow $1 tmpfs_t:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1495,7 +1495,7 @@ define(`fs_unmount_tmpfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_tmpfs',`
|
define(`fs_getattr_tmpfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:filesystem getattr;
|
allow $1 tmpfs_t:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -1517,7 +1517,7 @@ define(`fs_getattr_tmpfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_associate_tmpfs',`
|
define(`fs_associate_tmpfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:filesystem associate;
|
allow $1 tmpfs_t:filesystem associate;
|
||||||
')
|
')
|
||||||
@ -1533,7 +1533,7 @@ define(`fs_associate_tmpfs_depend',`
|
|||||||
# fs_create_tmpfs_data(domain,derivedtype,[class])
|
# fs_create_tmpfs_data(domain,derivedtype,[class])
|
||||||
#
|
#
|
||||||
define(`fs_create_tmpfs_data',`
|
define(`fs_create_tmpfs_data',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $2 tmpfs_t:filesystem associate;
|
allow $2 tmpfs_t:filesystem associate;
|
||||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||||
@ -1563,7 +1563,7 @@ define(`fs_create_tmpfs_data_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_use_tmpfs_character_devices',`
|
define(`fs_use_tmpfs_character_devices',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:dir r_dir_perms;
|
allow $1 tmpfs_t:dir r_dir_perms;
|
||||||
allow $1 tmpfs_t:chr_file rw_file_perms;
|
allow $1 tmpfs_t:chr_file rw_file_perms;
|
||||||
@ -1587,7 +1587,7 @@ define(`fs_use_tmpfs_character_devices_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_relabel_tmpfs_character_devices',`
|
define(`fs_relabel_tmpfs_character_devices',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:dir r_dir_perms;
|
allow $1 tmpfs_t:dir r_dir_perms;
|
||||||
allow $1 tmpfs_t:chr_file { getattr relabelfrom relabelto };
|
allow $1 tmpfs_t:chr_file { getattr relabelfrom relabelto };
|
||||||
@ -1611,7 +1611,7 @@ define(`fs_relabel_tmpfs_character_devices_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_use_tmpfs_block_devices',`
|
define(`fs_use_tmpfs_block_devices',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:dir r_dir_perms;
|
allow $1 tmpfs_t:dir r_dir_perms;
|
||||||
allow $1 tmpfs_t:blk_file rw_file_perms;
|
allow $1 tmpfs_t:blk_file rw_file_perms;
|
||||||
@ -1635,7 +1635,7 @@ define(`fs_use_tmpfs_block_devices_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_relabel_tmpfs_block_devices',`
|
define(`fs_relabel_tmpfs_block_devices',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:dir r_dir_perms;
|
allow $1 tmpfs_t:dir r_dir_perms;
|
||||||
allow $1 tmpfs_t:blk_file { getattr relabelfrom relabelto };
|
allow $1 tmpfs_t:blk_file { getattr relabelfrom relabelto };
|
||||||
@ -1660,7 +1660,7 @@ define(`fs_use_tmpfs_block_devices_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_tmpfs_character_devices',`
|
define(`fs_manage_tmpfs_character_devices',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||||
allow $1 tmpfs_t:chr_file create_file_perms;
|
allow $1 tmpfs_t:chr_file create_file_perms;
|
||||||
@ -1685,7 +1685,7 @@ define(`fs_manage_tmpfs_character_devices_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_manage_tmpfs_block_devices',`
|
define(`fs_manage_tmpfs_block_devices',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfs_t:dir rw_dir_perms;
|
allow $1 tmpfs_t:dir rw_dir_perms;
|
||||||
allow $1 tmpfs_t:blk_file create_file_perms;
|
allow $1 tmpfs_t:blk_file create_file_perms;
|
||||||
@ -1709,7 +1709,7 @@ define(`fs_manage_tmpfs_block_devices_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_mount_all_fs',`
|
define(`fs_mount_all_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_type:filesystem mount;
|
allow $1 fs_type:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -1732,7 +1732,7 @@ define(`fs_mount_all_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_remount_all_fs',`
|
define(`fs_remount_all_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_type:filesystem remount;
|
allow $1 fs_type:filesystem remount;
|
||||||
')
|
')
|
||||||
@ -1754,7 +1754,7 @@ define(`fs_remount_all_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_unmount_all_fs',`
|
define(`fs_unmount_all_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_type:filesystem unmount;
|
allow $1 fs_type:filesystem unmount;
|
||||||
')
|
')
|
||||||
@ -1778,7 +1778,7 @@ define(`fs_mount_all_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_getattr_all_fs',`
|
define(`fs_getattr_all_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_type:filesystem getattr;
|
allow $1 fs_type:filesystem getattr;
|
||||||
')
|
')
|
||||||
@ -1800,7 +1800,7 @@ define(`fs_getattr_all_fs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_get_all_fs_quotas',`
|
define(`fs_get_all_fs_quotas',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_type:filesystem quotaget;
|
allow $1 fs_type:filesystem quotaget;
|
||||||
')
|
')
|
||||||
@ -1822,7 +1822,7 @@ define(`fs_get_all_fs_quotas_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`fs_set_all_quotas',`
|
define(`fs_set_all_quotas',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_type:filesystem quotamod;
|
allow $1 fs_type:filesystem quotamod;
|
||||||
')
|
')
|
||||||
@ -1838,7 +1838,7 @@ define(`fs_set_all_quotas_depend',`
|
|||||||
# fs_getattr_all_files(type)
|
# fs_getattr_all_files(type)
|
||||||
#
|
#
|
||||||
define(`fs_getattr_all_files',`
|
define(`fs_getattr_all_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fs_type:dir { search getattr };
|
allow $1 fs_type:dir { search getattr };
|
||||||
allow $1 fs_type:file getattr;
|
allow $1 fs_type:file getattr;
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_userland_entry',`
|
define(`kernel_userland_entry',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans(kernel_t, $2, $1)
|
domain_auto_trans(kernel_t, $2, $1)
|
||||||
|
|
||||||
@ -50,7 +50,7 @@ define(`kernel_userland_entry_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rootfs_mountpoint',`
|
define(`kernel_rootfs_mountpoint',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow kernel_t $1:dir mounton;
|
allow kernel_t $1:dir mounton;
|
||||||
')
|
')
|
||||||
@ -73,7 +73,7 @@ define(`kernel_rootfs_mountpoint_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_share_state',`
|
define(`kernel_share_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow kernel_t $1:process share;
|
allow kernel_t $1:process share;
|
||||||
')
|
')
|
||||||
@ -95,7 +95,7 @@ define(`kernel_share_state_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_use_fd',`
|
define(`kernel_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 kernel_t:fd use;
|
allow $1 kernel_t:fd use;
|
||||||
')
|
')
|
||||||
@ -118,7 +118,7 @@ define(`kernel_use_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_use_fd',`
|
define(`kernel_dontaudit_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 kernel_t:fd use;
|
dontaudit $1 kernel_t:fd use;
|
||||||
')
|
')
|
||||||
@ -141,7 +141,7 @@ define(`kernel_dontaudit_use_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_subj_id_change_exempt',`
|
define(`kernel_subj_id_change_exempt',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $1 can_change_process_identity;
|
typeattribute $1 can_change_process_identity;
|
||||||
')
|
')
|
||||||
@ -162,7 +162,7 @@ define(`kernel_subj_id_change_exempt_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_role_change_exempt',`
|
define(`kernel_role_change_exempt',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $1 can_change_process_role;
|
typeattribute $1 can_change_process_role;
|
||||||
')
|
')
|
||||||
@ -183,7 +183,7 @@ define(`kernel_role_change_exempt_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_obj_id_change_exempt',`
|
define(`kernel_obj_id_change_exempt',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $1 can_change_object_identity;
|
typeattribute $1 can_change_object_identity;
|
||||||
')
|
')
|
||||||
@ -203,7 +203,7 @@ define(`kernel_obj_id_change_exempt_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_load_module',`
|
define(`kernel_load_module',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 self:capability sys_module;
|
allow $1 self:capability sys_module;
|
||||||
typeattribute $1 can_load_kernmodule;
|
typeattribute $1 can_load_kernmodule;
|
||||||
@ -227,7 +227,7 @@ define(`kernel_load_module_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_get_selinux_enforcement_mode',`
|
define(`kernel_get_selinux_enforcement_mode',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read };
|
allow $1 security_t:file { getattr read };
|
||||||
@ -252,7 +252,7 @@ define(`kernel_get_selinux_enforcement_mode_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_set_enforcement_mode',`
|
define(`kernel_set_enforcement_mode',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -282,7 +282,7 @@ define(`kernel_set_enforcement_mode_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_load_policy',`
|
define(`kernel_load_policy',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -316,7 +316,7 @@ define(`kernel_load_policy_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_set_boolean',`
|
define(`kernel_set_boolean',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
ifelse(`$2',`',`
|
ifelse(`$2',`',`
|
||||||
allow $1 security_t:dir { getattr search read };
|
allow $1 security_t:dir { getattr search read };
|
||||||
@ -350,7 +350,7 @@ define(`kernel_set_boolean_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_set_security_parameters',`
|
define(`kernel_set_security_parameters',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -380,7 +380,7 @@ define(`kernel_set_security_parameters_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_validate_context',`
|
define(`kernel_validate_context',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -406,7 +406,7 @@ define(`kernel_validate_context_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_compute_access_vector',`
|
define(`kernel_compute_access_vector',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -432,7 +432,7 @@ define(`kernel_compute_access_vector_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_compute_create_context',`
|
define(`kernel_compute_create_context',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -458,7 +458,7 @@ define(`kernel_compute_create_context_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_compute_relabel_context',`
|
define(`kernel_compute_relabel_context',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -484,7 +484,7 @@ define(`kernel_compute_relabel_context_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_compute_reachable_user_contexts',`
|
define(`kernel_compute_reachable_user_contexts',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 security_t:dir { read search getattr };
|
allow $1 security_t:dir { read search getattr };
|
||||||
allow $1 security_t:file { getattr read write };
|
allow $1 security_t:file { getattr read write };
|
||||||
@ -510,7 +510,7 @@ define(`kernel_compute_reachable_user_contexts_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_ring_buffer',`
|
define(`kernel_read_ring_buffer',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 kernel_t:system syslog_read;
|
allow $1 kernel_t:system syslog_read;
|
||||||
')
|
')
|
||||||
@ -532,7 +532,7 @@ define(`kernel_read_ring_buffer_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_read_ring_buffer',`
|
define(`kernel_dontaudit_read_ring_buffer',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 kernel_t:system syslog_read;
|
dontaudit $1 kernel_t:system syslog_read;
|
||||||
')
|
')
|
||||||
@ -554,7 +554,7 @@ define(`kernel_dontaudit_read_ring_buffer_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_change_ring_buffer_level',`
|
define(`kernel_change_ring_buffer_level',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 kernel_t:system syslog_console;
|
allow $1 kernel_t:system syslog_console;
|
||||||
')
|
')
|
||||||
@ -576,7 +576,7 @@ define(`kernel_change_ring_buffer_level_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_clear_ring_buffer',`
|
define(`kernel_clear_ring_buffer',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 kernel_t:system syslog_mod;
|
allow $1 kernel_t:system syslog_mod;
|
||||||
')
|
')
|
||||||
@ -598,7 +598,7 @@ define(`kernel_clear_ring_buffer_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_get_sysvipc_info',`
|
define(`kernel_get_sysvipc_info',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 kernel_t:system ipc_info;
|
allow $1 kernel_t:system ipc_info;
|
||||||
')
|
')
|
||||||
@ -620,7 +620,7 @@ define(`kernel_get_sysvipc_info_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_get_selinuxfs_mount_point',`
|
define(`kernel_get_selinuxfs_mount_point',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 proc_t:{ file lnk_file } read;
|
allow $1 proc_t:{ file lnk_file } read;
|
||||||
@ -647,7 +647,7 @@ define(`kernel_get_selinuxfs_mount_point_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_system_state',`
|
define(`kernel_read_system_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir r_dir_perms;
|
allow $1 proc_t:dir r_dir_perms;
|
||||||
allow $1 proc_t:lnk_file { getattr read };
|
allow $1 proc_t:lnk_file { getattr read };
|
||||||
@ -674,7 +674,7 @@ define(`kernel_read_system_state_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_read_system_state',`
|
define(`kernel_dontaudit_read_system_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:file read;
|
allow $1 proc_t:file read;
|
||||||
')
|
')
|
||||||
@ -696,7 +696,7 @@ define(`kernel_dontaudit_read_system_state_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_software_raid_state',`
|
define(`kernel_read_software_raid_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir r_dir_perms;
|
allow $1 proc_t:dir r_dir_perms;
|
||||||
allow $1 proc_mdstat_t:file r_file_perms;
|
allow $1 proc_mdstat_t:file r_file_perms;
|
||||||
@ -720,7 +720,7 @@ define(`kernel_read_software_raid_state_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_getattr_core',`
|
define(`kernel_getattr_core',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir r_dir_perms;
|
allow $1 proc_t:dir r_dir_perms;
|
||||||
allow $1 proc_kcore_t:file getattr;
|
allow $1 proc_kcore_t:file getattr;
|
||||||
@ -745,7 +745,7 @@ define(`kernel_getattr_core_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_getattr_core',`
|
define(`kernel_dontaudit_getattr_core',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 proc_kcore_t:file getattr;
|
dontaudit $1 proc_kcore_t:file getattr;
|
||||||
')
|
')
|
||||||
@ -768,7 +768,7 @@ define(`kernel_dontaudit_getattr_core_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_messages',`
|
define(`kernel_read_messages',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 proc_kmsg_t:file r_file_perms;
|
allow $1 proc_kmsg_t:file r_file_perms;
|
||||||
@ -796,7 +796,7 @@ define(`kernel_read_messages_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_getattr_message_if',`
|
define(`kernel_getattr_message_if',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 proc_kmsg_t:file getattr;
|
allow $1 proc_kmsg_t:file getattr;
|
||||||
@ -821,7 +821,7 @@ define(`kernel_getattr_message_if_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_getattr_message_if',`
|
define(`kernel_dontaudit_getattr_message_if',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 proc_kmsg_t:file getattr;
|
dontaudit $1 proc_kmsg_t:file getattr;
|
||||||
')
|
')
|
||||||
@ -844,7 +844,7 @@ define(`kernel_dontaudit_getattr_message_if_depend',`
|
|||||||
##
|
##
|
||||||
#
|
#
|
||||||
define(`kernel_read_network_state',`
|
define(`kernel_read_network_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 proc_net_t:dir r_dir_perms;
|
allow $1 proc_net_t:dir r_dir_perms;
|
||||||
@ -870,7 +870,7 @@ define(`kernel_read_network_state_depend',`
|
|||||||
##
|
##
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_search_sysctl_dir',`
|
define(`kernel_dontaudit_search_sysctl_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 sysctl_t:dir search;
|
dontaudit $1 sysctl_t:dir search;
|
||||||
')
|
')
|
||||||
@ -892,7 +892,7 @@ define(`kernel_dontaudit_search_sysctl_dir_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_device_sysctl',`
|
define(`kernel_read_device_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -918,7 +918,7 @@ define(`kernel_read_device_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_device_sysctl',`
|
define(`kernel_rw_device_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -944,7 +944,7 @@ define(`kernel_rw_device_sysctl_depend',`
|
|||||||
##
|
##
|
||||||
#
|
#
|
||||||
define(`kernel_read_vm_sysctl',`
|
define(`kernel_read_vm_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -969,7 +969,7 @@ define(`kernel_read_vm_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_vm_sysctl',`
|
define(`kernel_rw_vm_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -994,7 +994,7 @@ define(`kernel_rw_vm_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_search_network_sysctl_dir',`
|
define(`kernel_dontaudit_search_network_sysctl_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 sysctl_net_t:dir search;
|
dontaudit $1 sysctl_net_t:dir search;
|
||||||
')
|
')
|
||||||
@ -1017,7 +1017,7 @@ define(`kernel_dontaudit_search_network_sysctl_dir_depend',`
|
|||||||
##
|
##
|
||||||
#
|
#
|
||||||
define(`kernel_read_net_sysctl',`
|
define(`kernel_read_net_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1043,7 +1043,7 @@ define(`kernel_read_net_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_net_sysctl',`
|
define(`kernel_rw_net_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1070,7 +1070,7 @@ define(`kernel_rw_net_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_unix_sysctl',`
|
define(`kernel_read_unix_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1097,7 +1097,7 @@ define(`kernel_read_unix_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_unix_sysctl',`
|
define(`kernel_rw_unix_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1123,7 +1123,7 @@ define(`kernel_rw_net_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_hotplug_sysctl',`
|
define(`kernel_read_hotplug_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1149,7 +1149,7 @@ define(`kernel_read_hotplug_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_hotplug_sysctl',`
|
define(`kernel_rw_hotplug_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1175,7 +1175,7 @@ define(`kernel_rw_hotplug_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_modprobe_sysctl',`
|
define(`kernel_read_modprobe_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1201,7 +1201,7 @@ define(`kernel_read_modprobe_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_modprobe_sysctl',`
|
define(`kernel_rw_modprobe_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1227,7 +1227,7 @@ define(`kernel_rw_modprobe_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_kernel_sysctl',`
|
define(`kernel_read_kernel_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1253,7 +1253,7 @@ define(`kernel_read_kernel_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_kernel_sysctl',`
|
define(`kernel_rw_kernel_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1279,7 +1279,7 @@ define(`kernel_rw_kernel_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_fs_sysctl',`
|
define(`kernel_read_fs_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1305,7 +1305,7 @@ define(`kernel_read_fs_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_fs_sysctl',`
|
define(`kernel_rw_fs_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_t:dir r_dir_perms;
