[selinux-policy: 181/3172] rename some selinuxfs interfaces for more clarity
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:20:38 UTC 2010
commit 17860711595b79a51789be2af074b6fa4996cedf
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed May 18 13:22:37 2005 +0000
rename some selinuxfs interfaces for more clarity
refpolicy/policy/modules/admin/usermanage.te | 40 +++++++++++-----------
refpolicy/policy/modules/kernel/kernel.if | 30 ++++++++--------
refpolicy/policy/modules/services/cron.te | 16 ++++----
refpolicy/policy/modules/services/remotelogin.te | 8 ++--
refpolicy/policy/modules/system/init.te | 8 ++--
refpolicy/policy/modules/system/locallogin.te | 16 ++++----
refpolicy/policy/modules/system/lvm.te | 8 ++--
refpolicy/policy/modules/system/selinux.te | 24 ++++++------
refpolicy/policy/modules/system/selinuxutil.te | 24 ++++++------
refpolicy/policy/modules/system/udev.te | 8 ++--
10 files changed, 91 insertions(+), 91 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 3f26371..1480a75 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -80,10 +80,10 @@ allow chfn_t self:msg { send receive };
kernel_read_system_state(chfn_t)
kernel_get_selinuxfs_mount_point(chfn_t)
kernel_validate_selinux_context(chfn_t)
-kernel_compute_selinux_av(chfn_t)
-kernel_compute_create(chfn_t)
-kernel_compute_relabel(chfn_t)
-kernel_compute_reachable_user_contexts(chfn_t)
+kernel_compute_selinux_access_vector(chfn_t)
+kernel_compute_selinux_create_context(chfn_t)
+kernel_compute_selinux_relabel_context(chfn_t)
+kernel_compute_selinux_reachable_user_contexts(chfn_t)
terminal_use_all_private_physical_terminals(chfn_t)
terminal_use_all_private_pseudoterminals(chfn_t)
@@ -213,10 +213,10 @@ allow groupadd_t self:msg { send receive };
# Allow access to context for shadow file
kernel_get_selinuxfs_mount_point(groupadd_t)
kernel_validate_selinux_context(groupadd_t)
-kernel_compute_selinux_av(groupadd_t)
-kernel_compute_create(groupadd_t)
-kernel_compute_relabel(groupadd_t)
-kernel_compute_reachable_user_contexts(groupadd_t)
+kernel_compute_selinux_access_vector(groupadd_t)
+kernel_compute_selinux_create_context(groupadd_t)
+kernel_compute_selinux_relabel_context(groupadd_t)
+kernel_compute_selinux_reachable_user_contexts(groupadd_t)
filesystem_get_persistent_filesystem_attributes(groupadd_t)
@@ -288,10 +288,10 @@ allow passwd_t self:msg { send receive };
kernel_get_selinuxfs_mount_point(passwd_t)
kernel_validate_selinux_context(passwd_t)
-kernel_compute_selinux_av(passwd_t)
-kernel_compute_create(passwd_t)
-kernel_compute_relabel(passwd_t)
-kernel_compute_reachable_user_contexts(passwd_t)
+kernel_compute_selinux_access_vector(passwd_t)
+kernel_compute_selinux_create_context(passwd_t)
+kernel_compute_selinux_relabel_context(passwd_t)
+kernel_compute_selinux_reachable_user_contexts(passwd_t)
# for SSP
devices_get_pseudorandom_data(passwd_t)
@@ -386,10 +386,10 @@ files_search_system_state_data_directory(sysadm_passwd_t)
kernel_get_selinuxfs_mount_point(sysadm_passwd_t)
kernel_validate_selinux_context(sysadm_passwd_t)
-kernel_compute_selinux_av(sysadm_passwd_t)
-kernel_compute_create(sysadm_passwd_t)
-kernel_compute_relabel(sysadm_passwd_t)
-kernel_compute_reachable_user_contexts(sysadm_passwd_t)
+kernel_compute_selinux_access_vector(sysadm_passwd_t)
+kernel_compute_selinux_create_context(sysadm_passwd_t)
+kernel_compute_selinux_relabel_context(sysadm_passwd_t)
+kernel_compute_selinux_reachable_user_contexts(sysadm_passwd_t)
