1*2d543d20SAndroid Build Coastguard Worker# FLASK 2*2d543d20SAndroid Build Coastguard Worker 3*2d543d20SAndroid Build Coastguard Worker# 4*2d543d20SAndroid Build Coastguard Worker# Define the security object classes 5*2d543d20SAndroid Build Coastguard Worker# 6*2d543d20SAndroid Build Coastguard Worker 7*2d543d20SAndroid Build Coastguard Workerclass security 8*2d543d20SAndroid Build Coastguard Workerclass process 9*2d543d20SAndroid Build Coastguard Workerclass system 10*2d543d20SAndroid Build Coastguard Workerclass capability 11*2d543d20SAndroid Build Coastguard Worker 12*2d543d20SAndroid Build Coastguard Worker# file-related classes 13*2d543d20SAndroid Build Coastguard Workerclass filesystem 14*2d543d20SAndroid Build Coastguard Workerclass file 15*2d543d20SAndroid Build Coastguard Workerclass dir 16*2d543d20SAndroid Build Coastguard Workerclass fd 17*2d543d20SAndroid Build Coastguard Workerclass lnk_file 18*2d543d20SAndroid Build Coastguard Workerclass chr_file 19*2d543d20SAndroid Build Coastguard Workerclass blk_file 20*2d543d20SAndroid Build Coastguard Workerclass sock_file 21*2d543d20SAndroid Build Coastguard Workerclass fifo_file 22*2d543d20SAndroid Build Coastguard Worker 23*2d543d20SAndroid Build Coastguard Worker# network-related classes 24*2d543d20SAndroid Build Coastguard Workerclass socket 25*2d543d20SAndroid Build Coastguard Workerclass tcp_socket 26*2d543d20SAndroid Build Coastguard Workerclass udp_socket 27*2d543d20SAndroid Build Coastguard Workerclass rawip_socket 28*2d543d20SAndroid Build Coastguard Workerclass node 29*2d543d20SAndroid Build Coastguard Workerclass netif 30*2d543d20SAndroid Build Coastguard Workerclass netlink_socket 31*2d543d20SAndroid Build Coastguard Workerclass packet_socket 32*2d543d20SAndroid Build Coastguard Workerclass key_socket 33*2d543d20SAndroid Build Coastguard Workerclass unix_stream_socket 34*2d543d20SAndroid Build Coastguard Workerclass unix_dgram_socket 35*2d543d20SAndroid Build Coastguard Worker 36*2d543d20SAndroid Build Coastguard Worker# sysv-ipc-related classes 37*2d543d20SAndroid Build Coastguard Workerclass sem 38*2d543d20SAndroid Build Coastguard Workerclass msg 39*2d543d20SAndroid Build Coastguard Workerclass msgq 40*2d543d20SAndroid Build Coastguard Workerclass shm 41*2d543d20SAndroid Build Coastguard Workerclass ipc 42*2d543d20SAndroid Build Coastguard Worker 43*2d543d20SAndroid Build Coastguard Worker# FLASK 44*2d543d20SAndroid Build Coastguard Worker# FLASK 45*2d543d20SAndroid Build Coastguard Worker 46*2d543d20SAndroid Build Coastguard Worker# 47*2d543d20SAndroid Build Coastguard Worker# Define initial security identifiers 48*2d543d20SAndroid Build Coastguard Worker# 49*2d543d20SAndroid Build Coastguard Worker 50*2d543d20SAndroid Build Coastguard Workersid kernel 51*2d543d20SAndroid Build Coastguard Worker 52*2d543d20SAndroid Build Coastguard Worker 53*2d543d20SAndroid Build Coastguard Worker# FLASK 54*2d543d20SAndroid Build Coastguard Worker# 55*2d543d20SAndroid Build Coastguard Worker# Define common prefixes for access vectors 56*2d543d20SAndroid Build Coastguard Worker# 57*2d543d20SAndroid Build Coastguard Worker# common common_name { permission_name ... } 58*2d543d20SAndroid Build Coastguard Worker 59*2d543d20SAndroid Build Coastguard Worker 60*2d543d20SAndroid Build Coastguard Worker# 61*2d543d20SAndroid Build Coastguard Worker# Define a common prefix for file access vectors. 62*2d543d20SAndroid Build Coastguard Worker# 63*2d543d20SAndroid Build Coastguard Worker 64*2d543d20SAndroid Build Coastguard Workercommon file 65*2d543d20SAndroid Build Coastguard Worker{ 66*2d543d20SAndroid Build Coastguard Worker ioctl 67*2d543d20SAndroid Build Coastguard Worker read 68*2d543d20SAndroid Build Coastguard Worker write 69*2d543d20SAndroid Build Coastguard Worker create 70*2d543d20SAndroid Build Coastguard Worker getattr 71*2d543d20SAndroid Build Coastguard Worker setattr 72*2d543d20SAndroid Build Coastguard Worker lock 73*2d543d20SAndroid Build Coastguard Worker relabelfrom 74*2d543d20SAndroid Build Coastguard Worker relabelto 75*2d543d20SAndroid Build Coastguard Worker append 76*2d543d20SAndroid Build Coastguard Worker unlink 77*2d543d20SAndroid Build Coastguard Worker link 78*2d543d20SAndroid Build Coastguard Worker rename 79*2d543d20SAndroid Build Coastguard Worker execute 80*2d543d20SAndroid Build Coastguard Worker swapon 81*2d543d20SAndroid Build Coastguard Worker quotaon 82*2d543d20SAndroid Build Coastguard Worker mounton 83*2d543d20SAndroid Build Coastguard Worker} 84*2d543d20SAndroid Build Coastguard Worker 85*2d543d20SAndroid Build Coastguard Worker 86*2d543d20SAndroid Build Coastguard Worker# 87*2d543d20SAndroid Build Coastguard Worker# Define a common prefix for socket access vectors. 