|
allow $1 sysctl_t:dir r_dir_perms;
|
||||||
@ -1331,7 +1331,7 @@ define(`kernel_rw_fs_sysctl_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_irq_sysctl',`
|
define(`kernel_read_irq_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_irq_t:dir r_dir_perms;
|
allow $1 sysctl_irq_t:dir r_dir_perms;
|
||||||
@ -1357,7 +1357,7 @@ define(`kernel_read_irq_sysctl_depend',`
|
|||||||
##
|
##
|
||||||
#
|
#
|
||||||
define(`kernel_rw_irq_sysctl',`
|
define(`kernel_rw_irq_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 sysctl_irq_t:dir r_dir_perms;
|
allow $1 sysctl_irq_t:dir r_dir_perms;
|
||||||
@ -1376,7 +1376,7 @@ define(`kernel_rw_irq_sysctl_depend',`
|
|||||||
# kernel_read_rpc_sysctl(domain)
|
# kernel_read_rpc_sysctl(domain)
|
||||||
#
|
#
|
||||||
define(`kernel_read_rpc_sysctl',`
|
define(`kernel_read_rpc_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 proc_net_t:dir search;
|
allow $1 proc_net_t:dir search;
|
||||||
@ -1396,7 +1396,7 @@ define(`kernel_read_rpc_sysctl_depend',`
|
|||||||
# kernel_rw_rpc_sysctl(domain)
|
# kernel_rw_rpc_sysctl(domain)
|
||||||
#
|
#
|
||||||
define(`kernel_rw_rpc_sysctl',`
|
define(`kernel_rw_rpc_sysctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 proc_t:dir search;
|
allow $1 proc_t:dir search;
|
||||||
allow $1 proc_net_t:dir search;
|
allow $1 proc_net_t:dir search;
|
||||||
@ -1468,7 +1468,7 @@ define(`kernel_rw_all_sysctl',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_search_sysfs',`
|
define(`kernel_search_sysfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sysfs_t:dir search;
|
allow $1 sysfs_t:dir search;
|
||||||
')
|
')
|
||||||
@ -1490,7 +1490,7 @@ define(`kernel_search_sysfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_hardware_state',`
|
define(`kernel_read_hardware_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sysfs_t:dir r_dir_perms;
|
allow $1 sysfs_t:dir r_dir_perms;
|
||||||
allow $1 sysfs_t:{ file lnk_file } r_file_perms;
|
allow $1 sysfs_t:{ file lnk_file } r_file_perms;
|
||||||
@ -1515,7 +1515,7 @@ define(`kernel_read_hardware_state_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_hardware_config_option',`
|
define(`kernel_rw_hardware_config_option',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sysfs_t:dir r_dir_perms;
|
allow $1 sysfs_t:dir r_dir_perms;
|
||||||
allow $1 sysfs_t:lnk_file r_file_perms;
|
allow $1 sysfs_t:lnk_file r_file_perms;
|
||||||
@ -1541,7 +1541,7 @@ define(`kernel_rw_hardware_config_option_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_kill_unlabeled',`
|
define(`kernel_kill_unlabeled',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unlabeled_t:process sigkill;
|
allow $1 unlabeled_t:process sigkill;
|
||||||
')
|
')
|
||||||
@ -1563,7 +1563,7 @@ define(`kernel_kill_unlabeled_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_signal_unlabeled',`
|
define(`kernel_signal_unlabeled',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unlabeled_t:process signal;
|
allow $1 unlabeled_t:process signal;
|
||||||
')
|
')
|
||||||
@ -1585,7 +1585,7 @@ define(`kernel_signal_unlabeled_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_signull_unlabeled',`
|
define(`kernel_signull_unlabeled',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unlabeled_t:process signull;
|
allow $1 unlabeled_t:process signull;
|
||||||
')
|
')
|
||||||
@ -1607,7 +1607,7 @@ define(`kernel_signull_unlabeled_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_sigstop_unlabeled',`
|
define(`kernel_sigstop_unlabeled',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unlabeled_t:process sigstop;
|
allow $1 unlabeled_t:process sigstop;
|
||||||
')
|
')
|
||||||
@ -1629,7 +1629,7 @@ define(`kernel_sigstop_unlabeled_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_sigchld_unlabeled',`
|
define(`kernel_sigchld_unlabeled',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unlabeled_t:process sigchld;
|
allow $1 unlabeled_t:process sigchld;
|
||||||
')
|
')
|
||||||
@ -1652,7 +1652,7 @@ define(`kernel_sigchld_unlabeled_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
|
define(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unlabeled_t:blk_file getattr;
|
allow $1 unlabeled_t:blk_file getattr;
|
||||||
')
|
')
|
||||||
@ -1674,7 +1674,7 @@ define(`kernel_dontaudit_getattr_unlabeled_blk_dev_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_relabel_unlabeled',`
|
define(`kernel_relabel_unlabeled',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unlabeled_t:dir_file_class_set { getattr relabelfrom };
|
allow $1 unlabeled_t:dir_file_class_set { getattr relabelfrom };
|
||||||
')
|
')
|
||||||
@ -1702,7 +1702,7 @@ define(`kernel_relabel_unlabeled_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_search_usbfs',`
|
define(`kernel_search_usbfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usbfs_t:dir search;
|
allow $1 usbfs_t:dir search;
|
||||||
')
|
')
|
||||||
@ -1724,7 +1724,7 @@ define(`kernel_search_usbfs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_list_usb_hardware',`
|
define(`kernel_list_usb_hardware',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usbfs_t:dir r_dir_perms;
|
allow $1 usbfs_t:dir r_dir_perms;
|
||||||
allow $1 usbfs_t:lnk_file r_file_perms;
|
allow $1 usbfs_t:lnk_file r_file_perms;
|
||||||
@ -1751,7 +1751,7 @@ define(`kernel_list_usb_hardware_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_read_usb_hardware_state',`
|
define(`kernel_read_usb_hardware_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usbfs_t:dir r_dir_perms;
|
allow $1 usbfs_t:dir r_dir_perms;
|
||||||
allow $1 usbfs_t:{ file lnk_file } r_file_perms;
|
allow $1 usbfs_t:{ file lnk_file } r_file_perms;
|
||||||
@ -1776,7 +1776,7 @@ define(`kernel_read_usb_hardware_state_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`kernel_rw_usb_hardware_config_option',`
|
define(`kernel_rw_usb_hardware_config_option',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usbfs_t:dir r_dir_perms;
|
allow $1 usbfs_t:dir r_dir_perms;
|
||||||
allow $1 usbfs_t:lnk_file r_file_perms;
|
allow $1 usbfs_t:lnk_file r_file_perms;
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_getattr_fixed_disk',`
|
define(`storage_getattr_fixed_disk',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 fixed_disk_device_t:blk_file getattr;
|
allow $1 fixed_disk_device_t:blk_file getattr;
|
||||||
@ -37,7 +37,7 @@ define(`storage_getattr_fixed_disk_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_dontaudit_getattr_fixed_disk',`
|
define(`storage_dontaudit_getattr_fixed_disk',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 fixed_disk_device_t:blk_file getattr;
|
dontaudit $1 fixed_disk_device_t:blk_file getattr;
|
||||||
')
|
')
|
||||||
@ -60,7 +60,7 @@ define(`storage_dontaudit_getattr_fixed_disk_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_setattr_fixed_disk',`
|
define(`storage_setattr_fixed_disk',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 fixed_disk_device_t:blk_file setattr;
|
allow $1 fixed_disk_device_t:blk_file setattr;
|
||||||
@ -86,7 +86,7 @@ define(`storage_setattr_fixed_disk_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_raw_read_fixed_disk',`
|
define(`storage_raw_read_fixed_disk',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 fixed_disk_device_t:blk_file r_file_perms;
|
allow $1 fixed_disk_device_t:blk_file r_file_perms;
|
||||||
@ -115,7 +115,7 @@ define(`storage_raw_read_fixed_disk_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_raw_write_fixed_disk',`
|
define(`storage_raw_write_fixed_disk',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 fixed_disk_device_t:blk_file { getattr write ioctl };
|
allow $1 fixed_disk_device_t:blk_file { getattr write ioctl };
|
||||||
@ -141,7 +141,7 @@ define(`storage_raw_write_fixed_disk_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_create_fixed_disk_dev_entry',`
|
define(`storage_create_fixed_disk_dev_entry',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 fixed_disk_device_t:blk_file create_file_perms;
|
allow $1 fixed_disk_device_t:blk_file create_file_perms;
|
||||||
dev_create_dev_node($1,fixed_disk_device_t,blk_file)
|
dev_create_dev_node($1,fixed_disk_device_t,blk_file)
|
||||||
@ -165,7 +165,7 @@ define(`storage_create_fixed_disk_dev_entry_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_manage_fixed_disk',`
|
define(`storage_manage_fixed_disk',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 fixed_disk_device_t:blk_file create_file_perms;
|
allow $1 fixed_disk_device_t:blk_file create_file_perms;
|
||||||
@ -194,7 +194,7 @@ define(`storage_manage_fixed_disk_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_raw_read_lvm_volume',`
|
define(`storage_raw_read_lvm_volume',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 lvm_vg_t:blk_file r_file_perms;
|
allow $1 lvm_vg_t:blk_file r_file_perms;
|
||||||
@ -223,7 +223,7 @@ define(`storage_raw_read_lvm_volume_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_raw_write_lvm_volume',`
|
define(`storage_raw_write_lvm_volume',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 lvm_vg_t:blk_file { getattr write ioctl };
|
allow $1 lvm_vg_t:blk_file { getattr write ioctl };
|
||||||
@ -253,7 +253,7 @@ define(`storage_raw_write_lvm_volume_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_read_scsi_generic',`
|
define(`storage_read_scsi_generic',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 scsi_generic_device_t:blk_file r_file_perms;
|
allow $1 scsi_generic_device_t:blk_file r_file_perms;
|
||||||
@ -283,7 +283,7 @@ define(`storage_read_scsi_generic_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_write_scsi_generic',`
|
define(`storage_write_scsi_generic',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 scsi_generic_device_t:blk_file { getattr write ioctl };
|
allow $1 scsi_generic_device_t:blk_file { getattr write ioctl };
|
||||||
@ -310,7 +310,7 @@ define(`storage_write_scsi_generic_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_getattr_scsi_generic',`
|
define(`storage_getattr_scsi_generic',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 scsi_generic_device_t:blk_file getattr;
|
allow $1 scsi_generic_device_t:blk_file getattr;
|
||||||
@ -334,7 +334,7 @@ define(`storage_getattr_scsi_generic_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_set_scsi_generic_attributes',`
|
define(`storage_set_scsi_generic_attributes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 scsi_generic_device_t:blk_file setattr;
|
allow $1 scsi_generic_device_t:blk_file setattr;
|
||||||
@ -358,7 +358,7 @@ define(`storage_set_scsi_generic_attributes_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_getattr_removable_device',`
|
define(`storage_getattr_removable_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 removable_device_t:blk_file getattr;
|
allow $1 removable_device_t:blk_file getattr;
|
||||||
@ -382,7 +382,7 @@ define(`storage_getattr_removable_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_dontaudit_getattr_removable_device',`
|
define(`storage_dontaudit_getattr_removable_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 removable_device_t:blk_file getattr;
|
dontaudit $1 removable_device_t:blk_file getattr;
|
||||||
')
|
')
|
||||||
@ -405,7 +405,7 @@ define(`storage_dontaudit_getattr_removable_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_setattr_removable_device',`
|
define(`storage_setattr_removable_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 removable_device_t:blk_file setattr;
|
allow $1 removable_device_t:blk_file setattr;
|
||||||
@ -432,7 +432,7 @@ define(`storage_setattr_removable_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_raw_read_removable_device',`
|
define(`storage_raw_read_removable_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 removable_device_t:blk_file r_file_perms;
|
allow $1 removable_device_t:blk_file r_file_perms;
|
||||||
@ -459,7 +459,7 @@ define(`storage_raw_read_removable_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_raw_write_removable_device',`
|
define(`storage_raw_write_removable_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 removable_device_t:blk_file { getattr write ioctl };
|
allow $1 removable_device_t:blk_file { getattr write ioctl };
|
||||||
@ -483,7 +483,7 @@ define(`storage_raw_write_removable_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_read_tape_device',`
|
define(`storage_read_tape_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tape_device_t:blk_file r_file_perms;
|
allow $1 tape_device_t:blk_file r_file_perms;
|
||||||
@ -507,7 +507,7 @@ define(`storage_read_tape_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_write_tape_device',`
|
define(`storage_write_tape_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tape_device_t:blk_file { getattr write ioctl };
|
allow $1 tape_device_t:blk_file { getattr write ioctl };
|
||||||
@ -531,7 +531,7 @@ define(`storage_write_tape_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_getattr_tape_device',`
|
define(`storage_getattr_tape_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tape_device_t:blk_file getattr;
|
allow $1 tape_device_t:blk_file getattr;
|
||||||
@ -555,7 +555,7 @@ define(`storage_getattr_tape_device_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`storage_setattr_tape_device',`
|
define(`storage_setattr_tape_device',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tape_device_t:blk_file setattr;
|
allow $1 tape_device_t:blk_file setattr;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_pty',`
|
define(`term_pty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 devpts_t:filesystem associate;
|
allow $1 devpts_t:filesystem associate;
|
||||||
typeattribute $1 ptynode;
|
typeattribute $1 ptynode;
|
||||||
@ -43,7 +43,7 @@ define(`term_pty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_user_pty',`
|
define(`term_user_pty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
term_pty($1)
|
term_pty($1)
|
||||||
type_change $1 server_ptynode:chr_file $2;
|
type_change $1 server_ptynode:chr_file $2;
|
||||||
@ -64,7 +64,7 @@ define(`term_user_pty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_tty',`
|
define(`term_tty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $2 ttynode;
|
typeattribute $2 ttynode;
|
||||||
type_change $1 tty_device_t:chr_file $2;
|
type_change $1 tty_device_t:chr_file $2;
|
||||||
@ -100,7 +100,7 @@ define(`term_tty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_create_pty',`
|
define(`term_create_pty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
@ -132,7 +132,7 @@ define(`term_create_pty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_use_all_terms',`
|
define(`term_use_all_terms',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 devpts_t:dir r_dir_perms;
|
allow $1 devpts_t:dir r_dir_perms;
|
||||||
@ -159,7 +159,7 @@ define(`term_use_all_terms_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_write_console',`
|
define(`term_write_console',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 console_device_t:chr_file write;
|
allow $1 console_device_t:chr_file write;
|
||||||
@ -181,7 +181,7 @@ define(`term_use_console_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_use_console',`
|
define(`term_use_console',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 console_device_t:chr_file rw_file_perms;
|
allow $1 console_device_t:chr_file rw_file_perms;
|
||||||
@ -205,7 +205,7 @@ define(`term_use_console_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_use_console',`
|
define(`term_dontaudit_use_console',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 console_device_t:chr_file { read write };
|
dontaudit $1 console_device_t:chr_file { read write };
|
||||||
')
|
')
|
||||||
@ -228,7 +228,7 @@ define(`term_dontaudit_use_console_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_setattr_console',`
|
define(`term_setattr_console',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 console_device_t:chr_file setattr;
|
allow $1 console_device_t:chr_file setattr;
|
||||||
@ -252,7 +252,7 @@ define(`term_setattr_console_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_list_ptys',`
|
define(`term_list_ptys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 devpts_t:dir r_dir_perms;
|
allow $1 devpts_t:dir r_dir_perms;
|
||||||
@ -276,7 +276,7 @@ define(`term_list_ptys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_list_ptys',`
|
define(`term_dontaudit_list_ptys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 devpts_t:dir { getattr search read };
|
dontaudit $1 devpts_t:dir { getattr search read };
|
||||||
')
|
')
|
||||||
@ -300,7 +300,7 @@ define(`term_dontaudit_list_ptys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_use_generic_pty',`
|
define(`term_use_generic_pty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 devpts_t:chr_file { read write };
|
allow $1 devpts_t:chr_file { read write };
|
||||||
@ -325,7 +325,7 @@ define(`term_use_generic_pty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_use_generic_pty',`
|
define(`term_dontaudit_use_generic_pty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 devpts_t:chr_file { read write };
|
dontaudit $1 devpts_t:chr_file { read write };
|
||||||
')
|
')
|
||||||
@ -348,7 +348,7 @@ define(`term_dontaudit_use_generic_pty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_use_controlling_term',`
|
define(`term_use_controlling_term',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 devtty_t:chr_file { getattr read write ioctl };
|
allow $1 devtty_t:chr_file { getattr read write ioctl };
|
||||||
@ -372,7 +372,7 @@ define(`term_use_controlling_terminal_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_use_ptmx',`
|
define(`term_dontaudit_use_ptmx',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 ptmx_t:chr_file { getattr read write };
|
dontaudit $1 ptmx_t:chr_file { getattr read write };
|
||||||
')
|
')
|
||||||
@ -395,7 +395,7 @@ define(`term_dontaudit_use_ptmx_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_getattr_all_user_ptys',`
|
define(`term_getattr_all_user_ptys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 devpts_t:dir r_dir_perms;
|
allow $1 devpts_t:dir r_dir_perms;
|
||||||
@ -420,7 +420,7 @@ define(`term_getattr_all_ptys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_use_all_user_ptys',`
|
define(`term_use_all_user_ptys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 devpts_t:dir r_dir_perms;
|
allow $1 devpts_t:dir r_dir_perms;
|
||||||
@ -446,7 +446,7 @@ define(`term_use_all_user_ptys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_use_all_user_ptys',`
|
define(`term_dontaudit_use_all_user_ptys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 ptynode:chr_file { read write };
|
dontaudit $1 ptynode:chr_file { read write };
|
||||||
')
|
')
|
||||||
@ -469,7 +469,7 @@ define(`term_dontaudit_use_all_user_ptys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_getattr_unallocated_ttys',`
|
define(`term_getattr_unallocated_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tty_device_t:chr_file getattr;
|
allow $1 tty_device_t:chr_file getattr;
|
||||||
@ -493,7 +493,7 @@ define(`term_getattr_unallocated_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_setattr_unallocated_ttys',`
|
define(`term_setattr_unallocated_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tty_device_t:chr_file setattr;
|
allow $1 tty_device_t:chr_file setattr;
|
||||||
@ -517,7 +517,7 @@ define(`term_setattr_unallocated_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_relabel_unallocated_ttys',`
|