# for /proc/meminfo
kernel_read_system_state(sysadm_passwd_t)
@@ -478,10 +478,10 @@ allow useradd_t self:msg { send receive };
# Allow access to context for shadow file
kernel_get_selinuxfs_mount_point(useradd_t)
kernel_validate_selinux_context(useradd_t)
-kernel_compute_selinux_av(useradd_t)
-kernel_compute_create(useradd_t)
-kernel_compute_relabel(useradd_t)
-kernel_compute_reachable_user_contexts(useradd_t)
+kernel_compute_selinux_access_vector(useradd_t)
+kernel_compute_selinux_create_context(useradd_t)
+kernel_compute_selinux_relabel_context(useradd_t)
+kernel_compute_selinux_reachable_user_contexts(useradd_t)
# for getting the number of groups
kernel_read_kernel_sysctl(useradd_t)
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 79ba5db..2d799f1 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -247,9 +247,9 @@ class security setbool;
########################################
#
-# kernel_setsecparam(domain)
+# kernel_set_selinux_security_parameters(domain)
#
-define(`kernel_setsecparam',`
+define(`kernel_set_selinux_security_parameters',`
requires_block_template(`$0'_depend)
allow $1 security_t:dir { read search getattr };
allow $1 security_t:file { getattr read write };
@@ -258,7 +258,7 @@ auditallow $1 security_t:security setsecparam;
typeattribute $1 can_setsecparam;
')
-define(`kernel_setsecparam_depend',`
+define(`kernel_set_selinux_security_parameters_depend',`
type security_t;
attribute can_setsecparam;
class dir { read search getattr };
@@ -286,16 +286,16 @@ class security check_context;
########################################
#
-# kernel_compute_selinux_av(domain)
+# kernel_compute_selinux_access_vector(domain)
#
-define(`kernel_compute_selinux_av',`
+define(`kernel_compute_selinux_access_vector',`
requires_block_template(`$0'_depend)
allow $1 security_t:dir { read search getattr };
allow $1 security_t:file { getattr read write };
allow $1 security_t:security compute_av;
')
-define(`kernel_compute_selinux_av_depend',`
+define(`kernel_compute_selinux_access_vector_depend',`
type security_t;
class dir { read search getattr };
class file { getattr read write };
@@ -304,16 +304,16 @@ class security compute_av;
########################################
#
-# kernel_compute_selinux_create(domain)
+# kernel_compute_selinux_create_context(domain)
#
-define(`kernel_compute_create',`
+define(`kernel_compute_selinux_create_context',`
requires_block_template(`$0'_depend)
allow $1 security_t:dir { read search getattr };
allow $1 security_t:file { getattr read write };
allow $1 security_t:security compute_create;
')
-define(`kernel_compute_create_depend',`
+define(`kernel_compute_selinux_create_context_depend',`
type security_t;
class dir { read search getattr };
class file { getattr read write };
@@ -322,16 +322,16 @@ class security compute_create;
########################################
#
-# kernel_compute_relabel(domain)
+# kernel_compute_selinux_relabel_context(domain)
#
-define(`kernel_compute_relabel',`
+define(`kernel_compute_selinux_relabel_context',`
requires_block_template(`$0'_depend)
allow $1 security_t:dir { read search getattr };
allow $1 security_t:file { getattr read write };
allow $1 security_t:security compute_relabel;
')
-define(`kernel_compute_relabel_depend',`
+define(`kernel_compute_selinux_relabel_context_depend',`
type security_t;
class dir { read search getattr };
class file { getattr read write };
@@ -340,16 +340,16 @@ class security compute_relabel;
########################################
#
-# kernel_compute_reachable_user_contexts(domain)
