Changeset 2720

Show
Ignore:
Timestamp:
06/17/08 14:45:37 (2 months ago)
Author:
cpebenito
Message:

rbacsep: switch old userdom templated interface calls over to reclaimed interfaces.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/rbacsep/policy/modules/admin/su.te

    r2687 r2720  
    4141selinux_compute_access_vector(su_t) 
    4242 
    43 auth_domtrans_user_chk_passwd($1,su_t) 
     43auth_domtrans_chk_passwd(su_t) 
    4444auth_dontaudit_read_shadow(su_t) 
    4545auth_use_nsswitch(su_t) 
     
    6868miscfiles_read_localization(su_t) 
    6969 
    70 userdom_use_user_terminals($1,su_t) 
    71 userdom_search_user_home_dirs($1,su_t) 
     70userdom_use_user_terminals(su_t) 
     71userdom_search_user_home_dirs(su_t) 
    7272 
    7373ifdef(`distro_rhel4',` 

  • branches/rbacsep/policy/modules/admin/sudo.te

    r2687 r2720  
    7070miscfiles_read_localization(sudo_t) 
    7171 
    72 userdom_manage_user_home_content_files($1,sudo_t) 
    73 userdom_manage_user_home_content_symlinks($1,sudo_t) 
    74 userdom_manage_user_tmp_files($1,sudo_t) 
    75 userdom_manage_user_tmp_symlinks($1,sudo_t) 
    76 userdom_use_user_terminals($1,sudo_t) 
    77 userdom_use_unpriv_users_fds(sudo_t) 
     72userdom_manage_user_home_content_files(sudo_t) 
     73userdom_manage_user_home_content_symlinks(sudo_t) 
     74userdom_manage_user_tmp_files(sudo_t) 
     75userdom_manage_user_tmp_symlinks(sudo_t) 
     76userdom_use_user_terminals(sudo_t) 
    7877# for some PAM modules and for cwd 
    7978userdom_dontaudit_search_all_users_home_content(sudo_t) 

  • branches/rbacsep/policy/modules/apps/cdrecord.te

    r2687 r2720  
    5555 
    5656# write to the user domain tty. 
    57 userdom_use_user_terminals($1, cdrecord_t) 
    58 userdom_read_user_home_content_files($1, cdrecord_t) 
     57userdom_use_user_terminals(cdrecord_t) 
     58userdom_read_user_home_content_files(cdrecord_t) 
    5959 
    6060# Handle nfs home dirs 
     
    8686# Handle removable media, /tmp, and /home 
    8787tunable_policy(`cdrecord_read_content',` 
    88         userdom_list_user_tmp($1, cdrecord_t) 
    89         userdom_read_user_tmp_files($1, drecord_t) 
    90         userdom_read_user_tmp_symlinks($1, cdrecord_t) 
    91         userdom_search_user_home_dirs($1, cdrecord_t) 
    92         userdom_read_user_home_content_files($1, cdrecord_t) 
    93         userdom_read_user_home_content_symlinks($1, cdrecord_t) 
     88        userdom_list_user_tmp(cdrecord_t) 
     89        userdom_read_user_tmp_files(cdrecord_t) 
     90        userdom_read_user_tmp_symlinks(cdrecord_t) 
     91        userdom_read_user_home_content_files(cdrecord_t) 
     92        userdom_read_user_home_content_symlinks(cdrecord_t) 
    9493         
    95         ifdef(`enable_mls',` 
    96         ',` 
     94        ifndef(`enable_mls',` 
    9795                fs_search_removable(cdrecord_t) 
    9896                fs_read_removable_files(cdrecord_t) 
     
    104102        fs_dontaudit_list_removable(cdrecord_t) 
    105103        fs_dontaudit_read_removable_files(cdrecord_t) 
    106         userdom_dontaudit_list_user_tmp($1, cdrecord_t) 
    107         userdom_dontaudit_read_user_tmp_files($1, cdrecord_t) 
    108         userdom_dontaudit_list_user_home_dirs($1, cdrecord_t) 
    109         userdom_dontaudit_read_user_home_content_files($1, cdrecord_t) 
     104        userdom_dontaudit_list_user_tmp(cdrecord_t) 
     105        userdom_dontaudit_read_user_tmp_files(cdrecord_t) 
     106        userdom_dontaudit_list_user_home_dirs(cdrecord_t) 
     107        userdom_dontaudit_read_user_home_content_files(cdrecord_t) 
    110108') 
    111109 

  • branches/rbacsep/policy/modules/apps/ethereal.te

    r2687 r2720  
    1313type ethereal_home_t; 
    1414files_poly_member(ethereal_home_t) 
    15 userdom_user_home_content($1, ethereal_home_t) 
     15userdom_user_home_content(ethereal_home_t) 
    1616 
    1717type ethereal_tmp_t; 
     
    5151manage_files_pattern(ethereal_t, ethereal_home_t, ethereal_home_t) 
    5252manage_lnk_files_pattern(ethereal_t, ethereal_home_t, ethereal_home_t) 
    53 userdom_user_home_dir_filetrans($1, ethereal_t, ethereal_home_t, dir) 
     53userdom_user_home_dir_filetrans(ethereal_t, ethereal_home_t, dir) 
    5454 
    5555# Store temporary files 
     
