| # Basic macros |
| define(`rw_dir_file', ` |
| allow $1 $2:dir rw_dir_perms; |
| allow $1 $2:file rw_file_perms; |
| allow $1 $2:lnk_file rw_file_perms; |
| ') |
| |
| define(`execute_file_follow_link', ` |
| allow $1 $2:file rx_file_perms; |
| allow $1 $2:lnk_file r_file_perms; |
| ') |
| |
| define(`exec_coreutils', ` |
| execute_file_follow_link($1, cros_coreutils_exec) |
| execute_file_follow_link($1, sh_exec) |
| r_dir_file($1, cros_tz_data_file) |
| allow $1 cros_var_lib:dir search; # date |
| ') |
| |
| define(`filetrans_pattern', ` |
| allow $1 $2:dir rw_dir_perms; |
| allow $1 $3:$4 create; |
| type_transition $1 $2:$4 $3 $5; |
| ') |
| |
| # TODO(fqj): remove this |
| define(`filetrans_pattern_no_target_perm', ` |
| filetrans_pattern($1, $2, $3, $4, $5) |
| '); |
| |
| # Chrome OS specific macros |
| define(`use_init_fd', ` |
| allow $1 cros_init:fd use; |
| allow $1 cros_init_scripts:fd use; |
| ') |
| |
| define(`log_writer', ` |
| allow $1 cros_logger_exec:file { rx_file_perms }; |
| allow $1 cros_journald:unix_dgram_socket { sendto }; |
| allow $1 cros_run_systemd:dir { search }; |
| allow $1 cros_run_journal:dir { search }; |
| allow $1 logger_device:sock_file write; |
| ') |
| |
| define(`cros_net', ` |
| typeattribute $1 cros_netdomain; |
| ') |
| |
| define(`cros_tcp_create', ` |
| allow $1 self:tcp_socket create_socket_perms; |
| ') |
| |
| define(`cros_udp_create', ` |
| allow $1 self:udp_socket create_socket_perms; |
| '); |
| |
| define(`cros_netlink', ` |
| allow $1 self:$2 { create_socket_perms_no_ioctl nlmsg_read }; |
| ') |
| |
| define(`cros_dbus_client', ` |
| typeattribute $1 cros_dbus_client_domain; |
| ') |
| |
| define(`uma_writer', ` |
| typeattribute $1 cros_uma_events_writer_domain; |
| ') |
| |
| # minijail-related macros |
| include(sepolicy/policy/chromeos/minijail_te_macros) |