fix xml
This commit is contained in:
Chris PeBenito
parent
6d314fd3c1
commit
494e988f80
|
|
@ -1,14 +1,14 @@
|
||||||
# Copyright (C) 2005 Tresys Technology, LLC
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
## <interfaces module="storage">
|
## <module name="storage" layer="kernel">
|
||||||
## <summary>Policy controlling access to storage devices</summary>
|
## <summary>Policy controlling access to storage devices</summary>
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_get_fixed_disk_attributes">
|
## <interface name="storage_get_fixed_disk_attributes">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to get the attributes of fixed disk
|
## Allow the caller to get the attributes of fixed disk
|
||||||
## device nodes.
|
## device nodes.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="read" weight="7"/>
|
## <infoflow type="read" weight="7"/>
|
||||||
|
|
@ -25,13 +25,13 @@ type fixed_disk_device_t;
|
||||||
class blk_file getattr;
|
class blk_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_ignore_get_fixed_disk_attributes">
|
## <interface name="storage_ignore_get_fixed_disk_attributes">
|
||||||
## <description>
|
## <description>
|
||||||
## Do not audit attempts made by the caller to get
|
## Do not audit attempts made by the caller to get
|
||||||
## the attributes of fixed disk device nodes.
|
## the attributes of fixed disk device nodes.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="none"/>
|
## <infoflow type="none"/>
|
||||||
|
|
@ -47,13 +47,13 @@ type fixed_disk_device_t;
|
||||||
class blk_file getattr;
|
class blk_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_set_fixed_disk_attributes">
|
## <interface name="storage_set_fixed_disk_attributes">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to set the attributes of fixed disk
|
## Allow the caller to set the attributes of fixed disk
|
||||||
## device nodes.
|
## device nodes.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="write" weight="7"/>
|
## <infoflow type="write" weight="7"/>
|
||||||
|
|
@ -70,7 +70,7 @@ type fixed_disk_device_t;
|
||||||
class blk_file setattr;
|
class blk_file setattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_raw_read_fixed_disk">
|
## <interface name="storage_raw_read_fixed_disk">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to directly read from a fixed disk.
|
## Allow the caller to directly read from a fixed disk.
|
||||||
|
|
@ -78,7 +78,7 @@ class blk_file setattr;
|
||||||
## SELinux protections for filesystem objects, and
|
## SELinux protections for filesystem objects, and
|
||||||
## should only be used by trusted domains.
|
## should only be used by trusted domains.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="read" weight="10"/>
|
## <infoflow type="read" weight="10"/>
|
||||||
|
|
@ -97,7 +97,7 @@ attribute fixed_disk_raw_read;
|
||||||
class blk_file { getattr read ioctl };
|
class blk_file { getattr read ioctl };
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_write_read_fixed_disk">
|
## <interface name="storage_write_read_fixed_disk">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to directly write to a fixed disk.
|
## Allow the caller to directly write to a fixed disk.
|
||||||
|
|
@ -105,7 +105,7 @@ class blk_file { getattr read ioctl };
|
||||||
## SELinux protections for filesystem objects, and
|
## SELinux protections for filesystem objects, and
|
||||||
## should only be used by trusted domains.
|
## should only be used by trusted domains.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="write" weight="10"/>
|
## <infoflow type="write" weight="10"/>
|
||||||
|
|
@ -124,8 +124,7 @@ attribute fixed_disk_raw_write;
|
||||||
class blk_file { getattr write ioctl };
|
class blk_file { getattr write ioctl };
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
##
|
|
||||||
## <interface name="storage_raw_read_lvm_volume">
|
## <interface name="storage_raw_read_lvm_volume">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to directly read from a logical volume.
