User-based access control policy

## ## Contains attributes used in UBAC policy. ## ######################################## ##

## Constrain by user-based access control (UBAC). ##

## ##

## Constrain the specified type by user-based ## access control (UBAC). Typically, these are ## user processes or user files that need to be ## differentiated by SELinux user. Normally this ## does not include administrative or privileged ## programs. For the UBAC rules to be enforced, ## both the subject (source) type and the object ## (target) types must be UBAC constrained. ##

## ## ##

## Type to be constrained by UBAC. ##

## ## # interface(`ubac_constrained',` gen_require(` attribute ubac_constrained_type; ') typeattribute $1 ubac_constrained_type; ') ######################################## ##

## Exempt user-based access control for files. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_file_exempt',` gen_require(` attribute ubacfile; ') typeattribute $1 ubacfile; ') ######################################## ##

## Exempt user-based access control for processes. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_process_exempt',` gen_require(` attribute ubacproc; ') typeattribute $1 ubacproc; ') ######################################## ##

## Exempt user-based access control for file descriptors. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_fd_exempt',` gen_require(` attribute ubacfd; ') typeattribute $1 ubacfd; ') ######################################## ##

## Exempt user-based access control for sockets. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_socket_exempt',` gen_require(` attribute ubacsock; ') typeattribute $1 ubacsock; ') ######################################## ##

## Exempt user-based access control for SysV IPC. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_sysvipc_exempt',` gen_require(` attribute ubacipc; ') typeattribute $1 ubacipc; ') ######################################## ##

## Exempt user-based access control for X Windows. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_xwin_exempt',` gen_require(` attribute ubacxwin; ') typeattribute $1 ubacxwin; ') ######################################## ##

## Exempt user-based access control for dbus. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_dbus_exempt',` gen_require(` attribute ubacdbus; ') typeattribute $1 ubacdbus; ') ######################################## ##

## Exempt user-based access control for keys. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_key_exempt',` gen_require(` attribute ubackey; ') typeattribute $1 ubackey; ') ######################################## ##

## Exempt user-based access control for databases. ##

## ##

## Domain to be exempted. ##

## # interface(`ubac_db_exempt',` gen_require(` attribute ubacdb; ') typeattribute $1 ubacdb; ')