    9393sysnet_read_config(ethereal_t) 
    9494 
    95 userdom_manage_user_home_content_files($1, ethereal_t) 
     95userdom_manage_user_home_content_files(ethereal_t) 
    9696 
    9797tunable_policy(`use_nfs_home_dirs',` 

  • branches/rbacsep/policy/modules/apps/evolution.te

    r2687 r2720  
    3636type evolution_home_t; 
    3737files_poly_member(evolution_home_t) 
    38 userdom_user_home_content($1, evolution_home_t) 
     38userdom_user_home_content(evolution_home_t) 
    3939 
    4040type evolution_orbit_tmp_t; 
     
    8383allow evolution_t evolution_home_t:file manage_file_perms; 
    8484allow evolution_t evolution_home_t:lnk_file manage_lnk_file_perms; 
    85 userdom_search_user_home_dirs($1, evolution_t) 
     85userdom_search_user_home_dirs(evolution_t) 
    8686 
    8787allow evolution_t evolution_orbit_tmp_t:dir manage_dir_perms; 
     
    173173udev_read_state(evolution_t) 
    174174 
    175 userdom_rw_user_tmp_files($1, evolution_t) 
    176 userdom_manage_user_tmp_dirs($1, evolution_t) 
    177 userdom_manage_user_tmp_sockets($1, evolution_t) 
    178 userdom_manage_user_tmp_files($1, evolution_t) 
    179 userdom_use_user_terminals($1, evolution_t) 
     175userdom_rw_user_tmp_files(evolution_t) 
     176userdom_manage_user_tmp_dirs(evolution_t) 
     177userdom_manage_user_tmp_sockets(evolution_t) 
     178userdom_manage_user_tmp_files(evolution_t) 
     179userdom_use_user_terminals(evolution_t) 
    180180# FIXME: suppress access to .local/.icons/.themes until properly implemented 
    181181# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization) 
    182182# until properly implemented 
    183 userdom_dontaudit_read_user_home_content_files($1, evolution_t) 
     183userdom_dontaudit_read_user_home_content_files(evolution_t) 
    184184 
    185185mta_read_config(evolution_t) 
     
    226226 
    227227tunable_policy(`mail_read_content',` 
    228         userdom_list_user_tmp($1, evolution_t) 
    229         userdom_read_user_tmp_files($1, evolution_t) 
    230         userdom_read_user_tmp_symlinks($1, evolution_t) 
    231         userdom_search_user_home_dirs($1, evolution_t) 
    232         userdom_read_user_home_content_files($1, evolution_t) 
    233         userdom_read_user_home_content_symlinks($1, evolution_t) 
     228        userdom_list_user_tmp(evolution_t) 
     229        userdom_read_user_tmp_files(evolution_t) 
     230        userdom_read_user_tmp_symlinks(evolution_t) 
     231        userdom_read_user_home_content_files(evolution_t) 
     232        userdom_read_user_home_content_symlinks(evolution_t) 
    234233         
    235234        ifndef(`enable_mls',` 
     
    243242        fs_dontaudit_list_removable(evolution_t) 
    244243        fs_dontaudit_read_removable_files(evolution_t) 
    245         userdom_dontaudit_list_user_tmp($1, evolution_t) 
    246         userdom_dontaudit_read_user_tmp_files($1, evolution_t) 
    247         userdom_dontaudit_list_user_home_dirs($1, evolution_t) 
    248         userdom_dontaudit_read_user_home_content_files($1, evolution_t) 
     244        userdom_dontaudit_list_user_tmp(evolution_t) 
     245        userdom_dontaudit_read_user_tmp_files(evolution_t) 
     246        userdom_dontaudit_list_user_home_dirs(evolution_t) 
     247        userdom_dontaudit_read_user_home_content_files(evolution_t) 
    249248') 
    250249 
     
    418417 
    419418# Access evolution home 
    420 userdom_search_user_home_dirs($1, evolution_alarm_t) 
     419userdom_search_user_home_dirs(evolution_alarm_t) 
    421420# FIXME: suppress access to .local/.icons/.themes until properly implemented 
    422421# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization) 
    423422# until properly implemented 
    424 userdom_dontaudit_read_user_home_content_files($1, evolution_alarm_t) 
     423userdom_dontaudit_read_user_home_content_files(evolution_alarm_t) 
    425424 
    426425xserver_user_x_domain_template($1, evolution_alarm,evolution_alarm_t, evolution_alarm_tmpfs_t) 
     
    506505  
    507506# Access evolution home 
    508 userdom_search_user_home_dirs($1, evolution_exchange_t) 
     507userdom_search_user_home_dirs(evolution_exchange_t) 
    509508# FIXME: suppress access to .local/.icons/.themes until properly implemented 
    510509# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization) 
    511510# until properly implemented 
    512 userdom_dontaudit_read_user_home_content_files($1, evolution_exchange_t) 
     511userdom_dontaudit_read_user_home_content_files(evolution_exchange_t) 
    513512 
    514513xserver_user_x_domain_template($1, evolution_exchange,evolution_exchange_t, evolution_exchange_tmpfs_t) 
     
    595594 
    596595# Access evolution home 
    597 userdom_search_user_home_dirs($1, evolution_server_t) 
     596userdom_search_user_home_dirs(evolution_server_t) 
    598597# FIXME: suppress access to .local/.icons/.themes until properly implemented 
    599598# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization) 
    600599# until properly implemented 
    601 userdom_dontaudit_read_user_home_content_files($1, evolution_server_t) 
     600userdom_dontaudit_read_user_home_content_files(evolution_server_t) 
    602601 
    603602# Access evolution home 
     
