Differential D11945 Diff 40766 autotests/html/test.cil.html

Changeset View

Standalone View

View Options

autotests/html/test.cil.html

1<!DOCTYPE html> 1<!DOCTYPE html>
2<html><head> 2<html><head>
3<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 3<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
4<title>test.cil</title> 4<title>test.cil</title>
5<meta name="generator" content="KF5::SyntaxHighlighting (SELinux CIL Policy)"/> 5<meta name="generator" content="KF5::SyntaxHighlighting (SELinux CIL Policy)"/>
6</head><body style="color:#1f1c1b"><pre> 6</head><body style="color:#1f1c1b"><pre>
7<span style="color:#898887;">; SELinux CIL Policy</span> 7<span style="color:#898887;">; SELinux CIL Policy</span>
8 8
9<span style="color:#898887;">; Tests</span> 9<span style="color:#898887;">; Tests</span>
10 10
11<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">policycap</span> open_perms<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Policy config. statement</span> 11<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">policycap</span> <span style="color:#006e28;">open_perms</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Policy config. statement</span>
12<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">mls</span> <span style="color:#0095ff;font-weight:bold;">true</span><span style="color:#ff0000;font-weight:bold;">)</span> 12<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">mls</span> <span style="color:#0095ff;font-weight:bold;">true</span><span style="color:#ff0000;font-weight:bold;">)</span>
13<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">handleunknown</span> <span style="color:#bf0303;font-weight:bold;">allow</span><span style="color:#ff0000;font-weight:bold;">)</span> 13<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">handleunknown</span> <span style="color:#bf0303;font-weight:bold;">allow</span><span style="color:#ff0000;font-weight:bold;">)</span>
14 14
15<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">sid</span> kernel<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Declaration type statement</span> 15<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">sid</span> kernel<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Declaration type statement</span>
16<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classpermissionset</span> char_w <span style="color:#ff8800;font-weight:bold;">(</span>char <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">write</span> <span style="color:#bf0303;">setattr</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Other statements</span> 16<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classpermissionset</span> char_w <span style="color:#ff8800;font-weight:bold;">(</span>char <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">write</span> <span style="color:#bf0303;">setattr</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Other statements</span>
17 17
18<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">user</span> user<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Declare identifier 'user' of user type</span> 18<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">user</span> user<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Declare identifier 'user' of user type</span>
19<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">role</span> role<span style="color:#ff0000;font-weight:bold;">)</span> 19<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">role</span> role<span style="color:#ff0000;font-weight:bold;">)</span>
Show All 24 Lines
44<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span> .true <span style="color:#0095ff;font-weight:bold;">true</span> true.true <span style="color:#0095ff;font-weight:bold;">true</span> .true.true true.true.true 44<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span> .true <span style="color:#0095ff;font-weight:bold;">true</span> true.true <span style="color:#0095ff;font-weight:bold;">true</span> .true.true true.true.true
45 .<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>.<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#898887;">; invalid</span> 45 .<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>.<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#898887;">; invalid</span>
46<span style="color:#ff0000;font-weight:bold;">)</span> 46<span style="color:#ff0000;font-weight:bold;">)</span>
47 47
48<span style="color:#898887;">; Keywords in some rules</span> 48<span style="color:#898887;">; Keywords in some rules</span>
49 49
50<span style="color:#898887;">; filecon</span> 50<span style="color:#898887;">; filecon</span>
51<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/system/bin/run-as&quot;</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#ff0000;font-weight:bold;">)</span> 51<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/system/bin/run-as&quot;</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#ff0000;font-weight:bold;">)</span>
52<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/dev/socket/wpa_wlan</span><span style="color:#ff5500;">[0</span><span style="color:#ca60ca;">-</span><span style="color:#ff5500;">9]</span><span style="color:#bf0303;">&quot;</span> <span style="color:#0057ae;">any</span> <span style="color:#ff5500;">u:object_r:wpa.socket:s0-s0</span><span style="color:#ff0000;font-weight:bold;">)</span> 52<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/dev/socket/wpa_wlan</span><span style="color:#ff5500;">[</span><span style="color:#ff5500;">0-9</span><span style="color:#ff5500;">]</span><span style="color:#bf0303;">&quot;</span> <span style="color:#0057ae;">any</span> <span style="color:#ff5500;">u</span>:<span style="color:#ff5500;">object_r</span>:<span style="color:#b08000;">wpa.socket</span>:<span style="color:#ff5500;">s0</span>-<span style="color:#ff5500;">s0</span><span style="color:#ff0000;font-weight:bold;">)</span>
53<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/data/local/mine&quot;</span> <span style="color:#0057ae;">dir</span> <span style="color:#ff8800;font-weight:bold;">()</span><span style="color:#ff0000;font-weight:bold;">)</span> 53<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/data/local/mine&quot;</span> <span style="color:#0057ae;">dir</span> <span style="color:#ff8800;font-weight:bold;">()</span><span style="color:#ff0000;font-weight:bold;">)</span>
54<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classcommon</span> file any dir<span style="color:#ff0000;font-weight:bold;">)</span> 54<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classcommon</span> file any dir<span style="color:#ff0000;font-weight:bold;">)</span>
