From 41969978134f76cbdfec98cf0edf34e53e5374f6 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Jun 02 2005 20:26:48 +0000 Subject: add some indentation --- diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if index cad2f2b..359dffd 100644 --- a/refpolicy/policy/modules/kernel/devices.if +++ b/refpolicy/policy/modules/kernel/devices.if @@ -8,16 +8,19 @@ # devices_make_device_node(type) # define(`devices_make_device_node',` -requires_block_template(`$0'_depend) -typeattribute $1 device_node; -filesystem_associate($1) -optional_policy(`distro_redhat',` -filesystem_tmpfs_associate($1) -') + requires_block_template(`$0'_depend) + + typeattribute $1 device_node; + + filesystem_associate($1) + + optional_policy(`distro_redhat',` + filesystem_tmpfs_associate($1) + ') ') define(`devices_make_device_node_depend',` -attribute device_node; + attribute device_node; ') ######################################## @@ -25,26 +28,29 @@ attribute device_node; # devices_manage_all_devices_labels(domain) # define(`devices_manage_all_devices_labels',` -requires_block_template(`$0'_depend) -allow $1 device_node:dir { getattr relabelfrom }; -allow $1 device_node:file { getattr relabelfrom }; -allow $1 device_node:lnk_file { getattr relabelfrom }; -allow $1 device_node:fifo_file { getattr relabelfrom }; -allow $1 device_node:sock_file { getattr relabelfrom }; -allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto }; -allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto }; + requires_block_template(`$0'_depend) + + allow $1 device_node:dir { getattr relabelfrom }; + allow $1 device_node:file { getattr relabelfrom }; + allow $1 device_node:lnk_file { getattr relabelfrom }; + allow $1 device_node:fifo_file { getattr relabelfrom }; + allow $1 device_node:sock_file { getattr relabelfrom }; + allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto }; + allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto }; ') define(`devices_manage_all_devices_labels_depend',` -attribute device_node; -type device_t; -class dir { getattr relabelfrom }; -class file { getattr relabelfrom }; -class lnk_file { getattr relabelfrom }; -class fifo_file { getattr relabelfrom }; -class sock_file { getattr relabelfrom }; -class blk_file { getattr relabelfrom relabelto }; -class chr_file { getattr relabelfrom relabelto }; + attribute device_node; + + type device_t; + + class dir { getattr relabelfrom }; + class file { getattr relabelfrom }; + class lnk_file { getattr relabelfrom }; + class fifo_file { getattr relabelfrom }; + class sock_file { getattr relabelfrom }; + class blk_file { getattr relabelfrom relabelto }; + class chr_file { getattr relabelfrom relabelto }; ') ######################################## @@ -52,15 +58,17 @@ class chr_file { getattr relabelfrom relabelto }; # devices_list_device_nodes(domain) # define(`devices_list_device_nodes',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir r_dir_perms; -allow $1 device_t:lnk_file { getattr read }; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir r_dir_perms; + allow $1 device_t:lnk_file { getattr read }; ') define(`devices_list_device_nodes_depend',` -type device_t; -class dir r_dir_perms; -class lnk_file { getattr read }; + type device_t; + + class dir r_dir_perms; + class lnk_file { getattr read }; ') ######################################## @@ -68,13 +76,15 @@ class lnk_file { getattr read }; # devices_ignore_list_device_nodes(domain) # define(`devices_ignore_list_device_nodes',` -requires_block_template(`$0'_depend) -dontaudit $1 device_t:dir r_dir_perms; + requires_block_template(`$0'_depend) + + dontaudit $1 device_t:dir r_dir_perms; ') define(`devices_ignore_list_device_nodes_depend',` -type device_t; -class dir r_dir_perms; + type device_t; + + class dir r_dir_perms; ') ######################################## @@ -82,13 +92,15 @@ class dir r_dir_perms; # devices_add_dev_dir(domain) # define(`devices_add_dev_dir',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir { ra_dir_perms create }; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir { ra_dir_perms create }; ') define(`devices_add_dev_dir_depend',` -type device_t; -class dir { ra_dir_perms create }; + type device_t; + + class dir { ra_dir_perms create }; ') ######################################## @@ -96,13 +108,15 @@ class dir { ra_dir_perms create }; # devices_ignore_get_generic_pipe_attributes(domain) # define(`devices_ignore_get_generic_pipe_attributes',` -requires_block_template(`$0'_depend) -dontaudit $1 device_t:fifo_file getattr; + requires_block_template(`$0'_depend) + + dontaudit $1 device_t:fifo_file getattr; ') define(`devices_ignore_get_generic_pipe_attributes_depend',` -type device_t; -class fifo_file getattr; + type device_t; + + class fifo_file getattr; ') ######################################## @@ -110,15 +124,17 @@ class fifo_file getattr; # devices_get_generic_block_device_attributes(domain) # define(`devices_get_generic_block_device_attributes',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir r_dir_perms; -allow $1 device_t:blk_file getattr; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir r_dir_perms; + allow $1 device_t:blk_file getattr; ') define(`devices_get_generic_block_device_attributes_depend',` -type device_t; -class dir r_dir_perms; -class blk_file getattr; + type device_t; + + class dir r_dir_perms; + class blk_file getattr; ') ######################################## @@ -126,13 +142,15 @@ class blk_file getattr; # devices_ignore_get_generic_block_device_attributes(domain) # define(`devices_ignore_get_generic_block_device_attributes',` -requires_block_template(`$0'_depend) -dontaudit $1 device_t:blk_file getattr; + requires_block_template(`$0'_depend) + + dontaudit $1 device_t:blk_file getattr; ') define(`devices_ignore_get_generic_block_device_attributes_depend',` -type device_t; -class blk_file getattr; + type device_t; + + class blk_file getattr; ') ######################################## @@ -140,14 +158,16 @@ class blk_file getattr; # devices_manage_generic_block_device(domain) # define(`devices_manage_generic_block_device',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir rw_dir_perms; -allow $1 device_t:blk_file create_file_perms; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir rw_dir_perms; + allow $1 device_t:blk_file create_file_perms; ') define(`devices_manage_generic_block_device_depend',` -type device_t; -class blk_file create_file_perms; + type device_t; + + class blk_file create_file_perms; ') ######################################## @@ -155,17 +175,20 @@ class blk_file create_file_perms; # devices_add_generic_character_device(domain) # define(`devices_add_generic_character_device',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir { getattr search read write add_name }; -allow $1 device_t:chr_file create; -allow $1 self:capability mknod; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir { getattr search read write add_name }; + allow $1 device_t:chr_file create; + + allow $1 self:capability mknod; ') define(`devices_add_generic_character_device_depend',` -type device_t; -class dir { getattr search read write add_name }; -class chr_file create; -class capability mknod; + type device_t; + + class dir { getattr search read write add_name }; + class chr_file create; + class capability mknod; ') ######################################## @@ -173,15 +196,17 @@ class capability mknod; # devices_get_generic_character_device_attributes(domain) # define(`devices_get_generic_character_device_attributes',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir r_dir_perms; -allow $1 device_t:chr_file getattr; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir r_dir_perms; + allow $1 device_t:chr_file getattr; ') define(`devices_get_generic_character_device_attributes_depend',` -type device_t; -class dir r_dir_perms; -class chr_file getattr; + type device_t; + + class dir r_dir_perms; + class chr_file getattr; ') ######################################## @@ -189,13 +214,15 @@ class chr_file getattr; # devices_ignore_get_generic_character_device_attributes(domain) # define(`devices_ignore_get_generic_character_device_attributes',` -requires_block_template(`$0'_depend) -dontaudit $1 device_t:chr_file getattr; + requires_block_template(`$0'_depend) + + dontaudit $1 device_t:chr_file getattr; ') define(`devices_ignore_get_generic_character_device_attributes_depend',` -type device_t; -class chr_file getattr; + type device_t; + + class chr_file getattr; ') ######################################## @@ -210,16 +237,19 @@ class chr_file getattr; ## # define(`devices_remove_dev_symbolic_links',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir { getattr read write remove_name }; -allow $1 device_t:lnk_file unlink; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir { getattr read write remove_name }; + allow $1 device_t:lnk_file unlink; ') define(`devices_remove_dev_symbolic_links_depend',` -attribute device_node, memory_raw_read, memory_raw_write; -type device_t; -class dir { getattr read write remove_name }; -class lnk_file unlink; + attribute device_node, memory_raw_read, memory_raw_write; + + type device_t; + + class dir { getattr read write remove_name }; + class lnk_file unlink; ') ######################################## @@ -227,15 +257,17 @@ class lnk_file unlink; # devices_manage_dev_symbolic_links(domain) # define(`devices_manage_dev_symbolic_links',` -requires_block_template(`$0'_depend) -allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto }; -allow $1 device_t:lnk_file { create read getattr setattr link unlink rename }; + requires_block_template(`$0'_depend) + + allow $1 device_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto }; + allow $1 device_t:lnk_file { create read getattr setattr link unlink rename }; ') define(`devices_manage_dev_symbolic_links_depend',` -type device_t; -class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto }; -class lnk_file { create read getattr setattr link unlink rename }; + type device_t; + + class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto }; + class lnk_file { create read getattr setattr link unlink rename }; ') ########################################