88*2d543d20SAndroid Build Coastguard Worker# 89*2d543d20SAndroid Build Coastguard Worker 90*2d543d20SAndroid Build Coastguard Workercommon socket 91*2d543d20SAndroid Build Coastguard Worker{ 92*2d543d20SAndroid Build Coastguard Worker# inherited from file 93*2d543d20SAndroid Build Coastguard Worker ioctl 94*2d543d20SAndroid Build Coastguard Worker read 95*2d543d20SAndroid Build Coastguard Worker write 96*2d543d20SAndroid Build Coastguard Worker create 97*2d543d20SAndroid Build Coastguard Worker getattr 98*2d543d20SAndroid Build Coastguard Worker setattr 99*2d543d20SAndroid Build Coastguard Worker lock 100*2d543d20SAndroid Build Coastguard Worker relabelfrom 101*2d543d20SAndroid Build Coastguard Worker relabelto 102*2d543d20SAndroid Build Coastguard Worker append 103*2d543d20SAndroid Build Coastguard Worker# socket-specific 104*2d543d20SAndroid Build Coastguard Worker bind 105*2d543d20SAndroid Build Coastguard Worker connect 106*2d543d20SAndroid Build Coastguard Worker listen 107*2d543d20SAndroid Build Coastguard Worker accept 108*2d543d20SAndroid Build Coastguard Worker getopt 109*2d543d20SAndroid Build Coastguard Worker setopt 110*2d543d20SAndroid Build Coastguard Worker shutdown 111*2d543d20SAndroid Build Coastguard Worker recvfrom 112*2d543d20SAndroid Build Coastguard Worker sendto 113*2d543d20SAndroid Build Coastguard Worker recv_msg 114*2d543d20SAndroid Build Coastguard Worker send_msg 115*2d543d20SAndroid Build Coastguard Worker name_bind 116*2d543d20SAndroid Build Coastguard Worker} 117*2d543d20SAndroid Build Coastguard Worker 118*2d543d20SAndroid Build Coastguard Worker# 119*2d543d20SAndroid Build Coastguard Worker# Define a common prefix for ipc access vectors. 120*2d543d20SAndroid Build Coastguard Worker# 121*2d543d20SAndroid Build Coastguard Worker 122*2d543d20SAndroid Build Coastguard Workercommon ipc 123*2d543d20SAndroid Build Coastguard Worker{ 124*2d543d20SAndroid Build Coastguard Worker create 125*2d543d20SAndroid Build Coastguard Worker destroy 126*2d543d20SAndroid Build Coastguard Worker getattr 127*2d543d20SAndroid Build Coastguard Worker setattr 128*2d543d20SAndroid Build Coastguard Worker read 129*2d543d20SAndroid Build Coastguard Worker write 130*2d543d20SAndroid Build Coastguard Worker associate 131*2d543d20SAndroid Build Coastguard Worker unix_read 132*2d543d20SAndroid Build Coastguard Worker unix_write 133*2d543d20SAndroid Build Coastguard Worker} 134*2d543d20SAndroid Build Coastguard Worker 135*2d543d20SAndroid Build Coastguard Worker# 136*2d543d20SAndroid Build Coastguard Worker# Define the access vectors. 137*2d543d20SAndroid Build Coastguard Worker# 138*2d543d20SAndroid Build Coastguard Worker# class class_name [ inherits common_name ] { permission_name ... } 139*2d543d20SAndroid Build Coastguard Worker 140*2d543d20SAndroid Build Coastguard Worker 141*2d543d20SAndroid Build Coastguard Worker# 142*2d543d20SAndroid Build Coastguard Worker# Define the access vector interpretation for file-related objects. 143*2d543d20SAndroid Build Coastguard Worker# 144*2d543d20SAndroid Build Coastguard Worker 145*2d543d20SAndroid Build Coastguard Workerclass filesystem 146*2d543d20SAndroid Build Coastguard Worker{ 147*2d543d20SAndroid Build Coastguard Worker mount 148*2d543d20SAndroid Build Coastguard Worker remount 149*2d543d20SAndroid Build Coastguard Worker unmount 150*2d543d20SAndroid Build Coastguard Worker getattr 151*2d543d20SAndroid Build Coastguard Worker relabelfrom 152*2d543d20SAndroid Build Coastguard Worker relabelto 153*2d543d20SAndroid Build Coastguard Worker transition 154*2d543d20SAndroid Build Coastguard Worker associate 155*2d543d20SAndroid Build Coastguard Worker quotamod 156*2d543d20SAndroid Build Coastguard Worker quotaget 157*2d543d20SAndroid Build Coastguard Worker} 158*2d543d20SAndroid Build Coastguard Worker 159*2d543d20SAndroid Build Coastguard Workerclass dir 160*2d543d20SAndroid Build Coastguard Workerinherits file 161*2d543d20SAndroid Build Coastguard Worker{ 162*2d543d20SAndroid Build Coastguard Worker add_name 163*2d543d20SAndroid Build Coastguard Worker remove_name 164*2d543d20SAndroid Build Coastguard Worker reparent 165*2d543d20SAndroid Build Coastguard Worker search 166*2d543d20SAndroid Build Coastguard Worker rmdir 167*2d543d20SAndroid Build Coastguard Worker} 168*2d543d20SAndroid Build Coastguard Worker 169*2d543d20SAndroid Build Coastguard Workerclass file 170*2d543d20SAndroid Build Coastguard Workerinherits file 171*2d543d20SAndroid Build Coastguard Worker{ 172*2d543d20SAndroid Build Coastguard Worker execute_no_trans 173*2d543d20SAndroid Build Coastguard Worker entrypoint 174*2d543d20SAndroid Build Coastguard Worker} 175*2d543d20SAndroid Build Coastguard Worker 176*2d543d20SAndroid Build Coastguard Workerclass lnk_file 177*2d543d20SAndroid Build Coastguard Workerinherits file 178*2d543d20SAndroid Build Coastguard Worker 179*2d543d20SAndroid Build Coastguard Workerclass chr_file 180*2d543d20SAndroid Build Coastguard Workerinherits file 181*2d543d20SAndroid Build Coastguard Worker 182*2d543d20SAndroid Build Coastguard Workerclass blk_file 183*2d543d20SAndroid Build Coastguard Workerinherits file 184*2d543d20SAndroid Build Coastguard Worker 185*2d543d20SAndroid Build Coastguard Workerclass sock_file 186*2d543d20SAndroid Build Coastguard Workerinherits file 187*2d543d20SAndroid Build Coastguard Worker 188*2d543d20SAndroid Build Coastguard Workerclass fifo_file 189*2d543d20SAndroid Build Coastguard Workerinherits file 190*2d543d20SAndroid Build Coastguard Worker 191*2d543d20SAndroid Build Coastguard Workerclass fd 192*2d543d20SAndroid Build Coastguard Worker{ 193*2d543d20SAndroid Build Coastguard Worker use 194*2d543d20SAndroid Build Coastguard Worker} 195*2d543d20SAndroid Build Coastguard Worker 196*2d543d20SAndroid Build Coastguard Worker 197*2d543d20SAndroid Build Coastguard Worker# 198*2d543d20SAndroid Build Coastguard Worker# Define the access vector interpretation for network-related objects. 