From 910f3f87ac3f3717aa4874b878fdc7f38e6db2a5 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 28 Nov 2012 16:26:05 -0500 Subject: [PATCH] Move mcs_constrained() impementation. --- policy/modules/kernel/mcs.if | 56 ++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/policy/modules/kernel/mcs.if b/policy/modules/kernel/mcs.if index 508e609da..b08a6e849 100644 --- a/policy/modules/kernel/mcs.if +++ b/policy/modules/kernel/mcs.if @@ -3,6 +3,34 @@ ## Contains attributes used in MCS policy. ## +######################################## +## +## Constrain by category access control (MCS). +## +## +##

+## Constrain the specified type by category based +## access control (MCS) This prevents this domain from +## interacting with subjects and operating on objects +## that it otherwise would be able to interact +## with or operate on respectively. +##

+## +## +## +## Type to be constrained by MCS. +## +## +## +# +interface(`mcs_constrained',` + gen_require(` + attribute mcs_constrained_type; + ') + + typeattribute $1 mcs_constrained_type; +') + ######################################## ## ## This domain is allowed to read files and directories @@ -102,31 +130,3 @@ interface(`mcs_process_set_categories',` typeattribute $1 mcssetcats; ') - -######################################## -## -## Constrain by category access control (MCS). -## -## -##

-## Constrain the specified type by category based -## access control (MCS) This prevents this domain from -## interacting with subjects and operating on objects -## that it otherwise would be able to interact -## with or operate on respectively. -##

-## -## -## -## Type to be constrained by MCS. -## -## -## -# -interface(`mcs_constrained',` - gen_require(` - attribute mcs_constrained_type; - ') - - typeattribute $1 mcs_constrained_type; -')