+# kernel_compute_selinux_reachable_user_contexts(domain)
#
-define(`kernel_compute_reachable_user_contexts',`
+define(`kernel_compute_selinux_reachable_user_contexts',`
requires_block_template(`$0'_depend)
allow $1 security_t:dir { read search getattr };
allow $1 security_t:file { getattr read write };
allow $1 security_t:security compute_user;
')
-define(`kernel_compute_reachable_user_contexts_depend',`
+define(`kernel_compute_selinux_reachable_user_contexts_depend',`
type security_t;
class dir { read search getattr };
class file { getattr read write };
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index b960cbd..8c3e775 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -83,10 +83,10 @@ kernel_read_kernel_sysctl(crond_t)
kernel_read_hardware_state(crond_t)
kernel_get_selinuxfs_mount_point(crond_t)
kernel_validate_selinux_context(crond_t)
-kernel_compute_selinux_av(crond_t)
-kernel_compute_create(crond_t)
-kernel_compute_relabel(crond_t)
-kernel_compute_reachable_user_contexts(crond_t)
+kernel_compute_selinux_access_vector(crond_t)
+kernel_compute_selinux_create_context(crond_t)
+kernel_compute_selinux_relabel_context(crond_t)
+kernel_compute_selinux_reachable_user_contexts(crond_t)
devices_get_pseudorandom_data(crond_t)
@@ -292,10 +292,10 @@ selinux_setfiles_transition(system_crond_t)
} else {
kernel_get_selinuxfs_mount_point(system_crond_t)
kernel_validate_selinux_context(system_crond_t)
-kernel_compute_selinux_av(system_crond_t)
-kernel_compute_create(system_crond_t)
-kernel_compute_relabel(system_crond_t)
-kernel_compute_reachable_user_contexts(system_crond_t)
+kernel_compute_selinux_access_vector(system_crond_t)
+kernel_compute_selinux_create_context(system_crond_t)
+kernel_compute_selinux_relabel_context(system_crond_t)
+kernel_compute_selinux_reachable_user_contexts(system_crond_t)
selinux_read_file_contexts(system_crond_t)
}
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index 1955937..0e2adc9 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -46,10 +46,10 @@ kernel_read_system_state(remote_login_t)
kernel_read_kernel_sysctl(remote_login_t)
kernel_get_selinuxfs_mount_point(remote_login_t)
kernel_validate_selinux_context(remote_login_t)
-kernel_compute_selinux_av(remote_login_t)
-kernel_compute_create(remote_login_t)
-kernel_compute_relabel(remote_login_t)
-kernel_compute_reachable_user_contexts(remote_login_t)
+kernel_compute_selinux_access_vector(remote_login_t)
+kernel_compute_selinux_create_context(remote_login_t)
+kernel_compute_selinux_relabel_context(remote_login_t)
+kernel_compute_selinux_reachable_user_contexts(remote_login_t)
# for SSP/ProPolice
devices_get_pseudorandom_data(remote_login_t)
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 22ce48d..92e6db7 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -370,10 +370,10 @@ dontaudit initrc_t domain:{ udp_socket tcp_socket fifo_file unix_dgram_socket }
kernel_get_selinuxfs_mount_point(run_init_t)
kernel_validate_selinux_context(run_init_t)
-kernel_compute_selinux_av(run_init_t)
-kernel_compute_create(run_init_t)
-kernel_compute_relabel(run_init_t)
-kernel_compute_reachable_user_contexts(run_init_t)
+kernel_compute_selinux_access_vector(run_init_t)
+kernel_compute_selinux_create_context(run_init_t)
+kernel_compute_selinux_relabel_context(run_init_t)
+kernel_compute_selinux_reachable_user_contexts(run_init_t)
tunable_policy(`targeted_policy',`
