Blob Blame History Raw
## <summary>Multilevel security policy</summary>
## <desc>
##	<p>
##	This module contains interfaces for handling multilevel
##	security.  The interfaces allow the specified subjects
##	and objects to be allowed certain privileges in the
##	MLS rules.
##	</p>
## </desc>
## <required val="true">
##	Contains attributes used in MLS policy.
## </required>

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from files at higher levels.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_file_read_up',`
	gen_require(`
		attribute mlsfileread;
	')

	typeattribute $1 mlsfileread;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to files at lower levels.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_file_write_down',`
	gen_require(`
		attribute mlsfilewrite;
	')

	typeattribute $1 mlsfilewrite;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for raising the level of files.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_file_upgrade',`
	gen_require(`
		attribute mlsfileupgrade;
	')

	typeattribute $1 mlsfileupgrade;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for lowering the level of files.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_file_downgrade',`
	gen_require(`
		attribute mlsfiledowngrade;
	')

	typeattribute $1 mlsfiledowngrade;
')

########################################
## <summary>
##	Allow the specified domain to do a MLS
##	range transition that changes
##	the current level.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_rangetrans_source',`
	gen_require(`
		attribute privrangetrans;
	')

	typeattribute $1 privrangetrans;
')

########################################
## <summary>
##	Make specified domain a target domain
##	for MLS range transitions that change
##	the current level.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_rangetrans_target',`
	gen_require(`
		attribute mlsrangetrans;
	')

	typeattribute $1 mlsrangetrans;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for reading from processes at higher levels.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_process_read_up',`
	gen_require(`
		attribute mlsprocread;
	')

	typeattribute $1 mlsprocread;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for writing to processes at lower levels.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_process_write_down',`
	gen_require(`
		attribute mlsprocwrite;
	')

	typeattribute $1 mlsprocwrite;
')

########################################
## <summary>
##	Make specified domain MLS trusted
##	for setting the level of processes
##	it executes.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`mls_process_set_level',`
	gen_require(`
		attribute mlsprocsetsl;
	')

	typeattribute $1 mlsprocsetsl;
')


########################################
## <summary>
##	Make specified object MLS trusted.
## </summary>
## <desc>
##	<p>
##	Make specified object MLS trusted.  This
##	allows all levels to read and write the
##	object.
##	</p>
##	<p>
##	This currently only applies to filesystem
##	objects, for example, files and directories.
##	</p>
## </desc>
## <param name="domain">
##	The type of the object.
## </param>
#
interface(`mls_trusted_object',`
	gen_require(`
		attribute mlstrustedobject;
	')

	typeattribute $1 mlstrustedobject;
')