mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-03-30 07:16:57 +00:00
5a4f511ff4
This patch properly completes the implementation of the MLS file relabel attributes. In the previous patch [http://oss.tresys.com/pipermail/refpolicy/2016-July/008038.html], a new attribute, mlsfilerelabetoclr, was created. There should have been a second attribute, mlsfilerelabel, created instead of overloading mlsfilewrite for this privilege. I concur with creating new attributes for this situation. I have created the patch below. Signed-off-by: Chad Hanson <dahchanson@gmail.com>
76 lines
1.6 KiB
Plaintext
76 lines
1.6 KiB
Plaintext
policy_module(mls, 1.9.1)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
attribute mlsfileread;
|
|
attribute mlsfilereadtoclr;
|
|
attribute mlsfilewrite;
|
|
attribute mlsfilewritetoclr;
|
|
attribute mlsfilewriteinrange;
|
|
attribute mlsfilerelabel;
|
|
attribute mlsfilerelabeltoclr;
|
|
attribute mlsfileupgrade;
|
|
attribute mlsfiledowngrade;
|
|
|
|
attribute mlsnetread;
|
|
attribute mlsnetreadtoclr;
|
|
attribute mlsnetwrite;
|
|
attribute mlsnetwritetoclr;
|
|
attribute mlsnetwriteranged;
|
|
attribute mlsnetupgrade;
|
|
attribute mlsnetdowngrade;
|
|
attribute mlsnetrecvall;
|
|
attribute mlsnetinbound;
|
|
attribute mlsnetoutbound;
|
|
|
|
attribute mlsipcread;
|
|
attribute mlsipcreadtoclr;
|
|
attribute mlsipcwrite;
|
|
attribute mlsipcwritetoclr;
|
|
|
|
attribute mlskeywrite;
|
|
attribute mlskeywritetoclr;
|
|
|
|
attribute mlsprocread;
|
|
attribute mlsprocreadtoclr;
|
|
attribute mlsprocwrite;
|
|
attribute mlsprocwritetoclr;
|
|
attribute mlsprocsetsl;
|
|
|
|
attribute mlsxwinread;
|
|
attribute mlsxwinreadtoclr;
|
|
attribute mlsxwinwrite;
|
|
attribute mlsxwinwritetoclr;
|
|
attribute mlsxwinreadproperty;
|
|
attribute mlsxwinwriteproperty;
|
|
attribute mlsxwinreadselection;
|
|
attribute mlsxwinwriteselection;
|
|
attribute mlsxwinreadcolormap;
|
|
attribute mlsxwinwritecolormap;
|
|
attribute mlsxwinwritexinput;
|
|
|
|
attribute mlsdbread;
|
|
attribute mlsdbreadtoclr;
|
|
attribute mlsdbwrite;
|
|
attribute mlsdbwritetoclr;
|
|
attribute mlsdbwriteinrange;
|
|
attribute mlsdbupgrade;
|
|
attribute mlsdbdowngrade;
|
|
|
|
attribute mlstrustedobject;
|
|
attribute mlstrustedsocket;
|
|
|
|
attribute privrangetrans;
|
|
attribute mlsrangetrans;
|
|
|
|
attribute mlsfduse;
|
|
attribute mlsfdshare;
|
|
|
|
attribute mlstranslate;
|
|
|
|
attribute mlsdbusrecv;
|
|
attribute mlsdbussend;
|