selinux-policy/policy/modules/kernel/mls.te
Chris PeBenito e1a70f1dde trunk: add MLS constrains for ingress/egress permissions from Paul Moore.
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls.  Based on
the following post to the SELinux Reference Policy mailing list:

 * http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
2009-03-02 15:16:49 +00:00

69 lines
1.4 KiB
Plaintext

policy_module(mls, 1.7.1)
########################################
#
# Declarations
#
attribute mlsfileread;
attribute mlsfilereadtoclr;
attribute mlsfilewrite;
attribute mlsfilewritetoclr;
attribute mlsfilewriteinrange;
attribute mlsfileupgrade;
attribute mlsfiledowngrade;
attribute mlsnetread;
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
attribute mlsnetwritetoclr;
attribute mlsnetwriteranged;
attribute mlsnetupgrade;
attribute mlsnetdowngrade;
attribute mlsnetrecvall;
attribute mlsnetinbound;
attribute mlsnetoutbound;
attribute mlsipcread;
attribute mlsipcreadtoclr;
attribute mlsipcwrite;
attribute mlsipcwritetoclr;
attribute mlsprocread;
attribute mlsprocreadtoclr;
attribute mlsprocwrite;
attribute mlsprocwritetoclr;
attribute mlsprocsetsl;
attribute mlsxwinread;
attribute mlsxwinreadtoclr;
attribute mlsxwinwrite;
attribute mlsxwinwritetoclr;
attribute mlsxwinreadproperty;
attribute mlsxwinwriteproperty;
attribute mlsxwinreadcolormap;
attribute mlsxwinwritecolormap;
attribute mlsxwinwritexinput;
attribute mlsdbread;
attribute mlsdbreadtoclr;
attribute mlsdbwrite;
attribute mlsdbwritetoclr;
attribute mlsdbwriteinrange;
attribute mlsdbupgrade;
attribute mlsdbdowngrade;
attribute mlstrustedobject;
attribute privrangetrans;
attribute mlsrangetrans;
attribute mlsfduse;
attribute mlsfdshare;
attribute mlstranslate;
attribute mlsdbusrecv;
attribute mlsdbussend;