    651650 
    652651# Search home directory (?) 
    653 userdom_search_user_home_dirs($1, evolution_webcal_t) 
     652userdom_search_user_home_dirs(evolution_webcal_t) 
    654653# FIXME: suppress access to .local/.icons/.themes until properly implemented 
    655654# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization) 
    656655# until properly implemented 
    657 userdom_dontaudit_read_user_home_content_files($1, evolution_webcal_t) 
     656userdom_dontaudit_read_user_home_content_files(evolution_webcal_t) 
    658657 
    659658xserver_user_x_domain_template($1, evolution_webcal, evolution_webcal_t, evolution_webcal_tmpfs_t) 

  • branches/rbacsep/policy/modules/apps/games.te

    r2687 r2720  
    152152sysnet_read_config(games_t) 
    153153 
    154 userdom_manage_user_tmp_dirs($1,games_t) 
    155 userdom_manage_user_tmp_files($1,games_t) 
    156 userdom_manage_user_tmp_symlinks($1,games_t) 
    157 userdom_manage_user_tmp_sockets($1,games_t) 
     154userdom_manage_user_tmp_dirs(games_t) 
     155userdom_manage_user_tmp_files(games_t) 
     156userdom_manage_user_tmp_symlinks(games_t) 
     157userdom_manage_user_tmp_sockets(games_t) 
    158158# Suppress .icons denial until properly implemented 
    159 userdom_dontaudit_read_user_home_content_files($1,games_t) 
     159userdom_dontaudit_read_user_home_content_files(games_t) 
    160160 
    161161tunable_policy(`allow_execmem',` 

  • branches/rbacsep/policy/modules/apps/gift.te

    r2687 r2720  
    1313type gift_home_t; 
    1414files_poly_member(gift_home_t) 
    15 userdom_user_home_content($1, gift_home_t) 
     15userdom_user_home_content(gift_home_t) 
    1616 
    1717type gift_tmpfs_t; 
     
    3838manage_files_pattern(gift_t, gift_home_t, gift_home_t) 
    3939manage_lnk_files_pattern(gift_t, gift_home_t, gift_home_t) 
    40 userdom_user_home_dir_filetrans($1, gift_t, gift_home_t,dir) 
     40userdom_user_home_dir_filetrans(gift_t, gift_home_t, dir) 
    4141 
    4242# Launch gift daemon 
     
    6060 
    6161# giftui looks in .icons, .themes. 
    62 userdom_dontaudit_read_user_home_content_files($1, gift_t) 
     62userdom_dontaudit_read_user_home_content_files(gift_t) 
    6363 
    6464tunable_policy(`use_nfs_home_dirs',` 
     
    9595manage_files_pattern(giftd_t, gift_home_t, gift_home_t) 
    9696manage_lnk_files_pattern(giftd_t, gift_home_t, gift_home_t) 
    97 userdom_user_home_dir_filetrans($1, giftd_t, gift_home_t, dir) 
     97userdom_user_home_dir_filetrans(giftd_t, gift_home_t, dir) 
    9898 
    9999kernel_read_system_state(giftd_t) 
     
    127127sysnet_read_config(giftd_t) 
    128128 
    129 userdom_use_user_terminals($1, giftd_t) 
     129userdom_use_user_terminals(giftd_t) 
    130130 
    131131tunable_policy(`use_nfs_home_dirs',` 

  • branches/rbacsep/policy/modules/apps/gnome.te

    r2687 r2720  
    1313 
    1414type gconf_home_t; 
    15 userdom_user_home_content($1, gconf_home_t) 
     15userdom_user_home_content(gconf_home_t) 
    1616 
    1717type gconfd_t, gnomedomain; 
     
    2020 
    2121type gnome_home_t; 
    22 userdom_user_home_content($1, gnome_home_t) 
     22userdom_user_home_content(gnome_home_t) 
    2323 
    2424type gconf_tmp_t; 
     
    3535manage_dirs_pattern(gconfd_t, gconf_home_t, gconf_home_t) 
    3636manage_files_pattern(gconfd_t, gconf_home_t, gconf_home_t) 
    37 userdom_user_home_dir_filetrans($1, gconfd_t, gconf_home_t, dir) 
     37userdom_user_home_dir_filetrans(gconfd_t, gconf_home_t, dir) 
    3838 
    3939manage_dirs_pattern(gconfd_t, gconf_tmp_t, gconf_tmp_t) 
    4040manage_files_pattern(gconfd_t, gconf_tmp_t, gconf_tmp_t) 
    41 userdom_user_tmp_filetrans($1,gconfd_t, gconf_tmp_t, { dir file }) 
     41userdom_user_tmp_filetrans(gconfd_t, gconf_tmp_t, { dir file }) 
    4242 
    4343allow gconfd_t gconf_etc_t:dir list_dir_perms; 
     
    5555logging_send_syslog_msg(gconfd_t) 
    5656 
    57 userdom_manage_user_tmp_sockets($1, gconfd_t) 
    58 userdom_manage_user_tmp_dirs($1,gconfd_t) 
    59 userdom_tmp_filetrans_user_tmp($1, gconfd_t, dir) 
     57userdom_manage_user_tmp_sockets(gconfd_t) 
     58userdom_manage_user_tmp_dirs(gconfd_t) 
     59userdom_tmp_filetrans_user_tmp(gconfd_t, dir) 
    6060 
    6161optional_policy(` 