define(`term_relabel_unallocated_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tty_device_t:chr_file { relabelfrom relabelto };
|
allow $1 tty_device_t:chr_file { relabelfrom relabelto };
|
||||||
@ -541,7 +541,7 @@ define(`term_relabel_unallocated_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_reset_tty_labels',`
|
define(`term_reset_tty_labels',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 ttynode:chr_file relabelfrom;
|
allow $1 ttynode:chr_file relabelfrom;
|
||||||
@ -566,7 +566,7 @@ define(`term_reset_tty_labels_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_write_unallocated_ttys',`
|
define(`term_write_unallocated_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tty_device_t:chr_file { getattr write };
|
allow $1 tty_device_t:chr_file { getattr write };
|
||||||
@ -589,7 +589,7 @@ define(`term_write_unallocated_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_use_unallocated_tty',`
|
define(`term_use_unallocated_tty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 tty_device_t:chr_file { getattr read write ioctl };
|
allow $1 tty_device_t:chr_file { getattr read write ioctl };
|
||||||
@ -613,7 +613,7 @@ define(`term_use_unallocated_tty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_use_unallocated_tty',`
|
define(`term_dontaudit_use_unallocated_tty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 tty_device_t:chr_file { read write };
|
dontaudit $1 tty_device_t:chr_file { read write };
|
||||||
')
|
')
|
||||||
@ -636,7 +636,7 @@ define(`term_dontaudit_use_unallocated_tty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_getattr_all_user_ttys',`
|
define(`term_getattr_all_user_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 ttynode:chr_file getattr;
|
allow $1 ttynode:chr_file getattr;
|
||||||
@ -661,7 +661,7 @@ define(`term_getattr_all_user_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_getattr_all_user_ttys',`
|
define(`term_dontaudit_getattr_all_user_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
dontaudit $1 ttynode:chr_file getattr;
|
dontaudit $1 ttynode:chr_file getattr;
|
||||||
@ -685,7 +685,7 @@ define(`term_dontaudit_getattr_all_user_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_setattr_all_user_ttys',`
|
define(`term_setattr_all_user_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 ttynode:chr_file setattr;
|
allow $1 ttynode:chr_file setattr;
|
||||||
@ -709,7 +709,7 @@ define(`term_setattr_all_user_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_relabel_all_user_ttys',`
|
define(`term_relabel_all_user_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 ttynode:chr_file { relabelfrom relabelto };
|
allow $1 ttynode:chr_file { relabelfrom relabelto };
|
||||||
@ -732,7 +732,7 @@ define(`term_relabel_all_user_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_write_all_user_ttys',`
|
define(`term_write_all_user_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 ttynode:chr_file { getattr write };
|
allow $1 ttynode:chr_file { getattr write };
|
||||||
@ -755,7 +755,7 @@ define(`term_write_all_user_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_use_all_user_ttys',`
|
define(`term_use_all_user_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 ttynode:chr_file { getattr read write ioctl };
|
allow $1 ttynode:chr_file { getattr read write ioctl };
|
||||||
@ -779,7 +779,7 @@ define(`term_use_all_user_ttys_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`term_dontaudit_use_all_user_ttys',`
|
define(`term_dontaudit_use_all_user_ttys',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 ttynode:chr_file { read write };
|
dontaudit $1 ttynode:chr_file { read write };
|
||||||
')
|
')
|
||||||
|
@ -244,7 +244,7 @@ define(`cron_admin_template',`
|
|||||||
# cron_rw_log(domain)
|
# cron_rw_log(domain)
|
||||||
#
|
#
|
||||||
define(`cron_rw_log',`
|
define(`cron_rw_log',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 crond_log_t:file rw_file_perms;
|
allow $1 crond_log_t:file rw_file_perms;
|
||||||
')
|
')
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
# mta_per_userdomain_template(userdomain_prefix)
|
# mta_per_userdomain_template(userdomain_prefix)
|
||||||
#
|
#
|
||||||
define(`mta_per_userdomain_template',`
|
define(`mta_per_userdomain_template',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
type $1_mail_t; # , user_mail_domain, nscd_client_domain;
|
type $1_mail_t; # , user_mail_domain, nscd_client_domain;
|
||||||
domain_type($1_mail_t)
|
domain_type($1_mail_t)
|
||||||
@ -145,7 +145,7 @@ define(`mta_per_userdomain_template_depend',`
|
|||||||
# mta_mailserver(domain,entrypointtype)
|
# mta_mailserver(domain,entrypointtype)
|
||||||
#
|
#
|
||||||
define(`mta_mailserver',`
|
define(`mta_mailserver',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
init_daemon_domain($1,$2)
|
init_daemon_domain($1,$2)
|
||||||
typeattribute $1 mailserver_domain;
|
typeattribute $1 mailserver_domain;
|
||||||
@ -160,7 +160,7 @@ define(`mta_mailserver_depend',`
|
|||||||
# mta_sendmail_mailserver(domain,entrypointtype)
|
# mta_sendmail_mailserver(domain,entrypointtype)
|
||||||
#
|
#
|
||||||
define(`mta_sendmail_mailserver',`
|
define(`mta_sendmail_mailserver',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
mta_mailserver($1,sendmail_exec_t)
|
mta_mailserver($1,sendmail_exec_t)
|
||||||
')
|
')
|
||||||
@ -174,7 +174,7 @@ define(`mta_sendmail_mailserver_depend',`
|
|||||||
# mta_send_mail(domain)
|
# mta_send_mail(domain)
|
||||||
#
|
#
|
||||||
define(`mta_send_mail',`
|
define(`mta_send_mail',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sendmail_exec_t:lnk_file r_file_perms;
|
allow $1 sendmail_exec_t:lnk_file r_file_perms;
|
||||||
domain_auto_trans($1, sendmail_exec_t, system_mail_t)
|
domain_auto_trans($1, sendmail_exec_t, system_mail_t)
|
||||||
@ -200,7 +200,7 @@ define(`mta_send_mail_depend',`
|
|||||||
# mta_exec(domain)
|
# mta_exec(domain)
|
||||||
#
|
#
|
||||||
define(`mta_exec',`
|
define(`mta_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1, sendmail_exec_t)
|
can_exec($1, sendmail_exec_t)
|
||||||
')
|
')
|
||||||
@ -222,7 +222,7 @@ define(`mta_exec_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`mta_read_aliases',`
|
define(`mta_read_aliases',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_aliases_t:file r_file_perms;
|
allow $1 etc_aliases_t:file r_file_perms;
|
||||||
')
|
')
|
||||||
@ -238,7 +238,7 @@ define(`mta_read_aliases_depend',`
|
|||||||
# mta_rw_aliases(domain)
|
# mta_rw_aliases(domain)
|
||||||
#
|
#
|
||||||
define(`mta_rw_aliases',`
|
define(`mta_rw_aliases',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow sendmail_t etc_aliases_t:file { rw_file_perms setattr };
|
allow sendmail_t etc_aliases_t:file { rw_file_perms setattr };
|
||||||
')
|
')
|
||||||
@ -254,7 +254,7 @@ define(`mta_rw_aliases_depend',`
|
|||||||
# mta_getattr_spool(domain)
|
# mta_getattr_spool(domain)
|
||||||
#
|
#
|
||||||
define(`mta_getattr_spool',`
|
define(`mta_getattr_spool',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_spool($1)
|
files_search_spool($1)
|
||||||
allow $1 mail_spool_t:dir r_dir_perms;
|
allow $1 mail_spool_t:dir r_dir_perms;
|
||||||
@ -275,7 +275,7 @@ define(`mta_getattr_spool_depend',`
|
|||||||
# mta_rw_spool(domain)
|
# mta_rw_spool(domain)
|
||||||
#
|
#
|
||||||
define(`mta_rw_spool',`
|
define(`mta_rw_spool',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_spool($1)
|
files_search_spool($1)
|
||||||
allow $1 mail_spool_t:dir rw_dir_perms;
|
allow $1 mail_spool_t:dir rw_dir_perms;
|
||||||
@ -294,7 +294,7 @@ define(`mta_rw_spool_depend',`
|
|||||||
# mta_manage_spool(domain)
|
# mta_manage_spool(domain)
|
||||||
#
|
#
|
||||||
define(`mta_manage_spool',`
|
define(`mta_manage_spool',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_spool($1)
|
files_search_spool($1)
|
||||||
allow $1 mail_spool_t:dir rw_dir_perms;
|
allow $1 mail_spool_t:dir rw_dir_perms;
|
||||||
@ -313,7 +313,7 @@ define(`mta_manage_spool_depend',`
|
|||||||
# mta_manage_queue(domain)
|
# mta_manage_queue(domain)
|
||||||
#
|
#
|
||||||
define(`mta_manage_queue',`
|
define(`mta_manage_queue',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 mqueue_spool_t:dir rw_dir_perms;
|
allow $1 mqueue_spool_t:dir rw_dir_perms;
|
||||||
allow $1 mqueue_spool_t:file create_file_perms;
|
allow $1 mqueue_spool_t:file create_file_perms;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`remotelogin_domtrans',`
|
define(`remotelogin_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
auth_domtrans_login_program($1,remote_login_t)
|
auth_domtrans_login_program($1,remote_login_t)
|
||||||
')
|
')
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`sendmail_domtrans',`
|
define(`sendmail_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,sendmail_exec_t,sendmail_t)
|
domain_auto_trans($1,sendmail_exec_t,sendmail_t)
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
# authlogin_per_userdomain_template(userdomain_prefix)
|
# authlogin_per_userdomain_template(userdomain_prefix)
|
||||||
#
|
#
|
||||||
define(`authlogin_per_userdomain_template',`
|
define(`authlogin_per_userdomain_template',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
type $1_chkpwd_t, can_read_shadow_passwords; # , nscd_client_domain;
|
type $1_chkpwd_t, can_read_shadow_passwords; # , nscd_client_domain;
|
||||||
domain_type($1_chkpwd_t)
|
domain_type($1_chkpwd_t)
|
||||||
@ -126,7 +126,7 @@ define(`authlogin_per_userdomain_template_depend',`
|
|||||||
# auth_login_entry_type(domain)
|
# auth_login_entry_type(domain)
|
||||||
#
|
#
|
||||||
define(`auth_login_entry_type',`
|
define(`auth_login_entry_type',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_entry_file($1,login_exec_t)
|
domain_entry_file($1,login_exec_t)
|
||||||
')
|
')
|
||||||
@ -149,7 +149,7 @@ define(`auth_login_entry_type_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`auth_domtrans_login_program',`
|
define(`auth_domtrans_login_program',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search bin_t
|
# FIXME: search bin_t
|
||||||
allow $1 login_exec_t:file rx_file_perms;
|
allow $1 login_exec_t:file rx_file_perms;
|
||||||
@ -190,7 +190,7 @@ define(`auth_domtrans_login_program_depend',`
|
|||||||
# auth_domtrans_chk_passwd(domain)
|
# auth_domtrans_chk_passwd(domain)
|
||||||
#
|
#
|
||||||
define(`auth_domtrans_chk_passwd',`
|
define(`auth_domtrans_chk_passwd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,chkpwd_exec_t,system_chkpwd_t)
|
domain_auto_trans($1,chkpwd_exec_t,system_chkpwd_t)
|
||||||
|
|
||||||
@ -245,7 +245,7 @@ define(`auth_domtrans_chk_passwd_depend',`
|
|||||||
# auth_dontaudit_getattr_shadow(domain)
|
# auth_dontaudit_getattr_shadow(domain)
|
||||||
#
|
#
|
||||||
define(`auth_dontaudit_getattr_shadow',`
|
define(`auth_dontaudit_getattr_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 shadow_t:file getattr;
|
dontaudit $1 shadow_t:file getattr;
|
||||||
')
|
')
|
||||||
@ -274,7 +274,7 @@ define(`auth_dontaudit_getattr_shadow_depend',`
|
|||||||
# auth_read_shadow(domain)
|
# auth_read_shadow(domain)
|
||||||
#
|
#
|
||||||
define(`auth_read_shadow',`
|
define(`auth_read_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_read_generic_etc_files_directory($1)
|
files_read_generic_etc_files_directory($1)
|
||||||
allow $1 shadow_t:file r_file_perms;
|
allow $1 shadow_t:file r_file_perms;
|
||||||
@ -307,7 +307,7 @@ define(`auth_read_shadow_depend',`
|
|||||||
# auth_dontaudit_read_shadow(domain)
|
# auth_dontaudit_read_shadow(domain)
|
||||||
#
|
#
|
||||||
define(`auth_dontaudit_read_shadow',`
|
define(`auth_dontaudit_read_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 shadow_t:file { getattr read };
|
dontaudit $1 shadow_t:file { getattr read };
|
||||||
')
|
')
|
||||||
@ -336,7 +336,7 @@ define(`auth_dontaudit_read_shadow_depend',`
|
|||||||
# auth_rw_shadow(domain)
|
# auth_rw_shadow(domain)
|
||||||
#
|
#
|
||||||
define(`auth_rw_shadow',`
|
define(`auth_rw_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_read_generic_etc_files_directory($1)
|
files_read_generic_etc_files_directory($1)
|
||||||
allow $1 shadow_t:file rw_file_perms;
|
allow $1 shadow_t:file rw_file_perms;
|
||||||
@ -355,7 +355,7 @@ define(`auth_rw_shadow_depend',`
|
|||||||
# auth_manage_shadow(domain)
|
# auth_manage_shadow(domain)
|
||||||
#
|
#
|
||||||
define(`auth_manage_shadow',`
|
define(`auth_manage_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 shadow_t:file create_file_perms;
|
allow $1 shadow_t:file create_file_perms;
|
||||||
files_create_etc_config($1,shadow_t,file)
|
files_create_etc_config($1,shadow_t,file)
|
||||||
@ -376,7 +376,7 @@ define(`auth_manage_shadow_depend',`
|
|||||||
# auth_relabelto_shadow(domain)
|
# auth_relabelto_shadow(domain)
|
||||||
#
|
#
|
||||||
define(`auth_relabelto_shadow',`
|
define(`auth_relabelto_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 shadow_t:file relabelto;
|
allow $1 shadow_t:file relabelto;
|
||||||
@ -396,7 +396,7 @@ define(`auth_relabelto_shadow_depend',`
|
|||||||
# auth_rw_faillog(domain)
|
# auth_rw_faillog(domain)
|
||||||
#
|
#
|
||||||
define(`auth_rw_faillog',`
|
define(`auth_rw_faillog',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 faillog_t:file rw_file_perms;
|
allow $1 faillog_t:file rw_file_perms;
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
@ -413,7 +413,7 @@ define(`auth_rw_faillog_depend',`
|
|||||||
# auth_rw_lastlog(domain)
|
# auth_rw_lastlog(domain)
|
||||||
#
|
#
|
||||||
define(`auth_rw_lastlog',`
|
define(`auth_rw_lastlog',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
allow $1 lastlog_t:file { getattr read write setattr };
|
allow $1 lastlog_t:file { getattr read write setattr };
|
||||||
@ -436,7 +436,7 @@ define(`auth_rw_lastlog_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`auth_domtrans_pam',`
|
define(`auth_domtrans_pam',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,pam_exec_t,pam_t)
|
domain_auto_trans($1,pam_exec_t,pam_t)
|
||||||
|
|
||||||
@ -472,7 +472,7 @@ define(`auth_domtrans_pam_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`auth_run_pam',`
|
define(`auth_run_pam',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
auth_domtrans_pam($1)
|
auth_domtrans_pam($1)
|
||||||
role $2 types pam_t;
|
role $2 types pam_t;
|
||||||
@ -503,7 +503,7 @@ define(`auth_run_pam_depend',`
|
|||||||
# auth_exec_pam(domain)
|
# auth_exec_pam(domain)
|
||||||
#
|
#
|
||||||
define(`auth_exec_pam',`
|
define(`auth_exec_pam',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,pam_exec_t)
|
can_exec($1,pam_exec_t)
|
||||||
')
|
')
|
||||||
@ -519,7 +519,7 @@ define(`auth_exec_pam_depend',`
|
|||||||
# auth_read_pam_pid(domain)
|
# auth_read_pam_pid(domain)
|
||||||
#
|
#
|
||||||
define(`auth_read_pam_pid',`
|
define(`auth_read_pam_pid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
@ -552,7 +552,7 @@ define(`auth_read_pam_pid_depend',`
|
|||||||
# auth_delete_pam_pid(domain)
|
# auth_delete_pam_pid(domain)
|
||||||
#
|
#
|
||||||
define(`auth_delete_pam_pid',`
|
define(`auth_delete_pam_pid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
@ -572,7 +572,7 @@ define(`auth_delete_pam_pid_depend',`
|
|||||||
# auth_domtrans_pam_console(domain)
|
# auth_domtrans_pam_console(domain)
|
||||||
#
|
#
|
||||||
define(`auth_domtrans_pam_console',`
|
define(`auth_domtrans_pam_console',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,pam_console_exec_t,pam_console_t)
|
domain_auto_trans($1,pam_console_exec_t,pam_console_t)
|
||||||
|
|
||||||
@ -609,7 +609,7 @@ define(`auth_domtrans_pam_console_depend',`
|
|||||||
# auth_list_pam_console_data(domain)
|
# auth_list_pam_console_data(domain)
|
||||||
#
|
#
|
||||||
define(`auth_list_pam_console_data',`
|
define(`auth_list_pam_console_data',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
@ -627,7 +627,7 @@ define(`auth_list_pam_console_data_depend',`
|
|||||||
# auth_read_pam_console_data(domain)
|
# auth_read_pam_console_data(domain)
|
||||||
#
|
#
|
||||||
define(`auth_read_pam_console_data',`
|
define(`auth_read_pam_console_data',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
@ -647,7 +647,7 @@ define(`auth_read_pam_console_data_depend',`
|
|||||||
# auth_manage_pam_console_data(domain)
|
# auth_manage_pam_console_data(domain)
|
||||||
#
|
#
|
||||||
define(`auth_manage_pam_console_data',`
|
define(`auth_manage_pam_console_data',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
@ -681,7 +681,7 @@ define(`auth_manage_pam_console_data_depend',`
|
|||||||
#
|
#
|
||||||
|
|
||||||
define(`auth_relabel_all_files_except_shadow',`
|
define(`auth_relabel_all_files_except_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_relabel_all_files($1,$2 -shadow_t)
|
files_relabel_all_files($1,$2 -shadow_t)
|
||||||
')
|
')
|
||||||
@ -707,7 +707,7 @@ define(`auth_relabel_all_files_except_shadow_depend',`
|
|||||||
#
|
#
|
||||||
|
|
||||||
define(`auth_manage_all_files_except_shadow',`
|
define(`auth_manage_all_files_except_shadow',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_manage_all_files($1,$2 -shadow_t)
|
files_manage_all_files($1,$2 -shadow_t)
|
||||||
')
|
')
|
||||||
@ -727,7 +727,7 @@ define(`auth_manage_all_files_except_shadow_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`auth_domtrans_utempter',`
|
define(`auth_domtrans_utempter',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,utempter_exec_t,utempter_t)
|
domain_auto_trans($1,utempter_exec_t,utempter_t)
|
||||||
|
|
||||||
@ -763,7 +763,7 @@ define(`auth_domtrans_utempter_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`auth_run_utempter',`
|
define(`auth_run_utempter',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
auth_domtrans_utempter($1)
|
auth_domtrans_utempter($1)
|
||||||
role $2 types utempter_t;
|
role $2 types utempter_t;
|
||||||
@ -794,7 +794,7 @@ define(`auth_run_utempter_depend',`
|
|||||||
# auth_read_login_records(domain)
|
# auth_read_login_records(domain)
|
||||||
#
|
#
|
||||||
define(`auth_read_login_records',`
|
define(`auth_read_login_records',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
allow $1 wtmp_t:file r_file_perms;
|
allow $1 wtmp_t:file r_file_perms;
|
||||||
@ -821,7 +821,7 @@ define(`auth_read_login_records_depend',`
|
|||||||
# auth_dontaudit_write_login_records(domain)
|
# auth_dontaudit_write_login_records(domain)
|
||||||
#
|
#
|
||||||
define(`auth_dontaudit_write_login_records',`
|
define(`auth_dontaudit_write_login_records',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 wtmp_t:file write;
|
dontaudit $1 wtmp_t:file write;
|
||||||
')
|
')
|
||||||
@ -837,7 +837,7 @@ define(`auth_read_login_records_depend',`
|
|||||||
# auth_rw_login_records(domain)
|
# auth_rw_login_records(domain)
|
||||||
#
|
#
|
||||||
define(`auth_rw_login_records',`
|
define(`auth_rw_login_records',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 wtmp_t:file rw_file_perms;
|
allow $1 wtmp_t:file rw_file_perms;
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`clock_domtrans',`
|
define(`clock_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,hwclock_exec_t,hwclock_t)
|
domain_auto_trans($1,hwclock_exec_t,hwclock_t)
|
||||||
|
|
||||||
@ -49,7 +49,7 @@ define(`clock_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`clock_run',`
|
define(`clock_run',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
clock_domtrans($1)
|
clock_domtrans($1)
|
||||||
role $2 types hwclock_t;
|
role $2 types hwclock_t;
|
||||||
@ -73,7 +73,7 @@ define(`clock_run_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`clock_exec',`
|
define(`clock_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,hwclock_exec_t)
|
can_exec($1,hwclock_exec_t)
