diff options
| author |   Christian Göttsche <cgzones@googlemail.com> | 2022-03-22 18:05:40 +0100 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2022-03-30 19:40:53 -0700 |
| commit | 4d09b2040f97f8037540432595049e0dac21942e (patch) | |
| tree | 1950c652e9241b37544d65e3a75ad3eb79aa9154 /doc | |
| parent | policy_capabilities: add ioctl_skip_cloexec (diff) | |
| download | hardened-refpolicy-4d09b2040f97f8037540432595049e0dac21942e.tar.gz hardened-refpolicy-4d09b2040f97f8037540432595049e0dac21942e.tar.bz2 hardened-refpolicy-4d09b2040f97f8037540432595049e0dac21942e.zip | |
policy.dtd: more strict bool/tunable and infoflow validation
Booleans and tunables must have a value of true or false and infoflow
needs to be of type read, write, none or both with a weight of 1 to 10.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/policy.dtd | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/policy.dtd b/doc/policy.dtd index 52829854..c36cb846 100644 --- a/doc/policy.dtd +++ b/doc/policy.dtd @@ -14,11 +14,11 @@ <!ELEMENT tunable (desc)> <!ATTLIST tunable name CDATA #REQUIRED - dftval CDATA #REQUIRED> + dftval (true|false) #REQUIRED> <!ELEMENT bool (desc)> <!ATTLIST bool name CDATA #REQUIRED - dftval CDATA #REQUIRED> + dftval (true|false) #REQUIRED> <!ELEMENT summary (#PCDATA)> <!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)> <!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED> @@ -32,8 +32,8 @@ unused (true|false) "false"> <!ELEMENT infoflow EMPTY> <!ATTLIST infoflow - type CDATA #REQUIRED - weight CDATA #IMPLIED> + type (read|write|none|both) #REQUIRED + weight (1|2|3|4|5|6|7|8|9|10) #IMPLIED> <!ELEMENT rolebase EMPTY> <!ELEMENT rolecap EMPTY> |