|
Chris PeBenito |
f0574f |
## <summary>Multilevel security policy</summary>
|
|
Chris PeBenito |
f0574f |
## <desc>
|
|
Chris PeBenito |
f0574f |
##
|
|
Chris PeBenito |
f0574f |
## This module contains interfaces for handling multilevel
|
|
Chris PeBenito |
f0574f |
## security. The interfaces allow the specified subjects
|
|
Chris PeBenito |
f0574f |
## and objects to be allowed certain privileges in the
|
|
Chris PeBenito |
f0574f |
## MLS rules.
|
|
Chris PeBenito |
f0574f |
##
|
|
Chris PeBenito |
f0574f |
## </desc>
|
|
Chris PeBenito |
f0574f |
## <required val="true">
|
|
Chris PeBenito |
f0574f |
## Contains attributes used in MLS policy.
|
|
Chris PeBenito |
f0574f |
## </required>
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain MLS trusted
|
|
Chris PeBenito |
f0574f |
## for reading from files at higher levels.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_file_read_up',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsfileread;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsfileread;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain MLS trusted
|
|
Chris PeBenito |
f0574f |
## for writing to files at lower levels.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_file_write_down',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsfilewrite;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsfilewrite;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain MLS trusted
|
|
Chris PeBenito |
f0574f |
## for raising the level of files.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_file_upgrade',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsfileupgrade;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsfileupgrade;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain MLS trusted
|
|
Chris PeBenito |
f0574f |
## for lowering the level of files.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_file_downgrade',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsfiledowngrade;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsfiledowngrade;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Allow the specified domain to do a MLS
|
|
Chris PeBenito |
f0574f |
## range transition that changes
|
|
Chris PeBenito |
f0574f |
## the current level.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_rangetrans_source',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute privrangetrans;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 privrangetrans;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain a target domain
|
|
Chris PeBenito |
f0574f |
## for MLS range transitions that change
|
|
Chris PeBenito |
f0574f |
## the current level.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_rangetrans_target',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsrangetrans;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsrangetrans;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain MLS trusted
|
|
Chris PeBenito |
f0574f |
## for reading from processes at higher levels.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_process_read_up',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsprocread;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsprocread;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain MLS trusted
|
|
Chris PeBenito |
f0574f |
## for writing to processes at lower levels.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_process_write_down',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsprocwrite;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsprocwrite;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified domain MLS trusted
|
|
Chris PeBenito |
f0574f |
## for setting the level of processes
|
|
Chris PeBenito |
f0574f |
## it executes.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the process performing this action.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_process_set_level',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlsprocsetsl;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlsprocsetsl;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
########################################
|
|
Chris PeBenito |
f0574f |
## <summary>
|
|
Chris PeBenito |
f0574f |
## Make specified object MLS trusted.
|
|
Chris PeBenito |
f0574f |
## </summary>
|
|
Chris PeBenito |
f0574f |
## <desc>
|
|
Chris PeBenito |
f0574f |
##
|
|
Chris PeBenito |
f0574f |
## Make specified object MLS trusted. This
|
|
Chris PeBenito |
f0574f |
## allows all levels to read and write the
|
|
Chris PeBenito |
f0574f |
## object.
|
|
Chris PeBenito |
f0574f |
##
|
|
Chris PeBenito |
f0574f |
##
|
|
Chris PeBenito |
f0574f |
## This currently only applies to filesystem
|
|
Chris PeBenito |
f0574f |
## objects, for example, files and directories.
|
|
Chris PeBenito |
f0574f |
##
|
|
Chris PeBenito |
f0574f |
## </desc>
|
|
Chris PeBenito |
f0574f |
## <param name="domain">
|
|
Chris PeBenito |
f0574f |
## The type of the object.
|
|
Chris PeBenito |
f0574f |
## </param>
|
|
Chris PeBenito |
f0574f |
#
|
|
Chris PeBenito |
f0574f |
interface(`mls_trusted_object',`
|
|
Chris PeBenito |
f0574f |
gen_require(`
|
|
Chris PeBenito |
f0574f |
attribute mlstrustedobject;
|
|
Chris PeBenito |
f0574f |
')
|
|
Chris PeBenito |
f0574f |
|
|
Chris PeBenito |
f0574f |
typeattribute $1 mlstrustedobject;
|
|
Chris PeBenito |
f0574f |
')
|