|
||||||
')
|
')
|
||||||
@ -95,7 +95,7 @@ define(`clock_exec_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`clock_rw_adjtime',`
|
define(`clock_rw_adjtime',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 adjtime_t:file rw_file_perms;
|
allow $1 adjtime_t:file rw_file_perms;
|
||||||
files_read_generic_etc_files_directory($1)
|
files_read_generic_etc_files_directory($1)
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
# corecmd_shell_entry_type(domain)
|
# corecmd_shell_entry_type(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_shell_entry_type',`
|
define(`corecmd_shell_entry_type',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_entry_file($1,shell_exec_t)
|
domain_entry_file($1,shell_exec_t)
|
||||||
')
|
')
|
||||||
@ -23,7 +23,7 @@ define(`corecmd_shell_entry_type_depend',`
|
|||||||
# corecmd_search_bin(domain)
|
# corecmd_search_bin(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_search_bin',`
|
define(`corecmd_search_bin',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bin_t:dir search;
|
allow $1 bin_t:dir search;
|
||||||
')
|
')
|
||||||
@ -39,7 +39,7 @@ define(`corecmd_search_bin_depend',`
|
|||||||
# corecmd_list_bin(domain)
|
# corecmd_list_bin(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_list_bin',`
|
define(`corecmd_list_bin',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bin_t:dir r_dir_perms;
|
allow $1 bin_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -55,7 +55,7 @@ define(`corecmd_list_bin_depend',`
|
|||||||
# corecmd_exec_bin(domain)
|
# corecmd_exec_bin(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_exec_bin',`
|
define(`corecmd_exec_bin',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bin_t:dir r_dir_perms;
|
allow $1 bin_t:dir r_dir_perms;
|
||||||
allow $1 bin_t:lnk_file r_file_perms;
|
allow $1 bin_t:lnk_file r_file_perms;
|
||||||
@ -76,7 +76,7 @@ define(`corecmd_exec_bin_depend',`
|
|||||||
# corecmd_search_sbin(domain)
|
# corecmd_search_sbin(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_search_sbin',`
|
define(`corecmd_search_sbin',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sbin_t:dir search;
|
allow $1 sbin_t:dir search;
|
||||||
')
|
')
|
||||||
@ -92,7 +92,7 @@ define(`corecmd_search_sbin_depend',`
|
|||||||
# corecmd_list_sbin(domain)
|
# corecmd_list_sbin(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_list_sbin',`
|
define(`corecmd_list_sbin',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sbin_t:dir r_dir_perms;
|
allow $1 sbin_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -108,7 +108,7 @@ define(`corecmd_list_sbin_depend',`
|
|||||||
# corecmd_dontaudit_getattr_sbin_file(domain)
|
# corecmd_dontaudit_getattr_sbin_file(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_dontaudit_getattr_sbin_file',`
|
define(`corecmd_dontaudit_getattr_sbin_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sbin_t:file getattr;
|
allow $1 sbin_t:file getattr;
|
||||||
')
|
')
|
||||||
@ -124,7 +124,7 @@ define(`corecmd_dontaudit_getattr_sbin_file_depend',`
|
|||||||
# corecmd_exec_sbin(domain)
|
# corecmd_exec_sbin(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_exec_sbin',`
|
define(`corecmd_exec_sbin',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 sbin_t:dir r_dir_perms;
|
allow $1 sbin_t:dir r_dir_perms;
|
||||||
allow $1 sbin_t:lnk_file r_file_perms;
|
allow $1 sbin_t:lnk_file r_file_perms;
|
||||||
@ -145,7 +145,7 @@ define(`corecmd_exec_sbin_depend',`
|
|||||||
# corecmd_exec_shell(domain)
|
# corecmd_exec_shell(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_exec_shell',`
|
define(`corecmd_exec_shell',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bin_t:dir r_dir_perms;
|
allow $1 bin_t:dir r_dir_perms;
|
||||||
allow $1 bin_t:lnk_file r_file_perms;
|
allow $1 bin_t:lnk_file r_file_perms;
|
||||||
@ -165,7 +165,7 @@ define(`corecmd_exec_shell_depend',`
|
|||||||
# corecmd_exec_ls(domain)
|
# corecmd_exec_ls(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_exec_ls',`
|
define(`corecmd_exec_ls',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bin_t:dir r_dir_perms;
|
allow $1 bin_t:dir r_dir_perms;
|
||||||
allow $1 bin_t:lnk_file r_file_perms;
|
allow $1 bin_t:lnk_file r_file_perms;
|
||||||
@ -196,7 +196,7 @@ define(`corecmd_exec_shell_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corecmd_shell_spec_domtrans',`
|
define(`corecmd_shell_spec_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 bin_t:dir r_dir_perms;
|
allow $1 bin_t:dir r_dir_perms;
|
||||||
allow $1 bin_t:lnk_file r_file_perms;
|
allow $1 bin_t:lnk_file r_file_perms;
|
||||||
@ -234,7 +234,7 @@ define(`corecmd_shell_spec_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corecmd_domtrans_shell',`
|
define(`corecmd_domtrans_shell',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
corecmd_shell_spec_domtrans($1,$2)
|
corecmd_shell_spec_domtrans($1,$2)
|
||||||
type_transition $1 shell_exec_t:process $2;
|
type_transition $1 shell_exec_t:process $2;
|
||||||
@ -249,7 +249,7 @@ define(`corecmd_domtrans_shell_depend',`
|
|||||||
# corecmd_chroot_exec_chroot(domain)
|
# corecmd_chroot_exec_chroot(domain)
|
||||||
#
|
#
|
||||||
define(`corecmd_chroot_exec_chroot',`
|
define(`corecmd_chroot_exec_chroot',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 chroot_exec_t:file { getattr read execute execute_no_trans };
|
allow $1 chroot_exec_t:file { getattr read execute execute_no_trans };
|
||||||
allow $1 self:capability sys_chroot;
|
allow $1 self:capability sys_chroot;
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
# domain_base_domain_type(domain)
|
# domain_base_domain_type(domain)
|
||||||
#
|
#
|
||||||
define(`domain_base_domain_type',`
|
define(`domain_base_domain_type',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# mark as a domain
|
# mark as a domain
|
||||||
typeattribute $1 domain;
|
typeattribute $1 domain;
|
||||||
@ -58,7 +58,7 @@ define(`domain_type',`
|
|||||||
# domain_entry_file(domain,entrypointfile)
|
# domain_entry_file(domain,entrypointfile)
|
||||||
#
|
#
|
||||||
define(`domain_entry_file',`
|
define(`domain_entry_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_file_type($2)
|
files_file_type($2)
|
||||||
allow $1 $2:file entrypoint;
|
allow $1 $2:file entrypoint;
|
||||||
@ -76,7 +76,7 @@ define(`domain_entry_file_depend',`
|
|||||||
# domain_wide_inherit_fd(domain)
|
# domain_wide_inherit_fd(domain)
|
||||||
#
|
#
|
||||||
define(`domain_wide_inherit_fd',`
|
define(`domain_wide_inherit_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
typeattribute $1 privfd;
|
typeattribute $1 privfd;
|
||||||
')
|
')
|
||||||
@ -90,7 +90,7 @@ define(`domain_wide_inherit_fd_depend',`
|
|||||||
# domain_use_wide_inherit_fd(domain)
|
# domain_use_wide_inherit_fd(domain)
|
||||||
#
|
#
|
||||||
define(`domain_use_wide_inherit_fd',`
|
define(`domain_use_wide_inherit_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 privfd:fd use;
|
allow $1 privfd:fd use;
|
||||||
')
|
')
|
||||||
@ -106,7 +106,7 @@ define(`domain_use_wide_inherit_fd_depend',`
|
|||||||
# domain_dontaudit_use_wide_inherit_fd(domain)
|
# domain_dontaudit_use_wide_inherit_fd(domain)
|
||||||
#
|
#
|
||||||
define(`domain_dontaudit_use_wide_inherit_fd',`
|
define(`domain_dontaudit_use_wide_inherit_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 privfd:fd use;
|
dontaudit $1 privfd:fd use;
|
||||||
')
|
')
|
||||||
@ -122,7 +122,7 @@ define(`domain_dontaudit_use_wide_inherit_fd_depend',`
|
|||||||
# domain_setpriority_all_domains(domain)
|
# domain_setpriority_all_domains(domain)
|
||||||
#
|
#
|
||||||
define(`domain_setpriority_all_domains',`
|
define(`domain_setpriority_all_domains',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:process setsched;
|
allow $1 domain:process setsched;
|
||||||
')
|
')
|
||||||
@ -144,7 +144,7 @@ define(`domain_setpriority_all_domains_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_signal_all_domains',`
|
define(`domain_signal_all_domains',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:process signal;
|
allow $1 domain:process signal;
|
||||||
')
|
')
|
||||||
@ -166,7 +166,7 @@ define(`domain_signal_all_domains_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_signull_all_domains',`
|
define(`domain_signull_all_domains',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:process signull;
|
allow $1 domain:process signull;
|
||||||
')
|
')
|
||||||
@ -188,7 +188,7 @@ define(`domain_signull_all_domains_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_sigstop_all_domains',`
|
define(`domain_sigstop_all_domains',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:process sigstop;
|
allow $1 domain:process sigstop;
|
||||||
')
|
')
|
||||||
@ -210,7 +210,7 @@ define(`domain_sigstop_all_domains_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_sigchld_all_domains',`
|
define(`domain_sigchld_all_domains',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:process sigchld;
|
allow $1 domain:process sigchld;
|
||||||
')
|
')
|
||||||
@ -232,7 +232,7 @@ define(`domain_sigchld_all_domains_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_kill_all_domains',`
|
define(`domain_kill_all_domains',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:process sigkill;
|
allow $1 domain:process sigkill;
|
||||||
allow $1 self:capability kill;
|
allow $1 self:capability kill;
|
||||||
@ -256,7 +256,7 @@ define(`domain_kill_all_domains_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_read_all_domains_state',`
|
define(`domain_read_all_domains_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:dir r_dir_perms;
|
allow $1 domain:dir r_dir_perms;
|
||||||
allow $1 domain:lnk_file r_file_perms;
|
allow $1 domain:lnk_file r_file_perms;
|
||||||
@ -291,7 +291,7 @@ define(`domain_read_all_domains_state_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_dontaudit_list_all_domains_proc',`
|
define(`domain_dontaudit_list_all_domains_proc',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 domain:dir r_dir_perms;
|
dontaudit $1 domain:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -314,7 +314,7 @@ define(`domain_dontaudit_list_all_domains_proc_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_getsession_all_domains',`
|
define(`domain_getsession_all_domains',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 domain:process getsession;
|
allow $1 domain:process getsession;
|
||||||
')
|
')
|
||||||
@ -337,7 +337,7 @@ define(`domain_getsession_all_domains_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_dontaudit_getattr_all_udp_sockets',`
|
define(`domain_dontaudit_getattr_all_udp_sockets',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 domain:udp_socket getattr;
|
dontaudit $1 domain:udp_socket getattr;
|
||||||
')
|
')
|
||||||
@ -360,7 +360,7 @@ define(`domain_dontaudit_getattr_all_udp_sockets_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_dontaudit_getattr_all_tcp_sockets',`
|
define(`domain_dontaudit_getattr_all_tcp_sockets',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 domain:tcp_socket getattr;
|
dontaudit $1 domain:tcp_socket getattr;
|
||||||
')
|
')
|
||||||
@ -383,7 +383,7 @@ define(`domain_dontaudit_getattr_all_tcp_sockets_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
|
define(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 domain:unix_dgram_socket getattr;
|
dontaudit $1 domain:unix_dgram_socket getattr;
|
||||||
')
|
')
|
||||||
@ -406,7 +406,7 @@ define(`domain_dontaudit_getattr_all_unix_dgram_sockets_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`domain_dontaudit_getattr_all_unnamed_pipes',`
|
define(`domain_dontaudit_getattr_all_unnamed_pipes',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 domain:fifo_file getattr;
|
dontaudit $1 domain:fifo_file getattr;
|
||||||
')
|
')
|
||||||
@ -422,7 +422,7 @@ define(`domain_dontaudit_getattr_all_unnamed_pipes_depend',`
|
|||||||
# domain_exec_all_entry_files(domain)
|
# domain_exec_all_entry_files(domain)
|
||||||
#
|
#
|
||||||
define(`domain_exec_all_entry_files',`
|
define(`domain_exec_all_entry_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,entry_type)
|
can_exec($1,entry_type)
|
||||||
|
|
||||||
@ -439,7 +439,7 @@ define(`domain_exec_all_entry_files_depend',`
|
|||||||
# domain_read_all_entry_files(domain)
|
# domain_read_all_entry_files(domain)
|
||||||
#
|
#
|
||||||
define(`domain_read_all_entry_files',`
|
define(`domain_read_all_entry_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 entry_type:lnk_file r_file_perms;
|
allow $1 entry_type:lnk_file r_file_perms;
|
||||||
allow $1 entry_type:file r_file_perms;
|
allow $1 entry_type:file r_file_perms;
|
||||||
@ -465,7 +465,7 @@ define(`domain_read_all_entry_files_depend',`
|
|||||||
# domain_trans(source_domain,entrypoint_file,target_domain)
|
# domain_trans(source_domain,entrypoint_file,target_domain)
|
||||||
#
|
#
|
||||||
define(`domain_trans',`
|
define(`domain_trans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 $2:file rx_file_perms;
|
allow $1 $2:file rx_file_perms;
|
||||||
allow $1 $3:process transition;
|
allow $1 $3:process transition;
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
# files_file_type(type)
|
# files_file_type(type)
|
||||||
#
|
#
|
||||||
define(`files_file_type',`
|
define(`files_file_type',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
fs_associate($1)
|
fs_associate($1)
|
||||||
fs_associate_noxattr($1)
|
fs_associate_noxattr($1)
|
||||||
@ -37,7 +37,7 @@ define(`files_file_type_depend',`
|
|||||||
# files_lock_file(type)
|
# files_lock_file(type)
|
||||||
#
|
#
|
||||||
define(`files_lock_file',`
|
define(`files_lock_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_file_type($1)
|
files_file_type($1)
|
||||||
typeattribute $1 lockfile;
|
typeattribute $1 lockfile;
|
||||||
@ -52,7 +52,7 @@ define(`files_lock_file_depend',`
|
|||||||
# files_mountpoint(type)
|
# files_mountpoint(type)
|
||||||
#
|
#
|
||||||
define(`files_mountpoint',`
|
define(`files_mountpoint',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_file_type($1)
|
files_file_type($1)
|
||||||
typeattribute $1 mountpoint;
|
typeattribute $1 mountpoint;
|
||||||
@ -67,7 +67,7 @@ define(`files_mountpoint_depend',`
|
|||||||
# files_pid_file(type)
|
# files_pid_file(type)
|
||||||
#
|
#
|
||||||
define(`files_pid_file',`
|
define(`files_pid_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_file_type($1)
|
files_file_type($1)
|
||||||
typeattribute $1 pidfile;
|
typeattribute $1 pidfile;
|
||||||
@ -82,7 +82,7 @@ define(`files_pid_file_depend',`
|
|||||||
# files_tmp_file(type)
|
# files_tmp_file(type)
|
||||||
#
|
#
|
||||||
define(`files_tmp_file',`
|
define(`files_tmp_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_file_type($1)
|
files_file_type($1)
|
||||||
typeattribute $1 tmpfile;
|
typeattribute $1 tmpfile;
|
||||||
@ -104,7 +104,7 @@ define(`files_tmp_file_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`files_tmpfs_file',`
|
define(`files_tmpfs_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_file_type($1)
|
files_file_type($1)
|
||||||
fs_associate_tmpfs($1)
|
fs_associate_tmpfs($1)
|
||||||
@ -120,7 +120,7 @@ define(`files_tmpfs_file_depend',`
|
|||||||
# files_getattr_all_files(domain)
|
# files_getattr_all_files(domain)
|
||||||
|
|
||||||
define(`files_getattr_all_files',`
|
define(`files_getattr_all_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 file_type:dir { search getattr };
|
allow $1 file_type:dir { search getattr };
|
||||||
allow $1 file_type:file getattr;
|
allow $1 file_type:file getattr;
|
||||||
@ -155,7 +155,7 @@ define(`files_getattr_all_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`files_relabel_all_files',`
|
define(`files_relabel_all_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 { file_type $2 }:dir { r_dir_perms relabelfrom relabelto };
|
allow $1 { file_type $2 }:dir { r_dir_perms relabelfrom relabelto };
|
||||||
allow $1 { file_type $2 }:file { getattr relabelfrom relabelto };
|
allow $1 { file_type $2 }:file { getattr relabelfrom relabelto };
|
||||||
@ -197,7 +197,7 @@ define(`files_relabel_all_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`files_manage_all_files',`
|
define(`files_manage_all_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 { file_type $2 }:dir create_dir_perms;
|
allow $1 { file_type $2 }:dir create_dir_perms;
|
||||||
allow $1 { file_type $2 }:file create_file_perms;
|
allow $1 { file_type $2 }:file create_file_perms;
|
||||||
@ -225,7 +225,7 @@ define(`files_manage_all_files_depend',`
|
|||||||
# files_search_all_dirs(domain)
|
# files_search_all_dirs(domain)
|
||||||
#
|
#
|
||||||
define(`files_search_all_dirs',`
|
define(`files_search_all_dirs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 file_type:dir search;
|
allow $1 file_type:dir search;
|
||||||
')
|
')
|
||||||
@ -241,7 +241,7 @@ define(`files_search_all_dirs_depend',`
|
|||||||
# files_list_all_dirs(domain)
|
# files_list_all_dirs(domain)
|
||||||
#
|
#
|
||||||
define(`files_list_all_dirs',`
|
define(`files_list_all_dirs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 file_type:dir r_dir_perms;
|
allow $1 file_type:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -257,7 +257,7 @@ define(`files_list_all_dirs_depend',`
|
|||||||
# files_dontaudit_search_all_dirs(domain)
|
# files_dontaudit_search_all_dirs(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_search_all_dirs',`
|
define(`files_dontaudit_search_all_dirs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 file_type:dir search;
|
dontaudit $1 file_type:dir search;
|
||||||
')
|
')
|
||||||
@ -273,7 +273,7 @@ define(`files_dontaudit_search_all_dirs_depend',`
|
|||||||
# files_relabelto_all_file_type_fs(domain)
|
# files_relabelto_all_file_type_fs(domain)
|
||||||
#
|
#
|
||||||
define(`files_relabelto_all_file_type_fs',`
|
define(`files_relabelto_all_file_type_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 file_type:filesystem relabelto;
|
allow $1 file_type:filesystem relabelto;
|
||||||
')
|
')
|
||||||
@ -289,7 +289,7 @@ define(`files_relabelto_all_file_type_fs_depend',`
|
|||||||
# files_mount_all_file_type_fs(domain)
|
# files_mount_all_file_type_fs(domain)
|
||||||
#
|
#
|
||||||
define(`files_mount_all_file_type_fs',`
|
define(`files_mount_all_file_type_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 file_type:filesystem mount;
|
allow $1 file_type:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -305,7 +305,7 @@ define(`files_mount_all_file_type_fs_depend',`
|
|||||||
# files_unmount_all_file_type_fs(domain)
|
# files_unmount_all_file_type_fs(domain)
|
||||||
#
|
#
|
||||||
define(`files_unmount_all_file_type_fs',`
|
define(`files_unmount_all_file_type_fs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 file_type:filesystem mount;
|
allow $1 file_type:filesystem mount;
|
||||||
')
|
')
|
||||||
@ -321,7 +321,7 @@ define(`files_unmount_all_file_type_fs_depend',`
|
|||||||
# files_mounton_all_mountpoints(domain)
|
# files_mounton_all_mountpoints(domain)
|
||||||
#
|
#
|
||||||
define(`files_mounton_all_mountpoints',`
|
define(`files_mounton_all_mountpoints',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 mountpoint:dir { getattr search mounton };
|
allow $1 mountpoint:dir { getattr search mounton };
|
||||||
')
|
')
|
||||||
@ -337,7 +337,7 @@ define(`files_mounton_all_mountpoints_depend',`
|
|||||||
# files_list_root(domain)
|
# files_list_root(domain)
|
||||||
#
|
#
|
||||||
define(`files_list_root',`
|
define(`files_list_root',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 root_t:dir r_dir_perms;
|
allow $1 root_t:dir r_dir_perms;
