Home
last modified time | relevance | path

Searched refs:neverallow (Results 1 – 6 of 6) sorted by relevance

/third_party/selinux/libsepol/src/
Dassertion.c93 static int check_extended_permissions(av_extended_perms_t *neverallow, avtab_extended_perms_t *allo… in check_extended_permissions() argument
96 if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) in check_extended_permissions()
98 if (neverallow->driver == allow->driver) in check_extended_permissions()
99 rc = extended_permissions_and(neverallow->perms, allow->perms); in check_extended_permissions()
100 } else if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) in check_extended_permissions()
102 rc = xperm_test(neverallow->driver, allow->perms); in check_extended_permissions()
103 } else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER) in check_extended_permissions()
105 rc = xperm_test(allow->driver, neverallow->perms); in check_extended_permissions()
106 } else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER) in check_extended_permissions()
108 rc = extended_permissions_and(neverallow->perms, allow->perms); in check_extended_permissions()
[all …]
/third_party/selinux/secilc/test/
Dneverallow.cil56 (neverallow t1 t2 (c1 (p1a p1b)))
59 (neverallow t3 t4 (cm1 (mp1)))
62 (neverallow t5 t6 cp1)
66 (neverallow a1 self (CLASS (PERM)))
72 (neverallow a5 a6 (CLASS (PERM)))
/third_party/selinux/secilc/docs/
Dcil_access_vector_rules.md85 ;; This rule will cause the build to fail unless --disable-neverallow
86 ; (neverallow type_5 all_types (property_service (set)))
190 neverallow section in Access Vector Rules
195 …can be over-ridden by the CIL compiler command line parameter `-N` or `--disable-neverallow` flags.
200 (neverallow source_id target_id|self classpermissionset_id ...)
212 <td align="left"><p><code>neverallow</code></p></td>
213 <td align="left"><p>The <code>neverallow</code> keyword.</p></td>
245 (neverallow type_3 all_types (property_service (set)))
414 …can be over-ridden by the CIL compiler command line parameter `-N` or `--disable-neverallow` flags.
DREADME.md27 * [neverallow](cil_access_vector_rules.md#neverallow)
/third_party/selinux/libsepol/tests/policies/test-cond/
Drefpolicy-base.conf1153 neverallow ~memory_raw_read memory_device_t:{ chr_file blk_file } read;
1154 neverallow ~memory_raw_write memory_device_t:{ chr_file blk_file } { append write };
1235 neverallow domain ~domain:process { transition dyntransition };
1236 neverallow { domain -set_curr_context } self:process setcurrent;
1237 neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
1238 neverallow ~{ domain unlabeled_t } *:process *;
1391 neverallow ~can_load_kernmodule self:capability sys_module;
1417 neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr;
1418 neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr;
1596 neverallow ~can_load_policy security_t:security load_policy;
[all …]
/third_party/selinux/checkpolicy/
Dpolicy_scan.l153 neverallow { return(NEVERALLOW); }