199*2d543d20SAndroid Build Coastguard Worker# 200*2d543d20SAndroid Build Coastguard Worker 201*2d543d20SAndroid Build Coastguard Workerclass socket 202*2d543d20SAndroid Build Coastguard Workerinherits socket 203*2d543d20SAndroid Build Coastguard Worker 204*2d543d20SAndroid Build Coastguard Workerclass tcp_socket 205*2d543d20SAndroid Build Coastguard Workerinherits socket 206*2d543d20SAndroid Build Coastguard Worker{ 207*2d543d20SAndroid Build Coastguard Worker connectto 208*2d543d20SAndroid Build Coastguard Worker newconn 209*2d543d20SAndroid Build Coastguard Worker acceptfrom 210*2d543d20SAndroid Build Coastguard Worker} 211*2d543d20SAndroid Build Coastguard Worker 212*2d543d20SAndroid Build Coastguard Workerclass udp_socket 213*2d543d20SAndroid Build Coastguard Workerinherits socket 214*2d543d20SAndroid Build Coastguard Worker 215*2d543d20SAndroid Build Coastguard Workerclass rawip_socket 216*2d543d20SAndroid Build Coastguard Workerinherits socket 217*2d543d20SAndroid Build Coastguard Worker 218*2d543d20SAndroid Build Coastguard Workerclass node 219*2d543d20SAndroid Build Coastguard Worker{ 220*2d543d20SAndroid Build Coastguard Worker tcp_recv 221*2d543d20SAndroid Build Coastguard Worker tcp_send 222*2d543d20SAndroid Build Coastguard Worker udp_recv 223*2d543d20SAndroid Build Coastguard Worker udp_send 224*2d543d20SAndroid Build Coastguard Worker rawip_recv 225*2d543d20SAndroid Build Coastguard Worker rawip_send 226*2d543d20SAndroid Build Coastguard Worker enforce_dest 227*2d543d20SAndroid Build Coastguard Worker} 228*2d543d20SAndroid Build Coastguard Worker 229*2d543d20SAndroid Build Coastguard Workerclass netif 230*2d543d20SAndroid Build Coastguard Worker{ 231*2d543d20SAndroid Build Coastguard Worker tcp_recv 232*2d543d20SAndroid Build Coastguard Worker tcp_send 233*2d543d20SAndroid Build Coastguard Worker udp_recv 234*2d543d20SAndroid Build Coastguard Worker udp_send 235*2d543d20SAndroid Build Coastguard Worker rawip_recv 236*2d543d20SAndroid Build Coastguard Worker rawip_send 237*2d543d20SAndroid Build Coastguard Worker} 238*2d543d20SAndroid Build Coastguard Worker 239*2d543d20SAndroid Build Coastguard Workerclass netlink_socket 240*2d543d20SAndroid Build Coastguard Workerinherits socket 241*2d543d20SAndroid Build Coastguard Worker 242*2d543d20SAndroid Build Coastguard Workerclass packet_socket 243*2d543d20SAndroid Build Coastguard Workerinherits socket 244*2d543d20SAndroid Build Coastguard Worker 245*2d543d20SAndroid Build Coastguard Workerclass key_socket 246*2d543d20SAndroid Build Coastguard Workerinherits socket 247*2d543d20SAndroid Build Coastguard Worker 248*2d543d20SAndroid Build Coastguard Workerclass unix_stream_socket 249*2d543d20SAndroid Build Coastguard Workerinherits socket 250*2d543d20SAndroid Build Coastguard Worker{ 251*2d543d20SAndroid Build Coastguard Worker connectto 252*2d543d20SAndroid Build Coastguard Worker newconn 253*2d543d20SAndroid Build Coastguard Worker acceptfrom 254*2d543d20SAndroid Build Coastguard Worker} 255*2d543d20SAndroid Build Coastguard Worker 256*2d543d20SAndroid Build Coastguard Workerclass unix_dgram_socket 257*2d543d20SAndroid Build Coastguard Workerinherits socket 258*2d543d20SAndroid Build Coastguard Worker 259*2d543d20SAndroid Build Coastguard Worker 260*2d543d20SAndroid Build Coastguard Worker# 261*2d543d20SAndroid Build Coastguard Worker# Define the access vector interpretation for process-related objects 262*2d543d20SAndroid Build Coastguard Worker# 263*2d543d20SAndroid Build Coastguard Worker 264*2d543d20SAndroid Build Coastguard Workerclass process 265*2d543d20SAndroid Build Coastguard Worker{ 266*2d543d20SAndroid Build Coastguard Worker fork 267*2d543d20SAndroid Build Coastguard Worker transition 268*2d543d20SAndroid Build Coastguard Worker sigchld # commonly granted from child to parent 269*2d543d20SAndroid Build Coastguard Worker sigkill # cannot be caught or ignored 270*2d543d20SAndroid Build Coastguard Worker sigstop # cannot be caught or ignored 271*2d543d20SAndroid Build Coastguard Worker signull # for kill(pid, 0) 272*2d543d20SAndroid Build Coastguard Worker signal # all other signals 273*2d543d20SAndroid Build Coastguard Worker ptrace 274*2d543d20SAndroid Build Coastguard Worker getsched 275*2d543d20SAndroid Build Coastguard Worker setsched 276*2d543d20SAndroid Build Coastguard Worker getsession 277*2d543d20SAndroid Build Coastguard Worker getpgid 278*2d543d20SAndroid Build Coastguard Worker setpgid 279*2d543d20SAndroid Build Coastguard Worker getcap 280*2d543d20SAndroid Build Coastguard Worker setcap 281*2d543d20SAndroid Build Coastguard Worker share 282*2d543d20SAndroid Build Coastguard Worker} 283*2d543d20SAndroid Build Coastguard Worker 284*2d543d20SAndroid Build Coastguard Worker 285*2d543d20SAndroid Build Coastguard Worker# 286*2d543d20SAndroid Build Coastguard Worker# Define the access vector interpretation for ipc-related objects 287*2d543d20SAndroid Build Coastguard Worker# 288*2d543d20SAndroid Build Coastguard Worker 289*2d543d20SAndroid Build Coastguard Workerclass ipc 290*2d543d20SAndroid Build Coastguard Workerinherits ipc 291*2d543d20SAndroid Build Coastguard Worker 292*2d543d20SAndroid Build Coastguard Workerclass sem 293*2d543d20SAndroid Build Coastguard Workerinherits ipc 294*2d543d20SAndroid Build Coastguard Worker 295*2d543d20SAndroid Build Coastguard Workerclass msgq 296*2d543d20SAndroid Build Coastguard Workerinherits ipc 297*2d543d20SAndroid Build Coastguard Worker{ 298*2d543d20SAndroid Build Coastguard Worker enqueue 299*2d543d20SAndroid Build Coastguard Worker} 300*2d543d20SAndroid