API tools faq
paste
Advertisement
goroh_kun

p-04d policy一覧

goroh_kun
Jun 13th, 2012
899
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.99 KB | None | 0 0
raw download clone embed print report
  1.  
  2. ####################################
  3. #### /proc/ccs/exception_policy ####
  4. ####################################
  5. keep_domain any from <kernel> //./app-user
  6. keep_domain any from <kernel> //./system-user
  7. keep_domain any from <kernel> /init
  8. no_keep_domain /sbin/adbd from <kernel> /init
  9. no_keep_domain /system/bin/app_process from <kernel> /init
  10. no_keep_domain /system/bin/felicamdl from <kernel> /init
  11. no_keep_domain /system/bin/mediaserver from <kernel> /init
  12. no_keep_domain /system/bin/mid from <kernel> /init
  13. no_keep_domain /system/bin/rild from <kernel> /init
  14. no_keep_domain /system/xbin/ash from <kernel> /init
  15. no_keep_domain /vendorpa/etc/load.smc.sh from <kernel> /init
  16. no_keep_domain /system/bin/vold from <kernel> /init
  17. keep_domain any from <kernel> /init /sbin/adbd /system/bin/sh
  18. no_keep_domain /system/bin/app_process from <kernel> /init /sbin/adbd /system/bin/sh
  19. keep_domain any from <kernel> /init /system/bin/mid /system/bin/sh
  20. keep_domain any from <kernel> /init /system/xbin/ash
  21. keep_domain any from <kernel> /init /system/bin/vold
  22. initialize_domain /system/bin/app_process from any
  23. path_group PER_ANY_DIR /
  24. path_group PER_ANY_DIR /\{\*\}/
  25. path_group PER_ANY_DIR \*:/
  26. path_group PER_ANY_DIR \*:/\{\*\}/
  27. path_group PER_EXEC_FILE /\*
  28. path_group PER_EXEC_FILE /\{\*\}/\*
  29. path_group PER_LINK_FILE /acct/\*
  30. path_group PER_LINK_FILE /acct/\{\*\}/\*
  31. path_group PER_LINK_FILE /cache/\*
  32. path_group PER_LINK_FILE /cache/\{\*\}/\*
  33. path_group PER_LINK_FILE /ccpu/\*
  34. path_group PER_LINK_FILE /ccpu/\{\*\}/\*
  35. path_group PER_LINK_FILE /ccpu1/\*
  36. path_group PER_LINK_FILE /ccpu1/\{\*\}/\*
  37. path_group PER_LINK_FILE /data/\*
  38. path_group PER_LINK_FILE /data/\{\*\}/\*
  39. path_group PER_LINK_FILE /dev/\*
  40. path_group PER_LINK_FILE /dev/\{\*\}/\*
  41. path_group PER_LINK_FILE /log/\*
  42. path_group PER_LINK_FILE /log/\{\*\}/\*
  43. path_group PER_LINK_FILE /log2/\*
  44. path_group PER_LINK_FILE /log2/\{\*\}/\*
  45. path_group PER_LINK_FILE /misc4/\*
  46. path_group PER_LINK_FILE /misc4/\{\*\}/\*
  47. path_group PER_LINK_FILE /mnt/\*
  48. path_group PER_LINK_FILE /mnt/\{\*\}/\*
  49. path_group PER_LINK_FILE /tmp/\*
  50. path_group PER_LINK_FILE /tmp/\{\*\}/\*
  51. path_group PER_LINK_FILE debugfs:/\*
  52. path_group PER_LINK_FILE debugfs:/\{\*\}/\*
  53. path_group PER_LINK_FILE devpts:/\*
  54. path_group PER_LINK_FILE devpts:/\{\*\}/\*
  55. path_group PER_LINK_FILE proc:/\*
  56. path_group PER_LINK_FILE proc:/\{\*\}/\*
  57. path_group PER_LINK_FILE sysfs:/\*
  58. path_group PER_LINK_FILE sysfs:/\{\*\}/\*
  59. path_group PER_READ_FILE /\*
  60. path_group PER_READ_FILE /acct/\*
  61. path_group PER_READ_FILE /acct/\{\*\}/\*
  62. path_group PER_READ_FILE /cache/\*
  63. path_group PER_READ_FILE /cache/\{\*\}/\*
  64. path_group PER_READ_FILE /ccpu/\*
  65. path_group PER_READ_FILE /ccpu/\{\*\}/\*
  66. path_group PER_READ_FILE /ccpu1/\*
  67. path_group PER_READ_FILE /ccpu1/\{\*\}/\*
  68. path_group PER_READ_FILE /data/\*
  69. path_group PER_READ_FILE /data/\{\*\}/\*
  70. path_group PER_READ_FILE /dev/\*\-felica\-felica_cfg\-felica_interrupt\-felica_pon\-kmem\-mem\-smc_pa.ift\-udlfomf
  71. path_group PER_READ_FILE /dev/\{\*\}/\*\-mmcblk0\*
  72. path_group PER_READ_FILE /log/\*
  73. path_group PER_READ_FILE /log/\{\*\}/\*
  74. path_group PER_READ_FILE /log2/\*
  75. path_group PER_READ_FILE /log2/\{\*\}/\*
  76. path_group PER_READ_FILE /misc4/\*
  77. path_group PER_READ_FILE /misc4/\{\*\}/\*
  78. path_group PER_READ_FILE /mnt/\*
  79. path_group PER_READ_FILE /mnt/\{\*\}/\*
  80. path_group PER_READ_FILE /sbin/\*\-ccs-init
  81. path_group PER_READ_FILE /sbin/\{\*\}/\*
  82. path_group PER_READ_FILE /system/\*
  83. path_group PER_READ_FILE /system/\{\*\}/\*\-libSecureIDDB_jni.so\-libSafetyBox_jni.so\-MobileFeliCaClient.odex\-data_app_fn.zip\-felicaDT.apk\-felicaDT.odex\-FeliCaControl.apk
  84. path_group PER_READ_FILE /tmp/\*
  85. path_group PER_READ_FILE /tmp/\{\*\}/\*
  86. path_group PER_READ_FILE /vendorpa/\*
  87. path_group PER_READ_FILE /vendorpa/\{\*\}/\*
  88. path_group PER_READ_FILE debugfs:/\*
  89. path_group PER_READ_FILE debugfs:/\{\*\}/\*
  90. path_group PER_READ_FILE devpts:/\*
  91. path_group PER_READ_FILE devpts:/\{\*\}/\*
  92. path_group PER_READ_FILE proc:/\*
  93. path_group PER_READ_FILE proc:/\{\*\}/\*
  94. path_group PER_READ_FILE sysfs:/\*
  95. path_group PER_READ_FILE sysfs:/\{\*\}/\*
  96. path_group PER_RENAME_DIR /acct/\{\*\}/
  97. path_group PER_RENAME_DIR /cache/\{\*\}/
  98. path_group PER_RENAME_DIR /ccpu/\{\*\}/
  99. path_group PER_RENAME_DIR /ccpu1/\{\*\}/
  100. path_group PER_RENAME_DIR /data/\{\*\}/
  101. path_group PER_RENAME_DIR /log/\{\*\}/
  102. path_group PER_RENAME_DIR /log2/\{\*\}/
  103. path_group PER_RENAME_DIR /mnt/\{\*\}/
  104. path_group PER_RENAME_DIR /tmp/\{\*\}/
  105. path_group PER_RENAME_FILE /acct/\*
  106. path_group PER_RENAME_FILE /acct/\{\*\}/\*
  107. path_group PER_RENAME_FILE /cache/\*
