projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 1ae2c313 | 1 | |
| 17ec8c1f | 2 | policy_module(lockdev, 1.3.0) |
| 1ae2c313 CP |
3 | |
| 4 | ######################################## | |
| 5 | # | |
| 6 | # Declarations | |
| 7 | # | |
| 8 | ||
| 296273a7 | 9 | type lockdev_t; |
| 1ae2c313 | 10 | type lockdev_exec_t; |
| 296273a7 CP |
11 | typealias lockdev_t alias { user_lockdev_t staff_lockdev_t sysadm_lockdev_t }; |
| 12 | typealias lockdev_t alias { auditadm_lockdev_t secadm_lockdev_t }; | |
| 13 | application_domain(lockdev_t, lockdev_exec_t) | |
| 14 | ubac_constrained(lockdev_t) | |
| 15 | ||
| 16 | type lockdev_lock_t; | |
| 17 | typealias lockdev_lock_t alias { user_lockdev_lock_t staff_lockdev_lock_t sysadm_lockdev_lock_t }; | |
| 18 | typealias lockdev_lock_t alias { auditadm_lockdev_lock_t secadm_lockdev_lock_t }; | |
| 19 | files_lock_file(lockdev_lock_t) | |
| 20 | ubac_constrained(lockdev_lock_t) | |
| 21 | ||
| 22 | ######################################## | |
| 23 | # | |
| 24 | # Local policy | |
| 25 | # | |
| 26 | ||
| 27 | # Use capabilities. | |
| 28 | allow lockdev_t self:capability setgid; | |
| 29 | ||
| 30 | allow lockdev_t lockdev_lock_t:file manage_file_perms; | |
| 31 | files_lock_filetrans(lockdev_t, lockdev_lock_t, file) | |
| 32 | ||
| 33 | files_read_all_locks(lockdev_t) | |
| 34 | ||
| 35 | fs_getattr_xattr_fs(lockdev_t) | |
| 36 | ||
| 37 | logging_send_syslog_msg(lockdev_t) | |
| 38 | ||
| 39 | userdom_use_user_terminals(lockdev_t) | |
| 40 |