Build Coastguard Worker 301*2d543d20SAndroid Build Coastguard Workerclass msg 302*2d543d20SAndroid Build Coastguard Worker{ 303*2d543d20SAndroid Build Coastguard Worker send 304*2d543d20SAndroid Build Coastguard Worker receive 305*2d543d20SAndroid Build Coastguard Worker} 306*2d543d20SAndroid Build Coastguard Worker 307*2d543d20SAndroid Build Coastguard Workerclass shm 308*2d543d20SAndroid Build Coastguard Workerinherits ipc 309*2d543d20SAndroid Build Coastguard Worker{ 310*2d543d20SAndroid Build Coastguard Worker lock 311*2d543d20SAndroid Build Coastguard Worker} 312*2d543d20SAndroid Build Coastguard Worker 313*2d543d20SAndroid Build Coastguard Worker 314*2d543d20SAndroid Build Coastguard Worker# 315*2d543d20SAndroid Build Coastguard Worker# Define the access vector interpretation for the security server. 316*2d543d20SAndroid Build Coastguard Worker# 317*2d543d20SAndroid Build Coastguard Worker 318*2d543d20SAndroid Build Coastguard Workerclass security 319*2d543d20SAndroid Build Coastguard Worker{ 320*2d543d20SAndroid Build Coastguard Worker compute_av 321*2d543d20SAndroid Build Coastguard Worker transition_sid 322*2d543d20SAndroid Build Coastguard Worker member_sid 323*2d543d20SAndroid Build Coastguard Worker sid_to_context 324*2d543d20SAndroid Build Coastguard Worker context_to_sid 325*2d543d20SAndroid Build Coastguard Worker load_policy 326*2d543d20SAndroid Build Coastguard Worker get_sids 327*2d543d20SAndroid Build Coastguard Worker change_sid 328*2d543d20SAndroid Build Coastguard Worker get_user_sids 329*2d543d20SAndroid Build Coastguard Worker} 330*2d543d20SAndroid Build Coastguard Worker 331*2d543d20SAndroid Build Coastguard Worker 332*2d543d20SAndroid Build Coastguard Worker# 333*2d543d20SAndroid Build Coastguard Worker# Define the access vector interpretation for system operations. 334*2d543d20SAndroid Build Coastguard Worker# 335*2d543d20SAndroid Build Coastguard Worker 336*2d543d20SAndroid Build Coastguard Workerclass system 337*2d543d20SAndroid Build Coastguard Worker{ 338*2d543d20SAndroid Build Coastguard Worker ipc_info 339*2d543d20SAndroid Build Coastguard Worker avc_toggle 340*2d543d20SAndroid Build Coastguard Worker nfsd_control 341*2d543d20SAndroid Build Coastguard Worker bdflush 342*2d543d20SAndroid Build Coastguard Worker syslog_read 343*2d543d20SAndroid Build Coastguard Worker syslog_mod 344*2d543d20SAndroid Build Coastguard Worker syslog_console 345*2d543d20SAndroid Build Coastguard Worker ichsid 346*2d543d20SAndroid Build Coastguard Worker} 347*2d543d20SAndroid Build Coastguard Worker 348*2d543d20SAndroid Build Coastguard Worker# 349*2d543d20SAndroid Build Coastguard Worker# Define the access vector interpretation for controlling capabilities 350*2d543d20SAndroid Build Coastguard Worker# 351*2d543d20SAndroid Build Coastguard Worker 352*2d543d20SAndroid Build Coastguard Workerclass capability 353*2d543d20SAndroid Build Coastguard Worker{ 354*2d543d20SAndroid Build Coastguard Worker # The capabilities are defined in include/linux/capability.h 355*2d543d20SAndroid Build Coastguard Worker # Care should be taken to ensure that these are consistent with 356*2d543d20SAndroid Build Coastguard Worker # those definitions. (Order matters) 357*2d543d20SAndroid Build Coastguard Worker 358*2d543d20SAndroid Build Coastguard Worker chown 359*2d543d20SAndroid Build Coastguard Worker dac_override 360*2d543d20SAndroid Build Coastguard Worker dac_read_search 361*2d543d20SAndroid Build Coastguard Worker fowner 362*2d543d20SAndroid Build Coastguard Worker fsetid 363*2d543d20SAndroid Build Coastguard Worker kill 364*2d543d20SAndroid Build Coastguard Worker setgid 365*2d543d20SAndroid Build Coastguard Worker setuid 366*2d543d20SAndroid Build Coastguard Worker setpcap 367*2d543d20SAndroid Build Coastguard Worker linux_immutable 368*2d543d20SAndroid Build Coastguard Worker net_bind_service 369*2d543d20SAndroid Build Coastguard Worker net_broadcast 370*2d543d20SAndroid Build Coastguard Worker net_admin 371*2d543d20SAndroid Build Coastguard Worker net_raw 372*2d543d20SAndroid Build Coastguard Worker ipc_lock 373*2d543d20SAndroid Build Coastguard Worker ipc_owner 374*2d543d20SAndroid Build Coastguard Worker sys_module 375*2d543d20SAndroid Build Coastguard Worker sys_rawio 376*2d543d20SAndroid Build Coastguard Worker sys_chroot 377*2d543d20SAndroid Build Coastguard Worker sys_ptrace 378*2d543d20SAndroid Build Coastguard Worker sys_pacct 379*2d543d20SAndroid Build Coastguard Worker sys_admin 380*2d543d20SAndroid Build Coastguard Worker sys_boot 381*2d543d20SAndroid Build Coastguard Worker sys_nice 382*2d543d20SAndroid Build Coastguard Worker sys_resource 383*2d543d20SAndroid Build Coastguard Worker sys_time 384*2d543d20SAndroid Build Coastguard Worker sys_tty_config 385*2d543d20SAndroid Build Coastguard Worker mknod 386*2d543d20SAndroid Build Coastguard Worker lease 387*2d543d20SAndroid Build Coastguard Worker} 388*2d543d20SAndroid Build Coastguard Worker 389*2d543d20SAndroid Build Coastguard Workerifdef(`enable_mls',` 390*2d543d20SAndroid Build Coastguard Workersensitivity s0; 391*2d543d20SAndroid Build Coastguard Worker 392*2d543d20SAndroid Build Coastguard Worker# 393*2d543d20SAndroid Build Coastguard Worker# Define the ordering of the sensitivity levels (least to greatest) 394*2d543d20SAndroid Build Coastguard Worker# 395*2d543d20SAndroid Build Coastguard Workerdominance { s0 } 396*2d543d20SAndroid Build Coastguard Worker 397*2d543d20SAndroid Build Coastguard Worker 398*2d543d20SAndroid Build Coastguard Worker# 399*2d543d20SAndroid Build Coastguard Worker# Define the categories 400*2d543d20SAndroid Build Coastguard Worker# 401*2d543d20SAndroid Build Coastguard Worker# Each category has a name and zero or more aliases. 