0 - h-4:23 "/l=J*e8q\Tţ h/4:13 1 0A3li~d j"T \ţ /5_I|+a=J*e8pNbѿh3#ifndef __SEPOL_INTERFACES_H_ #define __SEPOL_INTERFACES_H_ #include #include #include #include __BEGIN_DECLS /* Return the number of interfaces */ extern int sepol_iface_count(sepol_handle_t * handle, const sepol_policydb_t * policydb, unsigned int *response); /* Check if an interface exists */ extern int sepol_iface_exists(sepol_handle_t * handle, const sepol_policydb_t * policydb, const sepol_iface_key_t * key, int *response); /* Query an interface - returns the interface, * or NULL if not found */ extern int sepol_iface_query(sepol_handle_t * handle, const sepol_policydb_t * policydb, const sepol_iface_key_t * key, sepol_iface_t ** response); /* Modify an interface, or add it, if the key * is not found */ extern int sepol_iface_modify(sepol_handle_t * handle, sepol_policydb_t * policydb, const sepol_iface_key_t * key, const sepol_iface_t * data); /* Iterate the interfaces * The handler may return: * -1 to signal an error condition, * 1 to signal successful exit * 0 to signal continue */ extern int sepol_iface_iterate(sepol_handle_t * handle, const sepol_policydb_t * policydb, int (*fn) (const sepol_iface_t * iface, void *fn_arg), void *arg); __END_DECLS #endif 5 e\ 5 mVc@spdZdZdZdZdZdZdZdZdZdZ d Z d Z d Z d Z d ZdZdZdZdS(spolicy_module(TEMPLATETYPE, 1.0.0) ######################################## # # Declarations # userdom_unpriv_user_template(TEMPLATETYPE) spolicy_module(TEMPLATETYPE, 1.0.0) ######################################## # # Declarations # userdom_admin_user_template(TEMPLATETYPE) spolicy_module(TEMPLATETYPE, 1.0.0) ######################################## # # Declarations # userdom_restricted_user_template(TEMPLATETYPE) spolicy_module(TEMPLATETYPE, 1.0.0) ######################################## # # Declarations # userdom_restricted_xwindows_user_template(TEMPLATETYPE) s$policy_module(TEMPLATETYPE, 1.0.0) spolicy_module(TEMPLATETYPE, 1.0.0) ## ##

## Allow TEMPLATETYPE to read files in the user home directory ##

## gen_tunable(TEMPLATETYPE_read_user_files, false) ## ##

## Allow TEMPLATETYPE to manage files in the user home directory ##

## gen_tunable(TEMPLATETYPE_manage_user_files, false) ######################################## # # Declarations # userdom_base_user_template(TEMPLATETYPE) tsO ######################################## # # TEMPLATETYPE customized policy # s sO optional_policy(` APPLICATION_role(TEMPLATETYPE_r, TEMPLATETYPE_t) ') s~ optional_policy(` gen_require(` role USER_r; ') TEMPLATETYPE_role_change(USER_r) ') s allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice }; files_dontaudit_search_all_dirs(TEMPLATETYPE_t) selinux_get_enforce_mode(TEMPLATETYPE_t) seutil_domtrans_setfiles(TEMPLATETYPE_t) seutil_search_default_contexts(TEMPLATETYPE_t) logging_send_syslog_msg(TEMPLATETYPE_t) kernel_read_system_state(TEMPLATETYPE_t) domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t) domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t) userdom_dontaudit_search_admin_dir(TEMPLATETYPE_t) userdom_dontaudit_search_user_home_dirs(TEMPLATETYPE_t) tunable_policy(`TEMPLATETYPE_read_user_files',` userdom_read_user_home_content_files(TEMPLATETYPE_t) userdom_read_user_tmp_files(TEMPLATETYPE_t) ') tunable_policy(`TEMPLATETYPE_manage_user_files',` userdom_manage_user_home_content_dirs(TEMPLATETYPE_t) userdom_manage_user_home_content_files(TEMPLATETYPE_t) userdom_manage_user_home_content_symlinks(