diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 67bf8ce..12d9b15 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -6,16 +6,28 @@ ## </summary> ## <desc> ## <p> -## Create a file type used for init scripts. -## Can not be used in conjunction with -## init_script_domain(). +## Create a file type used for init scripts. It can not be +## used in conjunction with init_script_domain(). These +## script files are typically stored in the /etc/init.d directory. +## </p> +## <p> +## Typically this is used to constrain what services an +## admin can start/stop. For example, a policy writer may want +## to constrain a web administrator to only being able to +## restart the web server, not other services. This special type +## will help address that goal. +## </p> +## <p> +## This also makes the type usable for files; thus an +## explicit call to files_type() is redundant. ## </p> ## </desc> ## <param name="script_file"> ## <summary> -## Type of the script file used as an entry point to this domain. +## Type to be used for a script file. ## </summary> ## </param> +## <infoflow type="none"/> # interface(`init_script_file',` gen_require(` @@ -145,11 +157,29 @@ interface(`init_ranged_domain',` ######################################## ## <summary> ## Create a domain for long running processes -## (daemons) which can be started by init scripts. +## (daemons/services) which are started by init scripts. ## </summary> +## <desc> +## <p> +## Create a domain for long running processes (daemons/services) +## which are started by init scripts. Short running processes +## should use the init_system_domain() interface instead. +## Typically all long running processes started by an init +## script (usually in /etc/init.d) will need to use this +## interface. +## </p> +## <p> +## The types will be made usable as a domain and file, making +## calls to domain_type() and files_type() redundant. +## </p> +## <p> +## If the process must also run in a specific MLS/MCS level, +## the init_ranged_daemon_domain() should be used instead. +## </p> +## </desc> ## <param name="domain"> ## <summary> -## Type to be used as a domain. +## Type to be used as a daemon domain. ## </summary> ## </param> ## <param name="entry_point"> @@ -157,6 +187,7 @@ interface(`init_ranged_domain',` ## Type of the program to be used as an entry point to this domain. ## </summary> ## </param> +## <infoflow type="read" weight="10"/> # interface(`init_daemon_domain',` gen_require(` @@ -210,11 +241,31 @@ interface(`init_daemon_domain',` ######################################## ## <summary> ## Create a domain for long running processes -## (daemons) which can be started by init scripts. +## (daemons/services) which are started by init scripts, +## running at a specified MLS/MCS range. ## </summary> +## <desc> +## <p> +## Create a domain for long running processes (daemons/services) +## which are started by init scripts, running at a specified +## MLS/MCS range. Short running processes +## should use the init_ranged_system_domain() interface instead. +## Typically all long running processes started by an init +## script (usually in /etc/init.d) will need to use this +## interface if they need to run in a specific MLS/MCS range. +## </p> +## <p> +## The types will be made usable as a domain and file, making +## calls to domain_type() and files_type() redundant. +## </p> +## <p> +## If the policy build option TYPE is standard (MLS and MCS disabled), +## this interface has the same behavior as init_daemon_domain(). +## </p> +## </desc> ## <param name="domain"> ## <summary> -## Type to be used as a domain. +## Type to be used as a daemon domain. ## </summary> ## </param> ## <param name="entry_point"> @@ -224,9 +275,10 @@ interface(`init_daemon_domain',` ## </param> ## <param name="range"> ## <summary> -## Range for the domain. +## MLS/MCS range for the domain. ## </summary> ## </param> +## <infoflow type="read" weight="10"/> # interface(`init_ranged_daemon_domain',` gen_require(` @@ -248,11 +300,31 @@ interface(`init_ranged_daemon_domain',` ######################################## ## <summary> ## Create a domain for short running processes -## which can be started by init scripts. +## which are started by init scripts. ## </summary> +## <desc> +## <p> +## Create a domain for long running processes (daemons/services) +## which are started by init scripts. These are generally applications that +## are used to initialize the system during boot. +## Long running processes +## should use the init_daemon_domain() interface instead. +## Typically all short running processes started by an init +## script (usually in /etc/init.d) will need to use this +## interface. +## </p> +## <p> +## The types will be made usable as a domain and file, making +## calls to domain_type() and files_type() redundant. +## </p> +## <p> +## If the process must also run in a specific MLS/MCS level, +## the init_ranged_system_domain() should be used instead. +## </p> +## </desc> ## <param name="domain"> ## <summary> -## Type to be used as a domain. +## Type to be used as a system domain. ## </summary> ## </param> ## <param name="entry_point"> @@ -260,6 +332,7 @@ interface(`init_ranged_daemon_domain',` ## Type of the program to be used as an entry point to this domain. ## </summary> ## </param> +## <infoflow type="read" weight="10"/> # interface(`init_system_domain',` gen_require(` @@ -285,11 +358,32 @@ interface(`init_system_domain',` ######################################## ## <summary> ## Create a domain for short running processes -## which can be started by init scripts. +## which are started by init scripts. ## </summary> +## <desc> +## <p> +## Create a domain for long running processes (daemons/services) +## which are started by init scripts. +## These are generally applications that +## are used to initialize the system during boot. +## Long running processes +## should use the init_ranged_system_domain() interface instead. +## Typically all short running processes started by an init +## script (usually in /etc/init.d) will need to use this +## interface if they need to run in a specific MLS/MCS range. +## </p> +## <p> +## The types will be made usable as a domain and file, making +## calls to domain_type() and files_type() redundant. +## </p> +## <p> +## If the policy build option TYPE is standard (MLS and MCS disabled), +## this interface has the same behavior as init_system_domain(). +## </p> +## </desc> ## <param name="domain"> ## <summary> -## Type to be used as a domain. +## Type to be used as a system domain. ## </summary> ## </param> ## <param name="entry_point"> @@ -302,6 +396,7 @@ interface(`init_system_domain',` ## Range for the domain. ## </summary> ## </param> +## <infoflow type="read" weight="10"/> # interface(`init_ranged_system_domain',` gen_require(` @@ -415,11 +510,51 @@ interface(`init_sigchld',` ## <summary> ## Inherit and use file descriptors from init. ## </summary> +## <desc> +## <p> +## Allow the specified domain to inherit file +## descriptors from the init program (process ID 1). +## Typically the only file descriptors to be +## inherited from init are for the console. +## This does not allow the domain any access to +## the object to which the file descriptors references. +## </p> +## <p> +## Related interfaces: +## </p> +## <ul> +## <li>init_dontaudit_use_fds()</li> +## <li>term_dontaudit_use_console()</li> +## <li>term_use_console()</li> +## </ul> +## <p> +## Example usage: +## </p> +## <p> +## init_use_fds(mydomain_t) +## term_use_console(mydomain_t) +## </p> +## <p> +## Normally, processes that can inherit these file +## descriptors (usually services) write messages to the +## system log instead of writing to the console. +## Therefore, in many cases, this access should +## dontaudited instead. +## </p> +## <p> +## Example dontaudit usage: +## </p> +## <p> +## init_dontaudit_use_fds(mydomain_t) +## term_dontaudit_use_console(mydomain_t) +## </p> +## </desc> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> +## <infoflow type="read" weight="1"/> # interface(`init_use_fds',` gen_require(`