402*2d543d20SAndroid Build Coastguard Worker# 403*2d543d20SAndroid Build Coastguard Workercategory c0; category c1; category c2; category c3; 404*2d543d20SAndroid Build Coastguard Workercategory c4; category c5; category c6; category c7; 405*2d543d20SAndroid Build Coastguard Workercategory c8; category c9; category c10; category c11; 406*2d543d20SAndroid Build Coastguard Workercategory c12; category c13; category c14; category c15; 407*2d543d20SAndroid Build Coastguard Workercategory c16; category c17; category c18; category c19; 408*2d543d20SAndroid Build Coastguard Workercategory c20; category c21; category c22; category c23; 409*2d543d20SAndroid Build Coastguard Worker 410*2d543d20SAndroid Build Coastguard Workerlevel s0:c0.c23; 411*2d543d20SAndroid Build Coastguard Worker 412*2d543d20SAndroid Build Coastguard Workermlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom } 413*2d543d20SAndroid Build Coastguard Worker ( h1 dom h2 ); 414*2d543d20SAndroid Build Coastguard Worker') 415*2d543d20SAndroid Build Coastguard Worker 416*2d543d20SAndroid Build Coastguard Worker#################################### 417*2d543d20SAndroid Build Coastguard Worker#################################### 418*2d543d20SAndroid Build Coastguard Worker##################################### 419*2d543d20SAndroid Build Coastguard Worker# TE RULES 420*2d543d20SAndroid Build Coastguard Workerattribute domain; 421*2d543d20SAndroid Build Coastguard Workerattribute system; 422*2d543d20SAndroid Build Coastguard Workerattribute foo; 423*2d543d20SAndroid Build Coastguard Workerattribute num; 424*2d543d20SAndroid Build Coastguard Workerattribute num_exec; 425*2d543d20SAndroid Build Coastguard Workerattribute files; 426*2d543d20SAndroid Build Coastguard Worker 427*2d543d20SAndroid Build Coastguard Worker# Type - attribute mapping test 428*2d543d20SAndroid Build Coastguard Worker# Shorthand tests 429*2d543d20SAndroid Build Coastguard Worker# 1 = types in base, 2 = types in mod, 3 = types in both 430*2d543d20SAndroid Build Coastguard Worker# 4 = types in optional in base, 5 = types in optional in mod 431*2d543d20SAndroid Build Coastguard Worker# 6 = types in optional in both 432*2d543d20SAndroid Build Coastguard Worker# 7 = types in disabled optional in base 433*2d543d20SAndroid Build Coastguard Worker# 8 = types in disabled optional in module 434*2d543d20SAndroid Build Coastguard Worker# 9 = types in disabled optional in both 435*2d543d20SAndroid Build Coastguard Worker# 10 = types in enabled optional in base, disabled optional in module 436*2d543d20SAndroid Build Coastguard Worker# 11 = types in disabled optional in base, enabled optional in module 437*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_1; 438*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_2; 439*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_3; 440*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_4; 441*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_5; 442*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_6; 443*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_7; 444*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_8; 445*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_9; 446*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_10; 447*2d543d20SAndroid Build Coastguard Workerattribute attr_check_base_11; 448*2d543d20SAndroid Build Coastguard Workeroptional { 449*2d543d20SAndroid Build Coastguard Worker require { 450*2d543d20SAndroid Build Coastguard Worker type module_t; 451*2d543d20SAndroid Build Coastguard Worker } 452*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_1; 453*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_2; 454*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_3; 455*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_4; 456*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_5; 457*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_6; 458*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_8; 459*2d543d20SAndroid Build Coastguard Worker} 460*2d543d20SAndroid Build Coastguard Workeroptional { 461*2d543d20SAndroid Build Coastguard Worker require { 462*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 463*2d543d20SAndroid Build Coastguard Worker } 464*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_disabled_5; 465*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_optional_disabled_8; 466*2d543d20SAndroid Build Coastguard Worker} 467*2d543d20SAndroid Build Coastguard Worker 468*2d543d20SAndroid Build Coastguard Workertype net_foo_t, foo; 469*2d543d20SAndroid Build Coastguard Workertype sys_foo_t, foo, system; 470*2d543d20SAndroid Build Coastguard Workerrole system_r; 471*2d543d20SAndroid Build Coastguard Workerrole system_r types sys_foo_t; 472*2d543d20SAndroid Build Coastguard Worker 473*2d543d20SAndroid Build Coastguard Workertype user_t, domain; 474*2d543d20SAndroid Build Coastguard Workerrole user_r; 475*2d543d20SAndroid Build Coastguard Workerrole user_r types user_t; 476*2d543d20SAndroid Build Coastguard Worker 477*2d543d20SAndroid Build Coastguard Workertype sysadm_t, domain, system; 