Navigation

← Previous Change
Next Change →

Changeset 2790 for branches

Timestamp:

08/27/08 12:53:52 (3 months ago)

Author:

cpebenito

Message:

rbacsep: add remaining compatability aliases.

Files:

branches/rbacsep/policy/modules/admin/su.if (modified) (1 diff)
branches/rbacsep/policy/modules/admin/su.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/cdrecord.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/ethereal.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/evolution.te (modified) (5 diffs)
branches/rbacsep/policy/modules/apps/games.te (modified) (2 diffs)
branches/rbacsep/policy/modules/apps/gift.te (modified) (2 diffs)
branches/rbacsep/policy/modules/apps/gnome.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/gpg.te (modified) (3 diffs)
branches/rbacsep/policy/modules/apps/irc.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/lockdev.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/mozilla.te (modified) (2 diffs)
branches/rbacsep/policy/modules/apps/mplayer.te (modified) (3 diffs)
branches/rbacsep/policy/modules/apps/rssh.if (modified) (1 diff)
branches/rbacsep/policy/modules/apps/rssh.te (modified) (2 diffs)
branches/rbacsep/policy/modules/apps/screen.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/thunderbird.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/tvtime.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/uml.te (modified) (1 diff)
branches/rbacsep/policy/modules/apps/vmware.te (modified) (3 diffs)
branches/rbacsep/policy/modules/apps/wireshark.te (modified) (1 diff)
branches/rbacsep/policy/modules/services/apache.te (modified) (1 diff)
branches/rbacsep/policy/modules/services/bluetooth.te (modified) (1 diff)
branches/rbacsep/policy/modules/services/cron.te (modified) (3 diffs)
branches/rbacsep/policy/modules/services/dbus.te (modified) (1 diff)
branches/rbacsep/policy/modules/services/lpd.te (modified) (2 diffs)
branches/rbacsep/policy/modules/services/mta.te (modified) (1 diff)
branches/rbacsep/policy/modules/services/postgresql.te (modified) (1 diff)
branches/rbacsep/policy/modules/services/pyzor.te (modified) (2 diffs)
branches/rbacsep/policy/modules/services/razor.te (modified) (3 diffs)
branches/rbacsep/policy/modules/services/spamassassin.te (modified) (2 diffs)
branches/rbacsep/policy/modules/services/ssh.te (modified) (3 diffs)
branches/rbacsep/policy/modules/services/xserver.te (modified) (6 diffs)
branches/rbacsep/policy/modules/system/authlogin.te (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/rbacsep/policy/modules/admin/su.if

r2782	r2790
150	150	template(`su_role_template',`
151	151	gen_require(`
	152	attribute su_domain_type;
152	153	type su_exec_t;
153	154	bool secure_mode;
154	155	')
155	156
156		type $1_su_t;
	157	type $1_su_t, su_domain_type;
157	158	domain_entry_file($1_su_t,su_exec_t)
158	159	domain_type($1_su_t)

branches/rbacsep/policy/modules/admin/su.te

r2782 r2790

7 7 #
8 8
9 attribute su_domain_type;
10
9 11 type su_exec_t;
10 12 corecmd_executable_file(su_exec_t)

branches/rbacsep/policy/modules/apps/cdrecord.te

r2782	r2790
18	18	type cdrecord_t;
19	19	type cdrecord_exec_t;
	20	typealias cdrecord_t alias { user_cdrecord_t staff_cdrecord_t sysadm_cdrecord_t };
	21	typealias cdrecord_t alias { auditadm_cdrecord_t secadm_cdrecord_t };
20	22	application_domain(cdrecord_t, cdrecord_exec_t)
21	23	ubac_constrained(cdrecord_t)

branches/rbacsep/policy/modules/apps/ethereal.te

r2782	r2790
9	9	type ethereal_t;
10	10	type ethereal_exec_t;
	11	typealias ethereal_t alias { user_ethereal_t staff_ethereal_t sysadm_ethereal_t };
	12	typealias ethereal_t alias { auditadm_ethereal_t secadm_ethereal_t };
11	13	application_domain(ethereal_t, ethereal_exec_t)
12	14	ubac_constrained(ethereal_t)
13	15
14	16	type ethereal_home_t;
	17	typealias ethereal_home_t alias { user_ethereal_home_t staff_ethereal_home_t sysadm_ethereal_home_t };
	18	typealias ethereal_home_t alias { auditadm_ethereal_home_t secadm_ethereal_home_t };
15	19	files_poly_member(ethereal_home_t)
16	20	userdom_user_home_content(ethereal_home_t)
17	21
18	22	type ethereal_tmp_t;
	23	typealias ethereal_tmp_t alias { user_ethereal_tmp_t staff_ethereal_tmp_t sysadm_ethereal_tmp_t };
	24	typealias ethereal_tmp_t alias { auditadm_ethereal_tmp_t secadm_ethereal_tmp_t };
19	25	files_tmp_file(ethereal_tmp_t)
20	26	ubac_constrained(ethereal_tmp_t)
21	27
22	28	type ethereal_tmpfs_t;
	29	typealias ethereal_tmpfs_t alias { user_ethereal_tmpfs_t staff_ethereal_tmpfs_t sysadm_ethereal_tmpfs_t };
	30	typealias ethereal_tmpfs_t alias { auditadm_ethereal_tmpfs_t secadm_ethereal_tmpfs_t };
23	31	files_tmpfs_file(ethereal_tmpfs_t)
24	32	ubac_constrained(ethereal_tmpfs_t)