  • branches/rbacsep/policy/modules/apps/gpg.te

    r2705 r2720  
    2727 
    2828type gpg_secret_t; 
    29 userdom_user_home_content($1, gpg_secret_t) 
     29userdom_user_home_content(gpg_secret_t) 
    3030 
    3131type gpg_helper_t; 
     
    5555manage_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t) 
    5656manage_lnk_files_pattern(gpg_t, gpg_secret_t, gpg_secret_t) 
    57 userdom_user_home_dir_filetrans($1, gpg_t, gpg_secret_t, dir) 
     57userdom_user_home_dir_filetrans(gpg_t, gpg_secret_t, dir) 
    5858 
    5959corenet_all_recvfrom_unlabeled(gpg_t) 
     
    8888sysnet_read_config(gpg_t) 
    8989 
    90 userdom_use_user_terminals($1, gpg_t) 
     90userdom_use_user_terminals(gpg_t) 
    9191 
    9292optional_policy(` 
     
    182182 
    183183# Write to the user domain tty. 
    184 userdom_use_user_terminals($1, gpg_agent_t) 
     184userdom_use_user_terminals(gpg_agent_t) 
    185185# read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d ) 
    186 userdom_search_user_home_dirs($1, gpg_agent_t) 
     186userdom_search_user_home_dirs(gpg_agent_t) 
    187187 
    188188tunable_policy(`gpg_agent_env_file',` 
     
    190190        # or subdir (gpg-agent --write-env-file option) 
    191191        # 
    192         userdom_user_home_dir_filetrans_user_home_content($1, gpg_agent_t,file) 
    193         userdom_manage_user_home_content_dirs($1, gpg_agent_t) 
    194         userdom_manage_user_home_content_files($1, gpg_agent_t) 
     192        userdom_user_home_dir_filetrans_user_home_content(gpg_agent_t, file) 
     193        userdom_manage_user_home_content_dirs(gpg_agent_t) 
     194        userdom_manage_user_home_content_files(gpg_agent_t) 
    195195') 
    196196 
     
    233233 
    234234# for .Xauthority 
    235 userdom_read_user_home_content_files($1, gpg_pinentry_t) 
     235userdom_read_user_home_content_files(gpg_pinentry_t) 
    236236 
    237237tunable_policy(`use_nfs_home_dirs',` 

  • branches/rbacsep/policy/modules/apps/irc.te

    r2687 r2720  
    1313 
    1414type irc_home_t; 
    15 userdom_user_home_content($1,irc_home_t) 
     15userdom_user_home_content(irc_home_t) 
    1616 
    1717type irc_tmp_t; 
    18 userdom_user_home_content($1,irc_tmp_t) 
     18userdom_user_home_content(irc_tmp_t) 
    1919 
    2020######################################## 
     
    3030manage_files_pattern(irc_t, irc_home_t, irc_home_t) 
    3131manage_lnk_files_pattern(irc_t, irc_home_t, irc_home_t) 
    32 userdom_user_home_dir_filetrans($1, irc_t, irc_home_t, { dir file lnk_file }) 
     32userdom_user_home_dir_filetrans(irc_t, irc_home_t, { dir file lnk_file }) 
    3333 
    3434# access files under /tmp 
     
    8383 
    8484# Write to the user domain tty. 
    85 userdom_use_user_terminals($1,irc_t) 
     85userdom_use_user_terminals(irc_t) 
    8686 
    8787tunable_policy(`use_nfs_home_dirs',` 

  • branches/rbacsep/policy/modules/apps/java.te

    r2687 r2720  
    9898sysnet_read_config(java_t) 
    9999 
    100 userdom_dontaudit_use_user_terminals($1,java_t) 
    101 userdom_dontaudit_setattr_user_home_content_files($1,java_t) 
    102 userdom_dontaudit_exec_user_home_content_files($1,java_t) 
    103 userdom_manage_user_home_content_dirs($1,java_t) 
    104 userdom_manage_user_home_content_files($1,java_t) 
    105 userdom_manage_user_home_content_symlinks($1,java_t) 
    106 userdom_manage_user_home_content_pipes($1,java_t) 
    107 userdom_manage_user_home_content_sockets($1,java_t) 
    108 userdom_user_home_dir_filetrans_user_home_content($1,java_t,{ file lnk_file sock_file fifo_file }) 
    109 userdom_write_user_tmp_sockets($1,java_t) 
     100userdom_dontaudit_use_user_terminals(java_t) 
     101userdom_dontaudit_setattr_user_home_content_files(java_t) 
     102userdom_dontaudit_exec_user_home_content_files(java_t) 
     103userdom_manage_user_home_content_dirs(java_t) 
     104userdom_manage_user_home_content_files(java_t) 
     105userdom_manage_user_home_content_symlinks(java_t) 
     106userdom_manage_user_home_content_pipes(java_t) 
     107userdom_manage_user_home_content_sockets(java_t) 
     108userdom_user_home_dir_filetrans_user_home_content(java_t, { file lnk_file sock_file fifo_file }) 
     109userdom_write_user_tmp_sockets(java_t) 
    110110 
    111111tunable_policy(`allow_java_execstack',` 

