| 1 |
commit: 4d09b2040f97f8037540432595049e0dac21942e |
| 2 |
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> |
| 3 |
AuthorDate: Tue Mar 22 17:05:40 2022 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Mar 31 02:40:53 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=4d09b204 |
| 7 |
|
| 8 |
policy.dtd: more strict bool/tunable and infoflow validation |
| 9 |
|
| 10 |
Booleans and tunables must have a value of true or false and infoflow |
| 11 |
needs to be of type read, write, none or both with a weight of 1 to 10. |
| 12 |
|
| 13 |
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> |
| 14 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
| 15 |
|
| 16 |
doc/policy.dtd | 8 ++++---- |
| 17 |
1 file changed, 4 insertions(+), 4 deletions(-) |
| 18 |
|
| 19 |
diff --git a/doc/policy.dtd b/doc/policy.dtd |
| 20 |
index 52829854..c36cb846 100644 |
| 21 |
--- a/doc/policy.dtd |
| 22 |
+++ b/doc/policy.dtd |
| 23 |
@@ -14,11 +14,11 @@ |
| 24 |
<!ELEMENT tunable (desc)> |
| 25 |
<!ATTLIST tunable |
| 26 |
name CDATA #REQUIRED |
| 27 |
- dftval CDATA #REQUIRED> |
| 28 |
+ dftval (true|false) #REQUIRED> |
| 29 |
<!ELEMENT bool (desc)> |
| 30 |
<!ATTLIST bool |
| 31 |
name CDATA #REQUIRED |
| 32 |
- dftval CDATA #REQUIRED> |
| 33 |
+ dftval (true|false) #REQUIRED> |
| 34 |
<!ELEMENT summary (#PCDATA)> |
| 35 |
<!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)> |
| 36 |
<!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED> |
| 37 |
@@ -32,8 +32,8 @@ |
| 38 |
unused (true|false) "false"> |
| 39 |
<!ELEMENT infoflow EMPTY> |
| 40 |
<!ATTLIST infoflow |
| 41 |
- type CDATA #REQUIRED |
| 42 |
- weight CDATA #IMPLIED> |
| 43 |
+ type (read|write|none|both) #REQUIRED |
| 44 |
+ weight (1|2|3|4|5|6|7|8|9|10) #IMPLIED> |
| 45 |
<!ELEMENT rolebase EMPTY> |
| 46 |
<!ELEMENT rolecap EMPTY> |
Archives