rpms / selinux-policy

Clone
Source Code
GIT

Blame refpolicy/policy/modules/kernel/mls.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   b7b1d238dfaa338b0f890096426ae722dffd566f
  2.   refpolicy
  3.   policy
  4.   modules
  5.   kernel
  6.   mls.te
Blob History Raw
Chris PeBenito f0574f
Chris PeBenito bf080a 
policy_module(mls,1.1.2)
Chris PeBenito f0574f
Chris PeBenito f0574f 
########################################
Chris PeBenito f0574f 
#
Chris PeBenito f0574f 
# Declarations
Chris PeBenito f0574f 
#
Chris PeBenito f0574f
Chris PeBenito f0574f 
attribute mlsfileread;
Chris PeBenito f0574f 
attribute mlsfilereadtoclr;
Chris PeBenito f0574f 
attribute mlsfilewrite;
Chris PeBenito f0574f 
attribute mlsfilewritetoclr;
Chris PeBenito f0574f 
attribute mlsfileupgrade;
Chris PeBenito f0574f 
attribute mlsfiledowngrade;
Chris PeBenito f0574f
Chris PeBenito f0574f 
attribute mlsnetread;
Chris PeBenito f0574f 
attribute mlsnetreadtoclr;
Chris PeBenito f0574f 
attribute mlsnetwrite;
Chris PeBenito f0574f 
attribute mlsnetwritetoclr;
Chris PeBenito f0574f 
attribute mlsnetupgrade;
Chris PeBenito f0574f 
attribute mlsnetdowngrade;
Chris PeBenito f0574f 
attribute mlsnetrecvall;
Chris PeBenito f0574f
Chris PeBenito f0574f 
attribute mlsipcread;
Chris PeBenito f0574f 
attribute mlsipcreadtoclr;
Chris PeBenito f0574f 
attribute mlsipcwrite;
Chris PeBenito f0574f 
attribute mlsipcwritetoclr;
Chris PeBenito f0574f
Chris PeBenito f0574f 
attribute mlsprocread;
Chris PeBenito f0574f 
attribute mlsprocreadtoclr;
Chris PeBenito f0574f 
attribute mlsprocwrite;
Chris PeBenito f0574f 
attribute mlsprocwritetoclr;
Chris PeBenito f0574f 
attribute mlsprocsetsl;
Chris PeBenito f0574f
Chris PeBenito f0574f 
attribute mlsxwinread;
Chris PeBenito f0574f 
attribute mlsxwinreadtoclr;
Chris PeBenito f0574f 
attribute mlsxwinwrite;
Chris PeBenito f0574f 
attribute mlsxwinwritetoclr;
Chris PeBenito bf080a 
attribute mlsxwinreadproperty;
Chris PeBenito bf080a 
attribute mlsxwinwriteproperty;
Chris PeBenito bf080a 
attribute mlsxwinreadcolormap;
Chris PeBenito bf080a 
attribute mlsxwinwritecolormap;
Chris PeBenito bf080a 
attribute mlsxwinwritexinput;
Chris PeBenito f0574f
Chris PeBenito f0574f 
attribute mlstrustedobject;
Chris PeBenito f0574f
Chris PeBenito f0574f 
attribute privrangetrans;
Chris PeBenito f0574f 
attribute mlsrangetrans;
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
########################################
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
# THIS IS A HACK
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
# Only the base module can have range_transitions, so we
Chris PeBenito 77f6e2 
# temporarily have to break encapsulation to work around this.
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2
Chris PeBenito 9cca1c 
type crond_exec_t;
Chris PeBenito ef5ca0 
type cupsd_exec_t;
Chris PeBenito 77f6e2 
type getty_t;
Chris PeBenito 23a444 
type init_t;
Chris PeBenito 77f6e2 
type init_exec_t;
Chris PeBenito 77f6e2 
type initrc_t;
Chris PeBenito 6f81e1 
type initrc_exec_t;
Chris PeBenito 9cca1c 
type login_exec_t;
Chris PeBenito c38127 
type sshd_exec_t;
Chris PeBenito 77f6e2 
type su_exec_t;
Chris PeBenito 77f6e2 
type udev_exec_t;
Chris PeBenito 77f6e2 
type unconfined_t;
Chris PeBenito 23a444 
type xdm_exec_t;
Chris PeBenito 77f6e2
Chris PeBenito 23a444 
ifdef(`enable_mcs',`
Chris PeBenito 77f6e2 
range_transition getty_t login_exec_t s0 - s0:c0.c255;
Chris PeBenito 23a444 
range_transition init_t xdm_exec_t s0 - s0:c0.c255;
Chris PeBenito 9cca1c 
range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
Chris PeBenito ef5ca0 
range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
Chris PeBenito 77f6e2 
range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
Chris PeBenito 77f6e2 
range_transition initrc_t udev_exec_t s0 - s0:c0.c255;
Chris PeBenito 23a444 
range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
Chris PeBenito 23a444 
range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
Chris PeBenito 495a70
Chris PeBenito 495a70 
# these might be targeted_policy only
Chris PeBenito 23a444 
range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
Chris PeBenito f0f18e 
range_transition unconfined_t initrc_exec_t s0;
Chris PeBenito 77f6e2 
')
Chris PeBenito 77f6e2
Chris PeBenito 23a444 
ifdef(`enable_mls',`
Chris PeBenito 77f6e2 
# run init with maximum MLS range
Chris PeBenito 1480d3 
range_transition kernel_t init_exec_t s0 - s15:c0.c255;
Chris PeBenito 77f6e2 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation