add ignore read rootfs file

2005-05-02 18:40:42 +00:00 · 2005-05-02 18:40:42 +00:00 · 9f2f9e6dfe
parent d0b6abebb9
commit 9f2f9e6dfe
1 changed files with 30 additions and 2 deletions
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@ -80,10 +80,10 @@ class chr_file relabelfrom;

 ########################################
 #
-# files_search_all_directories(type,[`optional'])
+# files_search_all_directories(domain)
 #
 define(`files_search_all_directories',`
-requires_block_template(files_search_all_directories_depend,$2)
+requires_block_template(files_search_all_directories_depend)
 allow $1 file_type:dir search;
 ')

@ -92,6 +92,20 @@ attribute file_type;
 class dir search;
 ')

+########################################
+#
+# files_ignore_search_all_directories(domain)
+#
+define(`files_ignore_search_all_directories',`
+requires_block_template(files_ignore_search_all_directories_depend)
+dontaudit $1 file_type:dir search;
+')
+
+define(`files_ignore_search_all_directories_depend',`
+attribute file_type;
+class dir search;
+')
+
 ########################################
 #
 # files_read_all_directories(type,[`optional'])
@ -150,6 +164,20 @@ type root_t;
 class dir { getattr search read write add_name };
 ')

+########################################
+#
+# files_ignore_read_rootfs_file(domain)
+#
+define(`files_ignore_read_rootfs_file',`
+requires_block_template(files_ignore_read_rootfs_file_depend)
+dontaudit $1 root_t:file read;
+')
+
+define(`files_ignore_read_rootfs_file_depend',`
+type root_t;
+class file read;
+')
+
 ########################################
 #
 # files_ignore_modify_rootfs_file(domain,[`optional'])