1 |
commit: 4d09b2040f97f8037540432595049e0dac21942e |
2 |
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> |
3 |
AuthorDate: Tue Mar 22 17:05:40 2022 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 31 02:40:53 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=4d09b204 |
7 |
|
8 |
policy.dtd: more strict bool/tunable and infoflow validation |
9 |
|
10 |
Booleans and tunables must have a value of true or false and infoflow |
11 |
needs to be of type read, write, none or both with a weight of 1 to 10. |
12 |
|
13 |
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> |
14 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
15 |
|
16 |
doc/policy.dtd | 8 ++++---- |
17 |
1 file changed, 4 insertions(+), 4 deletions(-) |
18 |
|
19 |
diff --git a/doc/policy.dtd b/doc/policy.dtd |
20 |
index 52829854..c36cb846 100644 |
21 |
--- a/doc/policy.dtd |
22 |
+++ b/doc/policy.dtd |
23 |
@@ -14,11 +14,11 @@ |
24 |
<!ELEMENT tunable (desc)> |
25 |
<!ATTLIST tunable |
26 |
name CDATA #REQUIRED |
27 |
- dftval CDATA #REQUIRED> |
28 |
+ dftval (true|false) #REQUIRED> |
29 |
<!ELEMENT bool (desc)> |
30 |
<!ATTLIST bool |
31 |
name CDATA #REQUIRED |
32 |
- dftval CDATA #REQUIRED> |
33 |
+ dftval (true|false) #REQUIRED> |
34 |
<!ELEMENT summary (#PCDATA)> |
35 |
<!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)> |
36 |
<!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED> |
37 |
@@ -32,8 +32,8 @@ |
38 |
unused (true|false) "false"> |
39 |
<!ELEMENT infoflow EMPTY> |
40 |
<!ATTLIST infoflow |
41 |
- type CDATA #REQUIRED |
42 |
- weight CDATA #IMPLIED> |
43 |
+ type (read|write|none|both) #REQUIRED |
44 |
+ weight (1|2|3|4|5|6|7|8|9|10) #IMPLIED> |
45 |
<!ELEMENT rolebase EMPTY> |
46 |
<!ELEMENT rolecap EMPTY> |