瀏覽代碼
selinux: further style and comprehensibility improvements
Sections and rules blocks reordered according to the Style guide. https://github.com/TresysTechnology/refpolicy/wiki/StyleGuidetags/v1.11.90
Zdenek Pytela
3 年之前
+ 36
- 23
unix/vncserver/selinux/vncsession.te
查看文件
| @@ -20,48 +20,61 @@ | |||
| policy_module(vncsession, 1.0.0) | |||
| gen_require(` | |||
| attribute userdomain; | |||
| type xdm_home_t; | |||
| attribute userdomain; | |||
| type xdm_home_t; | |||
| ') | |||
| type vnc_session_exec_t; | |||
| corecmd_executable_file(vnc_session_exec_t) | |||
| type vnc_session_t; | |||
| type vnc_session_exec_t; | |||
| init_daemon_domain(vnc_session_t, vnc_session_exec_t) | |||
| auth_login_pgm_domain(vnc_session_t) | |||
| can_exec(vnc_session_t, vnc_session_exec_t) | |||
| type vnc_session_var_run_t; | |||
| files_pid_file(vnc_session_var_run_t) | |||
| allow vnc_session_t vnc_session_var_run_t:file manage_file_perms; | |||
| files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) | |||
| auth_write_login_records(vnc_session_t) | |||
| can_exec(vnc_session_t, vnc_session_exec_t) | |||
| userdom_spec_domtrans_all_users(vnc_session_t) | |||
| userdom_signal_all_users(vnc_session_t) | |||
| allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource }; | |||
| allow vnc_session_t self:process { getcap setexec setrlimit setsched }; | |||
| allow vnc_session_t self:fifo_file rw_fifo_file_perms; | |||
| allow vnc_session_t vnc_session_var_run_t:file manage_file_perms; | |||
| files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) | |||
| manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) | |||
| manage_fifo_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) | |||
| manage_sock_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) | |||
| manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t) | |||
| userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") | |||
| userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") | |||
| # This also affects other tools, e.g. vncpasswd | |||
| userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") | |||
| userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") | |||
| miscfiles_read_localization(vnc_session_t) | |||
| kernel_read_kernel_sysctls(vnc_session_t) | |||
| logging_append_all_logs(vnc_session_t) | |||
| corecmd_executable_file(vnc_session_exec_t) | |||
| mcs_process_set_categories(vnc_session_t) | |||
| mcs_killall(vnc_session_t) | |||
| optional_policy(` | |||
| auth_login_pgm_domain(vnc_session_t) | |||
| auth_write_login_records(vnc_session_t) | |||
| ') | |||
| optional_policy(` | |||
| logging_append_all_logs(vnc_session_t) | |||
| ') | |||
| optional_policy(` | |||
| miscfiles_read_localization(vnc_session_t) | |||
| ') | |||
| optional_policy(` | |||
| userdom_spec_domtrans_all_users(vnc_session_t) | |||
| userdom_signal_all_users(vnc_session_t) | |||
| userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") | |||
| userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc") | |||
| # This also affects other tools, e.g. vncpasswd | |||
| gen_require(` | |||
| attribute userdomain; | |||
| ') | |||
| userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") | |||
| userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc") | |||
| ') | |||
Loading…