## <summary>Multilevel security policy</summary> ## <desc> ## <p> ## This module contains interfaces for handling multilevel ## security. The interfaces allow the specified subjects ## and objects to be allowed certain privileges in the ## MLS rules. ## </p> ## </desc> ## <required val="true"> ## Contains attributes used in MLS policy. ## </required> ######################################## ## <summary> ## Make specified domain MLS trusted ## for reading from files at higher levels. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_file_read_up',` gen_require(` attribute mlsfileread; ') typeattribute $1 mlsfileread; ') ######################################## ## <summary> ## Make specified domain MLS trusted ## for writing to files at lower levels. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_file_write_down',` gen_require(` attribute mlsfilewrite; ') typeattribute $1 mlsfilewrite; ') ######################################## ## <summary> ## Make specified domain MLS trusted ## for raising the level of files. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_file_upgrade',` gen_require(` attribute mlsfileupgrade; ') typeattribute $1 mlsfileupgrade; ') ######################################## ## <summary> ## Make specified domain MLS trusted ## for lowering the level of files. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_file_downgrade',` gen_require(` attribute mlsfiledowngrade; ') typeattribute $1 mlsfiledowngrade; ') ######################################## ## <summary> ## Allow the specified domain to do a MLS ## range transition that changes ## the current level. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_rangetrans_source',` gen_require(` attribute privrangetrans; ') typeattribute $1 privrangetrans; ') ######################################## ## <summary> ## Make specified domain a target domain ## for MLS range transitions that change ## the current level. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_rangetrans_target',` gen_require(` attribute mlsrangetrans; ') typeattribute $1 mlsrangetrans; ') ######################################## ## <summary> ## Make specified domain MLS trusted ## for reading from processes at higher levels. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_process_read_up',` gen_require(` attribute mlsprocread; ') typeattribute $1 mlsprocread; ') ######################################## ## <summary> ## Make specified domain MLS trusted ## for writing to processes at lower levels. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_process_write_down',` gen_require(` attribute mlsprocwrite; ') typeattribute $1 mlsprocwrite; ') ######################################## ## <summary> ## Make specified domain MLS trusted ## for setting the level of processes ## it executes. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`mls_process_set_level',` gen_require(` attribute mlsprocsetsl; ') typeattribute $1 mlsprocsetsl; ') ######################################## ## <summary> ## Make specified object MLS trusted. ## </summary> ## <desc> ## <p> ## Make specified object MLS trusted. This ## allows all levels to read and write the ## object. ## </p> ## <p> ## This currently only applies to filesystem ## objects, for example, files and directories. ## </p> ## </desc> ## <param name="domain"> ## The type of the object. ## </param> # interface(`mls_trusted_object',` gen_require(` attribute mlstrustedobject; ') typeattribute $1 mlstrustedobject; ')