[selinux-policy: 2453/3172] Improve the documentation of domain interfaces: domain_type() domain_use_interactive_fds()
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:37:48 UTC 2010
commit 88daf126f29a667808a4119a8712df790c468e85
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 2 12:52:07 2010 -0500
Improve the documentation of domain interfaces:
domain_type()
domain_use_interactive_fds()
policy/modules/kernel/domain.if | 40 +++++++++++++++++++++++++++++++++++++++
1 files changed, 40 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 5667bcc..6c0c20b 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -35,11 +35,42 @@ interface(`domain_base_type',`
## <summary>
## Make the specified type usable as a domain.
## </summary>
+## <desc>
+## <p>
+## Make the specified type usable as a domain. This,
+## or an interface that calls this interface, must be
+## used on all types that are used as domains.
+## </p>
+## <p>
+## Related interfaces:
+## </p>
+## <ul>
+## <li>application_domain()</li>
+## <li>init_daemon_domain()</li>
+## <li>init_domaion()</li>
+## <li>init_ranged_daemon_domain()</li>
+## <li>init_ranged_domain()</li>
+## <li>init_ranged_system_domain()</li>
+## <li>init_script_domain()</li>
+## <li>init_system_domain()</li>
+## </ul>
+## <p>
+## Example:
+## </p>
+## <p>
+## type mydomain_t;
+## domain_type(mydomain_t)
+## type myfile_t;
+## files_type(myfile_t)
+## allow mydomain_t myfile_t:file read_file_perms;
+## </p>
+## </desc>
## <param name="type">
## <summary>
## Type to be used as a domain type.
## </summary>
## </param>
+## <infoflow type="none"/>
#
interface(`domain_type',`
# start with basic domain
@@ -340,11 +371,20 @@ interface(`domain_cron_exemption_target',`
## Inherit and use file descriptors from
## domains with interactive programs.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to inherit and use file
+## descriptors from domains with interactive programs.
+## This does not allow access to the objects being referenced
+## by the file descriptors.
+## </p>
+## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="read" weight="1"/>
#
interface(`domain_use_interactive_fds',`
gen_require(`
More information about the scm-commits
mailing list