  • branches/rbacsep/policy/modules/apps/lockdev.te

    r2687 r2720  
    3535logging_send_syslog_msg(lockdev_t) 
    3636 
    37 userdom_use_user_terminals($1, lockdev_t) 
     37userdom_use_user_terminals(lockdev_t) 
    3838 

  • branches/rbacsep/policy/modules/apps/mozilla.te

    r2687 r2720  
    2323type mozilla_home_t; 
    2424files_poly_member(mozilla_home_t) 
    25 userdom_user_home_content($1,mozilla_home_t) 
     25userdom_user_home_content(mozilla_home_t) 
    2626 
    2727type mozilla_tmpfs_t; 
     
    5151manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t) 
    5252manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t) 
    53 userdom_search_user_home_dirs($1,mozilla_t) 
     53userdom_search_user_home_dirs(mozilla_t) 
    5454 
    5555# Mozpluggerrc 
     
    135135sysnet_dns_name_resolve(mozilla_t) 
    136136 
    137 userdom_manage_user_home_content_dirs($1,mozilla_t) 
    138 userdom_manage_user_home_content_files($1,mozilla_t) 
    139 userdom_manage_user_home_content_symlinks($1,mozilla_t) 
    140 userdom_manage_user_tmp_dirs($1,mozilla_t) 
    141 userdom_manage_user_tmp_files($1,mozilla_t) 
    142 userdom_manage_user_tmp_sockets($1,mozilla_t) 
     137userdom_manage_user_home_content_dirs(mozilla_t) 
     138userdom_manage_user_home_content_files(mozilla_t) 
     139userdom_manage_user_home_content_symlinks(mozilla_t) 
     140userdom_manage_user_tmp_dirs(mozilla_t) 
     141userdom_manage_user_tmp_files(mozilla_t) 
     142userdom_manage_user_tmp_sockets(mozilla_t) 
    143143 
    144144xserver_user_x_domain_template($1,mozilla,mozilla_t, mozilla_tmpfs_t) 
     
    189189 
    190190tunable_policy(`mozilla_read_content',` 
    191         userdom_list_user_tmp($1,mozilla_t) 
    192         userdom_read_user_tmp_files($1,mozilla_t) 
    193         userdom_read_user_tmp_symlinks($1,mozilla_t) 
    194         userdom_search_user_home_dirs($1,mozilla_t) 
    195         userdom_read_user_home_content_files($1,mozilla_t) 
    196         userdom_read_user_home_content_symlinks($1,mozilla_t) 
     191        userdom_list_user_tmp(mozilla_t) 
     192        userdom_read_user_tmp_files(mozilla_t) 
     193        userdom_read_user_tmp_symlinks(mozilla_t) 
     194        userdom_read_user_home_content_files(mozilla_t) 
     195        userdom_read_user_home_content_symlinks(mozilla_t) 
    197196         
    198197        ifdef(`enable_mls',`',` 
     
    206205        fs_dontaudit_list_removable(mozilla_t) 
    207206        fs_dontaudit_read_removable_files(mozilla_t) 
    208         userdom_dontaudit_list_user_tmp($1,mozilla_t) 
    209         userdom_dontaudit_read_user_tmp_files($1,mozilla_t) 
    210         userdom_dontaudit_list_user_home_dirs($1,mozilla_t) 
    211         userdom_dontaudit_read_user_home_content_files($1,mozilla_t) 
     207        userdom_dontaudit_list_user_tmp(mozilla_t) 
     208        userdom_dontaudit_read_user_tmp_files(mozilla_t) 
     209        userdom_dontaudit_list_user_home_dirs(mozilla_t) 
     210        userdom_dontaudit_read_user_home_content_files(mozilla_t) 
    212211') 
    213212 

  • branches/rbacsep/policy/modules/apps/mplayer.te

    r2687 r2720  
    2727type mplayer_home_t; 
    2828files_poly_member(mplayer_home_t) 
    29 userdom_user_home_content($1,mplayer_home_t) 
     29userdom_user_home_content(mplayer_home_t) 
    3030 
    3131type mplayer_tmpfs_t; 
     
    7171miscfiles_read_localization(mencoder_t) 
    7272 
    73 userdom_use_user_terminals($1,mencoder_t) 
     73userdom_use_user_terminals(mencoder_t) 
    7474# Handle removable media, /tmp, and /home 
    75 userdom_list_user_tmp($1,mencoder_t) 
    76 userdom_read_user_tmp_files($1,mencoder_t) 
    77 userdom_read_user_tmp_symlinks($1,mencoder_t) 
    78 userdom_read_user_home_content_files($1,mencoder_t) 
    79 userdom_read_user_home_content_symlinks($1,mencoder_t) 
     75userdom_list_user_tmp(mencoder_t) 
     76userdom_read_user_tmp_files(mencoder_t) 
     77userdom_read_user_tmp_symlinks(mencoder_t) 
     78userdom_read_user_home_content_files(mencoder_t) 
     79userdom_read_user_home_content_symlinks(mencoder_t) 
    8080 
    8181# Read content to encode 
     
    227227manage_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t) 
    228228manage_lnk_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t) 
    229 userdom_search_user_home_dirs($1,mplayer_t) 
     229userdom_search_user_home_dirs(mplayer_t) 
    230230 
    231231manage_files_pattern(mplayer_t, mplayer_tmpfs_t, mplayer_tmpfs_t) 
     
