← Back to branch summary

~ubuntu-branches/ubuntu/natty/refpolicy-ubuntu/natty

« back to all changes in this revision

Viewing changes to policy/modules/system/selinuxutil.if

  • Committer: Bazaar Package Importer
  • Author(s): Caleb Case
  • Date: 2009-10-19 01:48:39 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20091019014839-0rpi67ygkrjya30k
Tags: 0.2.20090730-0ubuntu1
https://launchpad.net/bugs/434084
* Updated to upstream release 2.20090730
* Handle Upstart direct execution of daemons.
* Pre-depend on selinux to ensure that the trigger is handled (LP: #434084).

Show diffs side-by-side

added added

removed removed

Lines of Context:
policy/modules/system/selinuxutil.if
17
17
 
18
18
        files_search_usr($1)
19
19
        corecmd_search_bin($1)
20
 
        domtrans_pattern($1,checkpolicy_exec_t,checkpolicy_t)
 
20
        domtrans_pattern($1, checkpolicy_exec_t, checkpolicy_t)
21
21
')
22
22
 
23
23
########################################
65
65
 
66
66
        files_search_usr($1)
67
67
        corecmd_search_bin($1)
68
 
        can_exec($1,checkpolicy_exec_t)
 
68
        can_exec($1, checkpolicy_exec_t)
69
69
')
70
70
 
71
71
#######################################
84
84
        ')
85
85
 
86
86
        corecmd_search_bin($1)
87
 
        domtrans_pattern($1,load_policy_exec_t,load_policy_t)
 
87
        domtrans_pattern($1, load_policy_exec_t, load_policy_t)
88
88
')
89
89
 
90
90
########################################
130
130
        ')
131
131
 
132
132
        corecmd_search_bin($1)
133
 
        can_exec($1,load_policy_exec_t)
 
133
        can_exec($1, load_policy_exec_t)
134
134
')
135
135
 
136
136
########################################
169
169
 
170
170
        files_search_usr($1)
171
171
        corecmd_search_bin($1)
172
 
        domtrans_pattern($1,newrole_exec_t,newrole_t)
 
172
        domtrans_pattern($1, newrole_exec_t, newrole_t)
173
173
')
174
174
 
175
175
########################################
218
218
 
219
219
        files_search_usr($1)
220
220
        corecmd_search_bin($1)
221
 
        can_exec($1,newrole_exec_t)
 
221
        can_exec($1, newrole_exec_t)
222
222
')
223
223
 
224
224
########################################
366
366
 
367
367
        files_search_usr($1)
368
368
        corecmd_search_bin($1)
369
 
        domtrans_pattern($1,run_init_exec_t,run_init_t)
 
369
        domtrans_pattern($1, run_init_exec_t, run_init_t)
370
370
')
371
371
 
372
372
########################################
390
390
                type run_init_t;
391
391
        ')
392
392
 
393
 
        init_script_file_domtrans($1,run_init_t)
 
393
        init_script_file_domtrans($1, run_init_t)
394
394
 
395
395
        allow run_init_t $1:fd use;
396
396
        allow run_init_t $1:fifo_file rw_file_perms;
503
503
 
504
504
        files_search_usr($1)
505
505
        corecmd_search_bin($1)
506
 
        domtrans_pattern($1,setfiles_exec_t,setfiles_t)
 
506
        domtrans_pattern($1, setfiles_exec_t, setfiles_t)
507
507
')
508
508
 
509
509
########################################
550
550
 
551
551
        files_search_usr($1)
552
552
        corecmd_search_bin($1)
553
 
        can_exec($1,setfiles_exec_t)
 
553
        can_exec($1, setfiles_exec_t)
554
554
')
555
555
 
556
556
########################################
610
610
 
611
611
        files_search_etc($1)
612
612
        allow $1 selinux_config_t:dir list_dir_perms;
613
 
        read_files_pattern($1,selinux_config_t,selinux_config_t)
614
 
        read_lnk_files_pattern($1,selinux_config_t,selinux_config_t)
 
613
        read_files_pattern($1, selinux_config_t, selinux_config_t)
 
614
        read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
615
615
')
616
616
 
617
617
########################################
632
632
 
633
633
        files_search_etc($1)
634
634
        allow $1 selinux_config_t:dir list_dir_perms;
635
 
        rw_files_pattern($1,selinux_config_t,selinux_config_t)
 
635
        rw_files_pattern($1, selinux_config_t, selinux_config_t)
636
636
')
637
637
 
638
638
#######################################
680
680
        ')
681
681
 
682
682
        files_search_etc($1)
683
 
        manage_files_pattern($1,selinux_config_t,selinux_config_t)
684
 
        read_lnk_files_pattern($1,selinux_config_t,selinux_config_t)
 
683
        manage_files_pattern($1, selinux_config_t, selinux_config_t)
 
684
        read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
685
685
')
686
686
 
687
687
#######################################
721
721
        ')
722
722
 
723
723
        files_search_etc($1)
724
 
        search_dirs_pattern($1,selinux_config_t,default_context_t)
 
724
        search_dirs_pattern($1, selinux_config_t, default_context_t)
725
725
')
726
726
 