|
||||||
allow $1 root_t:lnk_file r_file_perms;
|
allow $1 root_t:lnk_file r_file_perms;
|
||||||
@ -372,7 +372,7 @@ define(`files_list_root_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`files_create_root',`
|
define(`files_create_root',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 root_t:dir rw_dir_perms;
|
allow $1 root_t:dir rw_dir_perms;
|
||||||
|
|
||||||
@ -408,7 +408,7 @@ define(`files_create_root_depend',`
|
|||||||
# files_dontaudit_read_root_file(domain)
|
# files_dontaudit_read_root_file(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_read_root_file',`
|
define(`files_dontaudit_read_root_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 root_t:file read;
|
dontaudit $1 root_t:file read;
|
||||||
')
|
')
|
||||||
@ -424,7 +424,7 @@ define(`files_dontaudit_read_root_file_depend',`
|
|||||||
# files_dontaudit_rw_root_file(domain)
|
# files_dontaudit_rw_root_file(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_rw_root_file',`
|
define(`files_dontaudit_rw_root_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 root_t:file { read write };
|
dontaudit $1 root_t:file { read write };
|
||||||
')
|
')
|
||||||
@ -440,7 +440,7 @@ define(`files_dontaudit_rw_root_file_depend',`
|
|||||||
# files_dontaudit_rw_root_chr_dev(domain)
|
# files_dontaudit_rw_root_chr_dev(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_rw_root_chr_dev',`
|
define(`files_dontaudit_rw_root_chr_dev',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 root_t:chr_file { read write };
|
dontaudit $1 root_t:chr_file { read write };
|
||||||
')
|
')
|
||||||
@ -456,7 +456,7 @@ define(`files_dontaudit_rw_root_chr_dev_depend',`
|
|||||||
# files_delete_root_dir_entry(domain)
|
# files_delete_root_dir_entry(domain)
|
||||||
#
|
#
|
||||||
define(`files_delete_root_dir_entry',`
|
define(`files_delete_root_dir_entry',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 root_t:dir rw_dir_perms;
|
allow $1 root_t:dir rw_dir_perms;
|
||||||
')
|
')
|
||||||
@ -472,7 +472,7 @@ define(`files_delete_root_dir_entry_depend',`
|
|||||||
# files_unmount_rootfs(domain)
|
# files_unmount_rootfs(domain)
|
||||||
#
|
#
|
||||||
define(`files_unmount_rootfs',`
|
define(`files_unmount_rootfs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 root_t:filesystem unmount;
|
allow $1 root_t:filesystem unmount;
|
||||||
')
|
')
|
||||||
@ -488,7 +488,7 @@ define(`files_unmount_rootfs_depend',`
|
|||||||
# files_search_etc(domain)
|
# files_search_etc(domain)
|
||||||
#
|
#
|
||||||
define(`files_search_etc',`
|
define(`files_search_etc',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir search;
|
allow $1 etc_t:dir search;
|
||||||
')
|
')
|
||||||
@ -504,7 +504,7 @@ define(`files_search_etc_depend',`
|
|||||||
# files_read_generic_etc_files_directory(domain)
|
# files_read_generic_etc_files_directory(domain)
|
||||||
#
|
#
|
||||||
define(`files_read_generic_etc_files_directory',`
|
define(`files_read_generic_etc_files_directory',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir r_dir_perms;
|
allow $1 etc_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -520,7 +520,7 @@ define(`files_read_generic_etc_files_directory_depend',`
|
|||||||
# files_read_generic_etc_files(domain)
|
# files_read_generic_etc_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_read_generic_etc_files',`
|
define(`files_read_generic_etc_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir r_dir_perms;
|
allow $1 etc_t:dir r_dir_perms;
|
||||||
allow $1 etc_t:file r_file_perms;
|
allow $1 etc_t:file r_file_perms;
|
||||||
@ -540,7 +540,7 @@ define(`files_read_generic_etc_files_depend',`
|
|||||||
# files_rw_generic_etc_files(domain)
|
# files_rw_generic_etc_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_rw_generic_etc_files',`
|
define(`files_rw_generic_etc_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir r_dir_perms;
|
allow $1 etc_t:dir r_dir_perms;
|
||||||
allow $1 etc_t:file rw_file_perms;
|
allow $1 etc_t:file rw_file_perms;
|
||||||
@ -560,7 +560,7 @@ define(`files_rw_generic_etc_files_depend',`
|
|||||||
# files_manage_generic_etc_files(domain)
|
# files_manage_generic_etc_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_manage_generic_etc_files',`
|
define(`files_manage_generic_etc_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir rw_dir_perms;
|
allow $1 etc_t:dir rw_dir_perms;
|
||||||
allow $1 etc_t:file create_file_perms;
|
allow $1 etc_t:file create_file_perms;
|
||||||
@ -586,7 +586,7 @@ define(`files_manage_generic_etc_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`files_delete_generic_etc_files',`
|
define(`files_delete_generic_etc_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir rw_dir_perms;
|
allow $1 etc_t:dir rw_dir_perms;
|
||||||
allow $1 etc_t:file unlink;
|
allow $1 etc_t:file unlink;
|
||||||
@ -604,7 +604,7 @@ define(`files_delete_generic_etc_files_depend',`
|
|||||||
# files_exec_generic_etc_files(domain)
|
# files_exec_generic_etc_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_exec_generic_etc_files',`
|
define(`files_exec_generic_etc_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir r_dir_perms;
|
allow $1 etc_t:dir r_dir_perms;
|
||||||
allow $1 etc_t:lnk_file r_file_perms;
|
allow $1 etc_t:lnk_file r_file_perms;
|
||||||
@ -627,7 +627,7 @@ define(`files_exec_generic_etc_files_depend',`
|
|||||||
# /halt, /.autofsck, etc
|
# /halt, /.autofsck, etc
|
||||||
#
|
#
|
||||||
define(`files_create_boot_flag',`
|
define(`files_create_boot_flag',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 root_t:dir rw_dir_perms;
|
allow $1 root_t:dir rw_dir_perms;
|
||||||
allow $1 etc_runtime_t:file { create read write setattr unlink };
|
allow $1 etc_runtime_t:file { create read write setattr unlink };
|
||||||
@ -646,7 +646,7 @@ define(`files_create_boot_flag_depend',`
|
|||||||
# files_manage_etc_runtime_files(type)
|
# files_manage_etc_runtime_files(type)
|
||||||
#
|
#
|
||||||
define(`files_manage_etc_runtime_files',`
|
define(`files_manage_etc_runtime_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir rw_dir_perms;
|
allow $1 etc_t:dir rw_dir_perms;
|
||||||
allow $1 etc_runtime_t:file create_file_perms;
|
allow $1 etc_runtime_t:file create_file_perms;
|
||||||
@ -665,7 +665,7 @@ define(`files_manage_etc_runtime_files_depend',`
|
|||||||
# files_read_etc_runtime_files(domain)
|
# files_read_etc_runtime_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_read_etc_runtime_files',`
|
define(`files_read_etc_runtime_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir r_dir_perms;
|
allow $1 etc_t:dir r_dir_perms;
|
||||||
allow $1 etc_runtime_t:file r_file_perms;
|
allow $1 etc_runtime_t:file r_file_perms;
|
||||||
@ -683,7 +683,7 @@ define(`files_read_etc_runtime_files_depend',`
|
|||||||
# files_create_etc_config(domain,privatetype,[class(es)])
|
# files_create_etc_config(domain,privatetype,[class(es)])
|
||||||
#
|
#
|
||||||
define(`files_create_etc_config',`
|
define(`files_create_etc_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 etc_t:dir rw_dir_perms;
|
allow $1 etc_t:dir rw_dir_perms;
|
||||||
ifelse(`$3',`',`
|
ifelse(`$3',`',`
|
||||||
@ -704,7 +704,7 @@ class dir rw_dir_perms;
|
|||||||
# files_rw_isid_type_dir(domain)
|
# files_rw_isid_type_dir(domain)
|
||||||
#
|
#
|
||||||
define(`files_rw_isid_type_dir',`
|
define(`files_rw_isid_type_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 file_t:dir rw_dir_perms;
|
allow $1 file_t:dir rw_dir_perms;
|
||||||
')
|
')
|
||||||
@ -720,7 +720,7 @@ define(`files_rw_isid_type_dir_depend',`
|
|||||||
# files_dontaudit_getattr_isid_type_dir(domain)
|
# files_dontaudit_getattr_isid_type_dir(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_getattr_isid_type_dir',`
|
define(`files_dontaudit_getattr_isid_type_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 file_t:dir search;
|
dontaudit $1 file_t:dir search;
|
||||||
')
|
')
|
||||||
@ -736,7 +736,7 @@ define(`files_dontaudit_getattr_isid_type_dir_depend',`
|
|||||||
# files_dontaudit_search_isid_type_dir(domain)
|
# files_dontaudit_search_isid_type_dir(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_search_isid_type_dir',`
|
define(`files_dontaudit_search_isid_type_dir',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 file_t:dir search;
|
dontaudit $1 file_t:dir search;
|
||||||
')
|
')
|
||||||
@ -758,7 +758,7 @@ define(`files_dontaudit_search_isid_type_dir_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`files_list_home',`
|
define(`files_list_home',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 home_root_t:dir r_dir_perms;
|
allow $1 home_root_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -774,7 +774,7 @@ define(`files_list_home_depend',`
|
|||||||
# files_list_mnt(domain)
|
# files_list_mnt(domain)
|
||||||
#
|
#
|
||||||
define(`files_list_mnt',`
|
define(`files_list_mnt',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 mnt_t:dir r_dir_perms;
|
allow $1 mnt_t:dir r_dir_perms;
|
||||||
')
|
')
|
||||||
@ -790,7 +790,7 @@ define(`files_read_etc_runtime_files_depend',`
|
|||||||
# files_create_tmp_files(domain,private_type,[object class(es)])
|
# files_create_tmp_files(domain,private_type,[object class(es)])
|
||||||
#
|
#
|
||||||
define(`files_create_tmp_files',`
|
define(`files_create_tmp_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmp_t:dir rw_dir_perms;
|
allow $1 tmp_t:dir rw_dir_perms;
|
||||||
|
|
||||||
@ -812,7 +812,7 @@ define(`files_create_tmp_files_depend',`
|
|||||||
# files_delete_all_tmp_files(domain)
|
# files_delete_all_tmp_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_delete_all_tmp_files',`
|
define(`files_delete_all_tmp_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 tmpfile:dir { getattr search read write add_name remove_name rmdir };
|
allow $1 tmpfile:dir { getattr search read write add_name remove_name rmdir };
|
||||||
allow $1 tmpfile:file { getattr unlink };
|
allow $1 tmpfile:file { getattr unlink };
|
||||||
@ -836,7 +836,7 @@ define(`files_delete_all_tmp_files_depend',`
|
|||||||
# files_search_usr(domain)
|
# files_search_usr(domain)
|
||||||
#
|
#
|
||||||
define(`files_search_usr',`
|
define(`files_search_usr',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usr_t:dir search;
|
allow $1 usr_t:dir search;
|
||||||
')
|
')
|
||||||
@ -852,7 +852,7 @@ define(`files_search_usr_depend',`
|
|||||||
# files_read_usr_files(domain)
|
# files_read_usr_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_read_usr_files',`
|
define(`files_read_usr_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usr_t:dir r_dir_perms;
|
allow $1 usr_t:dir r_dir_perms;
|
||||||
allow $1 usr_t:{ file lnk_file } r_file_perms;
|
allow $1 usr_t:{ file lnk_file } r_file_perms;
|
||||||
@ -877,7 +877,7 @@ define(`files_read_usr_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`files_exec_usr_files',`
|
define(`files_exec_usr_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usr_t:dir search;
|
allow $1 usr_t:dir search;
|
||||||
allow $1 src_t:dir r_dir_perms;
|
allow $1 src_t:dir r_dir_perms;
|
||||||
@ -899,7 +899,7 @@ define(`files_read_usr_src_depend',`
|
|||||||
# files_read_usr_src(domain)
|
# files_read_usr_src(domain)
|
||||||
#
|
#
|
||||||
define(`files_read_usr_src',`
|
define(`files_read_usr_src',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 usr_t:dir search;
|
allow $1 usr_t:dir search;
|
||||||
allow $1 src_t:dir r_dir_perms;
|
allow $1 src_t:dir r_dir_perms;
|
||||||
@ -919,7 +919,7 @@ define(`files_read_usr_src_depend',`
|
|||||||
# files_search_var(domain)
|
# files_search_var(domain)
|
||||||
#
|
#
|
||||||
define(`files_search_var',`
|
define(`files_search_var',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
')
|
')
|
||||||
@ -935,7 +935,7 @@ define(`files_search_var_depend',`
|
|||||||
# files_dontaudit_search_var(domain)
|
# files_dontaudit_search_var(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_search_var',`
|
define(`files_dontaudit_search_var',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 var_t:dir search;
|
dontaudit $1 var_t:dir search;
|
||||||
')
|
')
|
||||||
@ -951,7 +951,7 @@ define(`files_dontaudit_search_var_depend',`
|
|||||||
# files_manage_urandom_seed(domain)
|
# files_manage_urandom_seed(domain)
|
||||||
#
|
#
|
||||||
define(`files_manage_urandom_seed',`
|
define(`files_manage_urandom_seed',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_lib_t:dir rw_dir_perms;
|
allow $1 var_lib_t:dir rw_dir_perms;
|
||||||
@ -970,7 +970,7 @@ define(`files_manage_urandom_seed_depend',`
|
|||||||
# files_getattr_generic_lock_files(domain)
|
# files_getattr_generic_lock_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_getattr_generic_lock_files',`
|
define(`files_getattr_generic_lock_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_lock_t:dir r_dir_perms;
|
allow $1 var_lock_t:dir r_dir_perms;
|
||||||
allow $1 var_lock_t:file getattr;
|
allow $1 var_lock_t:file getattr;
|
||||||
@ -988,7 +988,7 @@ define(`files_getattr_generic_lock_files_depend',`
|
|||||||
# files_manage_generic_lock_files(domain)
|
# files_manage_generic_lock_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_manage_generic_lock_files',`
|
define(`files_manage_generic_lock_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_lock_t:dir { getattr search create read write setattr add_name remove_name rmdir };
|
allow $1 var_lock_t:dir { getattr search create read write setattr add_name remove_name rmdir };
|
||||||
allow $1 var_lock_t:file { getattr create read write setattr unlink };
|
allow $1 var_lock_t:file { getattr create read write setattr unlink };
|
||||||
@ -1006,7 +1006,7 @@ define(`files_manage_generic_lock_files_depend',`
|
|||||||
# files_delete_all_lock_files(domain)
|
# files_delete_all_lock_files(domain)
|
||||||
#
|
#
|
||||||
define(`files_delete_all_lock_files',`
|
define(`files_delete_all_lock_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 lockfile:dir rw_dir_perms;
|
allow $1 lockfile:dir rw_dir_perms;
|
||||||
allow $1 lockfile:file { getattr unlink };
|
allow $1 lockfile:file { getattr unlink };
|
||||||
@ -1024,7 +1024,7 @@ define(`files_delete_all_lock_files_depend',`
|
|||||||
# files_create_lock_file(domain,private_type,[object class(es)])
|
# files_create_lock_file(domain,private_type,[object class(es)])
|
||||||
#
|
#
|
||||||
define(`files_create_lock_file',`
|
define(`files_create_lock_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_lock_t:dir rw_dir_perms;
|
allow $1 var_lock_t:dir rw_dir_perms;
|
||||||
@ -1047,7 +1047,7 @@ define(`files_create_lock_file_depend',`
|
|||||||
# files_search_pids(domain)
|
# files_search_pids(domain)
|
||||||
#
|
#
|
||||||
define(`files_search_pids',`
|
define(`files_search_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_run_t:dir search;
|
allow $1 var_run_t:dir search;
|
||||||
@ -1064,7 +1064,7 @@ define(`files_search_pids_depend',`
|
|||||||
# files_dontaudit_search_pids(domain)
|
# files_dontaudit_search_pids(domain)
|
||||||
#
|
#
|
||||||
define(`files_dontaudit_search_pids',`
|
define(`files_dontaudit_search_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_run_t:dir search;
|
allow $1 var_run_t:dir search;
|
||||||
')
|
')
|
||||||
@ -1080,7 +1080,7 @@ define(`files_dontaudit_search_pids_depend',`
|
|||||||
# files_list_pids(domain)
|
# files_list_pids(domain)
|
||||||
#
|
#
|
||||||
define(`files_list_pids',`
|
define(`files_list_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_run_t:dir r_dir_perms;
|
allow $1 var_run_t:dir r_dir_perms;
|
||||||
@ -1097,7 +1097,7 @@ define(`files_list_pids_depend',`
|
|||||||
# files_create_pid(domain,pidfile,[object class(es)])
|
# files_create_pid(domain,pidfile,[object class(es)])
|
||||||
#
|
#
|
||||||
define(`files_create_pid',`
|
define(`files_create_pid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_run_t:dir rw_dir_perms;
|
allow $1 var_run_t:dir rw_dir_perms;
|
||||||
@ -1120,7 +1120,7 @@ define(`files_create_pid_depend',`
|
|||||||
# files_rw_generic_pids(domain)
|
# files_rw_generic_pids(domain)
|
||||||
#
|
#
|
||||||
define(`files_rw_generic_pids',`
|
define(`files_rw_generic_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_run_t:dir r_dir_perms;
|
allow $1 var_run_t:dir r_dir_perms;
|
||||||
@ -1146,7 +1146,7 @@ define(`files_rw_generic_pids_depend',`
|
|||||||
#
|
#
|
||||||
|
|
||||||
define(`files_dontaudit_write_all_pids',`
|
define(`files_dontaudit_write_all_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 pidfile:file write;
|
dontaudit $1 pidfile:file write;
|
||||||
')
|
')
|
||||||
@ -1169,7 +1169,7 @@ define(`files_dontaudit_write_all_pids_depend',`
|
|||||||
#
|
#
|
||||||
|
|
||||||
define(`files_dontaudit_ioctl_all_pids',`
|
define(`files_dontaudit_ioctl_all_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 pidfile:file ioctl;
|
dontaudit $1 pidfile:file ioctl;
|
||||||
')
|
')
|
||||||
@ -1185,7 +1185,7 @@ define(`files_dontaudit_ioctl_all_pids_depend',`
|
|||||||
# files_read_all_pids(domain)
|
# files_read_all_pids(domain)
|
||||||
#
|
#
|
||||||
define(`files_read_all_pids',`
|
define(`files_read_all_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 pidfile:dir r_dir_perms;
|
allow $1 pidfile:dir r_dir_perms;
|
||||||
@ -1205,7 +1205,7 @@ define(`files_read_all_pids_depend',`
|
|||||||
# files_delete_all_pids(domain)
|
# files_delete_all_pids(domain)
|
||||||
#
|
#
|
||||||
define(`files_delete_all_pids',`
|
define(`files_delete_all_pids',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_run_t:{ sock_file lnk_file } { getattr unlink };
|
allow $1 var_run_t:{ sock_file lnk_file } { getattr unlink };
|
||||||
@ -1231,7 +1231,7 @@ define(`files_delete_all_pids_depend',`
|
|||||||
# files_search_spool(domain)
|
# files_search_spool(domain)
|
||||||
#
|
#
|
||||||
define(`files_search_spool',`
|
define(`files_search_spool',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_spool_t:dir search;
|
allow $1 var_spool_t:dir search;
|
||||||
@ -1248,7 +1248,7 @@ define(`files_search_spool_depend',`
|
|||||||
# files_list_spool(domain)
|
# files_list_spool(domain)
|
||||||
#
|
#
|
||||||
define(`files_list_spool',`
|
define(`files_list_spool',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_spool_t:dir r_dir_perms;
|
allow $1 var_spool_t:dir r_dir_perms;
|
||||||
@ -1265,7 +1265,7 @@ define(`files_list_spool_depend',`
|
|||||||
# files_read_spools(domain)
|
# files_read_spools(domain)
|
||||||
#
|
#
|
||||||
define(`files_read_spools',`
|
define(`files_read_spools',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_spool_t:dir r_dir_perms;
|
allow $1 var_spool_t:dir r_dir_perms;
|
||||||
@ -1284,7 +1284,7 @@ define(`files_read_spools_depend',`
|
|||||||
# files_manage_spools(domain)
|
# files_manage_spools(domain)
|
||||||
#
|
#
|
||||||
define(`files_manage_spools',`
|
define(`files_manage_spools',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_t:dir search;
|
allow $1 var_t:dir search;
|
||||||
allow $1 var_spool_t:dir rw_dir_perms;
|
allow $1 var_spool_t:dir rw_dir_perms;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`getty_domtrans',`
|
define(`getty_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 getty_exec_t:file { getattr read execute };
|
allow $1 getty_exec_t:file { getattr read execute };
|
||||||
allow $1 getty_t:process transition;
|
allow $1 getty_t:process transition;
|
||||||
@ -45,7 +45,7 @@ define(`getty_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`getty_read_log',`
|
define(`getty_read_log',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 getty_log_t:file { getattr read };
|
allow $1 getty_log_t:file { getattr read };