branches/rbacsep/policy/modules/apps/evolution.te

r2782	r2790
9	9	type evolution_t;
10	10	type evolution_exec_t;
	11	typealias evolution_t alias { user_evolution_t staff_evolution_t sysadm_evolution_t };
	12	typealias evolution_t alias { auditadm_evolution_t secadm_evolution_t };
11	13	application_domain(evolution_t, evolution_exec_t)
12	14	ubac_constrained(evolution_t)
…	…
14	16	type evolution_alarm_t;
15	17	type evolution_alarm_exec_t;
	18	typealias evolution_alarm_t alias { user_evolution_alarm_t staff_evolution_alarm_t sysadm_evolution_alarm_t };
	19	typealias evolution_alarm_t alias { auditadm_evolution_alarm_t secadm_evolution_alarm_t };
16	20	application_domain(evolution_alarm_t, evolution_alarm_exec_t)
17	21	ubac_constrained(evolution_alarm_t)
18	22
19	23	type evolution_alarm_tmpfs_t;
	24	typealias evolution_alarm_tmpfs_t alias { user_evolution_alarm_tmpfs_t staff_evolution_alarm_tmpfs_t sysadm_evolution_alarm_tmpfs_t };
	25	typealias evolution_alarm_tmpfs_t alias { auditadm_evolution_alarm_tmpfs_t secadm_evolution_alarm_tmpfs_t };
20	26	files_tmpfs_file(evolution_alarm_tmpfs_t)
21	27	ubac_constrained(evolution_alarm_tmpfs_t)
22	28
23	29	type evolution_alarm_orbit_tmp_t;
	30	typealias evolution_alarm_orbit_tmp_t alias { user_evolution_alarm_orbit_tmp_t staff_evolution_alarm_orbit_tmp_t sysadm_evolution_alarm_orbit_tmp_t };
	31	typealias evolution_alarm_orbit_tmp_t alias { auditadm_evolution_alarm_orbit_tmp_t secadm_evolution_alarm_orbit_tmp_t };
24	32	files_tmp_file(evolution_alarm_orbit_tmp_t)
25	33	ubac_constrained(evolution_alarm_orbit_tmp_t)
…	…
27	35	type evolution_exchange_t;
28	36	type evolution_exchange_exec_t;
	37	typealias evolution_exchange_t alias { user_evolution_exchange_t staff_evolution_exchange_t sysadm_evolution_exchange_t };
	38	typealias evolution_exchange_t alias { auditadm_evolution_exchange_t secadm_evolution_exchange_t };
29	39	application_domain(evolution_exchange_t, evolution_exchange_exec_t)
30	40	ubac_constrained(evolution_exchange_t)
31	41
32	42	type evolution_exchange_tmpfs_t;
	43	typealias evolution_exchange_tmpfs_t alias { user_evolution_exchange_tmpfs_t staff_evolution_exchange_tmpfs_t sysadm_evolution_exchange_tmpfs_t };
	44	typealias evolution_exchange_tmpfs_t alias { auditadm_evolution_exchange_tmpfs_t secadm_evolution_exchange_tmpfs_t };
33	45	files_tmpfs_file(evolution_exchange_tmpfs_t)
34	46	ubac_constrained(evolution_exchange_tmpfs_t)
35	47
36	48	type evolution_exchange_tmp_t;
	49	typealias evolution_exchange_tmp_t alias { user_evolution_exchange_tmp_t staff_evolution_exchange_tmp_t sysadm_evolution_exchange_tmp_t };
	50	typealias evolution_exchange_tmp_t alias { auditadm_evolution_exchange_tmp_t secadm_evolution_exchange_tmp_t };
37	51	files_tmp_file(evolution_exchange_tmp_t)
38	52	ubac_constrained(evolution_exchange_tmp_t)
39	53
40	54	type evolution_exchange_orbit_tmp_t;
	55	typealias evolution_exchange_orbit_tmp_t alias { user_evolution_exchange_orbit_tmp_t staff_evolution_exchange_orbit_tmp_t sysadm_evolution_exchange_orbit_tmp_t };
	56	typealias evolution_exchange_orbit_tmp_t alias { auditadm_evolution_exchange_orbit_tmp_t secadm_evolution_exchange_orbit_tmp_t };
41	57	files_tmp_file(evolution_exchange_orbit_tmp_t)
42	58	ubac_constrained(evolution_exchange_orbit_tmp_t)
43	59
44	60	type evolution_home_t;
	61	typealias evolution_home_t alias { user_evolution_home_t staff_evolution_home_t sysadm_evolution_home_t };
	62	typealias evolution_home_t alias { auditadm_evolution_home_t secadm_evolution_home_t };
45	63	files_poly_member(evolution_home_t)
46	64	userdom_user_home_content(evolution_home_t)
47	65
48	66	type evolution_orbit_tmp_t;
	67	typealias evolution_home_t alias { user_evolution_orbit_tmp_t staff_evolution_orbit_tmp_t sysadm_evolution_orbit_tmp_t };
	68	typealias evolution_home_t alias { auditadm_evolution_orbit_tmp_t secadm_evolution_orbit_tmp_t };
49	69	files_tmp_file(evolution_orbit_tmp_t)
50	70	ubac_constrained(evolution_orbit_tmp_t)
…	…
52	72	type evolution_server_t;
53	73	type evolution_server_exec_t;
	74	typealias evolution_server_t alias { user_evolution_server_t staff_evolution_server_t sysadm_evolution_server_t };
	75	typealias evolution_server_t alias { auditadm_evolution_server_t secadm_evolution_server_t };
54	76	application_domain(evolution_server_t, evolution_server_exec_t)
55	77	ubac_constrained(evolution_server_t)
56	78
57	79	type evolution_server_orbit_tmp_t;
	80	typealias evolution_server_orbit_tmp_t alias { user_evolution_server_orbit_tmp_t staff_evolution_server_orbit_tmp_t sysadm_evolution_server_orbit_tmp_t };
	81	typealias evolution_server_orbit_tmp_t alias { auditadm_evolution_server_orbit_tmp_t secadm_evolution_server_orbit_tmp_t };
58	82	files_tmp_file(evolution_server_orbit_tmp_t)
59	83	ubac_constrained(evolution_server_orbit_tmp_t)
60	84
61	85	type evolution_tmpfs_t;
	86	typealias evolution_tmpfs_t alias { user_evolution_tmpfs_t staff_evolution_tmpfs_t sysadm_evolution_tmpfs_t };
	87	typealias evolution_tmpfs_t alias { auditadm_evolution_tmpfs_t secadm_evolution_tmpfs_t };
62	88	files_tmpfs_file(evolution_tmpfs_t)
63	89	ubac_constrained(evolution_tmpfs_t)
…	…
65	91	type evolution_webcal_t;
66	92	type evolution_webcal_exec_t;
	93	typealias evolution_webcal_t alias { user_evolution_webcal_t staff_evolution_webcal_t sysadm_evolution_webcal_t };
	94	typealias evolution_webcal_t alias { auditadm_evolution_webcal_t secadm_evolution_webcal_t };
67	95	application_domain(evolution_webcal_t, evolution_webcal_exec_t)
68	96	ubac_constrained(evolution_webcal_t)
69	97
70	98	type evolution_webcal_tmpfs_t;
	99	typealias evolution_webcal_tmpfs_t alias { user_evolution_webcal_tmpfs_t staff_evolution_webcal_tmpfs_t sysadm_evolution_webcal_tmpfs_t };
	100	typealias evolution_webcal_tmpfs_t alias { auditadm_evolution_webcal_tmpfs_t secadm_evolution_webcal_tmpfs_t };
71	101	files_tmpfs_file(evolution_webcal_tmpfs_t)
72	102	ubac_constrained(evolution_webcal_tmpfs_t)

