> Is 'rw_fifo_file_perms' custom-defined somewhere?
>
> All I can see on the fifo_file is { append create execute getattr ioctl
> link lock mounton quotaon read relabelfrom relabelto rename setattr
> swapon unlink write }, of which, 'read' and 'write' are the relevant
> ones. If I do 'allow voip_sandbox_t self:fifo_file { read write }' would
> that be the same thing or am I missing something?
>
http://oss.tresys.com/projects/refpolicy/browser/policy/support/obj_perm_...
line 241:
define(`rw_fifo_file_perms',`{ getattr open read write append ioctl lock }')
Basically a set of common permissions to read and write fifo files. Not
quite the same as just { read write } but not too excessive either.
That would do, thanks!
I always use "macros" where ever possible that will make
policy
maintenance much easier.
Maintenance - yes, but finding where it comes from and what it does
(essential for people like me!) is a right nightmare!
Every time I stumble across something like this I have to do a 'grep' on
the whole serefpolicy directory to see where it comes from and what it
does - this does take time and I find it very frustrating, not to
mention that this search is not always successful (there are macros with
$1 and $2 in their names and finding this is not as straight forward job
as it first seems!)