|
||||||
')
|
')
|
||||||
@ -67,7 +67,7 @@ define(`getty_read_log_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`getty_read_config',`
|
define(`getty_read_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 getty_etc_t:file { getattr read };
|
allow $1 getty_etc_t:file { getattr read };
|
||||||
')
|
')
|
||||||
@ -89,7 +89,7 @@ define(`getty_read_config_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`getty_modify_config',`
|
define(`getty_modify_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 getty_etc_t:file { getattr read write };
|
allow $1 getty_etc_t:file { getattr read write };
|
||||||
')
|
')
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`hostname_domtrans',`
|
define(`hostname_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 hostname_exec_t:file rx_file_perms;
|
allow $1 hostname_exec_t:file rx_file_perms;
|
||||||
allow $1 hostname_t:process transition;
|
allow $1 hostname_t:process transition;
|
||||||
@ -54,7 +54,7 @@ define(`hostname_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`hostname_run',`
|
define(`hostname_run',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
hostname_domtrans($1)
|
hostname_domtrans($1)
|
||||||
role $2 types hostname_t;
|
role $2 types hostname_t;
|
||||||
@ -83,7 +83,7 @@ define(`hostname_run_depend',`
|
|||||||
# hostname_exec(domain)
|
# hostname_exec(domain)
|
||||||
#
|
#
|
||||||
define(`hostname_exec',`
|
define(`hostname_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,hostname_exec_t)
|
can_exec($1,hostname_exec_t)
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
# hotplug_domtrans(domain)
|
# hotplug_domtrans(domain)
|
||||||
#
|
#
|
||||||
define(`hotplug_domtrans',`
|
define(`hotplug_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 hotplug_exec_t:file rx_file_perms;
|
allow $1 hotplug_exec_t:file rx_file_perms;
|
||||||
allow $1 hotplug_t:process transition;
|
allow $1 hotplug_t:process transition;
|
||||||
@ -36,7 +36,7 @@ define(`hotplug_domtrans_depend',`
|
|||||||
# hotplug_exec(domain)
|
# hotplug_exec(domain)
|
||||||
#
|
#
|
||||||
define(`hotplug_exec',`
|
define(`hotplug_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,hotplug_exec_t)
|
can_exec($1,hotplug_exec_t)
|
||||||
|
|
||||||
@ -53,7 +53,7 @@ define(`hotplug_exec_depend',`
|
|||||||
# hotplug_use_fd(domain)
|
# hotplug_use_fd(domain)
|
||||||
#
|
#
|
||||||
define(`hotplug_use_fd',`
|
define(`hotplug_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 hotplug_t:fd use;
|
allow $1 hotplug_t:fd use;
|
||||||
')
|
')
|
||||||
@ -69,7 +69,7 @@ define(`hotplug_use_fd_depend',`
|
|||||||
# hotplug_dontaudit_use_fd(domain)
|
# hotplug_dontaudit_use_fd(domain)
|
||||||
#
|
#
|
||||||
define(`hotplug_dontaudit_use_fd',`
|
define(`hotplug_dontaudit_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 hotplug_t:fd use;
|
dontaudit $1 hotplug_t:fd use;
|
||||||
')
|
')
|
||||||
@ -85,7 +85,7 @@ define(`hotplug_dontaudit_use_fd_depend',`
|
|||||||
# hotplug_dontaudit_search_config(domain)
|
# hotplug_dontaudit_search_config(domain)
|
||||||
#
|
#
|
||||||
define(`hotplug_dontaudit_search_config',`
|
define(`hotplug_dontaudit_search_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 hotplug_etc_t:dir search;
|
dontaudit $1 hotplug_etc_t:dir search;
|
||||||
')
|
')
|
||||||
@ -107,7 +107,7 @@ define(`hotplug_dontaudit_search_config_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`hotplug_read_config',`
|
define(`hotplug_read_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 hotplug_etc_t:file r_file_perms;
|
allow $1 hotplug_etc_t:file r_file_perms;
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
# init_domain(domain,entrypointfile)
|
# init_domain(domain,entrypointfile)
|
||||||
#
|
#
|
||||||
define(`init_domain',`
|
define(`init_domain',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_type($1)
|
domain_type($1)
|
||||||
domain_entry_file($1,$2)
|
domain_entry_file($1,$2)
|
||||||
@ -45,7 +45,7 @@ define(`init_domain_depend',`
|
|||||||
# init_daemon_domain(domain,entrypointfile)
|
# init_daemon_domain(domain,entrypointfile)
|
||||||
#
|
#
|
||||||
define(`init_daemon_domain',`
|
define(`init_daemon_domain',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_type($1)
|
domain_type($1)
|
||||||
domain_entry_file($1,$2)
|
domain_entry_file($1,$2)
|
||||||
@ -86,7 +86,7 @@ define(`init_daemon_domain_depend',`
|
|||||||
# init_system_domain(domain,entrypointfile)
|
# init_system_domain(domain,entrypointfile)
|
||||||
#
|
#
|
||||||
define(`init_system_domain',`
|
define(`init_system_domain',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_type($1)
|
domain_type($1)
|
||||||
domain_entry_file($1,$2)
|
domain_entry_file($1,$2)
|
||||||
@ -126,7 +126,7 @@ define(`init_system_domain_depend',`
|
|||||||
# init_domtrans(domain)
|
# init_domtrans(domain)
|
||||||
#
|
#
|
||||||
define(`init_domtrans',`
|
define(`init_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 init_exec_t:file rx_file_perms;
|
allow $1 init_exec_t:file rx_file_perms;
|
||||||
allow $1 init_t:process transition;
|
allow $1 init_t:process transition;
|
||||||
@ -153,7 +153,7 @@ define(`init_domtrans_depend',`
|
|||||||
# init_get_process_group(domain)
|
# init_get_process_group(domain)
|
||||||
#
|
#
|
||||||
define(`init_get_process_group',`
|
define(`init_get_process_group',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 init_t:process getpgid;
|
allow $1 init_t:process getpgid;
|
||||||
')
|
')
|
||||||
@ -169,7 +169,7 @@ define(`init_get_process_group_depend',`
|
|||||||
# init_getattr_initctl(domain)
|
# init_getattr_initctl(domain)
|
||||||
#
|
#
|
||||||
define(`init_getattr_initctl',`
|
define(`init_getattr_initctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 initctl_t:fifo_file getattr;
|
allow $1 initctl_t:fifo_file getattr;
|
||||||
')
|
')
|
||||||
@ -185,7 +185,7 @@ define(`init_getattr_initctl_depend',`
|
|||||||
# init_dontaudit_getattr_initctl(domain)
|
# init_dontaudit_getattr_initctl(domain)
|
||||||
#
|
#
|
||||||
define(`init_dontaudit_getattr_initctl',`
|
define(`init_dontaudit_getattr_initctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 initctl_t:fifo_file getattr;
|
dontaudit $1 initctl_t:fifo_file getattr;
|
||||||
')
|
')
|
||||||
@ -201,7 +201,7 @@ define(`init_getattr_initctl_depend',`
|
|||||||
# init_use_initctl(domain)
|
# init_use_initctl(domain)
|
||||||
#
|
#
|
||||||
define(`init_use_initctl',`
|
define(`init_use_initctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 initctl_t:fifo_file rw_file_perms;
|
allow $1 initctl_t:fifo_file rw_file_perms;
|
||||||
@ -218,7 +218,7 @@ define(`init_use_initctl_depend',`
|
|||||||
# init_dontaudit_use_initctl(domain)
|
# init_dontaudit_use_initctl(domain)
|
||||||
#
|
#
|
||||||
define(`init_dontaudit_use_initctl',`
|
define(`init_dontaudit_use_initctl',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 initctl_t:fifo_file { read write };
|
dontaudit $1 initctl_t:fifo_file { read write };
|
||||||
')
|
')
|
||||||
@ -234,7 +234,7 @@ define(`init_dontaudit_use_initctl_depend',`
|
|||||||
# init_sigchld(domain)
|
# init_sigchld(domain)
|
||||||
#
|
#
|
||||||
define(`init_sigchld',`
|
define(`init_sigchld',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 init_t:process sigchld;
|
allow $1 init_t:process sigchld;
|
||||||
')
|
')
|
||||||
@ -250,7 +250,7 @@ define(`init_sigchld_depend',`
|
|||||||
# init_use_fd(domain)
|
# init_use_fd(domain)
|
||||||
#
|
#
|
||||||
define(`init_use_fd',`
|
define(`init_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 init_t:fd use;
|
allow $1 init_t:fd use;
|
||||||
')
|
')
|
||||||
@ -266,7 +266,7 @@ define(`init_use_fd_depend',`
|
|||||||
# init_dontaudit_use_fd(domain)
|
# init_dontaudit_use_fd(domain)
|
||||||
#
|
#
|
||||||
define(`init_dontaudit_use_fd',`
|
define(`init_dontaudit_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 init_t:fd use;
|
dontaudit $1 init_t:fd use;
|
||||||
')
|
')
|
||||||
@ -282,7 +282,7 @@ define(`init_dontaudit_use_fd_depend',`
|
|||||||
# init_domtrans_script(domain)
|
# init_domtrans_script(domain)
|
||||||
#
|
#
|
||||||
define(`init_domtrans_script',`
|
define(`init_domtrans_script',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 initrc_exec_t:file rx_file_perms;
|
allow $1 initrc_exec_t:file rx_file_perms;
|
||||||
allow $1 initrc_t:process transition;
|
allow $1 initrc_t:process transition;
|
||||||
@ -309,7 +309,7 @@ define(`init_domtrans_script_depend',`
|
|||||||
# init_exec_script(domain)
|
# init_exec_script(domain)
|
||||||
#
|
#
|
||||||
define(`init_exec_script',`
|
define(`init_exec_script',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,initrc_exec_t)
|
can_exec($1,initrc_exec_t)
|
||||||
|
|
||||||
@ -332,7 +332,7 @@ define(`init_exec_script_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`init_read_script_process_state',`
|
define(`init_read_script_process_state',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 initrc_t:dir r_dir_perms;
|
allow $1 initrc_t:dir r_dir_perms;
|
||||||
allow $1 initrc_t:{ file lnk_file } r_file_perms;
|
allow $1 initrc_t:{ file lnk_file } r_file_perms;
|
||||||
@ -359,7 +359,7 @@ define(`init_read_script_process_state_depend',`
|
|||||||
# init_use_script_fd(domain)
|
# init_use_script_fd(domain)
|
||||||
#
|
#
|
||||||
define(`init_use_script_fd',`
|
define(`init_use_script_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 initrc_t:fd use;
|
allow $1 initrc_t:fd use;
|
||||||
')
|
')
|
||||||
@ -375,7 +375,7 @@ define(`init_use_script_fd_depend',`
|
|||||||
# init_dontaudit_use_script_fd(domain)
|
# init_dontaudit_use_script_fd(domain)
|
||||||
#
|
#
|
||||||
define(`init_dontaudit_use_script_fd',`
|
define(`init_dontaudit_use_script_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 initrc_t:fd use;
|
dontaudit $1 initrc_t:fd use;
|
||||||
')
|
')
|
||||||
@ -391,7 +391,7 @@ define(`init_dontaudit_use_script_fd_depend',`
|
|||||||
# init_get_script_process_group(domain)
|
# init_get_script_process_group(domain)
|
||||||
#
|
#
|
||||||
define(`init_get_script_process_group',`
|
define(`init_get_script_process_group',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 initrc_t:process getpgid;
|
allow $1 initrc_t:process getpgid;
|
||||||
')
|
')
|
||||||
@ -407,7 +407,7 @@ define(`init_get_script_process_group_depend',`
|
|||||||
# init_use_script_pty(domain)
|
# init_use_script_pty(domain)
|
||||||
#
|
#
|
||||||
define(`init_use_script_pty',`
|
define(`init_use_script_pty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
term_list_ptys($1)
|
term_list_ptys($1)
|
||||||
allow $1 initrc_devpts_t:chr_file { getattr read write ioctl };
|
allow $1 initrc_devpts_t:chr_file { getattr read write ioctl };
|
||||||
@ -424,7 +424,7 @@ define(`init_use_script_pty_depend',`
|
|||||||
# init_dontaudit_use_script_pty(domain)
|
# init_dontaudit_use_script_pty(domain)
|
||||||
#
|
#
|
||||||
define(`init_dontaudit_use_script_pty',`
|
define(`init_dontaudit_use_script_pty',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 initrc_devpts_t:chr_file { read write ioctl };
|
dontaudit $1 initrc_devpts_t:chr_file { read write ioctl };
|
||||||
')
|
')
|
||||||
@ -446,7 +446,7 @@ define(`init_dontaudit_use_script_pty_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`init_rw_script_tmp_files',`
|
define(`init_rw_script_tmp_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: read tmp_t
|
# FIXME: read tmp_t
|
||||||
allow $1 initrc_tmp_t:file rw_file_perms;
|
allow $1 initrc_tmp_t:file rw_file_perms;
|
||||||
@ -463,7 +463,7 @@ define(`init_rw_script_tmp_files_depend',`
|
|||||||
# init_read_script_pid(domain)
|
# init_read_script_pid(domain)
|
||||||
#
|
#
|
||||||
define(`init_read_script_pid',`
|
define(`init_read_script_pid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_list_pids($1)
|
files_list_pids($1)
|
||||||
allow $1 initrc_var_run_t:file r_file_perms;
|
allow $1 initrc_var_run_t:file r_file_perms;
|
||||||
@ -480,7 +480,7 @@ define(`init_read_script_pid_depend',`
|
|||||||
# init_dontaudit_write_script_pid(domain)
|
# init_dontaudit_write_script_pid(domain)
|
||||||
#
|
#
|
||||||
define(`init_dontaudit_write_script_pid',`
|
define(`init_dontaudit_write_script_pid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 initrc_var_run_t:file { write lock };
|
dontaudit $1 initrc_var_run_t:file { write lock };
|
||||||
')
|
')
|
||||||
@ -496,7 +496,7 @@ define(`init_dontaudit_write_script_pid_depend',`
|
|||||||
# init_rw_script_pid(domain)
|
# init_rw_script_pid(domain)
|
||||||
#
|
#
|
||||||
define(`init_rw_script_pid',`
|
define(`init_rw_script_pid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_list_pids($1)
|
files_list_pids($1)
|
||||||
allow $1 initrc_var_run_t:file rw_file_perms;
|
allow $1 initrc_var_run_t:file rw_file_perms;
|
||||||
@ -513,7 +513,7 @@ define(`init_rw_script_pid_depend',`
|
|||||||
# init_dontaudit_rw_script_pid(domain)
|
# init_dontaudit_rw_script_pid(domain)
|
||||||
#
|
#
|
||||||
define(`init_dontaudit_rw_script_pid',`
|
define(`init_dontaudit_rw_script_pid',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 initrc_var_run_t:file { getattr read write append };
|
dontaudit $1 initrc_var_run_t:file { getattr read write append };
|
||||||
')
|
')
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`iptables_domtrans',`
|
define(`iptables_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 iptables_exec_t:file rx_file_perms;
|
allow $1 iptables_exec_t:file rx_file_perms;
|
||||||
allow $1 iptables_t:process transition;
|
allow $1 iptables_t:process transition;
|
||||||
@ -52,7 +52,7 @@ define(`iptables_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`iptables_run',`
|
define(`iptables_run',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
iptables_domtrans($1)
|
iptables_domtrans($1)
|
||||||
role $2 types iptables_t;
|
role $2 types iptables_t;
|
||||||
@ -76,7 +76,7 @@ define(`iptables_run_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`iptables_exec',`
|
define(`iptables_exec',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,iptables_exec_t)
|
can_exec($1,iptables_exec_t)
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_domtrans_ldconfig',`
|
define(`libs_domtrans_ldconfig',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1,ldconfig_exec_t,ldconfig_t)
|
domain_auto_trans($1,ldconfig_exec_t,ldconfig_t)
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ define(`libs_domtrans_ldconfig_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_run_ldconfig',`
|
define(`libs_run_ldconfig',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
libs_domtrans_ldconfig($1)
|
libs_domtrans_ldconfig($1)
|
||||||
role $2 types ldconfig_t;
|
role $2 types ldconfig_t;
|
||||||
@ -73,7 +73,7 @@ define(`libs_run_ldconfig_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_use_ld_so',`
|
define(`libs_use_ld_so',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_read_generic_etc_files_directory($1)
|
files_read_generic_etc_files_directory($1)
|
||||||
allow $1 lib_t:dir r_dir_perms;
|
allow $1 lib_t:dir r_dir_perms;
|
||||||
@ -103,7 +103,7 @@ define(`libs_use_ld_so_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_legacy_use_ld_so',`
|
define(`libs_legacy_use_ld_so',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
libs_use_ld_so($1)
|
libs_use_ld_so($1)
|
||||||
allow $1 ld_so_t:file execmod;
|
allow $1 ld_so_t:file execmod;
|
||||||
@ -132,7 +132,7 @@ define(`libs_legacy_use_ld_so_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_exec_ld_so',`
|
define(`libs_exec_ld_so',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 lib_t:dir r_dir_perms;
|
allow $1 lib_t:dir r_dir_perms;
|
||||||
allow $1 lib_t:lnk_file r_file_perms;
|
allow $1 lib_t:lnk_file r_file_perms;
|
||||||
@ -160,7 +160,7 @@ define(`libs_exec_ld_so_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_rw_ld_so_cache',`
|
define(`libs_rw_ld_so_cache',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_read_generic_etc_files_directory($1)
|
files_read_generic_etc_files_directory($1)
|
||||||
allow $1 ld_so_cache_t:file rw_file_perms;
|
allow $1 ld_so_cache_t:file rw_file_perms;
|
||||||
@ -184,7 +184,7 @@ define(`libs_rw_ld_so_cache_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_read_lib',`
|
define(`libs_read_lib',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 lib_t:dir r_dir_perms;
|
allow $1 lib_t:dir r_dir_perms;
|
||||||
allow $1 lib_t:{ file lnk_file } r_file_perms;
|
allow $1 lib_t:{ file lnk_file } r_file_perms;
|
||||||
@ -209,7 +209,7 @@ define(`libs_read_lib_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_exec_lib_files',`
|
define(`libs_exec_lib_files',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 lib_t:dir r_dir_perms;
|
allow $1 lib_t:dir r_dir_perms;
|
||||||
allow $1 lib_t:lnk_file r_file_perms;
|
allow $1 lib_t:lnk_file r_file_perms;
|
||||||
@ -235,7 +235,7 @@ define(`libs_exec_lib_files_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_use_shared_libs',`
|
define(`libs_use_shared_libs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_usr($1)
|
files_search_usr($1)
|
||||||
allow $1 lib_t:dir r_dir_perms;
|
allow $1 lib_t:dir r_dir_perms;
|
||||||
@ -264,7 +264,7 @@ define(`libs_use_shared_libs_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`libs_legacy_use_shared_libs',`
|
define(`libs_legacy_use_shared_libs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
libs_use_shared_libs($1)
|
libs_use_shared_libs($1)
|
||||||
allow $1 { shlib_t texrel_shlib_t }:file execmod;
|
allow $1 { shlib_t texrel_shlib_t }:file execmod;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`locallogin_domtrans',`
|
define(`locallogin_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
auth_domtrans_login_program($1,local_login_t)
|
auth_domtrans_login_program($1,local_login_t)
|
||||||
')
|
')
|
||||||
@ -36,7 +36,7 @@ define(`locallogin_domtrans_depend',`
|
|||||||
# locallogin_use_fd(domain)
|
# locallogin_use_fd(domain)
|
||||||
#
|
#
|
||||||
define(`locallogin_use_fd',`
|
define(`locallogin_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 local_login_t:fd use;
|
allow $1 local_login_t:fd use;
|
||||||
')
|
')
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
# logging_log_file(domain)
|
# logging_log_file(domain)
|
||||||
#
|
#
|
||||||
define(`logging_log_file',`
|
define(`logging_log_file',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_file_type($1)
|
files_file_type($1)
|
||||||
typeattribute $1 logfile;
|
typeattribute $1 logfile;
|
||||||
@ -21,7 +21,7 @@ define(`logging_log_file_depend',`
|
|||||||
# logging_create_log(domain,privatetype,[class(es)])
|
# logging_create_log(domain,privatetype,[class(es)])
|
||||||
#
|
#
|
||||||
define(`logging_create_log',`
|
define(`logging_create_log',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 var_log_t:dir rw_dir_perms;
|
allow $1 var_log_t:dir rw_dir_perms;
|
||||||
|
|
||||||
@ -43,7 +43,7 @@ define(`logging_create_log_depend',`
|
|||||||
# logging_send_syslog_msg(domain)
|
# logging_send_syslog_msg(domain)
|
||||||
#
|
#
|
||||||
define(`logging_send_syslog_msg',`
|
define(`logging_send_syslog_msg',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 devlog_t:lnk_file read;
|
allow $1 devlog_t:lnk_file read;
|
||||||
allow $1 devlog_t:sock_file rw_file_perms;
|
allow $1 devlog_t:sock_file rw_file_perms;
|
||||||
@ -79,7 +79,7 @@ define(`logging_send_syslog_msg_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`logging_search_logs',`
|
define(`logging_search_logs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
allow $1 var_log_t:dir search;
|
