[selinux-policy: 186/3172] add xml
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:21:03 UTC 2010
commit 2e77b29e67dae574622b6255d3aabcf9873ed467
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed May 18 21:00:00 2005 +0000
add xml
refpolicy/policy/modules/system/files.if | 30 +++++++++++++++++++++++++-----
1 files changed, 25 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 7746e35..0bbddef 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1,4 +1,6 @@
# Copyright (C) 2005 Tresys Technology, LLC
+## <module name="files" layer="system">
+## <summary>Policy controlling access to general files</summary>
########################################
#
@@ -73,7 +75,7 @@ attribute tmpfile;
########################################
#
-# files_get_all_file_attributes(type)
+# files_get_all_file_attributes(domain)
#
define(`files_get_all_file_attributes',`
requires_block_template(`$0'_depend)
@@ -163,7 +165,7 @@ class dir search;
########################################
#
-# files_read_all_directories(type)
+# files_read_all_directories(domain)
#
define(`files_read_all_directories',`
requires_block_template(`$0'_depend)
@@ -177,7 +179,7 @@ class dir { getattr search read };
########################################
#
-# files_mount_on_all_mountpoints(type)
+# files_mount_on_all_mountpoints(domain)
#
define(`files_mount_on_all_mountpoints',`
requires_block_template(`$0'_depend)
@@ -261,10 +263,26 @@ type root_t;
class chr_file { read write };
')
-########################################
#
-# files_create_private_root_dir_entry(domain,privatetype,[class(es)])
+## <interface name="files_create_private_root_dir_entry">
+## <description>
+## Create an object in the root directory, with a private
+## type. If no object class is specified, the
+## default is file.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <parameter name="private type">
+## The type of the object to be created.
+## </parameter>
+## <parameter name="object" optional="true">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="write" weight="10"/>
+## </interface>
#
+
define(`files_create_private_root_dir_entry',`
requires_block_template(`$0'_depend)
allow $1 root_t:dir { getattr search read write add_name remove_name };
@@ -799,3 +817,5 @@ define(`files_read_system_spool_directory_depend',`
type var_t, var_spool_t;
class dir { getattr search read };
')
+
+## </module>
More information about the scm-commits
mailing list