Tree - rpms/selinux-policy - src.fedoraproject.org

psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago

Blame lockdev.if

Blob History Raw

Dominick Grift	3accc67	`## <summary>Library for locking devices.</summary>`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`########################################`
Chris PeBenito	9401ae1	`## <summary>`
Dominick Grift	3accc67	`## Role access for lockdev.`
Chris PeBenito	9401ae1	`## </summary>`
Chris PeBenito	9401ae1	`## <param name="role">`
Chris PeBenito	9401ae1	`## <summary>`
Dominick Grift	3accc67	`## Role allowed access.`
Chris PeBenito	9401ae1	`## </summary>`
Chris PeBenito	9401ae1	`## </param>`
Chris PeBenito	9401ae1	`## <param name="domain">`
Chris PeBenito	9401ae1	`## <summary>`
Dominick Grift	3accc67	`## User domain for the role.`
Chris PeBenito	9401ae1	`## </summary>`
Chris PeBenito	9401ae1	`## </param>`
Chris PeBenito	9401ae1	`#`
Chris PeBenito	9401ae1	interface(`lockdev_role',`
Chris PeBenito	9401ae1	gen_require(`
Dominick Grift	3accc67	`attribute_role lockdev_roles;`
Chris PeBenito	9401ae1	`type lockdev_t, lockdev_exec_t;`
Chris PeBenito	9401ae1	`')`
Chris PeBenito	9401ae1
Dominick Grift	3accc67	`########################################`
Dominick Grift	3accc67	`#`
Dominick Grift	3accc67	`# Declarations`
Dominick Grift	3accc67	`#`
Dominick Grift	3accc67
Dominick Grift	3accc67	`roleattribute $1 lockdev_roles;`
Dominick Grift	3accc67
Dominick Grift	3accc67	`########################################`
Dominick Grift	3accc67	`#`
Dominick Grift	3accc67	`# Policy`
Dominick Grift	3accc67	`#`
Chris PeBenito	9401ae1
Chris PeBenito	9401ae1	`domtrans_pattern($2, lockdev_exec_t, lockdev_t)`
Chris PeBenito	9401ae1
Dominick Grift	3accc67	`allow $2 lockdev_t:process { ptrace signal_perms };`
Chris PeBenito	9401ae1	`ps_process_pattern($2, lockdev_t)`
Dominick Grift	3accc67
Dominick Grift	3accc67	`allow lockdev_t $2:process signull;`
Chris PeBenito	9401ae1	`')`

psss / rpms / selinux-policy

Source Code

Blame lockdev.if