    287287miscfiles_read_fonts(mplayer_t) 
    288288 
    289 userdom_use_user_terminals($1,mplayer_t) 
     289userdom_use_user_terminals(mplayer_t) 
    290290# Read media files 
    291 userdom_list_user_tmp($1,mplayer_t) 
    292 userdom_read_user_tmp_files($1,mplayer_t) 
    293 userdom_read_user_tmp_symlinks($1,mplayer_t) 
    294 userdom_read_user_home_content_files($1,mplayer_t) 
    295 userdom_read_user_home_content_symlinks($1,mplayer_t) 
     291userdom_list_user_tmp(mplayer_t) 
     292userdom_read_user_tmp_files(mplayer_t) 
     293userdom_read_user_tmp_symlinks(mplayer_t) 
     294userdom_read_user_home_content_files(mplayer_t) 
     295userdom_read_user_home_content_symlinks(mplayer_t) 
    296296 
    297297xserver_user_x_domain_template($1,mplayer,mplayer_t, mplayer_tmpfs_t) 

  • branches/rbacsep/policy/modules/apps/rssh.te

    r2680 r2720  
    2121 
    2222type rssh_ro_t, rssh_ro_content_type; 
    23 userdom_user_home_content($1,rssh_ro_t) 
     23userdom_user_home_content(rssh_ro_t) 
    2424 
    2525type rssh_rw_t; 
    26 userdom_user_home_content($1,rssh_rw_t) 
     26userdom_user_home_content(rssh_rw_t) 
    2727 
    2828############################## 

  • branches/rbacsep/policy/modules/apps/screen.te

    r2687 r2720  
    105105sysnet_read_config(screen_t) 
    106106 
    107 userdom_use_user_terminals($1,screen_t) 
    108 userdom_create_user_pty($1,screen_t) 
    109 userdom_setattr_user_ptys($1,screen_t) 
     107userdom_use_user_terminals(screen_t) 
     108userdom_create_user_pty(screen_t) 
     109userdom_setattr_user_ptys(screen_t) 
    110110 
    111111tunable_policy(`read_default_t',` 

  • branches/rbacsep/policy/modules/apps/thunderbird.te

    r2687 r2720  
    1010type thunderbird_exec_t; 
    1111application_domain(thunderbird_t, thunderbird_exec_t) 
    12 role $3 types thunderbird_t; 
    1312 
    1413type thunderbird_home_t; 
    1514files_poly_member(thunderbird_home_t) 
    16 userdom_user_home_content($1, thunderbird_home_t) 
     15userdom_user_home_content(thunderbird_home_t) 
    1716 
    1817type thunderbird_tmpfs_t; 
     
    3635manage_files_pattern(thunderbird_t, thunderbird_home_t, thunderbird_home_t) 
    3736manage_lnk_files_pattern(thunderbird_t, thunderbird_home_t, thunderbird_home_t) 
    38 userdom_search_user_home_dirs($1,thunderbird_t) 
     37userdom_search_user_home_dirs(thunderbird_t) 
    3938 
    4039manage_files_pattern(thunderbird_t, thunderbird_tmpfs_t, thunderbird_tmpfs_t) 
     
    102101miscfiles_read_localization(thunderbird_t) 
    103102 
    104 userdom_manage_user_tmp_dirs($1,thunderbird_t) 
    105 userdom_read_user_tmp_files($1,thunderbird_t) 
    106 userdom_manage_user_tmp_sockets($1,thunderbird_t) 
     103userdom_manage_user_tmp_dirs(thunderbird_t) 
     104userdom_read_user_tmp_files(thunderbird_t) 
     105userdom_manage_user_tmp_sockets(thunderbird_t) 
    107106# .kde/....gtkrc 
    108 userdom_read_user_home_content_files($1,thunderbird_t) 
     107userdom_read_user_home_content_files(thunderbird_t) 
    109108 
    110109xserver_user_x_domain_template($1,thunderbird,thunderbird_t, thunderbird_tmpfs_t) 
     
    154153 
    155154tunable_policy(`mail_read_content',` 
    156         userdom_list_user_tmp($1,thunderbird_t) 
    157         userdom_read_user_tmp_files($1,thunderbird_t) 
    158         userdom_read_user_tmp_symlinks($1,thunderbird_t) 
    159         userdom_search_user_home_dirs($1,thunderbird_t) 
    160         userdom_read_user_home_content_files($1,thunderbird_t) 
     155        userdom_list_user_tmp(thunderbird_t) 
     156        userdom_read_user_tmp_files(thunderbird_t) 
     157        userdom_read_user_tmp_symlinks(thunderbird_t) 
     158        userdom_search_user_home_dirs(thunderbird_t) 
     159        userdom_read_user_home_content_files(thunderbird_t) 
    161160         
    162161        ifndef(`enable_mls',` 
     
    172171        fs_dontaudit_read_removable_files(thunderbird_t) 
    173172 
    174         userdom_dontaudit_list_user_tmp($1,thunderbird_t) 
    175         userdom_dontaudit_read_user_tmp_files($1,thunderbird_t) 
    176         userdom_dontaudit_list_user_home_dirs($1,thunderbird_t) 
    177         userdom_dontaudit_read_user_home_content_files($1,thunderbird_t) 
     173        userdom_dontaudit_list_user_tmp(thunderbird_t) 
     174        userdom_dontaudit_read_user_tmp_files(thunderbird_t) 
     175        userdom_dontaudit_list_user_home_dirs(thunderbird_t) 
     176        userdom_dontaudit_read_user_home_content_files(thunderbird_t) 
    178177') 
    179178 