|
## Allow the caller to directly read from a logical volume.
|
||||||
|
|
@ -133,7 +132,7 @@ class blk_file { getattr write ioctl };
|
||||||
## SELinux protections for filesystem objects, and
|
## SELinux protections for filesystem objects, and
|
||||||
## should only be used by trusted domains.
|
## should only be used by trusted domains.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="read" weight="10"/>
|
## <infoflow type="read" weight="10"/>
|
||||||
|
|
@ -152,7 +151,7 @@ attribute fixed_disk_raw_read;
|
||||||
class blk_file { getattr read ioctl };
|
class blk_file { getattr read ioctl };
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_raw_write_lvm_volume">
|
## <interface name="storage_raw_write_lvm_volume">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to directly read from a logical volume.
|
## Allow the caller to directly read from a logical volume.
|
||||||
|
|
@ -160,7 +159,7 @@ class blk_file { getattr read ioctl };
|
||||||
## SELinux protections for filesystem objects, and
|
## SELinux protections for filesystem objects, and
|
||||||
## should only be used by trusted domains.
|
## should only be used by trusted domains.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="write" weight="10"/>
|
## <infoflow type="write" weight="10"/>
|
||||||
|
|
@ -179,7 +178,7 @@ attribute fixed_disk_raw_write;
|
||||||
class blk_file { getattr write ioctl };
|
class blk_file { getattr write ioctl };
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_read_scsi_generic">
|
## <interface name="storage_read_scsi_generic">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to directly read, in a
|
## Allow the caller to directly read, in a
|
||||||
|
|
@ -188,7 +187,7 @@ class blk_file { getattr write ioctl };
|
||||||
## SELinux protections for filesystem objects, and
|
## SELinux protections for filesystem objects, and
|
||||||
## should only be used by trusted domains.
|
## should only be used by trusted domains.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="read" weight="10"/>
|
## <infoflow type="read" weight="10"/>
|
||||||
|
|
@ -207,7 +206,7 @@ attribute scsi_generic_read;
|
||||||
class blk_file { getattr read ioctl };
|
class blk_file { getattr read ioctl };
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_write_scsi_generic">
|
## <interface name="storage_write_scsi_generic">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to directly write, in a
|
## Allow the caller to directly write, in a
|
||||||
|
|
@ -216,7 +215,7 @@ class blk_file { getattr read ioctl };
|
||||||
## SELinux protections for filesystem objects, and
|
## SELinux protections for filesystem objects, and
|
||||||
## should only be used by trusted domains.
|
## should only be used by trusted domains.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="write" weight="10"/>
|
## <infoflow type="write" weight="10"/>
|
||||||
|
|
@ -265,13 +264,13 @@ type scsi_generic_device_t;
|
||||||
class blk_file setattr;
|
class blk_file setattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_get_removable_device_attributes">
|
## <interface name="storage_get_removable_device_attributes">
|
||||||
## <description>
|
## <description>
|
||||||
## Allow the caller to get the attributes of removable
|
## Allow the caller to get the attributes of removable
|
||||||
## devices device nodes.
|
## devices device nodes.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="read" weight="7"/>
|
## <infoflow type="read" weight="7"/>
|
||||||
|
|
@ -288,13 +287,13 @@ type removable_device_t;
|
||||||
class blk_file getattr;
|
class blk_file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
########################################
|
||||||
## <interface name="storage_ignore_get_removable_device_attributes">
|
## <interface name="storage_ignore_get_removable_device_attributes">
|
||||||
## <description>
|
## <description>
|
||||||
## Do not audit attempts made by the caller to get
|
## Do not audit attempts made by the caller to get
|
||||||
## the attributes of removable devices device nodes.
|
## the attributes of removable devices device nodes.
|
||||||
## </description>
|
## </description>
|
||||||
## <parameter position="1" name="domain">
|
## <parameter name="domain">
|
||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </parameter>
|
## </parameter>
|
||||||
## <infoflow type="none"/>
|
## <infoflow type="none"/>
|
||||||
|
|
@ -415,4 +414,4 @@ type tape_device_t;
|
||||||
class blk_file setattr;
|
class blk_file setattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
## </interfaces>
|
## </module>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue