Lines Matching full:domain
113 <li><em>Domain</em> - A label for the process or set of processes. Also called a domain type as it is just a type for a process.
129 <p>In addition to individually listing domains or types in a rule, one can also refer to a set of domains or types via an <em>attribute</em>. An attribute is simply a name for a set of domains or types. Each domain or type can be associated with any number of attributes. When a rule is written that specifies an attribute name, that name is automatically expanded to the list of domains or types associated with the attribute. For example, the <em>domain</em> attribute is associated with all process domains, and the <em>file_type</em> attribute is associated with all file types.</p>
140 allow domain null_device:chr_file { open };
145 This rule allows a process with any <em>domain</em> associated with the ?domain? attribute to take the action described by the <em>permission</em> ?open? on an object of <em>class</em> ?chr_file? (character device file) that has the <em>target_type</em> label of ?null_device.? In practice, this rule may be extended to include other permissions: </p>
148 allow domain null_device:chr_file { getattr open read ioctl lock append write};
151 <p>When combined with the knowledge that ?domain? is an attribute assigned to
156 <p>A <em>domain</em> generally corresponds to a process and will have a label associated with it.</p>
