dpkg: Move interface implementations.
This commit is contained in:
Chris PeBenito
parent
ed79766651
commit
bf21c5c0d2
|
|
@ -19,6 +19,50 @@ interface(`dpkg_domtrans',`
|
|||
domtrans_pattern($1, dpkg_exec_t, dpkg_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Transition to dpkg_t when NNP has been set
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`dpkg_nnp_domtrans',`
|
||||
gen_require(`
|
||||
type dpkg_t;
|
||||
')
|
||||
|
||||
dpkg_domtrans($1)
|
||||
allow $1 dpkg_t:process2 nnp_transition;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute dpkg programs in the dpkg domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`dpkg_run',`
|
||||
gen_require(`
|
||||
attribute_role dpkg_roles;
|
||||
')
|
||||
|
||||
dpkg_domtrans($1)
|
||||
roleattribute $2 dpkg_roles;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute the dkpg in the caller domain.
|
||||
|
|
@ -79,31 +123,6 @@ interface(`dpkg_script_rw_pipes',`
|
|||
allow $1 dpkg_script_t:fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute dpkg programs in the dpkg domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`dpkg_run',`
|
||||
gen_require(`
|
||||
attribute_role dpkg_roles;
|
||||
')
|
||||
|
||||
dpkg_domtrans($1)
|
||||
roleattribute $2 dpkg_roles;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Inherit and use file descriptors from dpkg.
|
||||
|
|
@ -337,21 +356,3 @@ interface(`dpkg_read_script_tmp_symlinks',`
|
|||
|
||||
allow $1 dpkg_script_tmp_t:lnk_file read_lnk_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Transition to dpkg_t when NNP has been set
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`dpkg_nnp_domtrans',`
|
||||
gen_require(`
|
||||
type dpkg_t;
|
||||
')
|
||||
|
||||
allow $1 dpkg_t:process2 nnp_transition;
|
||||
')
|
||||
|
|
|
|||
Loading…
Reference in New Issue