rename create verb to filetrans for type transitioning ifs

This commit is contained in:
Chris PeBenito 2006-01-13 21:07:27 +00:00
parent 9d594986b7
commit ce96df7580
1 changed files with 13 additions and 32 deletions

View File

@ -819,7 +819,7 @@ dontaudit $1_t self:capability sys_tty_config;
allow $1_t self:process signal_perms; allow $1_t self:process signal_perms;
allow $1_t $1_var_run_t:file create_file_perms; allow $1_t $1_var_run_t:file create_file_perms;
allow $1_t $1_var_run_t:dir rw_dir_perms; allow $1_t $1_var_run_t:dir rw_dir_perms;
files_create_pid($1_t,$1_var_run_t) files_filetrans_pid($1_t,$1_var_run_t)
kernel_read_kernel_sysctl($1_t) kernel_read_kernel_sysctl($1_t)
kernel_list_proc($1_t) kernel_list_proc($1_t)
kernel_read_proc_symlinks($1_t) kernel_read_proc_symlinks($1_t)
@ -987,10 +987,10 @@ optional_policy(`kerberos',`
#end for identd #end for identd
allow $1_t $1_tmp_t:dir create_dir_perms; allow $1_t $1_tmp_t:dir create_dir_perms;
allow $1_t $1_tmp_t:file create_file_perms; allow $1_t $1_tmp_t:file create_file_perms;
files_create_tmp_files($1_t, $1_tmp_t, { file dir }) files_filetrans_tmp($1_t, $1_tmp_t, { file dir })
allow $1_t $1_var_run_t:file create_file_perms; allow $1_t $1_var_run_t:file create_file_perms;
allow $1_t $1_var_run_t:dir rw_dir_perms; allow $1_t $1_var_run_t:dir rw_dir_perms;
files_create_pid($1_t,$1_var_run_t) files_filetrans_pid($1_t,$1_var_run_t)
kernel_read_kernel_sysctl($1_t) kernel_read_kernel_sysctl($1_t)
kernel_read_system_state($1_t) kernel_read_system_state($1_t)
kernel_read_network_state($1_t) kernel_read_network_state($1_t)
@ -1033,7 +1033,7 @@ libs_legacy_use_ld_so($1_t)
type $1_lock_t; type $1_lock_t;
files_lock_file($1_lock_t) files_lock_file($1_lock_t)
allow $1_t $1_lock_t:file create_file_perms; allow $1_t $1_lock_t:file create_file_perms;
files_create_lock($1_t,$1_lock_t) files_filetrans_lock($1_t,$1_lock_t)
# #
# log_domain(): complete # log_domain(): complete
@ -1041,7 +1041,7 @@ files_create_lock($1_t,$1_lock_t)
type $1_log_t; type $1_log_t;
logging_log_file($1_log_t) logging_log_file($1_log_t)
allow $1_t $1_log_t:file create_file_perms; allow $1_t $1_log_t:file create_file_perms;
logging_create_log($1_t,$1_log_t) logging_filetrans_log($1_t,$1_log_t)
# #
# logdir_domain(): complete # logdir_domain(): complete
@ -1050,7 +1050,7 @@ type $1_log_t;
logging_log_file($1_log_t) logging_log_file($1_log_t)
allow $1_t $1_log_t:file create_file_perms; allow $1_t $1_log_t:file create_file_perms;
allow $1_t $1_log_t:dir rw_dir_perms; allow $1_t $1_log_t:dir rw_dir_perms;
logging_create_log($1_t,$1_log_t,{ file dir }) logging_filetrans_log($1_t,$1_log_t,{ file dir })
# #
# network_home_dir(): # network_home_dir():
@ -1060,28 +1060,9 @@ can_exec($1, $2)
allow $1 $2:{ sock_file fifo_file } { create ioctl read getattr lock write setattr append link unlink rename }; allow $1 $2:{ sock_file fifo_file } { create ioctl read getattr lock write setattr append link unlink rename };
