Chris PeBenito 000394
## <summary>User-based access control policy</summary>
Chris PeBenito 000394
## <required val="true">
Chris PeBenito 000394
##	Contains attributes used in UBAC policy.
Chris PeBenito 000394
## </required>
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 888d9e
##	Constrain by user-based access control (UBAC).
Chris PeBenito 000394
## </summary>
Chris PeBenito 888d9e
## <desc>
Chris PeBenito 888d9e
##	

Chris PeBenito 888d9e
##	Constrain the specified type by user-based
Chris PeBenito 888d9e
##	access control (UBAC).  Typically, these are
Chris PeBenito 888d9e
##	user processes or user files that need to be
Chris PeBenito 888d9e
##	differentiated by SELinux user.  Normally this
Chris PeBenito 888d9e
##	does not include administrative or privileged
Chris PeBenito 888d9e
##	programs. For the UBAC rules to be enforced,
Chris PeBenito 888d9e
##	both the subject (source) type and the object
Chris PeBenito 888d9e
##	(target) types must be UBAC constrained.
Chris PeBenito 888d9e
##	

Chris PeBenito 888d9e
## </desc>
Chris PeBenito 000394
## <param name="type">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Type to be constrained by UBAC.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 888d9e
## <infoflow type="none"/>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_constrained',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubac_constrained_type;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubac_constrained_type;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for files.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_file_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacfile;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacfile;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for processes.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_process_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacproc;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacproc;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for file descriptors.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_fd_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacfd;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacfd;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for sockets.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_socket_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacsock;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacsock;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for SysV IPC.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_sysvipc_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacipc;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacipc;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for X Windows.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_xwin_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacxwin;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacxwin;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for dbus.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_dbus_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacdbus;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacdbus;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for keys.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_key_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubackey;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubackey;
Chris PeBenito 000394
')
Chris PeBenito 000394
Chris PeBenito 000394
########################################
Chris PeBenito 000394
## <summary>
Chris PeBenito 000394
##	Exempt user-based access control for databases.
Chris PeBenito 000394
## </summary>
Chris PeBenito 000394
## <param name="domain">
Chris PeBenito 000394
##	<summary>
Chris PeBenito 000394
##	Domain to be exempted.
Chris PeBenito 000394
##	</summary>
Chris PeBenito 000394
## </param>
Chris PeBenito 000394
#
Chris PeBenito 000394
interface(`ubac_db_exempt',`
Chris PeBenito 000394
	gen_require(`
Chris PeBenito 000394
		attribute ubacdb;
Chris PeBenito 000394
	')
Chris PeBenito 000394
Chris PeBenito 000394
	typeattribute $1 ubacdb;
Chris PeBenito 000394
')