branches/rbacsep/policy/modules/apps/games.te

r2759	r2790
7	7	#
8	8
	9	type games_t;
	10	type games_exec_t;
	11	typealias games_t alias { user_games_t staff_games_t sysadm_games_t };
	12	typealias games_t alias { auditadm_games_t secadm_games_t };
	13	application_domain(games_t, games_exec_t)
	14	ubac_constrained(games_t)
	15
9	16	type games_data_t;
	17	typealias games_data_t alias { user_games_data_t staff_games_data_t sysadm_games_data_t };
	18	typealias games_data_t alias { auditadm_games_data_t secadm_games_data_t };
10	19	files_type(games_data_t)
11	20	ubac_constrained(games_data_t)
12	21
13		~~type games_t;~~
14		~~type games_exec_t;~~
15		~~application_domain(games_t, games_exec_t)~~
16		~~ubac_constrained(games_t)~~
17
18	22	type games_devpts_t;
	23	typealias games_devpts_t alias { user_games_devpts_t staff_games_devpts_t sysadm_games_devpts_t };
	24	typealias games_devpts_t alias { auditadm_games_devpts_t secadm_games_devpts_t };
19	25	term_pty(games_devpts_t)
20	26	ubac_constrained(games_devpts_t)
…	…
29	35
30	36	type games_tmp_t;
	37	typealias games_tmp_t alias { user_games_tmp_t staff_games_tmp_t sysadm_games_tmp_t };
	38	typealias games_tmp_t alias { auditadm_games_tmp_t secadm_games_tmp_t };
31	39	files_tmp_file(games_tmp_t)
32	40	ubac_constrained(games_tmp_t)
33	41
34	42	type games_tmpfs_t;
	43	typealias games_tmpfs_t alias { user_games_tmpfs_t staff_games_tmpfs_t sysadm_games_tmpfs_t };
	44	typealias games_tmpfs_t alias { auditadm_games_tmpfs_t secadm_games_tmpfs_t };
35	45	files_tmpfs_file(games_tmpfs_t)
36	46	ubac_constrained(games_tmpfs_t)

branches/rbacsep/policy/modules/apps/gift.te

r2782	r2790
9	9	type gift_t;
10	10	type gift_exec_t;
	11	typealias gift_t alias { user_gift_t staff_gift_t sysadm_gift_t };
	12	typealias gift_t alias { auditadm_gift_t secadm_gift_t };
11	13	application_domain(gift_t, gift_exec_t)
12	14	ubac_constrained(gift_t)
13	15
14	16	type gift_home_t;
	17	typealias gift_home_t alias { user_gift_home_t staff_gift_home_t sysadm_gift_home_t };
	18	typealias gift_home_t alias { auditadm_gift_home_t secadm_gift_home_t };
15	19	files_poly_member(gift_home_t)
16	20	userdom_user_home_content(gift_home_t)
17	21
18	22	type gift_tmpfs_t;
	23	typealias gift_tmpfs_t alias { user_gift_tmpfs_t staff_gift_tmpfs_t sysadm_gift_tmpfs_t };
	24	typealias gift_tmpfs_t alias { auditadm_gift_tmpfs_t secadm_gift_tmpfs_t };
19	25	files_tmpfs_file(gift_tmpfs_t)
20	26	ubac_constrained(gift_tmpfs_t)
…	…
22	28	type giftd_t;
23	29	type giftd_exec_t;
	30	typealias giftd_t alias { user_giftd_t staff_giftd_t sysadm_giftd_t };
	31	typealias giftd_t alias { auditadm_giftd_t secadm_giftd_t };
24	32	application_domain(giftd_t, giftd_exec_t)
25	33	ubac_constrained(giftd_t)

branches/rbacsep/policy/modules/apps/gnome.te

r2782	r2790
13	13
14	14	type gconf_home_t;
	15	typealias gconf_home_t alias { user_gconf_home_t staff_gconf_home_t sysadm_gconf_home_t };
	16	typealias gconf_home_t alias { auditadm_gconf_home_t secadm_gconf_home_t };
15	17	userdom_user_home_content(gconf_home_t)
	18
	19	type gconf_tmp_t;
	20	typealias gconf_tmp_t alias { user_gconf_tmp_t staff_gconf_tmp_t sysadm_gconf_tmp_t };
	21	typealias gconf_tmp_t alias { auditadm_gconf_tmp_t secadm_gconf_tmp_t };
	22	files_tmp_file(gconf_tmp_t)
	23	ubac_constrained(gconf_tmp_t)
16	24
17	25	type gconfd_t, gnomedomain;
18	26	type gconfd_exec_t;
	27	typealias gconfd_t alias { user_gconfd_t staff_gconfd_t sysadm_gconfd_t };
	28	typealias gconfd_t alias { auditadm_gconfd_t secadm_gconfd_t };
19	29	application_domain(gconfd_t, gconfd_exec_t)
20	30	ubac_constrained(gconfd_t)
21	31
22	32	type gnome_home_t;
	33	typealias gnome_home_t alias { user_gnome_home_t staff_gnome_home_t sysadm_gnome_home_t };
	34	typealias gnome_home_t alias { auditadm_gnome_home_t secadm_gnome_home_t };
23	35	userdom_user_home_content(gnome_home_t)
24
25		~~type gconf_tmp_t;~~
26		~~files_tmp_file(gconf_tmp_t)~~
27		~~ubac_constrained(gconf_tmp_t)~~
28	36
29	37	##############################