# targeted/unconfined stuff
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index 2e2281f..38d8207 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -57,10 +57,10 @@ kernel_read_system_state(local_login_t)
kernel_read_kernel_sysctl(local_login_t)
kernel_get_selinuxfs_mount_point(local_login_t)
kernel_validate_selinux_context(local_login_t)
-kernel_compute_selinux_av(local_login_t)
-kernel_compute_create(local_login_t)
-kernel_compute_relabel(local_login_t)
-kernel_compute_reachable_user_contexts(local_login_t)
+kernel_compute_selinux_access_vector(local_login_t)
+kernel_compute_selinux_create_context(local_login_t)
+kernel_compute_selinux_relabel_context(local_login_t)
+kernel_compute_selinux_reachable_user_contexts(local_login_t)
# for SSP/ProPolice
devices_get_pseudorandom_data(local_login_t)
@@ -254,10 +254,10 @@ init_get_process_group(sulogin_t)
allow sulogin_t self:process setexec;
kernel_get_selinuxfs_mount_point(sulogin_t)
kernel_validate_selinux_context(sulogin_t)
-kernel_compute_selinux_av(sulogin_t)
-kernel_compute_create(sulogin_t)
-kernel_compute_relabel(sulogin_t)
-kernel_compute_reachable_user_contexts(sulogin_t)
+kernel_compute_selinux_access_vector(sulogin_t)
+kernel_compute_selinux_create_context(sulogin_t)
+kernel_compute_selinux_relabel_context(sulogin_t)
+kernel_compute_selinux_reachable_user_contexts(sulogin_t)
#domain_trans(sulogin_t, shell_exec_t, sysadm_t)
')
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index a4bcb90..9c8d0b4 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -72,10 +72,10 @@ files_create_private_config(lvm_t,lvm_metadata_t,file)
kernel_read_system_state(lvm_t)
kernel_get_selinuxfs_mount_point(lvm_t)
kernel_validate_selinux_context(lvm_t)
-kernel_compute_selinux_av(lvm_t)
-kernel_compute_create(lvm_t)
-kernel_compute_relabel(lvm_t)
-kernel_compute_reachable_user_contexts(lvm_t)
+kernel_compute_selinux_access_vector(lvm_t)
+kernel_compute_selinux_create_context(lvm_t)
+kernel_compute_selinux_relabel_context(lvm_t)
+kernel_compute_selinux_reachable_user_contexts(lvm_t)
kernel_read_kernel_sysctl(lvm_t)
kernel_read_hardware_state(lvm_t)
# Read /sys/block. Device mapper metadata is kept there.
diff --git a/refpolicy/policy/modules/system/selinux.te b/refpolicy/policy/modules/system/selinux.te
index 7489a96..8f9b472 100644
--- a/refpolicy/policy/modules/system/selinux.te
+++ b/refpolicy/policy/modules/system/selinux.te
@@ -210,10 +210,10 @@ kernel_read_system_state(newrole_t)
kernel_read_kernel_sysctl(newrole_t)
kernel_get_selinuxfs_mount_point(newrole_t)
kernel_validate_selinux_context(newrole_t)
-kernel_compute_selinux_av(newrole_t)
-kernel_compute_create(newrole_t)
-kernel_compute_relabel(newrole_t)
-kernel_compute_reachable_user_contexts(newrole_t)
+kernel_compute_selinux_access_vector(newrole_t)
+kernel_compute_selinux_create_context(newrole_t)
+kernel_compute_selinux_relabel_context(newrole_t)
+kernel_compute_selinux_reachable_user_contexts(newrole_t)
devices_get_pseudorandom_data(newrole_t)
@@ -299,10 +299,10 @@ kernel_use_file_descriptors(restorecon_t)
kernel_read_system_state(restorecon_t)
kernel_get_selinuxfs_mount_point(restorecon_t)
kernel_validate_selinux_context(restorecon_t)
-kernel_compute_selinux_av(restorecon_t)
-kernel_compute_create(restorecon_t)
-kernel_compute_relabel(restorecon_t)
-kernel_compute_reachable_user_contexts(restorecon_t)
+kernel_compute_selinux_access_vector(restorecon_t)
+kernel_compute_selinux_create_context(restorecon_t)
+kernel_compute_selinux_relabel_context(restorecon_t)
+kernel_compute_selinux_reachable_user_contexts(restorecon_t)
