############################## # # Assertions for the type enforcement (TE) configuration. # # # Authors: Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser # ################################## # # Access vector assertions. # # An access vector assertion specifies permissions that should not be in # an access vector based on a source type, a target type, and a class. # If any of the specified permissions are in the corresponding access # vector, then the policy compiler will reject the policy configuration. # Currently, there is only one kind of access vector assertion, neverallow, # but support for the other kinds of vectors could be easily added. Access # vector assertions use the same syntax as access vector rules. # # Confined domains must never touch an unconfined domain except to # send SIGCHLD for child termination notifications. neverallow { domain -unrestricted -unconfinedtrans -snmpd_t } unconfined_t:process ~sigchld; # Confined domains must never see /proc/pid entries for an unconfined domain. neverallow { domain -unrestricted -snmpd_t } unconfined_t:dir { getattr search }; # # Verify that every type that can be entered by # a domain is also tagged as a domain. # neverallow domain ~domain:process { transition dyntransition}; # for gross mistakes in policy neverallow domain domain:dir ~r_dir_perms; neverallow domain domain:file_class_set ~rw_file_perms; neverallow domain file_type:process *; neverallow ~{ domain unlabeled_t } *:process *;