branches/rbacsep/policy/modules/apps/gpg.te

r2759	r2790
17	17	type gpg_t;
18	18	type gpg_exec_t;
	19	typealias gpg_t alias { user_gpg_t staff_gpg_t sysadm_gpg_t };
	20	typealias gpg_t alias { auditadm_gpg_t secadm_gpg_t };
19	21	application_domain(gpg_t, gpg_exec_t)
20	22	ubac_constrained(gpg_t)
…	…
22	24	type gpg_agent_t;
23	25	type gpg_agent_exec_t;
	26	typealias gpg_agent_t alias { user_gpg_agent_t staff_gpg_agent_t sysadm_gpg_agent_t };
	27	typealias gpg_agent_t alias { auditadm_gpg_agent_t secadm_gpg_agent_t };
24	28	application_domain(gpg_agent_t, gpg_agent_exec_t)
25	29	ubac_constrained(gpg_agent_t)
26	30
27	31	type gpg_agent_tmp_t;
	32	typealias gpg_agent_tmp_t alias { user_gpg_agent_tmp_t staff_gpg_agent_tmp_t sysadm_gpg_agent_tmp_t };
	33	typealias gpg_agent_tmp_t alias { auditadm_gpg_agent_tmp_t secadm_gpg_agent_tmp_t };
28	34	files_tmp_file(gpg_agent_tmp_t)
29	35	ubac_constrained(gpg_agent_tmp_t)
30	36
31	37	type gpg_secret_t;
	38	typealias gpg_secret_t alias { user_gpg_secret_t staff_gpg_secret_t sysadm_gpg_secret_t };
	39	typealias gpg_secret_t alias { auditadm_gpg_secret_t secadm_gpg_secret_t };
32	40	userdom_user_home_content(gpg_secret_t)
33	41
34	42	type gpg_helper_t;
35	43	type gpg_helper_exec_t;
	44	typealias gpg_helper_t alias { user_gpg_helper_t staff_gpg_helper_t sysadm_gpg_helper_t };
	45	typealias gpg_helper_t alias { auditadm_gpg_helper_t secadm_gpg_helper_t };
36	46	application_domain(gpg_helper_t, gpg_helper_exec_t)
37	47	ubac_constrained(gpg_helper_t)
…	…
39	49	type gpg_pinentry_t;
40	50	type pinentry_exec_t;
	51	typealias gpg_pinentry_t alias { user_gpg_pinentry_t staff_gpg_pinentry_t sysadm_gpg_pinentry_t };
	52	typealias gpg_pinentry_t alias { auditadm_gpg_pinentry_t secadm_gpg_pinentry_t };
41	53	application_domain(gpg_pinentry_t, pinentry_exec_t)
42	54	ubac_constrained(gpg_pinentry_t)

branches/rbacsep/policy/modules/apps/irc.te

r2782	r2790
7	7	#
8	8
9
10	9	type irc_t;
11	10	type irc_exec_t;
	11	typealias irc_t alias { user_irc_t staff_irc_t sysadm_irc_t };
	12	typealias irc_t alias { auditadm_irc_t secadm_irc_t };
12	13	application_domain(irc_t, irc_exec_t)
13	14	ubac_constrained(irc_t)
14	15
15	16	type irc_home_t;
	17	typealias irc_home_t alias { user_irc_home_t staff_irc_home_t sysadm_irc_home_t };
	18	typealias irc_home_t alias { auditadm_irc_home_t secadm_irc_home_t };
16	19	userdom_user_home_content(irc_home_t)
17	20
18	21	type irc_tmp_t;
	22	typealias irc_tmp_t alias { user_irc_tmp_t staff_irc_tmp_t sysadm_irc_tmp_t };
	23	typealias irc_tmp_t alias { auditadm_irc_tmp_t secadm_irc_tmp_t };
19	24	userdom_user_home_content(irc_tmp_t)
20	25

branches/rbacsep/policy/modules/apps/lockdev.te

r2782	r2790
9	9	type lockdev_t;
10	10	type lockdev_exec_t;
	11	typealias lockdev_t alias { user_lockdev_t staff_lockdev_t sysadm_lockdev_t };
	12	typealias lockdev_t alias { auditadm_lockdev_t secadm_lockdev_t };
11	13	application_domain(lockdev_t, lockdev_exec_t)
12	14	ubac_constrained(lockdev_t)
13	15
14	16	type lockdev_lock_t;
	17	typealias lockdev_lock_t alias { user_lockdev_lock_t staff_lockdev_lock_t sysadm_lockdev_lock_t };
	18	typealias lockdev_lock_t alias { auditadm_lockdev_lock_t secadm_lockdev_lock_t };
15	19	files_lock_file(lockdev_lock_t)
16	20	ubac_constrained(lockdev_lock_t)

branches/rbacsep/policy/modules/apps/mozilla.te

r2782	r2790
16	16	type mozilla_t;
17	17	type mozilla_exec_t;
	18	typealias mozilla_t alias { user_mozilla_t staff_mozilla_t sysadm_mozilla_t };
	19	typealias mozilla_t alias { auditadm_mozilla_t secadm_mozilla_t };
18	20	application_domain(mozilla_t, mozilla_exec_t)
19	21	ubac_constrained(mozilla_t)
…	…
23	25
24	26	type mozilla_home_t;
	27	typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
	28	typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
25	29	files_poly_member(mozilla_home_t)
26	30	userdom_user_home_content(mozilla_home_t)
27	31
28	32	type mozilla_tmpfs_t;
	33	typealias mozilla_tmpfs_t alias { user_mozilla_tmpfs_t staff_mozilla_tmpfs_t sysadm_mozilla_tmpfs_t };
	34	typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_t };
29	35	files_tmpfs_file(mozilla_tmpfs_t)
30	36	ubac_constrained(mozilla_tmpfs_t)

