selinux-policy/refpolicy/policy/modules/system/libraries.fc
2005-11-07 20:09:28 +00:00

182 lines
10 KiB
Plaintext

#
# /emul
#
ifdef(`distro_redhat',`
/emul/ia32-linux/usr(/.*)?/lib(/.*)? gen_context(system_u:object_r:lib_t,s0)
/emul/ia32-linux/usr(/.*)?/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/emul/ia32-linux/usr(/.*)?/java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/emul/ia32-linux/usr(/.*)?/java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0)
/emul/ia32-linux/usr(/.*)?/java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0)
/emul/ia32-linux/usr(/.*)?/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
/emul/ia32-linux/lib(/.*)? gen_context(system_u:object_r:lib_t,s0)
/emul/ia32-linux/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/emul/ia32-linux/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
')
#
# /etc
#
/etc/ld\.so\.cache -- gen_context(system_u:object_r:ld_so_cache_t,s0)
/etc/ld\.so\.preload -- gen_context(system_u:object_r:ld_so_cache_t,s0)
/etc/ppp/plugins/rp-pppoe\.so -- gen_context(system_u:object_r:shlib_t,s0)
#
# /lib(64)?
#
/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
#
# /opt
#
/opt(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/opt(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
#
# /sbin
#
/sbin/ldconfig -- gen_context(system_u:object_r:ldconfig_exec_t,s0)
#
# /usr
#
/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr(/.*)?/java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr(/.*)?/java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0)
/usr(/.*)?/java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0)
/usr(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
/usr(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0)
/usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0)
/usr/lib(64)?/libGL(core)?/.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/(local/)?lib/wine/.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/(local/)?lib/libfame-.*\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/local/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
ifdef(`distro_redhat',`
/usr/lib/.*/program/.*\.so.* gen_context(system_u:object_r:shlib_t,s0)
/usr/share/rhn/rhn_applet/eggtrayiconmodule\.so -- gen_context(system_u:object_r:shlib_t,s0)
# The following are libraries with text relocations in need of execmod permissions
# Some of them should be fixed and removed from this list
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
/usr/lib/gstreamer-.*/libgstffmpeg\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/gstreamer-.*/libgsthermescolorspace\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/gstreamer-.*/libgstmms\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libstdc\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libg\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libglide3\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libdv\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/helix/plugins/oggfformat\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/helix/plugins/theorarend\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/helix/plugins/vorbisrend\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/helix/codecs/colorcvt\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/helix/codecs/cvt1\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libSDL-.*\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/X11R6/lib/modules/dri/.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/X11R6/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libHermes\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/valgrind/hp2ps -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/valgrind/stage2 -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/valgrind/vg.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/.*/libxpcom_core.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/.*/program/libicudata\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/.*/program/libsts645li\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/.*/program/libvclplug_gen645li\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/.*/program/libwrp645li\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/.*/program/libswd680li\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib(64)?/.*/program/librecentfile\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libsvx680li\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
# Fedora Extras packages: ladspa, imlib2, ocaml
/usr/lib/ladspa/analogue_osc_1416\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/bandpass_a_iir_1893\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/bandpass_iir_1892\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/butterworth_1902\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/fm_osc_1415\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/gsm_1215\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/gverb_1216\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/hermes_filter_1200\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/highpass_iir_1890\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/lowpass_iir_1891\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/notch_iir_1894\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/pitch_scale_1193\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/pitch_scale_1194\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/sc1_1425\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/sc2_1426\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/sc3_1427\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/sc4_1882\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ladspa/se4_1883\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libImlib2\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/ocaml/stublibs/dllnums\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/httpd/modules/libphp5\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/php/modules/.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
/usr/lib/xmms/Input/libmpg123\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libpostproc\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libavformat-.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libavcodec-.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libxvidcore\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/xine/plugins/.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libgsm\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libmp3lame\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
# Flash plugin, Macromedia
HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
# Jai, Sun Microsystems (Jpackage SPRM)
/usr/lib/libmlib_jai\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libdivxdecore.so.0 -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/libdivxencore.so.0 -- gen_context(system_u:object_r:texrel_shlib_t,s0)
# Java, Sun Microsystems (JPackage SRPM)
/usr/.*/jre/lib/i386/libdeploy.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr(/.*)?/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:shlib_t,s0)
/usr(/.*)?/Reader/intellinux/plug_ins/AcroForm\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr(/.*)?/Reader/intellinux/plug_ins/EScript\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr(/.*)?/Reader/intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:texrel_shlib_t,s0)
') dnl end distro_redhat
ifdef(`distro_suse',`
/usr/lib/samba/classic/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
')
#
# /var
#
/var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- gen_context(system_u:object_r:shlib_t,s0)
ifdef(`distro_suse',`
/var/lib/samba/bin/.*\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0)
')