  • branches/rbacsep/policy/modules/apps/tvtime.te

    r2687 r2720  
    1212 
    1313type tvtime_home_t alias tvtime_rw_t; 
    14 userdom_user_home_content($1,tvtime_home_t) 
     14userdom_user_home_content(tvtime_home_t) 
    1515files_poly_member(tvtime_home_t) 
    1616 
     
    3535manage_files_pattern(tvtime_t, tvtime_home_t, tvtime_home_t) 
    3636manage_lnk_files_pattern(tvtime_t, tvtime_home_t, tvtime_home_t) 
    37 userdom_user_home_dir_filetrans($1, tvtime_t, tvtime_home_t, dir) 
     37userdom_user_home_dir_filetrans(tvtime_t, tvtime_home_t, dir) 
    3838 
    3939manage_dirs_pattern(tvtime_t, tvtime_tmp_t, tvtime_tmp_t) 
     
    6868miscfiles_read_fonts(tvtime_t) 
    6969 
    70 userdom_use_user_terminals($1,tvtime_t) 
    71 userdom_read_user_home_content_files($1,tvtime_t) 
     70userdom_use_user_terminals(tvtime_t) 
     71userdom_read_user_home_content_files(tvtime_t) 
    7272 
    7373# X access, Home files 

  • branches/rbacsep/policy/modules/apps/uml.te

    r2687 r2720  
    6666# access config files 
    6767allow uml_t { uml_ro_t uml_ro_t }:dir list_dir_perms; 
    68 read_files_pattern(uml_t, { uml_ro_t uml_ro_t },{ uml_ro_t uml_ro_t }) 
    69 read_lnk_files_pattern(uml_t, { uml_ro_t uml_ro_t },{ uml_ro_t uml_ro_t }) 
     68read_files_pattern(uml_t, { uml_ro_t uml_ro_t }, { uml_ro_t uml_ro_t }) 
     69read_lnk_files_pattern(uml_t, { uml_ro_t uml_ro_t }, { uml_ro_t uml_ro_t }) 
    7070 
    7171manage_dirs_pattern(uml_t, uml_rw_t, uml_rw_t) 
     
    7474manage_fifo_files_pattern(uml_t, uml_rw_t, uml_rw_t) 
    7575manage_sock_files_pattern(uml_t, uml_rw_t, uml_rw_t) 
    76 userdom_user_home_dir_filetrans($1,uml_t, uml_rw_t, { file lnk_file sock_file fifo_file }) 
     76userdom_user_home_dir_filetrans(uml_t, uml_rw_t, { file lnk_file sock_file fifo_file }) 
    7777 
    7878can_exec(uml_t, { uml_exec_t uml_exec_t }) 
     
    121121sysnet_read_config(uml_t) 
    122122 
    123 userdom_use_user_terminals($1,uml_t) 
     123userdom_use_user_terminals(uml_t) 
    124124 
    125125optional_policy(` 

  • branches/rbacsep/policy/modules/apps/vmware.te

    r2687 r2720  
    1313 
    1414type vmware_conf_t; 
    15 userdom_user_home_content($1,vmware_conf_t) 
     15userdom_user_home_content(vmware_conf_t) 
    1616 
    1717type vmware_file_t; 
    18 userdom_user_home_content($1,vmware_file_t) 
     18userdom_user_home_content(vmware_file_t) 
    1919 
    2020# VMWare host programs 
     
    219219miscfiles_read_localization(vmware_t) 
    220220 
    221 userdom_use_user_terminals($1,vmware_t) 
     221userdom_use_user_terminals(vmware_t) 
    222222userdom_use_unpriv_users_fds(vmware_t) 
    223 userdom_list_user_home_dirs($1,vmware_t) 
     223userdom_list_user_home_dirs(vmware_t) 
    224224# cjp: why? 
    225 userdom_read_user_home_content_files($1,vmware_t) 
     225userdom_read_user_home_content_files(vmware_t) 
    226226 
    227227sysnet_dns_name_resolve(vmware_t) 

  • branches/rbacsep/policy/modules/apps/wireshark.te

    r2687 r2720  
    1313type wireshark_home_t; 
    1414files_poly_member(wireshark_home_t) 
    15 userdom_user_home_content($1,wireshark_home_t) 
     15userdom_user_home_content(wireshark_home_t) 
    1616 
    1717type wireshark_tmp_t; 
     
    4444manage_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t) 
    4545manage_lnk_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t) 
    46 userdom_user_home_dir_filetrans($1,wireshark_t, wireshark_home_t,dir) 
     46userdom_user_home_dir_filetrans(wireshark_t, wireshark_home_t,dir) 
    4747 
    4848# Store temporary files 
     
    8686sysnet_read_config(wireshark_t) 
    8787 
    88 userdom_manage_user_home_content_files($1,wireshark_t) 
     88userdom_manage_user_home_content_files(wireshark_t) 
    8989 
    9090tunable_policy(`use_nfs_home_dirs',` 

