nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
60a3d5af67
selinux-refpolicy/policy/modules/services/policykit.if
Markus Linnala 9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
2021-07-02 12:19:25 +03:00

249 lines
4.9 KiB
Plaintext
Raw Blame History

## <summary>Policy framework for controlling privileges for system-wide services.</summary>
########################################
## <summary>
## Send and receive messages from
## policykit over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`policykit_dbus_chat',`
gen_require(`
type policykit_t;
class dbus send_msg;
')
allow $1 policykit_t:dbus send_msg;
allow policykit_t $1:dbus send_msg;
')
########################################
## <summary>
## Send and receive messages from
## policykit auth over dbus.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`policykit_dbus_chat_auth',`
gen_require(`
type policykit_auth_t;
class dbus send_msg;
')
allow $1 policykit_auth_t:dbus send_msg;
allow policykit_auth_t $1:dbus send_msg;
')
########################################
## <summary>
## Execute a domain transition to run polkit_auth.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`policykit_domtrans_auth',`
gen_require(`
type policykit_auth_t, policykit_auth_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, policykit_auth_exec_t, policykit_auth_t)
')
########################################
## <summary>
## Execute a policy_auth in the policy
## auth domain, and allow the specified
## role the policy auth domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
#
interface(`policykit_run_auth',`
gen_require(`
attribute_role policykit_auth_roles;
')
policykit_domtrans_auth($1)
roleattribute $2 policykit_auth_roles;
')
#######################################
## <summary>
## Send generic signals to
## policykit auth.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`policykit_signal_auth',`
gen_require(`
type policykit_auth_t;
')
allow $1 policykit_auth_t:process signal;
')
########################################
## <summary>
## Execute a domain transition to run polkit grant.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`policykit_domtrans_grant',`
gen_require(`
type policykit_grant_t, policykit_grant_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, policykit_grant_exec_t, policykit_grant_t)
')
########################################
## <summary>
## Execute a policy_grant in the policy
## grant domain, and allow the specified
## role the policy grant domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`policykit_run_grant',`
gen_require(`
attribute_role policykit_grant_roles;
')
policykit_domtrans_grant($1)
roleattribute $2 policykit_grant_roles;
')
########################################
## <summary>
## Read policykit reload files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`policykit_read_reload',`
gen_require(`
type policykit_reload_t;
')
files_search_var_lib($1)
read_files_pattern($1, policykit_reload_t, policykit_reload_t)
')
########################################
## <summary>
## Read and write policykit reload files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`policykit_rw_reload',`
gen_require(`
type policykit_reload_t;
')
files_search_var_lib($1)
rw_files_pattern($1, policykit_reload_t, policykit_reload_t)
')
########################################
## <summary>
## Execute a domain transition to run polkit resolve.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`policykit_domtrans_resolve',`
gen_require(`
type policykit_resolve_t, policykit_resolve_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
')
########################################
## <summary>
## Search policykit lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`policykit_search_lib',`
gen_require(`
type policykit_var_lib_t;
')
files_search_var_lib($1)
allow $1 policykit_var_lib_t:dir search_dir_perms;
')
########################################
## <summary>
## Read policykit lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`policykit_read_lib',`
gen_require(`
type policykit_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, policykit_var_lib_t, policykit_var_lib_t)
')
Reference in New Issue View Git Blame Copy Permalink