diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-04-21 20:07:46 +0200 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-04-21 20:07:46 +0200 |
| commit | 3962a6834f4e7ef04441de4f3134ff329d8602f9 (patch) | |
| tree | cae07463edd5b609a97513e00d63e1bd410cc8bb /policy/modules/roles/unprivuser.if | |
| parent | Initial commit (diff) | |
| download | hardened-refpolicy-3962a6834f4e7ef04441de4f3134ff329d8602f9.tar.gz hardened-refpolicy-3962a6834f4e7ef04441de4f3134ff329d8602f9.tar.bz2 hardened-refpolicy-3962a6834f4e7ef04441de4f3134ff329d8602f9.zip | |
Pushing 2.20120215 (current version)
Diffstat (limited to 'policy/modules/roles/unprivuser.if')
| -rw-r--r-- | policy/modules/roles/unprivuser.if | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/policy/modules/roles/unprivuser.if b/policy/modules/roles/unprivuser.if new file mode 100644 index 00000000..38355964 --- /dev/null +++ b/policy/modules/roles/unprivuser.if @@ -0,0 +1,50 @@ +## <summary>Generic unprivileged user role</summary> + +######################################## +## <summary> +## Change to the generic user role. +## </summary> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`unprivuser_role_change',` + gen_require(` + role user_r; + ') + + allow $1 user_r; +') + +######################################## +## <summary> +## Change from the generic user role. +## </summary> +## <desc> +## <p> +## Change from the generic user role to +## the specified role. +## </p> +## <p> +## This is an interface to support third party modules +## and its use is not allowed in upstream reference +## policy. +## </p> +## </desc> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`unprivuser_role_change_to',` + gen_require(` + role user_r; + ') + + allow user_r $1; +') |