rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   a8671ae5b25b52d9015cb02067faf7ca0aa8387f
  2.   policy
  3.   modules
  4.   kernel
  5.   mls.if
Blob Blame History Raw 
## <summary>Multilevel security policy</summary>
## <desc>
##	<p>
##	This module contains interfaces for handling multilevel
##	security.  The interfaces allow the specified subjects
##	and objects to be allowed certain privileges in the
##	MLS rules.
##	</p>
## </desc>
## <required val="true">
##	Contains attributes used in MLS policy.
## </required>

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from files at higher levels.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mls_file_read_up',`
	gen_require(`
		attribute mlsfileread;
	')

	typeattribute $1 mlsfileread;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to files at lower levels.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mls_file_write_down',`
	gen_require(`
		attribute mlsfilewrite;
	')

	typeattribute $1 mlsfilewrite;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for raising the level of files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mls_file_upgrade',`
	gen_require(`
		attribute mlsfileupgrade;
	')

	typeattribute $1 mlsfileupgrade;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for lowering the level of files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mls_file_downgrade',`
	gen_require(`
		attribute mlsfiledowngrade;
	')

	typeattribute $1 mlsfiledowngrade;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from sockets at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_socket_read_all_levels',`
	gen_require(`
		attribute mlsnetread;
	')

	typeattribute $1 mlsnetread;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from sockets at any level
##	that is dominated by the process clearance.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_socket_read_to_clearance',`
	gen_require(`
		attribute mlsnetreadtoclr;
	')

	typeattribute $1 mlsnetreadtoclr;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to sockets at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_socket_write_all_levels',`
	gen_require(`
		attribute mlsnetwrite;
	')

	typeattribute $1 mlsnetwrite;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for receiving network data from 
##	network interfaces or hosts at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_net_receive_all_levels',`
	gen_require(`
		attribute mlsnetrecvall;
	')

	typeattribute $1 mlsnetrecvall;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from System V IPC objects
##	at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_sysvipc_read_all_levels',`
	gen_require(`
		attribute mlsipcread;
	')

	typeattribute $1 mlsipcread;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to System V IPC objects
##	at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_sysvipc_write_all_levels',`
	gen_require(`
		attribute mlsipcwrite;
	')

	typeattribute $1 mlsipcwrite;
')

########################################
## <summary>
##	Allow the specified domain to do a MLS
##	range transition that changes
##	the current level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_rangetrans_source',`
	gen_require(`
		attribute privrangetrans;
	')

	typeattribute $1 privrangetrans;
')

########################################
## <summary>
##	Make specified domain a target domain
##	for MLS range transitions that change
##	the current level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_rangetrans_target',`
	gen_require(`
		attribute mlsrangetrans;
	')

	typeattribute $1 mlsrangetrans;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from processes at higher levels.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_process_read_up',`
	gen_require(`
		attribute mlsprocread;
	')

	typeattribute $1 mlsprocread;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to processes at lower levels.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_process_write_down',`
	gen_require(`
		attribute mlsprocwrite;
	')

	typeattribute $1 mlsprocwrite;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for setting the level of processes
##	it executes.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_process_set_level',`
	gen_require(`
		attribute mlsprocsetsl;
	')

	typeattribute $1 mlsprocsetsl;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from X objects at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_xwin_read_all_levels',`
	gen_require(`
		attribute mlsxwinread;
	')

	typeattribute $1 mlsxwinread;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to X objects at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_xwin_write_all_levels',`
	gen_require(`
		attribute mlsxwinwrite;
	')

	typeattribute $1 mlsxwinwrite;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from X colormaps at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_colormap_read_all_levels',`
	gen_require(`
		attribute mlsxwinreadcolormap;
	')

	typeattribute $1 mlsxwinreadcolormap;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to X colormaps at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_colormap_write_all_levels',`
	gen_require(`
		attribute mlsxwinwritecolormap;
	')

	typeattribute $1 mlsxwinwritecolormap;
')

########################################
## <summary>
##	Make specified object MLS trusted.
## </summary>
## <desc>
##	<p>
##	Make specified object MLS trusted.  This
##	allows all levels to read and write the
##	object.
##	</p>
##	<p>
##	This currently only applies to filesystem
##	objects, for example, files and directories.
##	</p>
## </desc>
## <param name="domain">
##	<summary>
##	The type of the object.
##	</summary>
## </param>
#
interface(`mls_trusted_object',`
	gen_require(`
		attribute mlstrustedobject;
	')

	typeattribute $1 mlstrustedobject;
')

########################################
## <summary>
##	Make the specified domain trusted
##	to inherit and use file descriptors
##	from all levels.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_fd_use_all_levels',`
	gen_require(`
		attribute mlsfduse;
	')

	typeattribute $1 mlsfduse;
')

########################################
## <summary>
##	Make the file descriptors from the
##	specifed domain inheritable by
##	all levels.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_fd_share_all_levels',`
	gen_require(`
		attribute mlsfdshare;
	')

	typeattribute $1 mlsfdshare;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for translating contexts at all levels.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`mls_context_translate_all_levels',`
	gen_require(`
		attribute mlstranslate;
	')

	typeattribute $1 mlstranslate;
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.