nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
242e371ac2
selinux-refpolicy/policy/modules/services/dnsmasq.if
Markus Linnala 9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
2021-07-02 12:19:25 +03:00

377 lines
7.6 KiB
Plaintext
Raw Blame History

## <summary>DNS forwarder and DHCP server.</summary>
########################################
## <summary>
## Execute dnsmasq server in the dnsmasq domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
#
interface(`dnsmasq_domtrans',`
gen_require(`
type dnsmasq_exec_t, dnsmasq_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, dnsmasq_exec_t, dnsmasq_t)
')
########################################
## <summary>
## Execute the dnsmasq init script in
## the init script domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
#
interface(`dnsmasq_initrc_domtrans',`
gen_require(`
type dnsmasq_initrc_exec_t;
')
init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
')
########################################
## <summary>
## Send generic signals to dnsmasq.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`dnsmasq_signal',`
gen_require(`
type dnsmasq_t;
')
allow $1 dnsmasq_t:process signal;
')
########################################
## <summary>
## Send null signals to dnsmasq.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`dnsmasq_signull',`
gen_require(`
type dnsmasq_t;
')
allow $1 dnsmasq_t:process signull;
')
########################################
## <summary>
## Send kill signals to dnsmasq.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`dnsmasq_kill',`
gen_require(`
type dnsmasq_t;
')
allow $1 dnsmasq_t:process sigkill;
')
########################################
## <summary>
## Read dnsmasq config files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dnsmasq_read_config',`
gen_require(`
type dnsmasq_etc_t;
')
read_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
files_search_etc($1)
')
########################################
## <summary>
## Write dnsmasq config files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dnsmasq_write_config',`
gen_require(`
type dnsmasq_etc_t;
')
write_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
files_search_etc($1)
')
########################################
## <summary>
## Delete dnsmasq pid files. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`dnsmasq_delete_pid_files',`
refpolicywarn(`$0($*) has been deprecated, please use dnsmasq_delete_runtime_files() instead.')
dnsmasq_delete_runtime_files($1)
')
########################################
## <summary>
## Create, read, write, and delete
## dnsmasq pid files (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dnsmasq_manage_pid_files',`
refpolicywarn(`$0($*) has been deprecated, please use dnsmasq_manage_runtime_files() instead.')
dnsmasq_manage_runtime_files($1)
')
########################################
## <summary>
## Read dnsmasq pid files. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`dnsmasq_read_pid_files',`
refpolicywarn(`$0($*) has been deprecated, please use dnsmasq_read_runtime_files() instead.')
dnsmasq_read_runtime_files($1)
')
########################################
## <summary>
## Create dnsmasq pid directories. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dnsmasq_create_pid_dirs',`
refpolicywarn(`$0($*) has been deprecated, please use dnsmasq_create_runtime_dirs() instead.')
dnsmasq_create_runtime_dirs($1)
')
########################################
## <summary>
## Create specified objects in specified
## directories with a type transition to
## the dnsmasq pid file type. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="file_type">
## <summary>
## Directory to transition on.
## </summary>
## </param>
## <param name="object">
## <summary>
## The object class of the object being created.
## </summary>
## </param>
## <param name="name" optional="true">
## <summary>
## The name of the object being created.
## </summary>
## </param>
#
interface(`dnsmasq_spec_filetrans_pid',`
refpolicywarn(`$0($*) has been deprecated, please use dnsmasq_virt_runtime_filetrans_runtime() instead.')
dnsmasq_virt_runtime_filetrans_runtime($1, $3, $4)
')
########################################
## <summary>
## Create dnsmasq runtime directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dnsmasq_create_runtime_dirs',`
gen_require(`
type dnsmasq_runtime_t;
')
files_search_runtime($1)
allow $1 dnsmasq_runtime_t:dir create_dir_perms;
')
########################################
## <summary>
## Create specified objects in specified
## directories with a type transition to
## the dnsmasq runtime file type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="object">
## <summary>
## The object class of the object being created.
## </summary>
## </param>
## <param name="name" optional="true">
## <summary>
## The name of the object being created.
## </summary>
## </param>
#
interface(`dnsmasq_virt_runtime_filetrans_runtime',`
gen_require(`
type dnsmasq_runtime_t;
')
virt_runtime_filetrans($1, dnsmasq_runtime_t, $2, $3)
')
########################################
## <summary>
## Read dnsmasq runtime files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`dnsmasq_read_runtime_files',`
gen_require(`
type dnsmasq_runtime_t;
')
read_files_pattern($1, dnsmasq_runtime_t, dnsmasq_runtime_t)
')
########################################
## <summary>
## Delete dnsmasq runtime files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#
interface(`dnsmasq_delete_runtime_files',`
gen_require(`
type dnsmasq_runtime_t;
')
delete_files_pattern($1, dnsmasq_runtime_t, dnsmasq_runtime_t)
')
########################################
## <summary>
## Create, read, write, and delete
## dnsmasq runtime files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dnsmasq_manage_runtime_files',`
gen_require(`
type dnsmasq_runtime_t;
')
files_search_runtime($1)
manage_files_pattern($1, dnsmasq_runtime_t, dnsmasq_runtime_t)
')
########################################
## <summary>
## All of the rules required to
## administrate an dnsmasq environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`dnsmasq_admin',`
gen_require(`
type dnsmasq_t, dnsmasq_lease_t, dnsmasq_runtime_t;
type dnsmasq_initrc_exec_t, dnsmasq_var_log_t;
')
allow $1 dnsmasq_t:process { ptrace signal_perms };
ps_process_pattern($1, dnsmasq_t)
init_startstop_service($1, $2, dnsmasq_t, dnsmasq_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, dnsmasq_lease_t)
logging_search_logs($1)
admin_pattern($1, dnsmasq_var_log_t)
files_list_runtime($1)
admin_pattern($1, dnsmasq_runtime_t)
')
Reference in New Issue View Git Blame Copy Permalink