Current File : //usr/share/selinux/devel/include/kernel/mcs.if

## <summary>Multicategory security policy</summary>
## <required val="true">
##	Contains attributes used in MCS policy.
## </required>

########################################
## <summary>
##	Constrain by category access control (MCS).
## </summary>
## <desc>
##	<p>
##	Constrain the specified type by category based
##	access control (MCS) This prevents this domain from
##	interacting with subjects and operating on objects
##	that it otherwise would be able to interact
##	with or operate on respectively.
##	</p>
## </desc>
## <param name="domain">
##	<summary>
##	Type to be constrained by MCS.
##	</summary>
## </param>
## <infoflow type="none"/>
#
interface(`mcs_constrained',`
	gen_require(`
		attribute mcs_constrained_type;
	')

	typeattribute $1 mcs_constrained_type;
')

########################################
## <summary>
##	This domain is allowed to read files and directories
##	regardless of their MCS category set.
## </summary>
## <param name="domain">
##	<summary>
##	Domain target for user exemption.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mcs_file_read_all',`
	refpolicywarn(`$0() has been deprecated, please remove mcs_constrained() instead.')
')

########################################
## <summary>
##	This domain is allowed to write files and directories
##	regardless of their MCS category set.
## </summary>
## <param name="domain">
##	<summary>
##	Domain target for user exemption.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mcs_file_write_all',`
	refpolicywarn(`$0() has been deprecated, please remove mcs_constrained() instead.')
')

########################################
## <summary>
##	This domain is allowed to sigkill and sigstop 
##	all domains regardless of their MCS category set.
## </summary>
## <param name="domain">
##	<summary>
##	Domain target for user exemption.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mcs_killall',`
	refpolicywarn(`$0() has been deprecated, please remove mcs_constrained() instead.')
')

########################################
## <summary>
##	This domain is allowed to ptrace
##	all domains regardless of their MCS
##	category set.
## </summary>
## <param name="domain">
##	<summary>
##	Domain target for user exemption.
##	</summary>
## </param>
#
interface(`mcs_ptrace_all',`
	refpolicywarn(`$0() has been deprecated, please remove mcs_constrained() instead.')
')

########################################
## <summary>
##	Make specified domain MCS trusted
##	for setting any category set for
##	the processes it executes.
## </summary>
## <param name="domain">
##	<summary>
##	Domain target for user exemption.
##	</summary>
## </param>
#
interface(`mcs_process_set_categories',`
	gen_require(`
		attribute mcssetcats;
	')

	typeattribute $1 mcssetcats;
')

########################################
## <summary>
##	Make specified domain MCS trusted
##	for writing to sockets at any level.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`mcs_socket_write_all_levels',`
	refpolicywarn(`$0() has been deprecated, please remove mcs_constrained() instead.')
')