[selinux-policy: 2044/3172] trunk: add missing ubac module.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:01:30 UTC 2010
commit 0003940ff28812c444e5d1f8f7bc6ac81b6570fc
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Nov 5 16:11:27 2008 +0000
trunk: add missing ubac module.
policy/modules/kernel/ubac.fc | 1 +
policy/modules/kernel/ubac.if | 184 +++++++++++++++++++++++++++++++++++++++++
policy/modules/kernel/ubac.te | 20 +++++
3 files changed, 205 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/kernel/ubac.fc b/policy/modules/kernel/ubac.fc
new file mode 100644
index 0000000..778366f
--- /dev/null
+++ b/policy/modules/kernel/ubac.fc
@@ -0,0 +1 @@
+# no UBAC file contexts
diff --git a/policy/modules/kernel/ubac.if b/policy/modules/kernel/ubac.if
new file mode 100644
index 0000000..7477750
--- /dev/null
+++ b/policy/modules/kernel/ubac.if
@@ -0,0 +1,184 @@
+## <summary>User-based access control policy</summary>
+## <required val="true">
+## Contains attributes used in UBAC policy.
+## </required>
+
+########################################
+## <summary>
+## Constrain by user-based access control.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be constrained by UBAC.
+## </summary>
+## </param>
+#
+interface(`ubac_constrained',`
+ gen_require(`
+ attribute ubac_constrained_type;
+ ')
+
+ typeattribute $1 ubac_constrained_type;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_file_exempt',`
+ gen_require(`
+ attribute ubacfile;
+ ')
+
+ typeattribute $1 ubacfile;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for processes.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_process_exempt',`
+ gen_require(`
+ attribute ubacproc;
+ ')
+
+ typeattribute $1 ubacproc;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for file descriptors.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_fd_exempt',`
+ gen_require(`
+ attribute ubacfd;
+ ')
+
+ typeattribute $1 ubacfd;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for sockets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_socket_exempt',`
+ gen_require(`
+ attribute ubacsock;
+ ')
+
+ typeattribute $1 ubacsock;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for SysV IPC.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_sysvipc_exempt',`
+ gen_require(`
+ attribute ubacipc;
+ ')
+
+ typeattribute $1 ubacipc;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for X Windows.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_xwin_exempt',`
+ gen_require(`
+ attribute ubacxwin;
+ ')
+
+ typeattribute $1 ubacxwin;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_dbus_exempt',`
+ gen_require(`
+ attribute ubacdbus;
+ ')
+
+ typeattribute $1 ubacdbus;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for keys.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_key_exempt',`
+ gen_require(`
+ attribute ubackey;
+ ')
+
+ typeattribute $1 ubackey;
+')
+
+########################################
+## <summary>
+## Exempt user-based access control for databases.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to be exempted.
+## </summary>
+## </param>
+#
+interface(`ubac_db_exempt',`
+ gen_require(`
+ attribute ubacdb;
+ ')
+
+ typeattribute $1 ubacdb;
+')
diff --git a/policy/modules/kernel/ubac.te b/policy/modules/kernel/ubac.te
new file mode 100644
index 0000000..c1f106d
--- /dev/null
+++ b/policy/modules/kernel/ubac.te
@@ -0,0 +1,20 @@
+
+policy_module(ubac, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute ubac_constrained_type;
+
+attribute ubacfile;
+attribute ubacproc;
+attribute ubacsock;
+attribute ubacfd;
+attribute ubacipc;
+attribute ubacxwin;
+attribute ubacdbus;
+attribute ubackey;
+attribute ubacdb;
+
More information about the scm-commits
mailing list