allow $1 var_log_t:dir search;
|
||||||
@ -96,7 +96,7 @@ define(`logging_search_logs_depend',`
|
|||||||
# logging_dontaudit_getattr_all_logs(domain)
|
# logging_dontaudit_getattr_all_logs(domain)
|
||||||
#
|
#
|
||||||
define(`logging_dontaudit_getattr_all_logs',`
|
define(`logging_dontaudit_getattr_all_logs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 logfile:file getattr;
|
dontaudit $1 logfile:file getattr;
|
||||||
')
|
')
|
||||||
@ -112,7 +112,7 @@ define(`logging_dontaudit_getattr_all_logs_depend',`
|
|||||||
# logging_append_all_logs(domain)
|
# logging_append_all_logs(domain)
|
||||||
#
|
#
|
||||||
define(`logging_append_all_logs',`
|
define(`logging_append_all_logs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
allow $1 var_log_t:dir r_dir_perms;
|
allow $1 var_log_t:dir r_dir_perms;
|
||||||
@ -133,7 +133,7 @@ define(`logging_append_all_logs_depend',`
|
|||||||
# logging_read_all_logs(domain)
|
# logging_read_all_logs(domain)
|
||||||
#
|
#
|
||||||
define(`logging_read_all_logs',`
|
define(`logging_read_all_logs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
allow $1 var_log_t:dir r_dir_perms;
|
allow $1 var_log_t:dir r_dir_perms;
|
||||||
@ -154,7 +154,7 @@ define(`logging_read_all_logs_depend',`
|
|||||||
# logging_read_generic_logs(domain)
|
# logging_read_generic_logs(domain)
|
||||||
#
|
#
|
||||||
define(`logging_read_generic_logs',`
|
define(`logging_read_generic_logs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
allow $1 var_log_t:dir r_dir_perms;
|
allow $1 var_log_t:dir r_dir_perms;
|
||||||
@ -173,7 +173,7 @@ define(`logging_read_generic_logs_depend',`
|
|||||||
# logging_write_generic_logs(domain)
|
# logging_write_generic_logs(domain)
|
||||||
#
|
#
|
||||||
define(`logging_write_generic_logs',`
|
define(`logging_write_generic_logs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
allow $1 var_log_t:dir r_dir_perms;
|
allow $1 var_log_t:dir r_dir_perms;
|
||||||
@ -192,7 +192,7 @@ define(`logging_write_generic_logs_depend',`
|
|||||||
# logging_rw_generic_logs(domain)
|
# logging_rw_generic_logs(domain)
|
||||||
#
|
#
|
||||||
define(`logging_rw_generic_logs',`
|
define(`logging_rw_generic_logs',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
allow $1 var_log_t:dir r_dir_perms;
|
allow $1 var_log_t:dir r_dir_perms;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`lvm_domtrans',`
|
define(`lvm_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, lvm_exec_t, lvm_t)
|
domain_auto_trans($1, lvm_exec_t, lvm_t)
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ define(`lvm_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`lvm_run',`
|
define(`lvm_run',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
lvm_domtrans($1)
|
lvm_domtrans($1)
|
||||||
role $2 types lvm_t;
|
role $2 types lvm_t;
|
||||||
@ -72,7 +72,7 @@ define(`lvm_run_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`lvm_read_config',`
|
define(`lvm_read_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 lvm_etc_t:dir r_dir_perms;
|
allow $1 lvm_etc_t:dir r_dir_perms;
|
||||||
allow $1 lvm_etc_t:file r_file_perms;
|
allow $1 lvm_etc_t:file r_file_perms;
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`miscfiles_rw_man_cache',`
|
define(`miscfiles_rw_man_cache',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search var_t dir
|
# FIXME: search var_t dir
|
||||||
allow $1 catman_t:dir create_dir_perms;
|
allow $1 catman_t:dir create_dir_perms;
|
||||||
@ -44,7 +44,7 @@ define(`miscfiles_rw_man_cache_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`miscfiles_read_fonts',`
|
define(`miscfiles_read_fonts',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search usr_t dir
|
# FIXME: search usr_t dir
|
||||||
# FIXME: search lib_t dir
|
# FIXME: search lib_t dir
|
||||||
@ -74,7 +74,7 @@ define(`miscfiles_read_fonts_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`miscfiles_read_localization',`
|
define(`miscfiles_read_localization',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: $1 read etc_t:lnk_file here
|
# FIXME: $1 read etc_t:lnk_file here
|
||||||
# FIXME: $1 search usr_t:dir here
|
# FIXME: $1 search usr_t:dir here
|
||||||
@ -108,7 +108,7 @@ define(`miscfiles_read_localization_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`miscfiles_legacy_read_localization',`
|
define(`miscfiles_legacy_read_localization',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
miscfiles_read_localization($1)
|
miscfiles_read_localization($1)
|
||||||
allow $1 locale_t:file execute;
|
allow $1 locale_t:file execute;
|
||||||
@ -134,7 +134,7 @@ define(`miscfiles_read_localization_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`miscfiles_read_man_pages',`
|
define(`miscfiles_read_man_pages',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search usr_t dir
|
# FIXME: search usr_t dir
|
||||||
allow $1 man_t:dir r_dir_perms;
|
allow $1 man_t:dir r_dir_perms;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_read_kernel_module_dependencies',`
|
define(`modutils_read_kernel_module_dependencies',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
bootloader_list_kernel_modules($1)
|
bootloader_list_kernel_modules($1)
|
||||||
allow $1 modules_dep_t:file r_file_perms;
|
allow $1 modules_dep_t:file r_file_perms;
|
||||||
@ -37,7 +37,7 @@ define(`modutils_read_kernel_module_dependencies_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_read_module_conf',`
|
define(`modutils_read_module_conf',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 modules_conf_t:file r_file_perms;
|
allow $1 modules_conf_t:file r_file_perms;
|
||||||
')
|
')
|
||||||
@ -60,7 +60,7 @@ define(`modutils_read_module_conf_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_domtrans_insmod',`
|
define(`modutils_domtrans_insmod',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, insmod_exec_t, insmod_t)
|
domain_auto_trans($1, insmod_exec_t, insmod_t)
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ define(`modutils_domtrans_insmod_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_run_insmod',`
|
define(`modutils_run_insmod',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
modutils_domtrans_insmod($1)
|
modutils_domtrans_insmod($1)
|
||||||
role $2 types insmod_t;
|
role $2 types insmod_t;
|
||||||
@ -117,7 +117,7 @@ define(`modutils_run_insmod_depend',`
|
|||||||
# modutils_exec_insmod(domain)
|
# modutils_exec_insmod(domain)
|
||||||
#
|
#
|
||||||
define(`modutils_exec_insmod',`
|
define(`modutils_exec_insmod',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1, insmod_exec_t)
|
can_exec($1, insmod_exec_t)
|
||||||
')
|
')
|
||||||
@ -139,7 +139,7 @@ define(`modutils_exec_insmod_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_domtrans_depmod',`
|
define(`modutils_domtrans_depmod',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, depmod_exec_t, depmod_t)
|
domain_auto_trans($1, depmod_exec_t, depmod_t)
|
||||||
|
|
||||||
@ -175,7 +175,7 @@ define(`modutils_domtrans_depmod_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_run_depmod',`
|
define(`modutils_run_depmod',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
modutils_domtrans_depmod($1)
|
modutils_domtrans_depmod($1)
|
||||||
role $2 types insmod_t;
|
role $2 types insmod_t;
|
||||||
@ -193,7 +193,7 @@ define(`modutils_run_depmod_depend',`
|
|||||||
# modutils_exec_depmod(domain)
|
# modutils_exec_depmod(domain)
|
||||||
#
|
#
|
||||||
define(`modutils_exec_depmod',`
|
define(`modutils_exec_depmod',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1, depmod_exec_t)
|
can_exec($1, depmod_exec_t)
|
||||||
')
|
')
|
||||||
@ -215,7 +215,7 @@ define(`modutils_exec_depmod_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_domtrans_update_mods',`
|
define(`modutils_domtrans_update_mods',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, update_modules_exec_t, update_modules_t)
|
domain_auto_trans($1, update_modules_exec_t, update_modules_t)
|
||||||
|
|
||||||
@ -251,7 +251,7 @@ define(`modutils_domtrans_update_mods_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`modutils_run_update_mods',`
|
define(`modutils_run_update_mods',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
modutils_domtrans_update_mods($1)
|
modutils_domtrans_update_mods($1)
|
||||||
role $2 types update_modules_t;
|
role $2 types update_modules_t;
|
||||||
@ -269,7 +269,7 @@ define(`modutils_run_update_mods_depend',`
|
|||||||
# modutils_exec_update_mods(domain)
|
# modutils_exec_update_mods(domain)
|
||||||
#
|
#
|
||||||
define(`modutils_exec_update_mods',`
|
define(`modutils_exec_update_mods',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1, update_modules_exec_t)
|
can_exec($1, update_modules_exec_t)
|
||||||
')
|
')
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`mount_domtrans',`
|
define(`mount_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 mount_exec_t:file rx_file_perms;
|
allow $1 mount_exec_t:file rx_file_perms;
|
||||||
allow $1 mount_t:process transition;
|
allow $1 mount_t:process transition;
|
||||||
@ -53,7 +53,7 @@ define(`mount_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`mount_run',`
|
define(`mount_run',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
mount_domtrans($1)
|
mount_domtrans($1)
|
||||||
role $2 types mount_t;
|
role $2 types mount_t;
|
||||||
@ -77,7 +77,7 @@ define(`mount_run_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`mount_use_fd',`
|
define(`mount_use_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 mount_t:fd use;
|
allow $1 mount_t:fd use;
|
||||||
')
|
')
|
||||||
@ -100,7 +100,7 @@ define(`mount_use_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`mount_send_nfs_client_request',`
|
define(`mount_send_nfs_client_request',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 mount_t:udp_socket rw_socket_perms;
|
allow $1 mount_t:udp_socket rw_socket_perms;
|
||||||
')
|
')
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_checkpol',`
|
define(`selinux_domtrans_checkpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 checkpolicy_exec_t:file rx_file_perms;
|
allow $1 checkpolicy_exec_t:file rx_file_perms;
|
||||||
allow $1 checkpolicy_t:process transition;
|
allow $1 checkpolicy_t:process transition;
|
||||||
@ -54,7 +54,7 @@ define(`selinux_domtrans_checkpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_checkpol',`
|
define(`selinux_run_checkpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_checkpol($1)
|
selinux_domtrans_checkpol($1)
|
||||||
role $2 types checkpolicy_t;
|
role $2 types checkpolicy_t;
|
||||||
@ -72,7 +72,7 @@ define(`selinux_run_checkpol_depend',`
|
|||||||
# selinux_exec_checkpol(domain)
|
# selinux_exec_checkpol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_checkpol',`
|
define(`selinux_exec_checkpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,checkpolicy_exec_t)
|
can_exec($1,checkpolicy_exec_t)
|
||||||
')
|
')
|
||||||
@ -94,7 +94,7 @@ define(`selinux_exec_checkpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_loadpol',`
|
define(`selinux_domtrans_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 load_policy_exec_t:file rx_file_perms;
|
allow $1 load_policy_exec_t:file rx_file_perms;
|
||||||
allow $1 load_policy_t:process transition;
|
allow $1 load_policy_t:process transition;
|
||||||
@ -136,7 +136,7 @@ define(`selinux_domtrans_loadpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_loadpol',`
|
define(`selinux_run_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_loadpol($1)
|
selinux_domtrans_loadpol($1)
|
||||||
role $2 types load_policy_t;
|
role $2 types load_policy_t;
|
||||||
@ -154,7 +154,7 @@ define(`selinux_run_loadpol_depend',`
|
|||||||
# selinux_exec_loadpol(domain)
|
# selinux_exec_loadpol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_loadpol',`
|
define(`selinux_exec_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,load_policy_exec_t)
|
can_exec($1,load_policy_exec_t)
|
||||||
')
|
')
|
||||||
@ -170,7 +170,7 @@ define(`selinux_exec_loadpol_depend',`
|
|||||||
# selinux_read_loadpol(domain)
|
# selinux_read_loadpol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_loadpol',`
|
define(`selinux_read_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 load_policy_exec_t:file r_file_perms;
|
allow $1 load_policy_exec_t:file r_file_perms;
|
||||||
')
|
')
|
||||||
@ -192,7 +192,7 @@ define(`selinux_read_loadpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_newrole',`
|
define(`selinux_domtrans_newrole',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 newrole_exec_t:file rx_file_perms;
|
allow $1 newrole_exec_t:file rx_file_perms;
|
||||||
allow $1 newrole_t:process transition;
|
allow $1 newrole_t:process transition;
|
||||||
@ -233,7 +233,7 @@ define(`selinux_domtrans_newrole_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_newrole',`
|
define(`selinux_run_newrole',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_newrole($1)
|
selinux_domtrans_newrole($1)
|
||||||
role $2 types newrole_t;
|
role $2 types newrole_t;
|
||||||
@ -251,7 +251,7 @@ define(`selinux_run_newrole_depend',`
|
|||||||
# selinux_exec_newrole(domain)
|
# selinux_exec_newrole(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_newrole',`
|
define(`selinux_exec_newrole',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,newrole_exec_t)
|
can_exec($1,newrole_exec_t)
|
||||||
')
|
')
|
||||||
@ -274,7 +274,7 @@ define(`selinux_exec_newrole_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_dontaudit_newrole_signal',`
|
define(`selinux_dontaudit_newrole_signal',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 newrole_t:process signal;
|
dontaudit $1 newrole_t:process signal;
|
||||||
')
|
')
|
||||||
@ -290,7 +290,7 @@ define(`selinux_dontaudit_newrole_signal_depend',`
|
|||||||
# selinux_newrole_sigchld(domain)
|
# selinux_newrole_sigchld(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_newrole_sigchld',`
|
define(`selinux_newrole_sigchld',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 newrole_t:process sigchld;
|
allow $1 newrole_t:process sigchld;
|
||||||
')
|
')
|
||||||
@ -306,7 +306,7 @@ define(`selinux_newrole_sigchld_depend',`
|
|||||||
# selinux_use_newrole_fd(domain)
|
# selinux_use_newrole_fd(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_use_newrole_fd',`
|
define(`selinux_use_newrole_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 newrole_t:fd use;
|
allow $1 newrole_t:fd use;
|
||||||
')
|
')
|
||||||
@ -328,7 +328,7 @@ define(`selinux_use_newrole_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_restorecon',`
|
define(`selinux_domtrans_restorecon',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 restorecon_exec_t:file rx_file_perms;
|
allow $1 restorecon_exec_t:file rx_file_perms;
|
||||||
allow $1 restorecon_t:process transition;
|
allow $1 restorecon_t:process transition;
|
||||||
@ -369,7 +369,7 @@ define(`selinux_domtrans_restorecon_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_restorecon',`
|
define(`selinux_run_restorecon',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_restorecon($1)
|
selinux_domtrans_restorecon($1)
|
||||||
role $2 types restorecon_t;
|
role $2 types restorecon_t;
|
||||||
@ -387,7 +387,7 @@ define(`selinux_run_restorecon_depend',`
|
|||||||
# selinux_exec_restorecon(domain)
|
# selinux_exec_restorecon(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_restorecon',`
|
define(`selinux_exec_restorecon',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
can_exec($1,restorecon_exec_t)
|
can_exec($1,restorecon_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -408,7 +408,7 @@ define(`selinux_exec_restorecon_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_runinit',`
|
define(`selinux_domtrans_runinit',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 run_init_exec_t:file rx_file_perms;
|
allow $1 run_init_exec_t:file rx_file_perms;
|
||||||
allow $1 run_init_t:process transition;
|
allow $1 run_init_t:process transition;
|
||||||
@ -449,7 +449,7 @@ define(`selinux_domtrans_runinit_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_runinit',`
|
define(`selinux_run_runinit',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_runinit($1)
|
selinux_domtrans_runinit($1)
|
||||||
role $2 types run_init_t;
|
role $2 types run_init_t;
|
||||||
@ -467,7 +467,7 @@ define(`selinux_run_runinit_depend',`
|
|||||||
# selinux_use_runinit_fd(domain)
|
# selinux_use_runinit_fd(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_use_runinit_fd',`
|
define(`selinux_use_runinit_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 run_init_t:fd use;
|
allow $1 run_init_t:fd use;
|
||||||
')
|
')
|
||||||
@ -489,7 +489,7 @@ define(`selinux_use_runinit_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_setfiles',`
|
define(`selinux_domtrans_setfiles',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 setfiles_exec_t:file rx_file_perms;
|
allow $1 setfiles_exec_t:file rx_file_perms;
|
||||||
allow $1 setfiles_t:process transition;
|
allow $1 setfiles_t:process transition;
|
||||||
@ -530,7 +530,7 @@ define(`selinux_domtrans_setfiles_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_setfiles',`
|
define(`selinux_run_setfiles',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_setfiles($1)
|
selinux_domtrans_setfiles($1)
|
||||||
role $2 types setfiles_t;
|
role $2 types setfiles_t;
|
||||||
@ -548,7 +548,7 @@ define(`selinux_run_setfiles_depend',`
|
|||||||
# selinux_exec_setfiles(domain)
|
# selinux_exec_setfiles(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_setfiles',`
|
define(`selinux_exec_setfiles',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,setfiles_exec_t)
|
can_exec($1,setfiles_exec_t)
|
||||||
')
|
')
|
||||||
@ -564,7 +564,7 @@ define(`selinux_exec_setfiles_depend',`
|
|||||||
# selinux_read_config(domain)
|
# selinux_read_config(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_config',`
|
define(`selinux_read_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 selinux_config_t:dir r_dir_perms;
|
allow $1 selinux_config_t:dir r_dir_perms;
|
||||||
allow $1 selinux_config_t:file r_file_perms;
|
allow $1 selinux_config_t:file r_file_perms;
|
||||||
@ -582,7 +582,7 @@ define(`selinux_read_config_depend',`
|
|||||||
# selinux_read_default_contexts(domain)
|
# selinux_read_default_contexts(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_default_contexts',`
|
define(`selinux_read_default_contexts',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
allow $1 default_context_t:dir r_dir_perms;
|
allow $1 default_context_t:dir r_dir_perms;
|
||||||
@ -601,7 +601,7 @@ define(`selinux_read_default_contexts_depend',`
|
|||||||
# selinux_read_file_contexts(domain)
|
# selinux_read_file_contexts(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_file_contexts',`
|
define(`selinux_read_file_contexts',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
allow $1 file_context_t:dir r_dir_perms;
|
allow $1 file_context_t:dir r_dir_perms;
|
||||||
@ -620,7 +620,7 @@ define(`selinux_read_file_contexts_depend',`
|
|||||||
# selinux_read_binary_pol(domain)
|
# selinux_read_binary_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_binary_pol',`
|
define(`selinux_read_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 policy_config_t:dir r_dir_perms;
|
allow $1 policy_config_t:dir r_dir_perms;
|
||||||
allow $1 policy_config_t:file r_file_perms;
|
allow $1 policy_config_t:file r_file_perms;
|
||||||
@ -638,7 +638,7 @@ define(`selinux_read_binary_pol_depend',`
|
|||||||
# selinux_write_binary_pol(domain)
|
# selinux_write_binary_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_write_binary_pol',`
|