branches/rbacsep/policy/modules/apps/mplayer.te

r2782	r2790
16	16	type mencoder_t;
17	17	type mencoder_exec_t;
	18	typealias mencoder_t alias { user_mencoder_t staff_mencoder_t sysadm_mencoder_t };
	19	typealias mencoder_t alias { auditadm_mencoder_t secadm_mencoder_t };
18	20	application_domain(mencoder_t, mencoder_exec_t)
19	21	ubac_constrained(mencoder_t)
…	…
21	23	type mplayer_t;
22	24	type mplayer_exec_t;
	25	typealias mplayer_t alias { user_mplayer_t staff_mplayer_t sysadm_mplayer_t };
	26	typealias mplayer_t alias { auditadm_mplayer_t secadm_mplayer_t };
23	27	application_domain(mplayer_t, mplayer_exec_t)
24	28	ubac_constrained(mplayer_t)
…	…
28	32
29	33	type mplayer_home_t;
	34	typealias mplayer_home_t alias { user_mplayer_home_t staff_mplayer_home_t sysadm_mplayer_home_t };
	35	typealias mplayer_home_t alias { auditadm_mplayer_home_t secadm_mplayer_home_t };
30	36	files_poly_member(mplayer_home_t)
31	37	userdom_user_home_content(mplayer_home_t)
32	38
33	39	type mplayer_tmpfs_t;
	40	typealias mplayer_tmpfs_t alias { user_mplayer_tmpfs_t staff_mplayer_tmpfs_t sysadm_mplayer_tmpfs_t };
	41	typealias mplayer_tmpfs_t alias { auditadm_mplayer_tmpfs_t secadm_mplayer_tmpfs_t };
34	42	files_tmpfs_file(mplayer_tmpfs_t)
35	43	ubac_constrained(mplayer_tmpfs_t)

branches/rbacsep/policy/modules/apps/rssh.if

r2726	r2790
60	60	interface(`rssh_read_all_users_ro_content',`
61	61	gen_require(`
62		~~attribute rssh_ro_content_type~~;
	62	type rssh_ro_t;
63	63	')
64	64
65		allow $1 rssh_ro_content_type:dir list_dir_perms;
66		read_files_pattern($1,rssh_ro_content_type,rssh_ro_content_type)
67		read_lnk_files_pattern($1,rssh_ro_content_type,rssh_ro_content_type)
	65	allow $1 rssh_ro_t:dir list_dir_perms;
	66	read_files_pattern($1, rssh_ro_t, rssh_ro_t)
	67	read_lnk_files_pattern($1, rssh_ro_t, rssh_ro_t)
	68	refpolicywarn(`$0() and/or $1 needs to be exempt on files.')
68	69	')

branches/rbacsep/policy/modules/apps/rssh.te

r2782	r2790
7	7	#
8	8
9		attribute rssh_domain_type;
10		attribute rssh_ro_content_type;
11
12		type rssh_t, rssh_domain_type;
	9	type rssh_t;
13	10	type rssh_exec_t;
	11	typealias rssh_t alias { user_rssh_t staff_rssh_t sysadm_rssh_t };
	12	typealias rssh_t alias { auditadm_rssh_t secadm_rssh_t };
14	13	application_domain(rssh_t, rssh_exec_t)
15	14	domain_user_exemption_target(rssh_t)
…	…
19	18
20	19	type rssh_devpts_t;
	20	typealias rssh_devpts_t alias { user_rssh_devpts_t staff_rssh_devpts_t sysadm_rssh_devpts_t };
	21	typealias rssh_devpts_t alias { auditadm_rssh_devpts_t secadm_rssh_devpts_t };
21	22	term_user_pty(rssh_t, rssh_devpts_t)
22	23	ubac_constrained(rssh_devpts_t)
23	24
24		type rssh_ro_t, rssh_ro_content_type;
	25	type rssh_ro_t;
	26	typealias rssh_ro_t alias { user_rssh_ro_t staff_rssh_ro_t sysadm_rssh_ro_t };
	27	typealias rssh_ro_t alias { auditadm_rssh_ro_t secadm_rssh_ro_t };
25	28	userdom_user_home_content(rssh_ro_t)
26	29
27	30	type rssh_rw_t;
	31	typealias rssh_rw_t alias { user_rssh_rw_t staff_rssh_rw_t sysadm_rssh_rw_t };
	32	typealias rssh_rw_t alias { auditadm_rssh_rw_t secadm_rssh_rw_t };
28	33	userdom_user_home_content(rssh_rw_t)
29	34

branches/rbacsep/policy/modules/apps/screen.te

r2782	r2790
13	13	application_executable_file(screen_exec_t)
14	14
	15	type screen_home_t;
	16	typealias screen_home_t alias { user_screen_home_t staff_screen_home_t sysadm_screen_home_t };
	17	typealias screen_home_t alias { auditadm_screen_home_t secadm_screen_home_t };
	18	userdom_user_home_content(screen_home_t)
	19
15	20	type screen_tmp_t;
	21	typealias screen_tmp_t alias { user_screen_tmp_t staff_screen_tmp_t sysadm_screen_tmp_t };
	22	typealias screen_tmp_t alias { auditadm_screen_tmp_t secadm_screen_tmp_t };
16	23	files_tmp_file(screen_tmp_t)
17	24	ubac_constrained(screen_tmp_t)
18	25
19		~~type screen_home_t;~~
20		~~userdom_user_home_content(screen_home_t)~~
21
22	26	type screen_var_run_t;
	27	typealias screen_var_run_t alias { user_screen_var_run_t staff_screen_var_run_t sysadm_screen_var_run_t };
	28	typealias screen_var_run_t alias { auditadm_screen_var_run_t secadm_screen_var_run_t };
23	29	files_pid_file(screen_var_run_t)
24	30	ubac_constrained(screen_var_run_t)

branches/rbacsep/policy/modules/apps/thunderbird.te

r2782	r2790
9	9	type thunderbird_t;
10	10	type thunderbird_exec_t;
	11	typealias thunderbird_t alias { user_thunderbird_t staff_thunderbird_t sysadm_thunderbird_t };
	12	typealias thunderbird_t alias { auditadm_thunderbird_t secadm_thunderbird_t };
11	13	application_domain(thunderbird_t, thunderbird_exec_t)
12	14	ubac_constrained(thunderbird_t)
13	15
14	16	type thunderbird_home_t;
	17	typealias thunderbird_home_t alias { user_thunderbird_home_t staff_thunderbird_home_t sysadm_thunderbird_home_t };
	18	typealias thunderbird_home_t alias { auditadm_thunderbird_home_t secadm_thunderbird_home_t };
15	19	files_poly_member(thunderbird_home_t)
16	20	userdom_user_home_content(thunderbird_home_t)
17	21
18	22	type thunderbird_tmpfs_t;
	23	typealias thunderbird_tmpfs_t alias { user_thunderbird_tmpfs_t staff_thunderbird_tmpfs_t sysadm_thunderbird_tmpfs_t };
	24	typealias thunderbird_tmpfs_t alias { auditadm_thunderbird_tmpfs_t secadm_thunderbird_tmpfs_t };
19	25	files_tmpfs_file(thunderbird_tmpfs_t)
20	26	ubac_constrained(thunderbird_tmpfs_t)