727
727
########################################
743
743
        files_search_etc($1)
744
744
        allow $1 selinux_config_t:dir search_dir_perms;
745
745
        allow $1 default_context_t:dir list_dir_perms;
746
 
        read_files_pattern($1,default_context_t,default_context_t)
 
746
        read_files_pattern($1, default_context_t, default_context_t)
747
747
')
748
748
 
749
749
########################################
763
763
 
764
764
        files_search_etc($1)
765
765
        allow $1 selinux_config_t:dir search_dir_perms;
766
 
        manage_files_pattern($1,default_context_t,default_context_t)
 
766
        manage_files_pattern($1, default_context_t, default_context_t)
767
767
')
768
768
 
769
769
########################################
784
784
 
785
785
        files_search_etc($1)
786
786
        allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
787
 
        read_files_pattern($1,file_context_t,file_context_t)
 
787
        read_files_pattern($1, file_context_t, file_context_t)
788
788
')
789
789
 
790
790
########################################
824
824
 
825
825
        files_search_etc($1)
826
826
        allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
827
 
        rw_files_pattern($1,file_context_t,file_context_t)
 
827
        rw_files_pattern($1, file_context_t, file_context_t)
828
828
')
829
829
 
830
830
########################################
845
845
 
846
846
        files_search_etc($1)
847
847
        allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
848
 
        manage_files_pattern($1,file_context_t,file_context_t)
 
848
        manage_files_pattern($1, file_context_t, file_context_t)
849
849
')
850
850
 
851
851
########################################
865
865
 
866
866
        files_search_etc($1)
867
867
        allow $1 selinux_config_t:dir search_dir_perms;
868
 
        read_files_pattern($1,policy_config_t,policy_config_t)
 
868
        read_files_pattern($1, policy_config_t, policy_config_t)
869
869
')
870
870
 
871
871
########################################
886
886
 
887
887
        files_search_etc($1)
888
888
        allow $1 selinux_config_t:dir search_dir_perms;
889
 
        create_files_pattern($1,policy_config_t,policy_config_t)
890
 
        write_files_pattern($1,policy_config_t,policy_config_t)
 
889
        create_files_pattern($1, policy_config_t, policy_config_t)
 
890
        write_files_pattern($1, policy_config_t, policy_config_t)
891
891
#       typeattribute $1 can_write_binary_policy;
892
892
')
893
893
 
930
930
 
931
931
        files_search_etc($1)
932
932
        allow $1 selinux_config_t:dir search_dir_perms;
933
 
        manage_files_pattern($1,policy_config_t,policy_config_t)
 
933
        manage_files_pattern($1, policy_config_t, policy_config_t)
934
934
        typeattribute $1 can_write_binary_policy;
935
935
')
936
936
 
950
950
        ')
951
951
 
952
952
        files_search_etc($1)
953
 
        list_dirs_pattern($1,selinux_config_t,policy_src_t)
954
 
        read_files_pattern($1,policy_src_t,policy_src_t)
 
953
        list_dirs_pattern($1, selinux_config_t, policy_src_t)
 
954
        read_files_pattern($1, policy_src_t, policy_src_t)
955
955
')
956
956
 
957
957
########################################
973
973
 
974
974
        files_search_etc($1)
975
975
        allow $1 selinux_config_t:dir search_dir_perms;
976
 
        manage_dirs_pattern($1,policy_src_t,policy_src_t)
977
 
        manage_files_pattern($1,policy_src_t,policy_src_t)
 
976
        manage_dirs_pattern($1, policy_src_t, policy_src_t)
 
977
        manage_files_pattern($1, policy_src_t, policy_src_t)
978
978
')
979
979
 
980
980
########################################
994
994
 
995
995
        files_search_usr($1)
996
996
        corecmd_search_bin($1)
997
 
        domtrans_pattern($1,semanage_exec_t,semanage_t)
 
997
        domtrans_pattern($1, semanage_exec_t, semanage_t)
998
998
')
999
999
 
1000
1000
########################################
1043
1043
        ')
1044
1044
 
1045
1045
        files_search_etc($1)
1046
 
        manage_dirs_pattern($1,selinux_config_t,semanage_store_t)
1047
 
        manage_files_pattern($1,semanage_store_t,semanage_store_t)
1048
 
        filetrans_pattern($1,selinux_config_t,semanage_store_t,dir)
 
1046
        manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
 
1047
        manage_files_pattern($1, semanage_store_t, semanage_store_t)
 
1048
        filetrans_pattern($1, selinux_config_t, semanage_store_t, dir)
1049
1049
')
1050
1050
 
1051
1051
#######################################
1064
1064
        ')
1065
1065
 
1066
1066
        files_search_etc($1)
1067
 
        rw_files_pattern($1,selinux_config_t,semanage_read_lock_t)
 
1067
        rw_files_pattern($1, selinux_config_t, semanage_read_lock_t)
1068
1068
')
1069
1069
 
1070
1070
#######################################
1083
1083
        ')
1084
1084
 
1085
1085
        files_search_etc($1)
1086
 
        rw_files_pattern($1,selinux_config_t,semanage_trans_lock_t)
 
1086
        rw_files_pattern($1, selinux_config_t, semanage_trans_lock_t)
1087
1087
')
1088
1088
 
1089
1089
########################################