Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame refpolicy/policy/modules/system/udev.if

Blob History Raw

Chris PeBenito	3865d6	`## <module name="udev" layer="system">`
Chris PeBenito	3865d6	`## <summary>Policy for udev.</summary>`
Chris PeBenito	dfb86a
Chris PeBenito	3865d6	`########################################`
Chris PeBenito	c9428d	`## <interface name="udev_domtrans">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Execute udev in the udev domain.`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## The type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	dfb86a	`#`
Chris PeBenito	c9428d	define(`udev_domtrans',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	0c73cd
Chris PeBenito	7edd02	`domain_auto_trans($1, udev_exec_t, udev_t)`
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`allow $1 udev_t:fd use;`
Chris PeBenito	0c73cd	`allow udev_t $1:fd use;`
Chris PeBenito	0c73cd	`allow udev_t $1:fifo_file rw_file_perms;`
Chris PeBenito	0c73cd	`allow udev_t $1:process sigchld;`
Chris PeBenito	dfb86a	`')`
Chris PeBenito	dfb86a
Chris PeBenito	c9428d	define(`udev_domtrans_depend',`
Chris PeBenito	0c73cd	`type udev_t, udev_exec_t;`
Chris PeBenito	0c73cd
Chris PeBenito	0c73cd	`class file { getattr read execute };`
Chris PeBenito	0c73cd	`class process { transition noatsecure siginh rlimitinh sigchld };`
Chris PeBenito	0c73cd	`class fd use;`
Chris PeBenito	0c73cd	`class fifo_file rw_file_perms;`
Chris PeBenito	dfb86a	`')`
Chris PeBenito	dfb86a
Chris PeBenito	dfb86a	`########################################`
Chris PeBenito	c9428d	`## <interface name="udev_read_db">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Allow process to read list of devices.`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## The type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	dfb86a	`#`
Chris PeBenito	c9428d	define(`udev_read_db',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	0c73cd
Chris PeBenito	7edd02	`allow $1 udev_tdb_t:file r_file_perms;`
Chris PeBenito	dfb86a	`')`
Chris PeBenito	dfb86a
Chris PeBenito	c9428d	define(`udev_read_db_depend',`
Chris PeBenito	0c73cd	`type udev_tdb_t;`
Chris PeBenito	0c73cd
Chris PeBenito	7edd02	`class file r_file_perms;`
Chris PeBenito	dfb86a	`')`
Chris PeBenito	7bba9d
Chris PeBenito	7bba9d	`########################################`
Chris PeBenito	c9428d	`## <interface name="udev_rw_db">`
Chris PeBenito	3865d6	`## <description>`
Chris PeBenito	3865d6	`## Allow process to modify list of devices.`
Chris PeBenito	3865d6	`## </description>`
Chris PeBenito	3865d6	`## <parameter name="domain">`
Chris PeBenito	3865d6	`## The type of the process performing this action.`
Chris PeBenito	3865d6	`## </parameter>`
Chris PeBenito	3865d6	`## </interface>`
Chris PeBenito	7bba9d	`#`
Chris PeBenito	c9428d	define(`udev_rw_db',`
Chris PeBenito	0c73cd	requires_block_template(`$0'_depend)
Chris PeBenito	0c73cd
Chris PeBenito	7edd02	`allow $1 udev_tdb_t:file rw_file_perms;`
Chris PeBenito	7bba9d	`')`
Chris PeBenito	7bba9d
Chris PeBenito	c9428d	define(`udev_rw_db_depend',`
Chris PeBenito	0c73cd	`type udev_tdb_t;`
Chris PeBenito	0c73cd
Chris PeBenito	7edd02	`class file rw_file_perms;`
Chris PeBenito	7bba9d	`')`
Chris PeBenito	3865d6
Chris PeBenito	3865d6	`## </module>`

rpms / selinux-policy

Source Code

Blame refpolicy/policy/modules/system/udev.if