Home
last modified time | relevance | path

Searched refs:neverallow (Results 1 – 8 of 8) sorted by relevance

/external/selinux/libsepol/src/
Dassertion.c88 static int check_extended_permissions(av_extended_perms_t *neverallow, avtab_extended_perms_t *allo… in check_extended_permissions() argument
91 if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) in check_extended_permissions()
93 if (neverallow->driver == allow->driver) in check_extended_permissions()
94 rc = extended_permissions_and(neverallow->perms, allow->perms); in check_extended_permissions()
95 } else if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) in check_extended_permissions()
97 rc = xperm_test(neverallow->driver, allow->perms); in check_extended_permissions()
98 } else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER) in check_extended_permissions()
100 rc = xperm_test(allow->driver, neverallow->perms); in check_extended_permissions()
101 } else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER) in check_extended_permissions()
103 rc = extended_permissions_and(neverallow->perms, allow->perms); in check_extended_permissions()
[all …]
/external/selinux/secilc/test/
Dneverallow.cil56 (neverallow t1 t2 (c1 (p1a p1b)))
59 (neverallow t3 t4 (cm1 (mp1)))
62 (neverallow t5 t6 cp1)
66 (neverallow a1 self (CLASS (PERM)))
72 (neverallow a5 a6 (CLASS (PERM)))
Dpolicy.cil153 ;; Next two rules violate the neverallow rule that follows
156 (neverallow bad_t not_bad_type (file (execute)))
/external/selinux/secilc/docs/
Dcil_access_vector_rules.md82 ;; This rule will cause the build to fail unless --disable-neverallow
83 ; (neverallow type_5 all_types (property_service (set)))
179 neverallow section in Access Vector Rules
184 …can be over-ridden by the CIL compiler command line parameter `-N` or `--disable-neverallow` flags.
188 (neverallow source_id target_id|self classpermissionset_id ...)
199 <td align="left"><p><code>neverallow</code></p></td>
200 <td align="left"><p>The <code>neverallow</code> keyword.</p></td>
231 (neverallow type_3 all_types (property_service (set)))
380 …can be over-ridden by the CIL compiler command line parameter `-N` or `--disable-neverallow` flags.
DREADME.md27 * [neverallow](cil_access_vector_rules.md#neverallow)
/external/selinux/libsepol/tests/policies/test-cond/
Drefpolicy-base.conf1153 neverallow ~memory_raw_read memory_device_t:{ chr_file blk_file } read;
1154 neverallow ~memory_raw_write memory_device_t:{ chr_file blk_file } { append write };
1235 neverallow domain ~domain:process { transition dyntransition };
1236 neverallow { domain -set_curr_context } self:process setcurrent;
1237 neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
1238 neverallow ~{ domain unlabeled_t } *:process *;
1391 neverallow ~can_load_kernmodule self:capability sys_module;
1417 neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr;
1418 neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr;
1596 neverallow ~can_load_policy security_t:security load_policy;
[all …]
/external/selinux/checkpolicy/
Dpolicy_scan.l139 neverallow { return(NEVERALLOW); }
/external/selinux/prebuilts/bin/
Dsediff.py112 args.allow, args.neverallow, args.auditallow, args.dontaudit,
559 if all_differences or args.neverallow:
561 args.neverallow: