Rearrange a few files interfaces.
This commit is contained in:
parent
e7ed5a1fe9
commit
4f8e1a4e3d
@ -84,6 +84,26 @@ interface(`files_type',`
|
||||
typeattribute $1 file_type, non_security_file_type, non_auth_file_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Mark the specified type as a file
|
||||
## that is related to authentication.
|
||||
## </summary>
|
||||
## <param name="file_type">
|
||||
## <summary>
|
||||
## Type of the authentication-related
|
||||
## file.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_auth_file',`
|
||||
gen_require(`
|
||||
attribute file_type, security_file_type, auth_file_type;
|
||||
')
|
||||
|
||||
typeattribute $1 file_type, security_file_type, auth_file_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Make the specified type a file that
|
||||
@ -1275,26 +1295,6 @@ interface(`files_unmount_all_file_type_fs',`
|
||||
allow $1 file_type:filesystem unmount;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Mark the specified type as a file
|
||||
## that is related to authentication.
|
||||
## </summary>
|
||||
## <param name="file_type">
|
||||
## <summary>
|
||||
## Type of the authentication-related
|
||||
## file.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_auth_file',`
|
||||
gen_require(`
|
||||
attribute file_type, security_file_type, auth_file_type;
|
||||
')
|
||||
|
||||
typeattribute $1 file_type, security_file_type, auth_file_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read all non-authentication related
|
||||
@ -1352,38 +1352,6 @@ interface(`files_read_non_auth_symlinks',`
|
||||
read_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Relabel all non-authentication related
|
||||
## files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`files_relabel_non_auth_files',`
|
||||
gen_require(`
|
||||
attribute non_auth_file_type;
|
||||
')
|
||||
|
||||
allow $1 non_auth_file_type:dir list_dir_perms;
|
||||
relabel_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
# this is only relabelfrom since there should be no
|
||||
# device nodes with file types.
|
||||
relabelfrom_blk_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
|
||||
# satisfy the assertions:
|
||||
seutil_relabelto_bin_policy($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## rw non-authentication related files.
|
||||
@ -1430,6 +1398,38 @@ interface(`files_manage_non_auth_files',`
|
||||
files_manage_kernel_modules($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Relabel all non-authentication related
|
||||
## files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`files_relabel_non_auth_files',`
|
||||
gen_require(`
|
||||
attribute non_auth_file_type;
|
||||
')
|
||||
|
||||
allow $1 non_auth_file_type:dir list_dir_perms;
|
||||
relabel_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabel_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
# this is only relabelfrom since there should be no
|
||||
# device nodes with file types.
|
||||
relabelfrom_blk_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
|
||||
|
||||
# satisfy the assertions:
|
||||
seutil_relabelto_bin_policy($1)
|
||||
')
|
||||
|
||||
#############################################
|
||||
## <summary>
|
||||
## Manage all configuration directories on filesystem
|
||||
|
Loading…
Reference in New Issue
Block a user