Commit Graph

13 Commits

Author SHA1 Message Date
Christian Göttsche 40a59af329 can_exec(): move from misc_macros to misc_patterns
The file misc_macros.spt is due heavy usage of the m4 language
hard to parse for third party tools.
Move the macro can_exec() to misc_patterns.spt, which contains
only interface like define blocks.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2020-05-15 15:59:13 +02:00
Chris PeBenito 9285d9f450 misc_patterns.spt: Remove unnecessary brackets. 2018-07-19 19:49:21 -04:00
Lukas Vrabec a7edcc9f2b Improve domain_transition_pattern to allow mmap entrypoint bin file.
In domain_transition_pattern there is rule:
allow $1 $2:file { getattr open read execute };

map permission is missing here, which is generating lot of AVC.
Replacing permissions with mmap_exec_file_perms set.
2018-07-19 19:48:08 -04:00
cgzones da89b955a0 domtrans_pattern: use inherited fifo perms 2017-03-08 17:19:26 +01:00
cgzones dd4cfd8a77 add admin_process_pattern macro
useful for MODULE_admin interfaces
2017-02-17 16:26:22 +01:00
cgzones 901a905cbb update policy/support macros
- add systemd service macro sets
- add some documentation
- add some recursion to some macro sets (ipv perm, object class sets)
- deprecate domain_trans and domain_auto_trans
- remove unpriv_socket_class_set
2016-12-01 19:38:14 +01:00
Chris PeBenito dd49083624 Remove deprecated send_audit_msgs_pattern().
This was deprecated June 12, 2007.
2011-10-14 10:23:05 -04:00
Chris PeBenito a53c6c65a4 FTP patch from Dan Walsh. 2010-04-26 15:15:23 -04:00
Chris PeBenito 82d2775c92 trunk: more open perm fixes. 2008-10-20 16:10:42 +00:00
Chris PeBenito c040ea12b2 trunk: several support macro fixes. 2007-07-31 15:11:22 +00:00
Chris PeBenito 63acaf59d7 trunk: fix pipe permission set in domtrans_pattern(). 2007-07-26 19:41:15 +00:00
Chris PeBenito d5b81a81ff trunk: Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern(). 2007-06-12 18:46:14 +00:00
Chris PeBenito c0868a7a3b merge policy patterns to trunk 2006-12-12 20:08:08 +00:00