nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0dd9d69d92
selinux-refpolicy/policy/modules/system/clock.if
Markus Linnala 9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
2021-07-02 12:19:25 +03:00

120 lines
2.1 KiB
Plaintext
Raw Blame History

## <summary>Policy for reading and setting the hardware clock.</summary>
########################################
## <summary>
## Execute hwclock in the clock domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`clock_domtrans',`
gen_require(`
type hwclock_t, hwclock_exec_t;
')
domtrans_pattern($1, hwclock_exec_t, hwclock_t)
')
########################################
## <summary>
## Execute hwclock in the clock domain, and
## allow the specified role the hwclock domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`clock_run',`
gen_require(`
type hwclock_t;
')
clock_domtrans($1)
role $2 types hwclock_t;
')
########################################
## <summary>
## Execute hwclock in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`clock_exec',`
gen_require(`
type hwclock_exec_t;
')
can_exec($1, hwclock_exec_t)
')
########################################
## <summary>
## Read clock drift adjustments.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`clock_read_adjtime',`
gen_require(`
type adjtime_t;
')
files_list_etc($1)
allow $1 adjtime_t:file read_file_perms;
')
########################################
## <summary>
## Do not audit attempts to write clock drift adjustments.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`clock_dontaudit_write_adjtime',`
gen_require(`
type adjtime_t;
')
dontaudit $1 adjtime_t:file write;
')
########################################
## <summary>
## Read and write clock drift adjustments.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`clock_rw_adjtime',`
gen_require(`
type adjtime_t;
')
allow $1 adjtime_t:file rw_file_perms;
files_list_etc($1)
')
Reference in New Issue View Git Blame Copy Permalink