478*2d543d20SAndroid Build Coastguard Workerrole sysadm_r; 479*2d543d20SAndroid Build Coastguard Workerrole sysadm_r types sysadm_t; 480*2d543d20SAndroid Build Coastguard Worker 481*2d543d20SAndroid Build Coastguard Workertype system_t, domain, system, foo; 482*2d543d20SAndroid Build Coastguard Workerrole system_r types { system_t sys_foo_t }; 483*2d543d20SAndroid Build Coastguard Worker 484*2d543d20SAndroid Build Coastguard Workertype file_t; 485*2d543d20SAndroid Build Coastguard Workertype file_exec_t, files; 486*2d543d20SAndroid Build Coastguard Workertype fs_t; 487*2d543d20SAndroid Build Coastguard Workertype base_optional_1; 488*2d543d20SAndroid Build Coastguard Workertype base_optional_2; 489*2d543d20SAndroid Build Coastguard Worker 490*2d543d20SAndroid Build Coastguard Workerallow sysadm_t file_exec_t: file { execute read write ioctl lock entrypoint }; 491*2d543d20SAndroid Build Coastguard Worker 492*2d543d20SAndroid Build Coastguard Workeroptional { 493*2d543d20SAndroid Build Coastguard Worker require { 494*2d543d20SAndroid Build Coastguard Worker type base_optional_1, base_optional_2; 495*2d543d20SAndroid Build Coastguard Worker } 496*2d543d20SAndroid Build Coastguard Worker allow base_optional_1 base_optional_2 : file { read write }; 497*2d543d20SAndroid Build Coastguard Worker} 498*2d543d20SAndroid Build Coastguard Worker 499*2d543d20SAndroid Build Coastguard Worker# Type - attribute mapping test 500*2d543d20SAndroid Build Coastguard Workertype base_t; 501*2d543d20SAndroid Build Coastguard Workertype attr_check_base_1_1_t, attr_check_base_1; 502*2d543d20SAndroid Build Coastguard Workertype attr_check_base_1_2_t; 503*2d543d20SAndroid Build Coastguard Workertypeattribute attr_check_base_1_2_t attr_check_base_1; 504*2d543d20SAndroid Build Coastguard Workertype attr_check_base_3_1_t, attr_check_base_3; 505*2d543d20SAndroid Build Coastguard Workertype attr_check_base_3_2_t; 506*2d543d20SAndroid Build Coastguard Workertypeattribute attr_check_base_3_2_t attr_check_base_3; 507*2d543d20SAndroid Build Coastguard Workeroptional { 508*2d543d20SAndroid Build Coastguard Worker require { 509*2d543d20SAndroid Build Coastguard Worker attribute attr_check_base_4; 510*2d543d20SAndroid Build Coastguard Worker } 511*2d543d20SAndroid Build Coastguard Worker type attr_check_base_4_1_t, attr_check_base_4; 512*2d543d20SAndroid Build Coastguard Worker type attr_check_base_4_2_t; 513*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_4_2_t attr_check_base_4; 514*2d543d20SAndroid Build Coastguard Worker} 515*2d543d20SAndroid Build Coastguard Workeroptional { 516*2d543d20SAndroid Build Coastguard Worker require { 517*2d543d20SAndroid Build Coastguard Worker type module_t; 518*2d543d20SAndroid Build Coastguard Worker } 519*2d543d20SAndroid Build Coastguard Worker type attr_check_base_6_1_t, attr_check_base_6; 520*2d543d20SAndroid Build Coastguard Worker type attr_check_base_6_2_t; 521*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_6_2_t attr_check_base_6; 522*2d543d20SAndroid Build Coastguard Worker} 523*2d543d20SAndroid Build Coastguard Workeroptional { 524*2d543d20SAndroid Build Coastguard Worker require { 525*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 526*2d543d20SAndroid Build Coastguard Worker } 527*2d543d20SAndroid Build Coastguard Worker type attr_check_base_7_1_t, attr_check_base_7; 528*2d543d20SAndroid Build Coastguard Worker type attr_check_base_7_2_t; 529*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_7_2_t attr_check_base_7; 530*2d543d20SAndroid Build Coastguard Worker} 531*2d543d20SAndroid Build Coastguard Workeroptional { 532*2d543d20SAndroid Build Coastguard Worker require { 533*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 534*2d543d20SAndroid Build Coastguard Worker } 535*2d543d20SAndroid Build Coastguard Worker type attr_check_base_9_1_t, attr_check_base_9; 536*2d543d20SAndroid Build Coastguard Worker type attr_check_base_9_2_t; 537*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_9_2_t attr_check_base_9; 538*2d543d20SAndroid Build Coastguard Worker} 539*2d543d20SAndroid Build Coastguard Workeroptional { 540*2d543d20SAndroid Build Coastguard Worker require { 541*2d543d20SAndroid Build Coastguard Worker type module_t; 542*2d543d20SAndroid Build Coastguard Worker } 543*2d543d20SAndroid Build Coastguard Worker type attr_check_base_10_1_t, attr_check_base_10; 544*2d543d20SAndroid Build Coastguard Worker type attr_check_base_10_2_t; 545*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_10_2_t attr_check_base_10; 546*2d543d20SAndroid Build Coastguard Worker} 547*2d543d20SAndroid Build Coastguard Workeroptional { 548*2d543d20SAndroid Build Coastguard Worker require { 549*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 550*2d543d20SAndroid Build Coastguard Worker } 551*2d543d20SAndroid Build Coastguard Worker type attr_check_base_11_1_t, attr_check_base_11; 552*2d543d20SAndroid Build Coastguard Worker type attr_check_base_11_2_t; 553*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_base_11_2_t attr_check_base_11; 554*2d543d20SAndroid Build Coastguard Worker} 555*2d543d20SAndroid Build Coastguard Worker#optional { 556*2d543d20SAndroid Build Coastguard Worker# require { 557*2d543d20SAndroid Build Coastguard Worker# attribute attr_check_base_optional_4; 558*2d543d20SAndroid Build Coastguard Worker# } 559*2d543d20SAndroid Build Coastguard Worker# type