55<span style="color:#ff0000;font-weight:bold;">(</span>file any dir<span style="color:#ff0000;font-weight:bold;">)</span> 55<span style="color:#ff0000;font-weight:bold;">(</span>file any dir<span style="color:#ff0000;font-weight:bold;">)</span>
56<span style="color:#898887;">; portcon</span> 56<span style="color:#898887;">; portcon</span>
57<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">tcp</span> <span style="color:#b08000;">3333</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object levelrange_1<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 57<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">sctp</span> <span style="color:#b08000;">3333</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object levelrange_1<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
58<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">udp</span> <span style="color:#b08000;">4444</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object <span style="color:#888800;font-weight:bold;">(</span><span style="color:#008800;font-weight:bold;">(</span>s0<span style="color:#008800;font-weight:bold;">)</span> level_2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 58<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">udp</span> <span style="color:#b08000;">4444</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object <span style="color:#888800;font-weight:bold;">(</span><span style="color:#008800;font-weight:bold;">(</span>s0<span style="color:#008800;font-weight:bold;">)</span> level_2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
59<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">defaultrole</span> tcp udp<span style="color:#ff0000;font-weight:bold;">)</span> 59<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">defaultrole</span> tcp udp<span style="color:#ff0000;font-weight:bold;">)</span>
60<span style="color:#ff0000;font-weight:bold;">(</span>tcp udp<span style="color:#ff0000;font-weight:bold;">)</span> 60<span style="color:#ff0000;font-weight:bold;">(</span>tcp udp<span style="color:#ff0000;font-weight:bold;">)</span>
61<span style="color:#898887;">; fsuse</span> 61<span style="color:#898887;">; fsuse</span>
62<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">xattr</span> <span style="font-style:italic;">ext4</span> file.labeledfs_context<span style="color:#ff0000;font-weight:bold;">)</span> 62<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">xattr</span> <span style="font-style:italic;">ext4</span> file.labeledfs_context<span style="color:#ff0000;font-weight:bold;">)</span>
63<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">task</span> <span style="font-style:italic;">pipefs</span> file.pipefs_context<span style="color:#ff0000;font-weight:bold;">)</span> 63<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">task</span> <span style="font-style:italic;">pipefs</span> file.pipefs_context<span style="color:#ff0000;font-weight:bold;">)</span>
64<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">trans</span> <span style="font-style:italic;">tmpfs</span> file.tmpfs_context<span style="color:#ff0000;font-weight:bold;">)</span> 64<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">trans</span> <span style="font-style:italic;">tmpfs</span> file.tmpfs_context<span style="color:#ff0000;font-weight:bold;">)</span>
65<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">typemember</span> xattr task trans<span style="color:#ff0000;font-weight:bold;">)</span> 65<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">typemember</span> xattr task trans<span style="color:#ff0000;font-weight:bold;">)</span>
66<span style="color:#ff0000;font-weight:bold;">(</span>xattr task trans<span style="color:#ff0000;font-weight:bold;">)</span> 66<span style="color:#ff0000;font-weight:bold;">(</span>xattr task trans<span style="color:#ff0000;font-weight:bold;">)</span>
67 67
68<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 68<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
69<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process httpd.object <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 69<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process httpd.object <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
70 70
71<span style="color:#898887;">; Paths</span> 71<span style="color:#898887;">; Paths</span>
72<span style="color:#bf0303;">&quot;/system/</span><span style="color:#ff5500;">(foo</span><span style="color:#ca60ca;">|</span><span style="color:#ff5500;">bar)</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">[</span><span style="color:#ca60ca;">^</span><span style="color:#ff5500;">/]</span><span style="color:#3daee9;">*</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">(hi){2,6}(</span><span style="color:#3daee9;">.*</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">&quot;</span> 72<span style="color:#bf0303;">&quot;/system/</span><span style="color:#ff5500;">(</span><span style="color:#ff5500;">foo</span><span style="color:#ca60ca;">|</span><span style="color:#ff5500;">bar</span><span style="color:#ff5500;">)</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">[</span><span style="color:#ca60ca;">^</span><span style="color:#ff5500;">/</span><span style="color:#ff5500;">]</span><span style="color:#3daee9;">*</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">(</span><span style="color:#ff5500;">hi</span><span style="color:#ff5500;">){</span><span style="color:#ff5500;">2</span><span style="color:#ca60ca;">,</span><span style="color:#ff5500;">6</span><span style="color:#ff5500;">}(</span><span style="color:#3daee9;">.*</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">&quot;</span>
73<span style="color:#bf0303;">&quot;/pa</span><span style="color:#3daee9;">\12</span><span style="color:#bf0303;">th</span><span style="color:#3daee9;">.*</span><span style="color:#bf0303;">a</span><span style="color:#3daee9;">+</span><span style="color:#bf0303;">b</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">&quot;</span> 73<span style="color:#bf0303;">&quot;/pa</span><span style="color:#924c9d;">\12</span><span style="color:#bf0303;">th</span><span style="color:#3daee9;">.*</span><span style="color:#bf0303;">a</span><span style="color:#3daee9;">+</span><span style="color:#bf0303;">b</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">&quot;</span>
