Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame refpolicy/policy/modules/system/miscfiles.if

Blob History Raw

Chris PeBenito	3865d6	`## <module name="miscfiles" layer="system">`
Chris PeBenito	3865d6	`## <summary>Miscelaneous files.</summary>`
Chris PeBenito	e181fe
Chris PeBenito	b4cd15	`########################################`
Chris PeBenito	3865d6	`## <interface name="miscfiles_manage_man_page_cache">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Allow process to create files and dirs in /var/cache/man`
Chris PeBenito	3865d6	`## and /var/catman/`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <securitydesc>`
Chris PeBenito	3865d6	`## ...`
Chris PeBenito	3865d6	`## </securitydesc>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## Type type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## <infoflow type="write" weight="10"/>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	24280a	`#`
Chris PeBenito	24280a	define(`miscfiles_manage_man_page_cache',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`# FIXME: search var_t dir`
Chris PeBenito	0c73cd	`allow $1 catman_t:dir create_dir_perms;`
Chris PeBenito	0c73cd	`allow $1 catman_t:file create_file_perms;`
Chris PeBenito	24280a	`')`
Chris PeBenito	24280a
Chris PeBenito	24280a	define(`miscfiles_manage_man_page_cache_depend',`
Chris PeBenito	0c73cd	`type catman_t;`
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`class dir create_dir_perms;`
Chris PeBenito	0c73cd	`class file create_file_perms;`
Chris PeBenito	24280a	`')`
Chris PeBenito	24280a
Chris PeBenito	24280a	`########################################`
Chris PeBenito	3865d6	`## <interface name="miscfiles_read_fonts">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Allow process to read fonts files`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <securitydesc>`
Chris PeBenito	3865d6	`## ...`
Chris PeBenito	3865d6	`## </securitydesc>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## Type type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## <infoflow type="read" weight="10"/>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	ec81ec	`#`
Chris PeBenito	ec81ec	define(`miscfiles_read_fonts',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`# FIXME: search usr_t dir`
Chris PeBenito	0c73cd	`# FIXME: search lib_t dir`
Chris PeBenito	0c73cd	`# cjp: fonts can be in either of the above dirs`
Chris PeBenito	0c73cd	`allow $1 fonts_t:dir { getattr read search };`
Chris PeBenito	0c73cd	`allow $1 fonts_t:file { getattr read };`
Chris PeBenito	ec81ec	`')`
Chris PeBenito	ec81ec
Chris PeBenito	ec81ec	define(`miscfiles_read_fonts_depend',`
Chris PeBenito	0c73cd	`type fonts_t;`
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`class dir { getattr read search };`
Chris PeBenito	0c73cd	`class file { getattr read };`
Chris PeBenito	ec81ec	`')`
Chris PeBenito	ec81ec
Chris PeBenito	ec81ec	`########################################`
Chris PeBenito	3865d6	`## <interface name="miscfiles_read_localization">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Allow process to read localization info`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <securitydesc>`
Chris PeBenito	3865d6	`## ...`
Chris PeBenito	3865d6	`## </securitydesc>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## Type type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## <infoflow type="read" weight="10"/>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	b4cd15	`#`
Chris PeBenito	b4cd15	define(`miscfiles_read_localization',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	118186
Chris PeBenito	0c73cd	`# FIXME: $1 read etc_t:lnk_file here`
Chris PeBenito	0c73cd	`# FIXME: $1 search usr_t:dir here`
Chris PeBenito	0c73cd	`allow $1 locale_t:dir { getattr read search };`
Chris PeBenito	0c73cd	`allow $1 locale_t:lnk_file { getattr read };`
Chris PeBenito	0c73cd	`allow $1 locale_t:file { getattr read };`
Chris PeBenito	118186
Chris PeBenito	0c73cd	`# why?`
Chris PeBenito	0c73cd	`libraries_read_library_resources($1)`
Chris PeBenito	b4cd15	`')`
Chris PeBenito	b4cd15
Chris PeBenito	b4cd15	define(`miscfiles_read_localization_depend',`
Chris PeBenito	0c73cd	`type locale_t;`
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`class dir { getattr read search };`
Chris PeBenito	0c73cd	`class lnk_file { getattr read };`
Chris PeBenito	0c73cd	`class file { getattr read };`
Chris PeBenito	b4cd15	`')`
Chris PeBenito	0fef98
Chris PeBenito	0fef98	`########################################`
Chris PeBenito	3865d6	`## <interface name="miscfiles_legacy_read_localization">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Allow process to read legacy time localization info`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <securitydesc>`
Chris PeBenito	3865d6	`## ...`
Chris PeBenito	3865d6	`## </securitydesc>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## Type type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## <infoflow type="write" weight="10"/>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	0fef98	`#`
Chris PeBenito	0fef98	define(`miscfiles_legacy_read_localization',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`miscfiles_read_localization($1)`
Chris PeBenito	0c73cd	`allow $1 locale_t:file execute;`
Chris PeBenito	0fef98	`')`
Chris PeBenito	0fef98
Chris PeBenito	0fef98	define(`miscfiles_read_localization_depend',`
Chris PeBenito	0c73cd	`type locale_t;`
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`class file execute;`
Chris PeBenito	0fef98	`')`
Chris PeBenito	24280a
Chris PeBenito	24280a	`########################################`
Chris PeBenito	3865d6	`## <interface name="miscfiles_read_man_pages">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Allow process to read manpages`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <securitydesc>`
Chris PeBenito	3865d6	`## ...`
Chris PeBenito	3865d6	`## </securitydesc>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## Type type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## <infoflow type="read" weight="10"/>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	24280a	`#`
Chris PeBenito	24280a	define(`miscfiles_read_man_pages',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`# FIXME: search usr_t dir`
Chris PeBenito	0c73cd	`allow $1 man_t:dir { getattr read search };`
Chris PeBenito	0c73cd	`allow $1 man_t:file { getattr read };`
Chris PeBenito	0c73cd	`allow $1 man_t:lnk_file { getattr read };`
Chris PeBenito	24280a	`')`
Chris PeBenito	24280a
Chris PeBenito	24280a	define(`miscfiles_read_man_pages_depend',`
Chris PeBenito	0c73cd	`type man_t;`
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`class dir { getattr read search };`
Chris PeBenito	0c73cd	`class file { getattr read };`
Chris PeBenito	0c73cd	`class lnk_file { getattr read };`
Chris PeBenito	24280a	`')`
Chris PeBenito	3865d6
Chris PeBenito	3865d6	`## </module>`

rpms / selinux-policy

Source Code

Blame refpolicy/policy/modules/system/miscfiles.if