An ability grants additional access to a domain via Reference Policy interfaces or SELinux allow rules (Permissions). As shown below, the Ability Editor provides a way to specify the Interfaces and Permissions for a custom ability. When possible, tailor abilities using interfaces instead of creating new allow rules. Select 'Interfaces' to display a tree of all interfaces that can be added to an ability. Select the checkbox to the left of an interface to add that interface to the ability.
Click the Add Class button to add a new SELinux object class to the permission list for the ability. Once the object class is added, modify the permissions by clicking checkboxes on the right.
To see details for a particular interface, select the 'Declaration' view and click on an interface. The interface declaration will be displayed in the declaration view, as shown below.
©2005 - 2009 Tresys Technology, LLC