74/usr/hi<span style="color:#3daee9;">\&quot;</span>esc<span style="color:#3daee9;">\032</span>esc<span style="color:#3daee9;">\*</span>3es<span style="color:#ff5500;">{2,2}</span>ds 74/usr/hi<span style="color:#924c9d;">\&quot;</span>esc<span style="color:#924c9d;">\032</span>esc<span style="color:#924c9d;">\*</span>3es<span style="color:#ff5500;">{</span><span style="color:#ff5500;">2</span><span style="color:#ca60ca;">,</span><span style="color:#ff5500;">2</span><span style="color:#ff5500;">}</span>ds
75<span style="color:#bf0303;">&quot;/data/</span><span style="color:#ff5500;">(ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#bf0303;"> &quot;</span> 75<span style="color:#bf0303;">&quot;/data/</span><span style="color:#ff5500;">(</span><span style="color:#ff5500;">ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#ff5500;"> </span><span style="color:#bf0303;">&quot;</span>
76<span style="color:#bf0303;">&quot;/data/</span><span style="color:#ff5500;">[ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#bf0303;"> &quot;</span> 76<span style="color:#bf0303;">&quot;/data/</span><span style="color:#ff5500;">[</span><span style="color:#ff5500;">ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#ff5500;"> </span><span style="color:#bf0303;">&quot;</span>
77 77
78 78
79<span style="color:#898887;">; Some rules</span> 79<span style="color:#898887;">; Some rules</span>
80 80
81<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">call</span> macro1<span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;">&quot;__kmsg__&quot;</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 81<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">call</span> macro1<span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;">&quot;__kmsg__&quot;</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
82<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> macro1 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">string</span> ARG1<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 82<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> macro1 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">string</span> ARG1<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span>
83 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typetransition</span> audit.process device.device chr_file ARG1 device.klog_device<span style="color:#ff8800;font-weight:bold;">)</span> 83 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typetransition</span> audit.process device.device chr_file ARG1 device.klog_device<span style="color:#ff8800;font-weight:bold;">)</span>
84<span style="color:#ff0000;font-weight:bold;">)</span> 84<span style="color:#ff0000;font-weight:bold;">)</span>
85 85
86<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 86<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
87<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">auditallow</span> release_app.process secmark_demo.browser_packet <span style="color:#ff8800;font-weight:bold;">(</span>packet <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">send</span> <span style="color:#bf0303;">recv</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 87<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">auditallow</span> release_app.process secmark_demo.browser_packet <span style="color:#ff8800;font-weight:bold;">(</span>packet <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">send</span> <span style="color:#bf0303;">recv</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
88<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x2000</span> <span style="color:#b08000;">0x20FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 88<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x2000</span> <span style="color:#b08000;">0x20FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
89<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">permissionx</span> ioctl_nodebug <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> udp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x4000</span> <span style="color:#b08000;">0x4010</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 89<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">permissionx</span> ioctl_nodebug <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> udp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x4000</span> <span style="color:#b08000;">0x4010</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
90<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_3 type_4 ioctl_nodebug<span style="color:#ff0000;font-weight:bold;">)</span> 90<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_3 type_4 ioctl_nodebug<span style="color:#ff0000;font-weight:bold;">)</span>
91<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">dontauditx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x3000</span> <span style="color:#b08000;">0x30FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 91<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">dontauditx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x3000</span> <span style="color:#b08000;">0x30FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
92 92
93<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> property_service <span style="color:#ff8800;font-weight:bold;">(</span>set<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 93<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> property_service <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-style:italic;">set</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
94<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> av_rules 94<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> av_rules
95 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_1<span style="color:#ff8800;font-weight:bold;">)</span> 95 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_1<span style="color:#ff8800;font-weight:bold;">)</span>
96 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_2<span style="color:#ff8800;font-weight:bold;">)</span> 96 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_2<span style="color:#ff8800;font-weight:bold;">)</span>
97 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_types<span style="color:#ff8800;font-weight:bold;">)</span> 97 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_types<span style="color:#ff8800;font-weight:bold;">)</span>
