Rearrange interfaces in files, clock, and udev.
This commit is contained in:
Chris PeBenito
parent
176afaf5d6
commit
1673ea6474
@ -2961,25 +2961,6 @@ interface(`files_dontaudit_setattr_etc_runtime_files',`
|
||||
dontaudit $1 etc_runtime_t:file setattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to write
|
||||
## etc runtime files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_dontaudit_write_etc_runtime_files',`
|
||||
gen_require(`
|
||||
type etc_runtime_t;
|
||||
')
|
||||
|
||||
dontaudit $1 etc_runtime_t:file write;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read files in /etc that are dynamically
|
||||
@ -3040,6 +3021,25 @@ interface(`files_dontaudit_read_etc_runtime_files',`
|
||||
dontaudit $1 etc_runtime_t:file { getattr read };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to write
|
||||
## etc runtime files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_dontaudit_write_etc_runtime_files',`
|
||||
gen_require(`
|
||||
type etc_runtime_t;
|
||||
')
|
||||
|
||||
dontaudit $1 etc_runtime_t:file write;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write files in /etc that are dynamically
|
||||
|
||||
@ -62,24 +62,6 @@ interface(`clock_exec',`
|
||||
can_exec($1, hwclock_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to write clock drift adjustments.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`clock_dontaudit_write_adjtime',`
|
||||
gen_require(`
|
||||
type adjtime_t;
|
||||
')
|
||||
|
||||
dontaudit $1 adjtime_t:file write;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read clock drift adjustments.
|
||||
@ -99,6 +81,24 @@ interface(`clock_read_adjtime',`
|
||||
allow $1 adjtime_t:file read_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to write clock drift adjustments.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`clock_dontaudit_write_adjtime',`
|
||||
gen_require(`
|
||||
type adjtime_t;
|
||||
')
|
||||
|
||||
dontaudit $1 adjtime_t:file write;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write clock drift adjustments.
|
||||
|
||||
@ -222,25 +222,6 @@ interface(`udev_rw_db',`
|
||||
allow $1 udev_tbl_t:file rw_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read udev pid files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udev_read_pid_files',`
|
||||
gen_require(`
|
||||
type udev_var_run_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
read_files_pattern($1, udev_var_run_t, udev_var_run_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search through udev pid content
|
||||
@ -282,25 +263,21 @@ interface(`udev_manage_pid_dirs',`
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create directories in the run location with udev_var_run_t type
|
||||
## Read udev pid files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="name" optional="true">
|
||||
## <summary>
|
||||
## Name of the directory that is created
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udev_generic_pid_filetrans_run_dirs',`
|
||||
interface(`udev_read_pid_files',`
|
||||
gen_require(`
|
||||
type udev_var_run_t;
|
||||
')
|
||||
|
||||
files_pid_filetrans($1, udev_var_run_t, dir, $2)
|
||||
files_search_pids($1)
|
||||
read_files_pattern($1, udev_var_run_t, udev_var_run_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -322,3 +299,26 @@ interface(`udev_manage_pid_files',`
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create directories in the run location with udev_var_run_t type
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="name" optional="true">
|
||||
## <summary>
|
||||
## Name of the directory that is created
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udev_generic_pid_filetrans_run_dirs',`
|
||||
gen_require(`
|
||||
type udev_var_run_t;
|
||||
')
|
||||
|
||||
files_pid_filetrans($1, udev_var_run_t, dir, $2)
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user