branches/rbacsep/policy/modules/apps/tvtime.te

r2782	r2790
9	9	type tvtime_t;
10	10	type tvtime_exec_t;
	11	typealias tvtime_t alias { user_tvtime_t staff_tvtime_t sysadm_tvtime_t };
	12	typealias tvtime_t alias { auditadm_tvtime_t secadm_tvtime_t };
11	13	application_domain(tvtime_t, tvtime_exec_t)
12	14	ubac_constrained(tvtime_t)
13	15
14	16	type tvtime_home_t alias tvtime_rw_t;
	17	typealias tvtime_home_t alias { user_tvtime_home_t staff_tvtime_home_t sysadm_tvtime_home_t };
	18	typealias tvtime_home_t alias { auditadm_tvtime_home_t secadm_tvtime_home_t };
15	19	userdom_user_home_content(tvtime_home_t)
16	20	files_poly_member(tvtime_home_t)
17	21
18	22	type tvtime_tmp_t;
	23	typealias tvtime_tmp_t alias { user_tvtime_tmp_t staff_tvtime_tmp_t sysadm_tvtime_tmp_t };
	24	typealias tvtime_tmp_t alias { auditadm_tvtime_tmp_t secadm_tvtime_tmp_t };
19	25	files_tmp_file(tvtime_tmp_t)
20	26	ubac_constrained(tvtime_tmp_t)
21	27
22	28	type tvtime_tmpfs_t;
	29	typealias tvtime_tmpfs_t alias { user_tvtime_tmpfs_t staff_tvtime_tmpfs_t sysadm_tvtime_tmpfs_t };
	30	typealias tvtime_tmpfs_t alias { auditadm_tvtime_tmpfs_t secadm_tvtime_tmpfs_t };
23	31	files_tmpfs_file(tvtime_tmpfs_t)
24	32	ubac_constrained(tvtime_tmpfs_t)

branches/rbacsep/policy/modules/apps/uml.te

r2759	r2790
9	9	type uml_t;
10	10	type uml_exec_t;
	11	typealias uml_t alias { user_uml_t staff_uml_t sysadm_uml_t };
	12	typealias uml_t alias { auditadm_uml_t secadm_uml_t };
11	13	application_domain(uml_t, uml_exec_t)
12	14	ubac_constrained(uml_t)
13	15
14	16	type uml_ro_t;
	17	typealias uml_ro_t alias { user_uml_ro_t staff_uml_ro_t sysadm_uml_ro_t };
	18	typealias uml_ro_t alias { auditadm_uml_ro_t secadm_uml_ro_t };
15	19	files_type(uml_ro_t)
16	20	ubac_constrained(uml_ro_t)
17	21
18	22	type uml_rw_t;
	23	typealias uml_rw_t alias { user_uml_rw_t staff_uml_rw_t sysadm_uml_rw_t };
	24	typealias uml_rw_t alias { auditadm_uml_rw_t secadm_uml_rw_t };
19	25	files_type(uml_rw_t)
20	26	ubac_constrained(uml_rw_t)
21	27
22	28	type uml_tmp_t;
	29	typealias uml_tmp_t alias { user_uml_tmp_t staff_uml_tmp_t sysadm_uml_tmp_t };
	30	typealias uml_tmp_t alias { auditadm_uml_tmp_t secadm_uml_tmp_t };
23	31	files_tmp_file(uml_tmp_t)
24	32	ubac_constrained(uml_tmp_t)
25	33
26	34	type uml_tmpfs_t;
	35	typealias uml_tmpfs_t alias { user_uml_tmpfs_t staff_uml_tmpfs_t sysadm_uml_tmpfs_t };
	36	typealias uml_tmpfs_t alias { auditadm_uml_tmpfs_t secadm_uml_tmpfs_t };
27	37	files_tmpfs_file(uml_tmpfs_t)
28	38	ubac_constrained(uml_tmpfs_t)
29	39
30	40	type uml_devpts_t;
	41	typealias uml_devpts_t alias { user_uml_devpts_t staff_uml_devpts_t sysadm_uml_devpts_t };
	42	typealias uml_devpts_t alias { auditadm_uml_devpts_t secadm_uml_devpts_t };
31	43	term_pty(uml_devpts_t)
32	44	ubac_constrained(uml_devpts_t)

branches/rbacsep/policy/modules/apps/vmware.te

r2745	r2790
10	10	type vmware_t;
11	11	type vmware_exec_t;
	12	typealias vmware_t alias { user_vmware_t staff_vmware_t sysadm_vmware_t };
	13	typealias vmware_t alias { auditadm_vmware_t secadm_vmware_t };
12	14	application_domain(vmware_t, vmware_exec_t)
	15	ubac_constrained(vmware_t)
13	16
14	17	type vmware_conf_t;
	18	typealias vmware_conf_t alias { user_vmware_conf_t staff_vmware_conf_t sysadm_vmware_conf_t };
	19	typealias vmware_conf_t alias { auditadm_vmware_conf_t secadm_vmware_conf_t };
15	20	userdom_user_home_content(vmware_conf_t)
16	21
17	22	type vmware_file_t;
	23	typealias vmware_file_t alias { user_vmware_file_t staff_vmware_file_t sysadm_vmware_file_t };
	24	typealias vmware_file_t alias { auditadm_vmware_file_t secadm_vmware_file_t };
18	25	userdom_user_home_content(vmware_file_t)
19	26
…	…
27	34
28	35	type vmware_log_t;
	36	typealias vmware_log_t alias { user_vmware_log_t staff_vmware_log_t sysadm_vmware_log_t };
	37	typealias vmware_log_t alias { auditadm_vmware_log_t secadm_vmware_log_t };
29	38	logging_log_file(vmware_log_t)
	39	ubac_constrained(vmware_log_t)
30	40
31	41	type vmware_pid_t;
	42	typealias vmware_pid_t alias { user_vmware_pid_t staff_vmware_pid_t sysadm_vmware_pid_t };
	43	typealias vmware_pid_t alias { auditadm_vmware_pid_t secadm_vmware_pid_t };
32	44	files_pid_file(vmware_pid_t)
	45	ubac_constrained(vmware_pid_t)
33	46
34	47	# Systemwide configuration files
…	…
37	50
38	51	type vmware_tmp_t;
	52	typealias vmware_tmp_t alias { user_vmware_tmp_t staff_vmware_tmp_t sysadm_vmware_tmp_t };
	53	typealias vmware_tmp_t alias { auditadm_vmware_tmp_t secadm_vmware_tmp_t };
39	54	files_tmp_file(vmware_tmp_t)
	55	ubac_constrained(vmware_tmp_t)
40	56
41	57	type vmware_tmpfs_t;
	58	typealias vmware_tmpfs_t alias { user_vmware_tmpfs_t staff_vmware_tmpfs_t sysadm_vmware_tmpfs_t };
	59	typealias vmware_tmpfs_t alias { auditadm_vmware_tmpfs_t secadm_vmware_tmpfs_t };
42	60	files_tmpfs_file(vmware_tmpfs_t)
	61	ubac_constrained(vmware_tmpfs_t)
43	62
44	63	########################################