define(`selinux_write_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 policy_config_t:dir rw_dir_perms;
|
allow $1 policy_config_t:dir rw_dir_perms;
|
||||||
allow $1 policy_config_t:file { getattr create write unlink };
|
allow $1 policy_config_t:file { getattr create write unlink };
|
||||||
@ -665,7 +665,7 @@ define(`selinux_write_binary_pol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_relabelto_binary_pol',`
|
define(`selinux_relabelto_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 policy_config_t:file relabelto;
|
allow $1 policy_config_t:file relabelto;
|
||||||
typeattribute $1 can_relabelto_binary_policy;
|
typeattribute $1 can_relabelto_binary_policy;
|
||||||
@ -684,7 +684,7 @@ define(`selinux_relabelto_binary_pol_depend',`
|
|||||||
# selinux_manage_binary_pol(domain)
|
# selinux_manage_binary_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_manage_binary_pol',`
|
define(`selinux_manage_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search etc_t:dir
|
# FIXME: search etc_t:dir
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
@ -706,7 +706,7 @@ define(`selinux_manage_binary_pol_depend',`
|
|||||||
# selinux_read_src_pol(domain)
|
# selinux_read_src_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_src_pol',`
|
define(`selinux_read_src_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search etc_t:dir
|
# FIXME: search etc_t:dir
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
@ -726,7 +726,7 @@ define(`selinux_read_src_pol_depend',`
|
|||||||
# selinux_manage_src_pol(domain)
|
# selinux_manage_src_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_manage_src_pol',`
|
define(`selinux_manage_src_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search etc_t:dir
|
# FIXME: search etc_t:dir
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_checkpol',`
|
define(`selinux_domtrans_checkpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 checkpolicy_exec_t:file rx_file_perms;
|
allow $1 checkpolicy_exec_t:file rx_file_perms;
|
||||||
allow $1 checkpolicy_t:process transition;
|
allow $1 checkpolicy_t:process transition;
|
||||||
@ -54,7 +54,7 @@ define(`selinux_domtrans_checkpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_checkpol',`
|
define(`selinux_run_checkpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_checkpol($1)
|
selinux_domtrans_checkpol($1)
|
||||||
role $2 types checkpolicy_t;
|
role $2 types checkpolicy_t;
|
||||||
@ -72,7 +72,7 @@ define(`selinux_run_checkpol_depend',`
|
|||||||
# selinux_exec_checkpol(domain)
|
# selinux_exec_checkpol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_checkpol',`
|
define(`selinux_exec_checkpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,checkpolicy_exec_t)
|
can_exec($1,checkpolicy_exec_t)
|
||||||
')
|
')
|
||||||
@ -94,7 +94,7 @@ define(`selinux_exec_checkpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_loadpol',`
|
define(`selinux_domtrans_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 load_policy_exec_t:file rx_file_perms;
|
allow $1 load_policy_exec_t:file rx_file_perms;
|
||||||
allow $1 load_policy_t:process transition;
|
allow $1 load_policy_t:process transition;
|
||||||
@ -136,7 +136,7 @@ define(`selinux_domtrans_loadpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_loadpol',`
|
define(`selinux_run_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_loadpol($1)
|
selinux_domtrans_loadpol($1)
|
||||||
role $2 types load_policy_t;
|
role $2 types load_policy_t;
|
||||||
@ -154,7 +154,7 @@ define(`selinux_run_loadpol_depend',`
|
|||||||
# selinux_exec_loadpol(domain)
|
# selinux_exec_loadpol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_loadpol',`
|
define(`selinux_exec_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,load_policy_exec_t)
|
can_exec($1,load_policy_exec_t)
|
||||||
')
|
')
|
||||||
@ -170,7 +170,7 @@ define(`selinux_exec_loadpol_depend',`
|
|||||||
# selinux_read_loadpol(domain)
|
# selinux_read_loadpol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_loadpol',`
|
define(`selinux_read_loadpol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 load_policy_exec_t:file r_file_perms;
|
allow $1 load_policy_exec_t:file r_file_perms;
|
||||||
')
|
')
|
||||||
@ -192,7 +192,7 @@ define(`selinux_read_loadpol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_newrole',`
|
define(`selinux_domtrans_newrole',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 newrole_exec_t:file rx_file_perms;
|
allow $1 newrole_exec_t:file rx_file_perms;
|
||||||
allow $1 newrole_t:process transition;
|
allow $1 newrole_t:process transition;
|
||||||
@ -233,7 +233,7 @@ define(`selinux_domtrans_newrole_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_newrole',`
|
define(`selinux_run_newrole',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_newrole($1)
|
selinux_domtrans_newrole($1)
|
||||||
role $2 types newrole_t;
|
role $2 types newrole_t;
|
||||||
@ -251,7 +251,7 @@ define(`selinux_run_newrole_depend',`
|
|||||||
# selinux_exec_newrole(domain)
|
# selinux_exec_newrole(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_newrole',`
|
define(`selinux_exec_newrole',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,newrole_exec_t)
|
can_exec($1,newrole_exec_t)
|
||||||
')
|
')
|
||||||
@ -274,7 +274,7 @@ define(`selinux_exec_newrole_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_dontaudit_newrole_signal',`
|
define(`selinux_dontaudit_newrole_signal',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 newrole_t:process signal;
|
dontaudit $1 newrole_t:process signal;
|
||||||
')
|
')
|
||||||
@ -290,7 +290,7 @@ define(`selinux_dontaudit_newrole_signal_depend',`
|
|||||||
# selinux_newrole_sigchld(domain)
|
# selinux_newrole_sigchld(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_newrole_sigchld',`
|
define(`selinux_newrole_sigchld',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 newrole_t:process sigchld;
|
allow $1 newrole_t:process sigchld;
|
||||||
')
|
')
|
||||||
@ -306,7 +306,7 @@ define(`selinux_newrole_sigchld_depend',`
|
|||||||
# selinux_use_newrole_fd(domain)
|
# selinux_use_newrole_fd(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_use_newrole_fd',`
|
define(`selinux_use_newrole_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 newrole_t:fd use;
|
allow $1 newrole_t:fd use;
|
||||||
')
|
')
|
||||||
@ -328,7 +328,7 @@ define(`selinux_use_newrole_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_restorecon',`
|
define(`selinux_domtrans_restorecon',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 restorecon_exec_t:file rx_file_perms;
|
allow $1 restorecon_exec_t:file rx_file_perms;
|
||||||
allow $1 restorecon_t:process transition;
|
allow $1 restorecon_t:process transition;
|
||||||
@ -369,7 +369,7 @@ define(`selinux_domtrans_restorecon_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_restorecon',`
|
define(`selinux_run_restorecon',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_restorecon($1)
|
selinux_domtrans_restorecon($1)
|
||||||
role $2 types restorecon_t;
|
role $2 types restorecon_t;
|
||||||
@ -387,7 +387,7 @@ define(`selinux_run_restorecon_depend',`
|
|||||||
# selinux_exec_restorecon(domain)
|
# selinux_exec_restorecon(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_restorecon',`
|
define(`selinux_exec_restorecon',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
can_exec($1,restorecon_exec_t)
|
can_exec($1,restorecon_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -408,7 +408,7 @@ define(`selinux_exec_restorecon_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_runinit',`
|
define(`selinux_domtrans_runinit',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 run_init_exec_t:file rx_file_perms;
|
allow $1 run_init_exec_t:file rx_file_perms;
|
||||||
allow $1 run_init_t:process transition;
|
allow $1 run_init_t:process transition;
|
||||||
@ -449,7 +449,7 @@ define(`selinux_domtrans_runinit_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_runinit',`
|
define(`selinux_run_runinit',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_runinit($1)
|
selinux_domtrans_runinit($1)
|
||||||
role $2 types run_init_t;
|
role $2 types run_init_t;
|
||||||
@ -467,7 +467,7 @@ define(`selinux_run_runinit_depend',`
|
|||||||
# selinux_use_runinit_fd(domain)
|
# selinux_use_runinit_fd(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_use_runinit_fd',`
|
define(`selinux_use_runinit_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 run_init_t:fd use;
|
allow $1 run_init_t:fd use;
|
||||||
')
|
')
|
||||||
@ -489,7 +489,7 @@ define(`selinux_use_runinit_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_domtrans_setfiles',`
|
define(`selinux_domtrans_setfiles',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 setfiles_exec_t:file rx_file_perms;
|
allow $1 setfiles_exec_t:file rx_file_perms;
|
||||||
allow $1 setfiles_t:process transition;
|
allow $1 setfiles_t:process transition;
|
||||||
@ -530,7 +530,7 @@ define(`selinux_domtrans_setfiles_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_run_setfiles',`
|
define(`selinux_run_setfiles',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
selinux_domtrans_setfiles($1)
|
selinux_domtrans_setfiles($1)
|
||||||
role $2 types setfiles_t;
|
role $2 types setfiles_t;
|
||||||
@ -548,7 +548,7 @@ define(`selinux_run_setfiles_depend',`
|
|||||||
# selinux_exec_setfiles(domain)
|
# selinux_exec_setfiles(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_exec_setfiles',`
|
define(`selinux_exec_setfiles',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
can_exec($1,setfiles_exec_t)
|
can_exec($1,setfiles_exec_t)
|
||||||
')
|
')
|
||||||
@ -564,7 +564,7 @@ define(`selinux_exec_setfiles_depend',`
|
|||||||
# selinux_read_config(domain)
|
# selinux_read_config(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_config',`
|
define(`selinux_read_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 selinux_config_t:dir r_dir_perms;
|
allow $1 selinux_config_t:dir r_dir_perms;
|
||||||
allow $1 selinux_config_t:file r_file_perms;
|
allow $1 selinux_config_t:file r_file_perms;
|
||||||
@ -582,7 +582,7 @@ define(`selinux_read_config_depend',`
|
|||||||
# selinux_read_default_contexts(domain)
|
# selinux_read_default_contexts(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_default_contexts',`
|
define(`selinux_read_default_contexts',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
allow $1 default_context_t:dir r_dir_perms;
|
allow $1 default_context_t:dir r_dir_perms;
|
||||||
@ -601,7 +601,7 @@ define(`selinux_read_default_contexts_depend',`
|
|||||||
# selinux_read_file_contexts(domain)
|
# selinux_read_file_contexts(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_file_contexts',`
|
define(`selinux_read_file_contexts',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
allow $1 file_context_t:dir r_dir_perms;
|
allow $1 file_context_t:dir r_dir_perms;
|
||||||
@ -620,7 +620,7 @@ define(`selinux_read_file_contexts_depend',`
|
|||||||
# selinux_read_binary_pol(domain)
|
# selinux_read_binary_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_binary_pol',`
|
define(`selinux_read_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 policy_config_t:dir r_dir_perms;
|
allow $1 policy_config_t:dir r_dir_perms;
|
||||||
allow $1 policy_config_t:file r_file_perms;
|
allow $1 policy_config_t:file r_file_perms;
|
||||||
@ -638,7 +638,7 @@ define(`selinux_read_binary_pol_depend',`
|
|||||||
# selinux_write_binary_pol(domain)
|
# selinux_write_binary_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_write_binary_pol',`
|
define(`selinux_write_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 policy_config_t:dir rw_dir_perms;
|
allow $1 policy_config_t:dir rw_dir_perms;
|
||||||
allow $1 policy_config_t:file { getattr create write unlink };
|
allow $1 policy_config_t:file { getattr create write unlink };
|
||||||
@ -665,7 +665,7 @@ define(`selinux_write_binary_pol_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`selinux_relabelto_binary_pol',`
|
define(`selinux_relabelto_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 policy_config_t:file relabelto;
|
allow $1 policy_config_t:file relabelto;
|
||||||
typeattribute $1 can_relabelto_binary_policy;
|
typeattribute $1 can_relabelto_binary_policy;
|
||||||
@ -684,7 +684,7 @@ define(`selinux_relabelto_binary_pol_depend',`
|
|||||||
# selinux_manage_binary_pol(domain)
|
# selinux_manage_binary_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_manage_binary_pol',`
|
define(`selinux_manage_binary_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search etc_t:dir
|
# FIXME: search etc_t:dir
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
@ -706,7 +706,7 @@ define(`selinux_manage_binary_pol_depend',`
|
|||||||
# selinux_read_src_pol(domain)
|
# selinux_read_src_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_read_src_pol',`
|
define(`selinux_read_src_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search etc_t:dir
|
# FIXME: search etc_t:dir
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
@ -726,7 +726,7 @@ define(`selinux_read_src_pol_depend',`
|
|||||||
# selinux_manage_src_pol(domain)
|
# selinux_manage_src_pol(domain)
|
||||||
#
|
#
|
||||||
define(`selinux_manage_src_pol',`
|
define(`selinux_manage_src_pol',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
# FIXME: search etc_t:dir
|
# FIXME: search etc_t:dir
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`sysnet_domtrans_dhcpc',`
|
define(`sysnet_domtrans_dhcpc',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, dhcpc_exec_t, dhcpc_t)
|
domain_auto_trans($1, dhcpc_exec_t, dhcpc_t)
|
||||||
|
|
||||||
@ -42,7 +42,7 @@ define(`sysnet_domtrans_dhcpc_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`sysnet_domtrans_ifconfig',`
|
define(`sysnet_domtrans_ifconfig',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, ifconfig_exec_t, ifconfig_t)
|
domain_auto_trans($1, ifconfig_exec_t, ifconfig_t)
|
||||||
|
|
||||||
@ -80,7 +80,7 @@ define(`sysnet_domtrans_ifconfig_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`sysnet_run_ifconfig',`
|
define(`sysnet_run_ifconfig',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
sysnet_domtrans_ifconfig($1)
|
sysnet_domtrans_ifconfig($1)
|
||||||
role $2 types ifconfig_t;
|
role $2 types ifconfig_t;
|
||||||
@ -104,7 +104,7 @@ define(`sysnet_run_ifconfig_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`sysnet_read_config',`
|
define(`sysnet_read_config',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 net_conf_t:file r_file_perms;
|
allow $1 net_conf_t:file r_file_perms;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`udev_domtrans',`
|
define(`udev_domtrans',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
domain_auto_trans($1, udev_exec_t, udev_t)
|
domain_auto_trans($1, udev_exec_t, udev_t)
|
||||||
|
|
||||||
@ -42,7 +42,7 @@ define(`udev_domtrans_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`udev_read_db',`
|
define(`udev_read_db',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 udev_tdb_t:file r_file_perms;
|
allow $1 udev_tdb_t:file r_file_perms;
|
||||||
')
|
')
|
||||||
@ -64,7 +64,7 @@ define(`udev_read_db_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`udev_rw_db',`
|
define(`udev_rw_db',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 udev_tdb_t:file rw_file_perms;
|
allow $1 udev_tdb_t:file rw_file_perms;
|
||||||
')
|
')
|
||||||
|
@ -819,7 +819,7 @@ define(`admin_domain_template',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_spec_domtrans_all_users',`
|
define(`userdom_spec_domtrans_all_users',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
corecmd_shell_spec_domtrans($1,userdomain)
|
corecmd_shell_spec_domtrans($1,userdomain)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -838,7 +838,7 @@ define(`userdom_spec_domtrans_all_users_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_shell_domtrans_sysadm',`
|
define(`userdom_shell_domtrans_sysadm',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
corecmd_domtrans_shell($1,sysadm_t)
|
corecmd_domtrans_shell($1,sysadm_t)
|
||||||
')
|
')
|
||||||
@ -859,7 +859,7 @@ define(`userdom_shell_domtrans_sysadm_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_use_sysadm_terms',`
|
define(`userdom_use_sysadm_terms',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
term_list_ptys($1)
|
term_list_ptys($1)
|
||||||
@ -883,7 +883,7 @@ define(`userdom_use_sysadm_terms_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_dontaudit_use_sysadm_terms',`
|
define(`userdom_dontaudit_use_sysadm_terms',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 admin_terminal:chr_file { read write };
|
dontaudit $1 admin_terminal:chr_file { read write };
|
||||||
')
|
')
|
||||||
@ -905,7 +905,7 @@ define(`userdom_dontaudit_use_sysadm_terms_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_search_all_users_home',`
|
define(`userdom_search_all_users_home',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_list_home($1)
|
files_list_home($1)
|
||||||
allow $1 { home_dir_type home_type }:dir search;
|
allow $1 { home_dir_type home_type }:dir search;
|
||||||
@ -928,7 +928,7 @@ define(`userdom_search_all_users_home_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_read_all_user_data',`
|
define(`userdom_read_all_user_data',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
files_list_home($1)
|
files_list_home($1)
|
||||||
allow $1 home_type:dir r_dir_perms;
|
allow $1 home_type:dir r_dir_perms;
|
||||||
@ -953,7 +953,7 @@ define(`userdom_read_all_user_data_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_use_all_user_fd',`
|
define(`userdom_use_all_user_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 userdomain:fd use;
|
allow $1 userdomain:fd use;
|
||||||
')
|
')
|
||||||
@ -975,7 +975,7 @@ define(`userdom_use_all_user_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_signal_all_users',`
|
define(`userdom_signal_all_users',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 userdomain:process signal;
|
allow $1 userdomain:process signal;
|
||||||
')
|
')
|
||||||
@ -997,7 +997,7 @@ define(`userdom_signal_all_users_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_use_unpriv_users_fd',`
|
define(`userdom_use_unpriv_users_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
allow $1 unpriv_userdomain:fd use;
|
allow $1 unpriv_userdomain:fd use;
|
||||||
')
|
')
|
||||||
@ -1020,7 +1020,7 @@ define(`userdom_use_unpriv_users_fd_depend',`
|
|||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`userdom_dontaudit_use_unpriv_user_fd',`
|
define(`userdom_dontaudit_use_unpriv_user_fd',`
|
||||||
requires_block_template(`$0'_depend)
|
gen_require(`$0'_depend)
|
||||||
|
|
||||||
dontaudit $1 unpriv_userdomain:fd use;
|
dontaudit $1 unpriv_userdomain:fd use;
|
||||||
')
|
')
|
||||||
|
@ -16,9 +16,9 @@ define(`policy_module',`
|
|||||||
|
|
||||||
##############################
|
##############################
|
||||||
#
|
#
|
||||||
# For use in interfaces, to optionally insert a requires block
|
# For use in interfaces, to optionally insert a require block
|
||||||
#
|
#
|
||||||
define(`requires_block_template',`
|
define(`gen_require',`
|
||||||
ifdef(`monolithic_policy',`',`
|
ifdef(`monolithic_policy',`',`
|
||||||
require {
|
require {
|
||||||
$1
|
$1
|
||||||
@ -34,7 +34,7 @@ define(`requires_block_template',`
|
|||||||
#
|
#
|
||||||
define(`module_interface',`
|
define(`module_interface',`
|
||||||
define(`$1',`
|
define(`$1',`
|
||||||
requires_block_template(`$1'_depend)
|
gen_require(`$1'_depend)
|
||||||
$2
|
$2
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user