attr_check_base_optional_4_1_t, attr_check_base_optional_4; 560*2d543d20SAndroid Build Coastguard Worker# type attr_check_base_optional_4_2_t; 561*2d543d20SAndroid Build Coastguard Worker# typeattribute attr_check_base_optional_4_2_t attr_check_base_optional_4; 562*2d543d20SAndroid Build Coastguard Worker#} 563*2d543d20SAndroid Build Coastguard Worker#optional { 564*2d543d20SAndroid Build Coastguard Worker# require { 565*2d543d20SAndroid Build Coastguard Worker# attribute attr_check_base_optional_6; 566*2d543d20SAndroid Build Coastguard Worker# } 567*2d543d20SAndroid Build Coastguard Worker# type attr_check_base_optional_6_1_t, attr_check_base_optional_6; 568*2d543d20SAndroid Build Coastguard Worker# type attr_check_base_optional_6_2_t; 569*2d543d20SAndroid Build Coastguard Worker# typeattribute attr_check_base_optional_6_2_t attr_check_base_optional_6; 570*2d543d20SAndroid Build Coastguard Worker#} 571*2d543d20SAndroid Build Coastguard Workeroptional { 572*2d543d20SAndroid Build Coastguard Worker require { 573*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_4; 574*2d543d20SAndroid Build Coastguard Worker } 575*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_4_1_t, attr_check_mod_4; 576*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_4_2_t; 577*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_4_2_t attr_check_mod_4; 578*2d543d20SAndroid Build Coastguard Worker} 579*2d543d20SAndroid Build Coastguard Workeroptional { 580*2d543d20SAndroid Build Coastguard Worker require { 581*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_6; 582*2d543d20SAndroid Build Coastguard Worker } 583*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_6_1_t, attr_check_mod_6; 584*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_6_2_t; 585*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_6_2_t attr_check_mod_6; 586*2d543d20SAndroid Build Coastguard Worker} 587*2d543d20SAndroid Build Coastguard Workeroptional { 588*2d543d20SAndroid Build Coastguard Worker require { 589*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 590*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_7; 591*2d543d20SAndroid Build Coastguard Worker } 592*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_7_1_t, attr_check_mod_7; 593*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_7_2_t; 594*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_7_2_t attr_check_mod_7; 595*2d543d20SAndroid Build Coastguard Worker} 596*2d543d20SAndroid Build Coastguard Workeroptional { 597*2d543d20SAndroid Build Coastguard Worker require { 598*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 599*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_9; 600*2d543d20SAndroid Build Coastguard Worker } 601*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_9_1_t, attr_check_mod_9; 602*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_9_2_t; 603*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_9_2_t attr_check_mod_9; 604*2d543d20SAndroid Build Coastguard Worker} 605*2d543d20SAndroid Build Coastguard Workeroptional { 606*2d543d20SAndroid Build Coastguard Worker require { 607*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_10; 608*2d543d20SAndroid Build Coastguard Worker } 609*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_10_1_t, attr_check_mod_10; 610*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_10_2_t; 611*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_10_2_t attr_check_mod_10; 612*2d543d20SAndroid Build Coastguard Worker} 613*2d543d20SAndroid Build Coastguard Workeroptional { 614*2d543d20SAndroid Build Coastguard Worker require { 615*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 616*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_11; 617*2d543d20SAndroid Build Coastguard Worker } 618*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_11_1_t, attr_check_mod_11; 619*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_11_2_t; 620*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_11_2_t attr_check_mod_11; 621*2d543d20SAndroid Build Coastguard Worker} 622*2d543d20SAndroid Build Coastguard Workeroptional { 623*2d543d20SAndroid Build Coastguard Worker require { 624*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_4; 625*2d543d20SAndroid Build Coastguard Worker } 626*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_4_1_t, attr_check_mod_optional_4; 627*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_4_2_t; 628*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_optional_4_2_t attr_check_mod_optional_4; 629*2d543d20SAndroid Build Coastguard Worker} 630*2d543d20SAndroid Build Coastguard Workeroptional { 631*2d543d20SAndroid Build Coastguard Worker require { 632*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_6; 633*2d543d20SAndroid Build Coastguard Worker } 634*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_6_1_t, attr_check_mod_optional_6; 635*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_6_2_t; 636*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_optional_6_2_t attr_check_mod_optional_6; 637*2d543d20SAndroid Build Coastguard Worker} 638*2d543d20SAndroid Build Coastguard Workeroptional { 639*2d543d20SAndroid Build Coastguard Worker require { 640*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 641*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_7; 642*2d543d20SAndroid Build Coastguard Worker } 643*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_7_1_t, attr_check_mod_optional_7; 