nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policy.dtd: more strict bool/tunable and infoflow validation

Browse Source 
Booleans and tunables must have a value of true or false and infoflow
needs to be of type read, write, none or both with a weight of 1 to 10.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche 2022-03-22 18:05:40 +01:00
parent a7de85503e
commit f3b0b0837f
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/policy.dtd
View File

@ -14,11 +14,11 @@
<!ELEMENT tunable (desc)> <!ELEMENT tunable (desc)>
<!ATTLIST tunable <!ATTLIST tunable
name CDATA #REQUIRED name CDATA #REQUIRED
dftval CDATA #REQUIRED> dftval (true|false) #REQUIRED>
<!ELEMENT bool (desc)> <!ELEMENT bool (desc)>
<!ATTLIST bool <!ATTLIST bool
name CDATA #REQUIRED name CDATA #REQUIRED
dftval CDATA #REQUIRED> dftval (true|false) #REQUIRED>
<!ELEMENT summary (#PCDATA)> <!ELEMENT summary (#PCDATA)>
<!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)> <!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)>
<!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED> <!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED>
@ -32,8 +32,8 @@
unused (true|false) "false"> unused (true|false) "false">
<!ELEMENT infoflow EMPTY> <!ELEMENT infoflow EMPTY>
<!ATTLIST infoflow <!ATTLIST infoflow
type CDATA #REQUIRED type (read|write|none|both) #REQUIRED
weight CDATA #IMPLIED> weight (1|2|3|4|5|6|7|8|9|10) #IMPLIED>
<!ELEMENT rolebase EMPTY> <!ELEMENT rolebase EMPTY>
<!ELEMENT rolecap EMPTY> <!ELEMENT rolecap EMPTY>