sepolicy/policy/chromeos/te_macros - mirrors/cros/chromiumos/platform2 - Git at Google

 # Basic macros
 define(`rw_dir_file', `
 allow $1 $2:dir rw_dir_perms;
 allow $1 $2:file rw_file_perms;
 allow $1 $2:lnk_file rw_file_perms;
 ')

 define(`execute_file_follow_link', `
 allow $1 $2:file rx_file_perms;
 allow $1 $2:lnk_file r_file_perms;
 ')

 define(`exec_coreutils', `
 execute_file_follow_link($1, cros_coreutils_exec)
 execute_file_follow_link($1, sh_exec)
 r_dir_file($1, cros_tz_data_file)
 allow $1 cros_var_lib:dir search; # date
 ')

 define(`filetrans_pattern', `
 allow $1 $2:dir rw_dir_perms;
 allow $1 $3:$4 create;
 type_transition $1 $2:$4 $3 $5;
 ')

 # TODO(fqj): remove this
 define(`filetrans_pattern_no_target_perm', `
 filetrans_pattern($1, $2, $3, $4, $5)
 ');

 # Chrome OS specific macros
 define(`use_init_fd', `
 allow $1 cros_init:fd use;
 allow $1 cros_init_scripts:fd use;
 ')

 define(`log_writer', `
 allow $1 cros_logger_exec:file { rx_file_perms };
 allow $1 cros_journald:unix_dgram_socket { sendto };
 allow $1 cros_run_systemd:dir { search };
 allow $1 cros_run_journal:dir { search };
 allow $1 logger_device:sock_file write;
 ')

 define(`cros_net', `
 typeattribute $1 cros_netdomain;
 ')

 define(`cros_tcp_create', `
 allow $1 self:tcp_socket create_socket_perms;
 ')

 define(`cros_udp_create', `
 allow $1 self:udp_socket create_socket_perms;
 ');

 define(`cros_netlink', `
 allow $1 self:$2 { create_socket_perms_no_ioctl nlmsg_read };
 ')

 define(`cros_dbus_client', `
 typeattribute $1 cros_dbus_client_domain;
 ')

 define(`uma_writer', `
 typeattribute $1 cros_uma_events_writer_domain;
 ')

 # minijail-related macros
 include(sepolicy/policy/chromeos/minijail_te_macros)
	# Basic macros
	define(`rw_dir_file', `
	allow $1 $2:dir rw_dir_perms;
	allow $1 $2:file rw_file_perms;
	allow $1 $2:lnk_file rw_file_perms;
	')

	define(`execute_file_follow_link', `
	allow $1 $2:file rx_file_perms;
	allow $1 $2:lnk_file r_file_perms;
	')

	define(`exec_coreutils', `
	execute_file_follow_link($1, cros_coreutils_exec)
	execute_file_follow_link($1, sh_exec)
	r_dir_file($1, cros_tz_data_file)
	allow $1 cros_var_lib:dir search; # date
	')

	define(`filetrans_pattern', `
	allow $1 $2:dir rw_dir_perms;
	allow $1 $3:$4 create;
	type_transition $1 $2:$4 $3 $5;
	')

	# TODO(fqj): remove this
	define(`filetrans_pattern_no_target_perm', `
	filetrans_pattern($1, $2, $3, $4, $5)
	');

	# Chrome OS specific macros
	define(`use_init_fd', `
	allow $1 cros_init:fd use;
	allow $1 cros_init_scripts:fd use;
	')

	define(`log_writer', `
	allow $1 cros_logger_exec:file { rx_file_perms };
	allow $1 cros_journald:unix_dgram_socket { sendto };
	allow $1 cros_run_systemd:dir { search };
	allow $1 cros_run_journal:dir { search };
	allow $1 logger_device:sock_file write;
	')

	define(`cros_net', `
	typeattribute $1 cros_netdomain;
	')

	define(`cros_tcp_create', `
	allow $1 self:tcp_socket create_socket_perms;
	')

	define(`cros_udp_create', `
	allow $1 self:udp_socket create_socket_perms;
	');

	define(`cros_netlink', `
	allow $1 self:$2 { create_socket_perms_no_ioctl nlmsg_read };
	')

	define(`cros_dbus_client', `
	typeattribute $1 cros_dbus_client_domain;
	')

	define(`uma_writer', `
	typeattribute $1 cros_uma_events_writer_domain;
	')

	# minijail-related macros
	include(sepolicy/policy/chromeos/minijail_te_macros)