nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
242e371ac2
selinux-refpolicy/policy/modules/services/gssproxy.if
Markus Linnala 9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
2021-07-02 12:19:25 +03:00

164 lines
3.3 KiB
Plaintext
Raw Blame History

## <summary>policy for gssproxy - daemon to proxy GSSAPI context establishment and channel handling</summary>
########################################
## <summary>
## Execute gssproxy in the gssproxy domin.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`gssproxy_domtrans',`
gen_require(`
type gssproxy_t, gssproxy_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, gssproxy_exec_t, gssproxy_t)
')
########################################
## <summary>
## Search gssproxy lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gssproxy_search_lib',`
gen_require(`
type gssproxy_var_lib_t;
')
allow $1 gssproxy_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Read gssproxy lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gssproxy_read_lib_files',`
gen_require(`
type gssproxy_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t)
')
########################################
## <summary>
## Manage gssproxy lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gssproxy_manage_lib_files',`
gen_require(`
type gssproxy_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t)
')
########################################
## <summary>
## Manage gssproxy lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gssproxy_manage_lib_dirs',`
gen_require(`
type gssproxy_var_lib_t;
')
files_search_var_lib($1)
manage_dirs_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t)
')
########################################
## <summary>
## Read gssproxy PID files. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gssproxy_read_pid_files',`
refpolicywarn(`$0($*) has been deprecated.')
')
########################################
## <summary>
## Connect to gssproxy over an unix
## domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gssproxy_stream_connect',`
gen_require(`
type gssproxy_t, gssproxy_run_t, gssproxy_var_lib_t;
')
files_search_runtime($1)
stream_connect_pattern($1, gssproxy_run_t, gssproxy_run_t, gssproxy_t)
stream_connect_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t, gssproxy_t)
')
########################################
## <summary>
## All of the rules required to administrate
## an gssproxy environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`gssproxy_admin',`
gen_require(`
type gssproxy_t;
type gssproxy_var_lib_t;
type gssproxy_run_t;
type gssproxy_unit_t;
')
allow $1 gssproxy_t:process { ptrace signal_perms };
ps_process_pattern($1, gssproxy_t)
files_search_var_lib($1)
admin_pattern($1, gssproxy_var_lib_t)
files_search_runtime($1)
admin_pattern($1, gssproxy_run_t)
admin_pattern($1, gssproxy_unit_t)
')
Reference in New Issue View Git Blame Copy Permalink