参考:http://selinuxproject.org/page/NB_RefPolicy
Directory Macros
| macro | expansion |
|---|---|
| getattr_dir_perms | getattr |
| setattr_dir_perms | setattr |
| search_dir_perms | getattr search open |
| list_dir_perms | getattr search open read lock ioctl |
| add_entry_dir_perms | getattr search open lock ioctl write add_name |
| del_entry_dir_perms | getattr search open lock ioctl write remove_name |
| rw_dir_perms | open read getattr lock search ioctl add_name remove_name write |
| create_dir_perms | getattr create |
| rename_dir_perms | getattr rename |
| delete_dir_perms | getattr rmdir |
| manage_dir_perms | create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl |
| relabelfrom_dir_perms | getattr relabelfrom |
| relabelto_dir_perms | getattr relabelto |
| relabel_dir_perms | getattr relabelfrom relabelto |
File macros
| macro | expansion |
|---|---|
| getattr_file_perms | getattr |
| setattr_file_perms | setattr |
| read_file_perms | getattr open read lock ioctl |
| mmap_file_perms | getattr open read execute ioctl |
| exec_file_perms | getattr open read execute ioctl execute_no_trans |
| append_file_perms | getattr open append lock ioctl |
| write_file_perms | getattr open write append lock ioctl |
| rw_file_perms | getattr open read write append ioctl lock |
| create_file_perms | getattr create open |
| rename_file_perms | getattr rename |
| delete_file_perms | getattr unlink |
| manage_file_perms | create open getattr setattr read write append rename link unlink ioctl lock |
| relabelfrom_file_perms | getattr relabelfrom |
| relabelto_file_perms | getattr relabelto |
| relabel_file_perms | getattr relabelfrom relabelto |