Rearrange a few files interfaces.

This commit is contained in:
Chris PeBenito 2012-05-04 09:13:11 -04:00
parent e7ed5a1fe9
commit 4f8e1a4e3d

View File

@ -84,6 +84,26 @@ interface(`files_type',`
typeattribute $1 file_type, non_security_file_type, non_auth_file_type;
')
########################################
## <summary>
## Mark the specified type as a file
## that is related to authentication.
## </summary>
## <param name="file_type">
## <summary>
## Type of the authentication-related
## file.
## </summary>
## </param>
#
interface(`files_auth_file',`
gen_require(`
attribute file_type, security_file_type, auth_file_type;
')
typeattribute $1 file_type, security_file_type, auth_file_type;
')
########################################
## <summary>
## Make the specified type a file that
@ -1275,26 +1295,6 @@ interface(`files_unmount_all_file_type_fs',`
allow $1 file_type:filesystem unmount;
')
########################################
## <summary>
## Mark the specified type as a file
## that is related to authentication.
## </summary>
## <param name="file_type">
## <summary>
## Type of the authentication-related
## file.
## </summary>
## </param>
#
interface(`files_auth_file',`
gen_require(`
attribute file_type, security_file_type, auth_file_type;
')
typeattribute $1 file_type, security_file_type, auth_file_type;
')
########################################
## <summary>
## Read all non-authentication related
@ -1352,38 +1352,6 @@ interface(`files_read_non_auth_symlinks',`
read_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
')
########################################
## <summary>
## Relabel all non-authentication related
## files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`files_relabel_non_auth_files',`
gen_require(`
attribute non_auth_file_type;
')
allow $1 non_auth_file_type:dir list_dir_perms;
relabel_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
# this is only relabelfrom since there should be no
# device nodes with file types.
relabelfrom_blk_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
# satisfy the assertions:
seutil_relabelto_bin_policy($1)
')
########################################
## <summary>
## rw non-authentication related files.
@ -1430,6 +1398,38 @@ interface(`files_manage_non_auth_files',`
files_manage_kernel_modules($1)
')
########################################
## <summary>
## Relabel all non-authentication related
## files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`files_relabel_non_auth_files',`
gen_require(`
attribute non_auth_file_type;
')
allow $1 non_auth_file_type:dir list_dir_perms;
relabel_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabel_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
# this is only relabelfrom since there should be no
# device nodes with file types.
relabelfrom_blk_files_pattern($1, non_auth_file_type, non_auth_file_type)
relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
# satisfy the assertions:
seutil_relabelto_bin_policy($1)
')
#############################################
## <summary>
## Manage all configuration directories on filesystem