branches/rbacsep/policy/modules/apps/wireshark.te

r2782	r2790
9	9	type wireshark_t;
10	10	type wireshark_exec_t;
	11	typealias wireshark_t alias { user_wireshark_t staff_wireshark_t sysadm_wireshark_t };
	12	typealias wireshark_t alias { auditadm_wireshark_t secadm_wireshark_t };
11	13	application_domain(wireshark_t, wireshark_exec_t)
12	14	ubac_constrained(wireshark_t)
13	15
14	16	type wireshark_home_t;
	17	typealias wireshark_home_t alias { user_wireshark_home_t staff_wireshark_home_t sysadm_wireshark_home_t };
	18	typealias wireshark_home_t alias { auditadm_wireshark_home_t secadm_wireshark_home_t };
15	19	files_poly_member(wireshark_home_t)
16	20	userdom_user_home_content(wireshark_home_t)
17	21
18	22	type wireshark_tmp_t;
	23	typealias wireshark_tmp_t alias { user_wireshark_tmp_t staff_wireshark_tmp_t sysadm_wireshark_tmp_t };
	24	typealias wireshark_tmp_t alias { auditadm_wireshark_tmp_t secadm_wireshark_tmp_t };
19	25	files_tmp_file(wireshark_tmp_t)
20	26	ubac_constrained(wireshark_tmp_t)
21	27
22	28	type wireshark_tmpfs_t;
	29	typealias wireshark_tmpfs_t alias { user_wireshark_tmpfs_t staff_wireshark_tmpfs_t sysadm_wireshark_tmpfs_t };
	30	typealias wireshark_tmpfs_t alias { auditadm_wireshark_tmpfs_t secadm_wireshark_tmpfs_t };
23	31	files_tmpfs_file(wireshark_tmpfs_t)
24	32	ubac_constrained(wireshark_tmpfs_t)

branches/rbacsep/policy/modules/services/apache.te

r2782	r2790
188	188
189	189	apache_content_template(user)
	190	ubac_constrained(httpd_user_content_t)
	191	ubac_constrained(httpd_user_htaccess_t)
	192	ubac_constrained(httpd_user_script_t)
	193	ubac_constrained(httpd_user_script_exec_t)
	194	ubac_constrained(httpd_user_script_ro_t)
	195	ubac_constrained(httpd_user_script_rw_t)
	196	ubac_constrained(httpd_user_script_ra_t)
	197	typealias httpd_user_content_t alias { httpd_staff_content_t httpd_sysadm_content_t };
	198	typealias httpd_user_content_t alias { httpd_auditadm_content_t httpd_secadm_content_t };
	199	typealias httpd_user_htaccess_t alias { httpd_staff_htaccess_t httpd_sysadm_htaccess_t };
	200	typealias httpd_user_htaccess_t alias { httpd_auditadm_htaccess_t httpd_secadm_htaccess_t };
	201	typealias httpd_user_script_t alias { httpd_staff_script_t httpd_sysadm_script_t };
	202	typealias httpd_user_script_t alias { httpd_auditadm_script_t httpd_secadm_script_t };
	203	typealias httpd_user_script_exec_t alias { httpd_staff_script_exec_t httpd_sysadm_script_exec_t };
	204	typealias httpd_user_script_exec_t alias { httpd_auditadm_script_exec_t httpd_secadm_script_exec_t };
	205	typealias httpd_user_script_ro_t alias { httpd_staff_script_ro_t httpd_sysadm_script_ro_t };
	206	typealias httpd_user_script_ro_t alias { httpd_auditadm_script_ro_t httpd_secadm_script_ro_t };
	207	typealias httpd_user_script_rw_t alias { httpd_staff_script_rw_t httpd_sysadm_script_rw_t };
	208	typealias httpd_user_script_rw_t alias { httpd_auditadm_script_rw_t httpd_secadm_script_rw_t };
	209	typealias httpd_user_script_ra_t alias { httpd_staff_script_ra_t httpd_sysadm_script_ra_t };
	210	typealias httpd_user_script_ra_t alias { httpd_auditadm_script_ra_t httpd_secadm_script_ra_t };
190	211
191	212	# for apache2 memory mapped files

branches/rbacsep/policy/modules/services/bluetooth.te

r2782	r2790
18	18	type bluetooth_helper_t;
19	19	type bluetooth_helper_exec_t;
	20	typealias bluetooth_helper_t alias { user_bluetooth_helper_t staff_bluetooth_helper_t sysadm_bluetooth_helper_t };
	21	typealias bluetooth_helper_t alias { auditadm_bluetooth_helper_t secadm_bluetooth_helper_t };
20	22	application_domain(bluetooth_helper_t, bluetooth_helper_exec_t)
21	23	ubac_constrained(bluetooth_helper_t)
22	24
23	25	type bluetooth_helper_tmp_t;
	26	typealias bluetooth_helper_tmp_t alias { user_bluetooth_helper_tmp_t staff_bluetooth_helper_tmp_t sysadm_bluetooth_helper_tmp_t };
	27	typealias bluetooth_helper_tmp_t alias { auditadm_bluetooth_helper_tmp_t secadm_bluetooth_helper_tmp_t };
24	28	files_tmp_file(bluetooth_helper_tmp_t)
25	29	ubac_constrained(bluetooth_helper_tmp_t)
26	30
27	31	type bluetooth_helper_tmpfs_t;
	32	typealias bluetooth_helper_tmpfs_t alias { user_bluetooth_helper_tmpfs_t staff_bluetooth_helper_tmpfs_t sysadm_bluetooth_helper_tmpfs_t };
	33	typealias bluetooth_helper_tmpfs_t alias { auditadm_bluetooth_helper_tmpfs_t secadm_bluetooth_helper_tmpfs_t };
28	34	files_tmpfs_file(bluetooth_helper_tmpfs_t)
29	35	ubac_constrained(bluetooth_helper_tmpfs_t)