644*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_7_2_t; 645*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_optional_7_2_t attr_check_mod_optional_7; 646*2d543d20SAndroid Build Coastguard Worker} 647*2d543d20SAndroid Build Coastguard Workeroptional { 648*2d543d20SAndroid Build Coastguard Worker require { 649*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_disabled_4; 650*2d543d20SAndroid Build Coastguard Worker } 651*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_disabled_4_1_t, attr_check_mod_optional_disabled_4; 652*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_disabled_4_2_t; 653*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_optional_disabled_4_2_t attr_check_mod_optional_disabled_4; 654*2d543d20SAndroid Build Coastguard Worker} 655*2d543d20SAndroid Build Coastguard Workeroptional { 656*2d543d20SAndroid Build Coastguard Worker require { 657*2d543d20SAndroid Build Coastguard Worker type does_not_exist_t; 658*2d543d20SAndroid Build Coastguard Worker attribute attr_check_mod_optional_disabled_7; 659*2d543d20SAndroid Build Coastguard Worker } 660*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_disabled_7_1_t, attr_check_mod_optional_disabled_7; 661*2d543d20SAndroid Build Coastguard Worker type attr_check_mod_optional_disabled_7_2_t; 662*2d543d20SAndroid Build Coastguard Worker typeattribute attr_check_mod_optional_disabled_7_2_t attr_check_mod_optional_disabled_7; 663*2d543d20SAndroid Build Coastguard Worker} 664*2d543d20SAndroid Build Coastguard Worker 665*2d543d20SAndroid Build Coastguard Worker##################################### 666*2d543d20SAndroid Build Coastguard Worker# Role Allow 667*2d543d20SAndroid Build Coastguard Workerallow user_r sysadm_r; 668*2d543d20SAndroid Build Coastguard Worker 669*2d543d20SAndroid Build Coastguard Worker#################################### 670*2d543d20SAndroid Build Coastguard Worker# Booleans 671*2d543d20SAndroid Build Coastguard Workerbool allow_ypbind true; 672*2d543d20SAndroid Build Coastguard Workerbool secure_mode false; 673*2d543d20SAndroid Build Coastguard Workerbool allow_execheap false; 674*2d543d20SAndroid Build Coastguard Workerbool allow_execmem true; 675*2d543d20SAndroid Build Coastguard Workerbool allow_execmod false; 676*2d543d20SAndroid Build Coastguard Workerbool allow_execstack true; 677*2d543d20SAndroid Build Coastguard Workerbool optional_bool_1 true; 678*2d543d20SAndroid Build Coastguard Workerbool optional_bool_2 false; 679*2d543d20SAndroid Build Coastguard Worker 680*2d543d20SAndroid Build Coastguard Worker##################################### 681*2d543d20SAndroid Build Coastguard Worker# users 682*2d543d20SAndroid Build Coastguard Workergen_user(system_u,, system_r, s0, s0 - s0:c0.c23) 683*2d543d20SAndroid Build Coastguard Workergen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23) 684*2d543d20SAndroid Build Coastguard Workergen_user(joe,, user_r, s0, s0 - s0:c0.c23) 685*2d543d20SAndroid Build Coastguard Worker 686*2d543d20SAndroid Build Coastguard Worker##################################### 687*2d543d20SAndroid Build Coastguard Worker# constraints 688*2d543d20SAndroid Build Coastguard Worker 689*2d543d20SAndroid Build Coastguard Worker 690*2d543d20SAndroid Build Coastguard Worker#################################### 691*2d543d20SAndroid Build Coastguard Worker#line 1 "initial_sid_contexts" 692*2d543d20SAndroid Build Coastguard Worker 693*2d543d20SAndroid Build Coastguard Workersid kernel gen_context(system_u:system_r:sys_foo_t, s0) 694*2d543d20SAndroid Build Coastguard Worker 695*2d543d20SAndroid Build Coastguard Worker 696*2d543d20SAndroid Build Coastguard Worker############################################ 697*2d543d20SAndroid Build Coastguard Worker#line 1 "fs_use" 698*2d543d20SAndroid Build Coastguard Worker# 699*2d543d20SAndroid Build Coastguard Workerfs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0); 700*2d543d20SAndroid Build Coastguard Workerfs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0); 701*2d543d20SAndroid Build Coastguard Workerfs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0); 702*2d543d20SAndroid Build Coastguard Worker 703*2d543d20SAndroid Build Coastguard Worker 704*2d543d20SAndroid Build Coastguard Workergenfscon proc / gen_context(system_u:object_r:sys_foo_t, s0) 705*2d543d20SAndroid Build Coastguard Worker 706*2d543d20SAndroid Build Coastguard Worker 707*2d543d20SAndroid Build Coastguard Worker#################################### 708*2d543d20SAndroid Build Coastguard Worker#line 1 "net_contexts" 709*2d543d20SAndroid Build Coastguard Worker 710*2d543d20SAndroid Build Coastguard Worker#portcon tcp 21 system_u:object_r:net_foo_t:s0 711*2d543d20SAndroid Build Coastguard Worker 712*2d543d20SAndroid Build Coastguard Worker#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0 713*2d543d20SAndroid Build Coastguard Worker 714*2d543d20SAndroid Build Coastguard Worker# 715*2d543d20SAndroid Build Coastguard Worker#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0 716*2d543d20SAndroid Build Coastguard Worker 717*2d543d20SAndroid Build Coastguard Workernodecon ::1 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF gen_context(system_u:object_r:net_foo_t, s0) 718*2d543d20SAndroid Build Coastguard Worker 719*2d543d20SAndroid Build Coastguard Worker 720*2d543d20SAndroid Build Coastguard Worker 721*2d543d20SAndroid Build Coastguard Worker 722