# #
# polyinstantiater(): # polyinstantiater(): complete
# #
ifdef(`support_polyinstantiation', ` files_polyinstantiate_all($1)
# Need to give access to /selinux/member
selinux_compute_member($1)
# Need sys_admin capability for mounting
allow $1 self:capability sys_admin;
# Need to give access to the directories to be polyinstantiated
allow $1 polydir:dir { getattr mounton add_name create setattr write search };
# Need to give access to the polyinstantiated subdirectories
allow $1 polymember:dir {getattr search };
# Need to give access to parent directories where original
# is remounted for polyinstantiation aware programs (like gdm)
allow $1 polyparent:dir { getattr mounton };
# Need to give permission to create directories where applicable
allow $1 polymember: dir { create setattr };
allow $1 polydir: dir { write add_name };
allow $1 self:process setfscreate;
allow $1 polyparent:dir { write add_name };
# Default type for mountpoints
allow $1 poly_t:dir { create mounton };
')
# #
# pty_slave_label(): # pty_slave_label():
@ -1172,7 +1153,7 @@ type $1_tmp_t;
files_tmp_file($1_tmp_t) files_tmp_file($1_tmp_t)
allow $1_t $1_tmp_t:dir create_dir_perms; allow $1_t $1_tmp_t:dir create_dir_perms;
allow $1_t $1_tmp_t:file create_file_perms; allow $1_t $1_tmp_t:file create_file_perms;
files_create_tmp_files($1_t, $1_tmp_t, { file dir }) files_filetrans_tmp($1_t, $1_tmp_t, { file dir })
# #
# tmp_domain($1,$2,$3): complete # tmp_domain($1,$2,$3): complete
@ -1182,7 +1163,7 @@ files_create_tmp_files($1_t, $1_tmp_t, { file dir })
type $1_tmp_t $2; type $1_tmp_t $2;
files_tmp_file($1_tmp_t) files_tmp_file($1_tmp_t)
allow $1_t $1_tmp_t:$3 manage_obj_perms; allow $1_t $1_tmp_t:$3 manage_obj_perms;
files_create_tmp_files($1_t, $1_tmp_t, $3) files_filetrans_tmp($1_t, $1_tmp_t, $3)
# #
# tmpfs_domain(): complete # tmpfs_domain(): complete
@ -1222,7 +1203,7 @@ type $1_var_lib_t;
files_type($1_var_lib_t) files_type($1_var_lib_t)
allow $1_t $1_var_lib_t:file create_file_perms; allow $1_t $1_var_lib_t:file create_file_perms;
allow $1_t $1_var_lib_t:dir rw_dir_perms; allow $1_t $1_var_lib_t:dir rw_dir_perms;
files_create_var_lib($1_t,$1_var_lib_t) files_filetrans_var_lib($1_t,$1_var_lib_t)
# #
# var_run_domain($1): complete # var_run_domain($1): complete
@ -1231,14 +1212,14 @@ type $1_var_run_t;
files_pid_file($1_var_run_t) files_pid_file($1_var_run_t)
allow $1_t $1_var_run_t:file create_file_perms; allow $1_t $1_var_run_t:file create_file_perms;
allow $1_t $1_var_run_t:dir rw_dir_perms; allow $1_t $1_var_run_t:dir rw_dir_perms;
files_create_pid($1_t,$1_var_run_t) files_filetrans_pid($1_t,$1_var_run_t)
# #
# var_run_domain($1,$2): complete # var_run_domain($1,$2): complete
# #
type $1_var_run_t; type $1_var_run_t;
files_pid_file($1_var_run_t) files_pid_file($1_var_run_t)
files_create_pid($1_t,$1_var_run_t,$2) files_filetrans_pid($1_t,$1_var_run_t,$2)
# for each object class in $2: # for each object class in $2:
# if dir: # if dir:
allow $1 $1_var_run_t:dir create_dir_perms; allow $1 $1_var_run_t:dir create_dir_perms;