branches/rbacsep/policy/modules/services/cron.te

r2782	r2790
44	44
45	45	type cronjob_t;
	46	typealias cronjob_t alias { user_crond_t staff_crond_t sysadm_crond_t };
	47	typealias cronjob_t alias { auditadm_crond_t secadm_crond_t };
46	48	domain_type(cronjob_t)
47	49	domain_cron_exemption_target(cronjob_t)
…	…
65	67
66	68	cron_common_crontab_template(admin_crontab)
	69	typealias admin_crontab_t alias sysadm_crontab_t;
	70	typealias admin_crontab_tmp_t alias sysadm_crontab_tmp_t;
67	71
68	72	cron_common_crontab_template(crontab)
	73	typealias crontab_t alias { user_crontab_t staff_crontab_t };
	74	typealias crontab_t alias { auditadm_crontab_t secadm_crontab_t };
	75	typealias crontab_tmp_t alias { user_crontab_tmp_t staff_crontab_tmp_t };
	76	typealias crontab_tmp_t alias { auditadm_crontab_tmp_t secadm_crontab_tmp_t };
69	77
70	78	type system_cron_spool_t, cron_spool_type;
…	…
91	99	# Type of user crontabs once moved to cron spool.
92	100	type user_cron_spool_t, cron_spool_type;
	101	typealias user_cron_spool_t alias { staff_cron_spool_t sysadm_cron_spool_t };
	102	typealias user_cron_spool_t alias { auditadm_cron_spool_t secadm_cron_spool_t };
93	103	files_type(user_cron_spool_t)
94	104	ubac_constrained(user_cron_spool_t)

branches/rbacsep/policy/modules/services/dbus.te

r2782	r2790
20	20
21	21	type session_dbusd_tmp_t;
	22	typealias session_dbusd_tmp_t alias { user_dbusd_tmp_t staff_dbusd_tmp_t sysadm_dbusd_tmp_t };
	23	typealias session_dbusd_tmp_t alias { auditadm_dbusd_tmp_t secadm_dbusd_tmp_t };
22	24	files_tmp_file(session_dbusd_tmp_t)
23	25	ubac_constrained(session_dbusd_tmp_t)

branches/rbacsep/policy/modules/services/lpd.te

r2782	r2790
34	34	type lpr_t;
35	35	type lpr_exec_t;
	36	typealias lpr_t alias { user_lpr_t staff_lpr_t sysadm_lpr_t };
	37	typealias lpr_t alias { auditadm_lpr_t secadm_lpr_t };
36	38	application_domain(lpr_t, lpr_exec_t)
37	39	ubac_constrained(lpr_t)
38	40
39	41	type lpr_tmp_t;
	42	typealias lpr_tmp_t alias { user_lpr_tmp_t staff_lpr_tmp_t sysadm_lpr_tmp_t };
	43	typealias lpr_tmp_t alias { auditadm_lpr_tmp_t secadm_lpr_tmp_t };
40	44	files_tmp_file(lpr_tmp_t)
41	45	ubac_constrained(lpr_tmp_t)
…	…
43	47	# Type for spool files.
44	48	type print_spool_t;
	49	typealias print_spool_t alias { user_print_spool_t staff_print_spool_t sysadm_print_spool_t };
	50	typealias print_spool_t alias { auditadm_print_spool_t secadm_print_spool_t };
45	51	files_type(print_spool_t)
46	52	ubac_constrained(print_spool_t)

branches/rbacsep/policy/modules/services/mta.te

r2782	r2790
33	33
34	34	mta_base_mail_template(user)
	35	typealias user_mail_t alias { staff_mail_t sysadm_mail_t };
	36	typealias user_mail_t alias { auditadm_mail_t secadm_mail_t };
	37	typealias user_mail_tmp_t alias { staff_mail_tmp_t sysadm_mail_tmp_t };
	38	typealias user_mail_tmp_t alias { auditadm_mail_tmp_t secadm_mail_tmp_t };
35	39	ubac_constrained(user_mail_t)
36	40	ubac_constrained(user_mail_tmp_t)

branches/rbacsep/policy/modules/services/postgresql.te

r2782	r2790
98	98
99	99	type user_sepgsql_blob_t;
	100	typealias user_sepgsql_blob_t alias { staff_sepgsql_blob_t sysadm_sepgsql_blob_t };
	101	typealias user_sepgsql_blob_t alias { auditadm_sepgsql_blob_t secadm_sepgsql_blob_t };
100	102	postgresql_blob_object(user_sepgsql_blob_t)
101	103
102	104	type user_sepgsql_proc_exec_t;
	105	typealias user_sepgsql_proc_exec_t alias { staff_sepgsql_proc_exec_t sysadm_sepgsql_proc_exec_t };
	106	typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t };
103	107	postgresql_procedure_object(user_sepgsql_proc_exec_t)
104	108
105	109	type user_sepgsql_sysobj_t;
	110	typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t };
	111	typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t };
106	112	postgresql_system_table_object(user_sepgsql_sysobj_t)
107	113
108	114	type user_sepgsql_table_t;
	115	typealias user_sepgsql_table_t alias { staff_sepgsql_table_t sysadm_sepgsql_table_t };
	116	typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t };
109	117	postgresql_table_object(user_sepgsql_table_t)
110	118

branches/rbacsep/policy/modules/services/pyzor.te

r2782 r2790

9 9 type pyzor_t;
10 10 type pyzor_exec_t;
11 typealias pyzor_t alias { user_pyzor_t staff_pyzor_t sysadm_pyzor_t };
12 typeali

r2782	r2790
7	7	#
8	8
	9	attribute su_domain_type;
	10
9	11	type su_exec_t;
10	12	corecmd_executable_file(su_exec_t)

r2782	r2790
9	9	type pyzor_t;
10	10	type pyzor_exec_t;
	11	typealias pyzor_t alias { user_pyzor_t staff_pyzor_t sysadm_pyzor_t };
	12	typeali