filesystem_get_persistent_filesystem_attributes(restorecon_t)
@@ -367,10 +367,10 @@ allow setfiles_t { policy_src_t policy_config_t file_context_t selinux_config_t
kernel_read_system_state(setfiles_t)
kernel_get_selinuxfs_mount_point(setfiles_t)
kernel_validate_selinux_context(setfiles_t)
-kernel_compute_selinux_av(setfiles_t)
-kernel_compute_create(setfiles_t)
-kernel_compute_relabel(setfiles_t)
-kernel_compute_reachable_user_contexts(setfiles_t)
+kernel_compute_selinux_access_vector(setfiles_t)
+kernel_compute_selinux_create_context(setfiles_t)
+kernel_compute_selinux_relabel_context(setfiles_t)
+kernel_compute_selinux_reachable_user_contexts(setfiles_t)
filesystem_get_persistent_filesystem_attributes(setfiles_t)
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 7489a96..8f9b472 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -210,10 +210,10 @@ kernel_read_system_state(newrole_t)
kernel_read_kernel_sysctl(newrole_t)
kernel_get_selinuxfs_mount_point(newrole_t)
kernel_validate_selinux_context(newrole_t)
-kernel_compute_selinux_av(newrole_t)
-kernel_compute_create(newrole_t)
-kernel_compute_relabel(newrole_t)
-kernel_compute_reachable_user_contexts(newrole_t)
+kernel_compute_selinux_access_vector(newrole_t)
+kernel_compute_selinux_create_context(newrole_t)
+kernel_compute_selinux_relabel_context(newrole_t)
+kernel_compute_selinux_reachable_user_contexts(newrole_t)
devices_get_pseudorandom_data(newrole_t)
@@ -299,10 +299,10 @@ kernel_use_file_descriptors(restorecon_t)
kernel_read_system_state(restorecon_t)
kernel_get_selinuxfs_mount_point(restorecon_t)
kernel_validate_selinux_context(restorecon_t)
-kernel_compute_selinux_av(restorecon_t)
-kernel_compute_create(restorecon_t)
-kernel_compute_relabel(restorecon_t)
-kernel_compute_reachable_user_contexts(restorecon_t)
+kernel_compute_selinux_access_vector(restorecon_t)
+kernel_compute_selinux_create_context(restorecon_t)
+kernel_compute_selinux_relabel_context(restorecon_t)
+kernel_compute_selinux_reachable_user_contexts(restorecon_t)
filesystem_get_persistent_filesystem_attributes(restorecon_t)
@@ -367,10 +367,10 @@ allow setfiles_t { policy_src_t policy_config_t file_context_t selinux_config_t
kernel_read_system_state(setfiles_t)
kernel_get_selinuxfs_mount_point(setfiles_t)
kernel_validate_selinux_context(setfiles_t)
-kernel_compute_selinux_av(setfiles_t)
-kernel_compute_create(setfiles_t)
-kernel_compute_relabel(setfiles_t)
-kernel_compute_reachable_user_contexts(setfiles_t)
+kernel_compute_selinux_access_vector(setfiles_t)
+kernel_compute_selinux_create_context(setfiles_t)
+kernel_compute_selinux_relabel_context(setfiles_t)
+kernel_compute_selinux_reachable_user_contexts(setfiles_t)
filesystem_get_persistent_filesystem_attributes(setfiles_t)
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 974b819..19e6574 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -71,10 +71,10 @@ kernel_read_kernel_sysctl(udev_t)
kernel_read_hardware_state(udev_t)
kernel_get_selinuxfs_mount_point(udev_t)
kernel_validate_selinux_context(udev_t)
-kernel_compute_selinux_av(udev_t)
-kernel_compute_create(udev_t)
-kernel_compute_relabel(udev_t)
-kernel_compute_reachable_user_contexts(udev_t)
+kernel_compute_selinux_access_vector(udev_t)
+kernel_compute_selinux_create_context(udev_t)
+kernel_compute_selinux_relabel_context(udev_t)
+kernel_compute_selinux_reachable_user_contexts(udev_t)
devices_manage_device_nodes(udev_t)
More information about the scm-commits
mailing list