[selinux-policy: 738/3172] start adding perm sets with refpol names
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:08:38 UTC 2010
commit c4bf97930287982d8ce827f142586e290b967ed6
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Oct 12 18:17:10 2005 +0000
start adding perm sets with refpol names
refpolicy/policy/support/obj_perm_sets.spt | 29 ++++++++++++++++++++++-----
1 files changed, 23 insertions(+), 6 deletions(-)
---
diff --git a/refpolicy/policy/support/obj_perm_sets.spt b/refpolicy/policy/support/obj_perm_sets.spt
index 500c16f..03fcb24 100644
--- a/refpolicy/policy/support/obj_perm_sets.spt
+++ b/refpolicy/policy/support/obj_perm_sets.spt
@@ -72,11 +72,6 @@ define(`r_file_perms', `{ read getattr lock ioctl }')
define(`rx_file_perms', `{ read getattr lock execute ioctl }')
#
-# Permissions for reading and writing files and their attributes.
-#
-define(`rw_file_perms', `{ ioctl read getattr lock write append }')
-
-#
# Permissions for reading and appending to files.
#
define(`ra_file_perms', `{ ioctl read getattr lock append }')
@@ -193,8 +188,30 @@ define(`create_shm_perms', `{ associate getattr setattr create destroy read writ
########################################
#
-# Specialized permission sets
+# New permission sets
+#
+
+#
+# Directory
+#
+define(`search_dir_perms',`{ search }')
+define(`getattr_dir_perms',`{ getattr }')
+define(`setattr_dir_perms',`{ setattr }')
+define(`list_dir_perms',`{ getattr search read lock ioctl }')
+define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }')
+define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
+define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
+
+#
+# File
#
+define(`getattr_file_perms',`{ getattr }')
+define(`setattr_file_perms',`{ setattr }')
+define(`read_file_perms',`{ getattr read lock ioctl }')
+define(`append_file_perms',`{ getattr append lock ioctl }')
+define(`write_file_perms',`{ getattr write append lock ioctl }')
+define(`rw_file_perms', `{ getattr read write append ioctl lock }')
+define(`manage_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
#
# Use (read and write) terminals
More information about the scm-commits
mailing list