98 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typeattributeset</span> all_types <span style="color:#888800;font-weight:bold;">(</span><span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">all</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 98 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typeattributeset</span> all_types <span style="color:#888800;font-weight:bold;">(</span><span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">all</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span>
99 99
100 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">neverallow</span> type_2 all_types <span style="color:#888800;font-weight:bold;">(</span>property_service <span style="color:#008800;font-weight:bold;">(</span>set<span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 100 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">neverallow</span> type_2 all_types <span style="color:#888800;font-weight:bold;">(</span>property_service <span style="color:#008800;font-weight:bold;">(</span><span style="color:#bf0303;font-style:italic;">set</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span>
101<span style="color:#ff0000;font-weight:bold;">)</span> 101<span style="color:#ff0000;font-weight:bold;">)</span>
102<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> binder_call <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG1<span style="color:#888800;font-weight:bold;">)</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 102<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> binder_call <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG1<span style="color:#888800;font-weight:bold;">)</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span>
103 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> ARG1 ARG2 <span style="color:#888800;font-weight:bold;">(</span>binder <span style="color:#008800;font-weight:bold;">(</span><span style="color:#bf0303;">transfer</span> <span style="color:#bf0303;">call</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> 103 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> ARG1 ARG2 <span style="color:#888800;font-weight:bold;">(</span>binder <span style="color:#008800;font-weight:bold;">(</span><span style="color:#bf0303;">transfer</span> <span style="color:#bf0303;">call</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span>
104<span style="color:#ff0000;font-weight:bold;">)</span> 104<span style="color:#ff0000;font-weight:bold;">)</span>
105<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">ipaddr</span> netmask_1 <span style="color:#b08000;">255.255.255.0</span><span style="color:#ff0000;font-weight:bold;">)</span> 105<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">ipaddr</span> netmask_1 <span style="color:#b08000;">255.255.255.0</span><span style="color:#ff0000;font-weight:bold;">)</span>
106 106
107<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> dir<span style="color:#ff0000;font-weight:bold;">)</span> 107<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> dir<span style="color:#ff0000;font-weight:bold;">)</span>
108<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> foo<span style="color:#ff0000;font-weight:bold;">)</span> 108<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> foo<span style="color:#ff0000;font-weight:bold;">)</span>
Show All 34 Lines
143 143
144<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">context</span> runas_exec_context <span style="color:#ff8800;font-weight:bold;">(</span>u <span style="font-style:italic;">object_r</span> exec low_low<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> 144<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">context</span> runas_exec_context <span style="color:#ff8800;font-weight:bold;">(</span>u <span style="font-style:italic;">object_r</span> exec low_low<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span>
145<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/system/bin/run-as&quot;</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#ff0000;font-weight:bold;">)</span> 145<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">&quot;/system/bin/run-as&quot;</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#ff0000;font-weight:bold;">)</span>
146 146
147<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">in</span> file 147<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">in</span> file
148 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">rootfs</span> / rootfs_context<span style="color:#ff8800;font-weight:bold;">)</span> 148 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">rootfs</span> / rootfs_context<span style="color:#ff8800;font-weight:bold;">)</span>
149 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">selinuxfs</span> / selinuxfs_context<span style="color:#ff8800;font-weight:bold;">)</span> 149 <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">selinuxfs</span> / selinuxfs_context<span style="color:#ff8800;font-weight:bold;">)</span>
150<span style="color:#ff0000;font-weight:bold;">)</span> 150<span style="color:#ff0000;font-weight:bold;">)</span>
151
152<span style="color:#898887;">; ioctl &amp; call</span>
153<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> x bin_t <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> policy.file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x1000</span> <span style="color:#b08000;">0x11FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; ioctl kind</span>
154<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> <span style="color:#bf0303;">read</span>
155 <span style="color:#bf0303;font-style:italic;">find</span> <span style="color:#bf0303;">connectto</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; kind or permission?</span>
156<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;">ioctl</span> <span style="color:#bf0303;">read</span> <span style="color:#bf0303;font-style:italic;">find</span> <span style="color:#bf0303;">connectto</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; ioctl permission</span>
157<span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;">ioctl</span> <span style="color:#bf0303;">read</span> <span style="color:#ff0000;font-weight:bold;">)</span>
158<span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">call</span> <span style="color:#bf0303;">ioctl</span> <span style="color:#bf0303;">read</span> <span style="color:#bf0303;font-style:italic;">find</span> <span style="color:#bf0303;">connectto</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; statement or permission?</span>
159<span style="color:#ff0000;font-weight:bold;">(</span> <span style="color:#bf0303;">call</span> <span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; call permission</span>
151</pre></body></html> 160</pre></body></html>