  • branches/rbacsep/policy/modules/services/apache.te

    r2689 r2720  
    66#  This policy will work with SUEXEC enabled as part of the Apache 
    77#  configuration. However, the user CGI scripts will run under the 
    8 #  system_u:system_r:httpd_$1_script_t domain where $1 is the domain of the 
    9 #  of the creating user. 
    10 
    11 #  The user CGI scripts must be labeled with the httpd_$1_script_exec_t 
     8#  system_u:system_r:httpd_user_script_t. 
     9
     10#  The user CGI scripts must be labeled with the httpd_user_script_exec_t 
    1211#  type, and the directory containing the scripts should also be labeled 
    13 #  with these types. This policy allows user_r role to perform that  
    14 #  relabeling. If it is desired that only sysadm_r should be able to relabel 
    15 #  the user CGI scripts, then relabel rule for user_r should be removed. 
     12#  with these types. This policy allows the user role to perform that  
     13#  relabeling. If it is desired that only admin role should be able to relabel 
     14#  the user CGI scripts, then relabel rule for user roles should be removed. 
    1615# 
    1716 
     
    731730 
    732731typeattribute httpd_user_script_t httpd_script_domains; 
    733 userdom_user_home_content($1,httpd_user_content_t) 
     732userdom_user_home_content(httpd_user_content_t) 
    734733 
    735734tunable_policy(`httpd_enable_cgi && httpd_unified',` 
     
    739738# allow accessing files/dirs below the users home dir 
    740739tunable_policy(`httpd_enable_homedirs',` 
    741         userdom_search_user_home_dirs($1,httpd_t) 
    742         userdom_search_user_home_dirs($1,httpd_suexec_t) 
    743         userdom_search_user_home_dirs($1,httpd_user_script_t) 
    744 ') 
     740        userdom_search_user_home_dirs(httpd_t) 
     741        userdom_search_user_home_dirs(httpd_suexec_t) 
     742        userdom_search_user_home_dirs(httpd_user_script_t) 
     743') 

  • branches/rbacsep/policy/modules/services/cron.te

    r2689 r2720  
    550550miscfiles_read_localization(cronjob_t) 
    551551 
    552 userdom_manage_user_tmp_files($1,cronjob_t) 
    553 userdom_manage_user_tmp_symlinks($1,cronjob_t) 
    554 userdom_manage_user_tmp_pipes($1,cronjob_t) 
    555 userdom_manage_user_tmp_sockets($1,cronjob_t) 
     552userdom_manage_user_tmp_files(cronjob_t) 
     553userdom_manage_user_tmp_symlinks(cronjob_t) 
     554userdom_manage_user_tmp_pipes(cronjob_t) 
     555userdom_manage_user_tmp_sockets(cronjob_t) 
    556556# Run scripts in user home directory and access shared libs. 
    557 userdom_exec_user_home_content_files($1,cronjob_t) 
     557userdom_exec_user_home_content_files(cronjob_t) 
    558558# Access user files and dirs. 
    559 #userdom_manage_user_home_subdir_dirs($1,cronjob_t) 
    560 userdom_manage_user_home_content_files($1,cronjob_t) 
    561 userdom_manage_user_home_content_symlinks($1,cronjob_t) 
    562 userdom_manage_user_home_content_pipes($1,cronjob_t) 
    563 userdom_manage_user_home_content_sockets($1,cronjob_t) 
    564 #userdom_user_home_dir_filetrans_user_home_content($1,cronjob_t,notdevfile_class_set) 
     559userdom_manage_user_home_content_files(cronjob_t) 
     560userdom_manage_user_home_content_symlinks(cronjob_t) 
     561userdom_manage_user_home_content_pipes(cronjob_t) 
     562userdom_manage_user_home_content_sockets(cronjob_t) 
     563#userdom_user_home_dir_filetrans_user_home_content(cronjob_t, notdevfile_class_set) 
    565564 
    566565tunable_policy(`fcron_crond', ` 

  • branches/rbacsep/policy/modules/services/dbus.te

    r2689 r2720  
    110110seutil_read_default_contexts(session_dbusd_t) 
    111111 
    112 userdom_read_user_home_content_files($1, session_dbusd_t) 
     112userdom_read_user_home_content_files(session_dbusd_t) 
    113113 
    114114tunable_policy(`read_default_t',` 

  • branches/rbacsep/policy/modules/services/ftp.te

    r2686 r2720  
    220220        userdom_manage_all_users_home_content_files(ftpd_t) 
    221221        userdom_manage_all_users_home_content_symlinks(ftpd_t) 
    222         userdom_user_home_dir_filetrans_user_home_content($1,ftpd_t,{ dir file lnk_file }) 
     222        userdom_user_home_dir_filetrans_user_home_content(ftpd_t, { dir file lnk_file }) 
    223223') 
    224224 

  • branches/rbacsep/policy/modules/services/lpd.te

    r2689 r2720  
    277277sysnet_read_config(lpr_t) 
    278278 
    279 userdom_read_user_tmp_symlinks($1,lpr_t) 
     279userdom_read_user_tmp_symlinks(lpr_t) 
    280280# Write to the user domain tty. 
    281 userdom_use_user_terminals($1,lpr_t) 
    282 userdom_read_user_home_content_files($1,lpr_t) 
    283 userdom_read_user_tmp_files($1,lpr_t) 
     281userdom_use_user_terminals(lpr_t) 
     282userdom_read_user_home_c