  108. path_group PER_RENAME_FILE /cache/\{\*\}/\*
  109. path_group PER_RENAME_FILE /ccpu/\*
  110. path_group PER_RENAME_FILE /ccpu/\{\*\}/\*
  111. path_group PER_RENAME_FILE /ccpu1/\*
  112. path_group PER_RENAME_FILE /ccpu1/\{\*\}/\*
  113. path_group PER_RENAME_FILE /data/\*
  114. path_group PER_RENAME_FILE /data/\{\*\}/\*
  115. path_group PER_RENAME_FILE /log/\*
  116. path_group PER_RENAME_FILE /log/\{\*\}/\*
  117. path_group PER_RENAME_FILE /log2/\*
  118. path_group PER_RENAME_FILE /log2/\{\*\}/\*
  119. path_group PER_RENAME_FILE /mnt/\*
  120. path_group PER_RENAME_FILE /mnt/\{\*\}/\*
  121. path_group PER_RENAME_FILE /tmp/\*
  122. path_group PER_RENAME_FILE /tmp/\{\*\}/\*
  123. path_group PER_WRITE_FILE /acct/\*
  124. path_group PER_WRITE_FILE /acct/\{\*\}/\*
  125. path_group PER_WRITE_FILE /cache/\*
  126. path_group PER_WRITE_FILE /cache/\{\*\}/\*
  127. path_group PER_WRITE_FILE /ccpu/\*
  128. path_group PER_WRITE_FILE /ccpu/\{\*\}/\*
  129. path_group PER_WRITE_FILE /ccpu1/\*
  130. path_group PER_WRITE_FILE /ccpu1/\{\*\}/\*
  131. path_group PER_WRITE_FILE /data/\*
  132. path_group PER_WRITE_FILE /data/\{\*\}/\*
  133. path_group PER_WRITE_FILE /dev/\*\-felica\-felica_cen\-felica_cfg\-felica_interrupt\-felica_pon\-felica_rfs\-felica_rws\-kmem\-mem\-smc_pa.ift\-udlfomf
  134. path_group PER_WRITE_FILE /dev/\{\*\}/\*\-mmcblk0\*
  135. path_group PER_WRITE_FILE /log/\*
  136. path_group PER_WRITE_FILE /log/\{\*\}/\*
  137. path_group PER_WRITE_FILE /log2/\*
  138. path_group PER_WRITE_FILE /log2/\{\*\}/\*
  139. path_group PER_WRITE_FILE /misc4/\*
  140. path_group PER_WRITE_FILE /misc4/\{\*\}/\*
  141. path_group PER_WRITE_FILE /mnt/\*
  142. path_group PER_WRITE_FILE /mnt/\{\*\}/\*
  143. path_group PER_WRITE_FILE /tmp/\*
  144. path_group PER_WRITE_FILE /tmp/\{\*\}/\*
  145. path_group PER_WRITE_FILE debugfs:/\*
  146. path_group PER_WRITE_FILE debugfs:/\{\*\}/\*
  147. path_group PER_WRITE_FILE devpts:/\*
  148. path_group PER_WRITE_FILE devpts:/\{\*\}/\*
  149. path_group PER_WRITE_FILE proc:/\*
  150. path_group PER_WRITE_FILE proc:/\{\*\}/\*
  151. path_group PER_WRITE_FILE sysfs:/\*
  152. path_group PER_WRITE_FILE sysfs:/\{\*\}/\*
  153. acl_group 0 file read @PER_READ_FILE
  154. acl_group 0 file read @PER_ANY_DIR
  155. acl_group 0 file rename @PER_RENAME_DIR @PER_RENAME_DIR
  156. acl_group 0 file rename @PER_RENAME_FILE @PER_RENAME_FILE
  157. acl_group 0 file write/append @PER_WRITE_FILE
  158. acl_group 0 file link @PER_LINK_FILE @PER_LINK_FILE
  159. acl_group 0 file symlink @PER_LINK_FILE
  160. acl_group 1 file read @PER_READ_FILE
  161. acl_group 1 file read @PER_ANY_DIR
  162. acl_group 1 file rename @PER_RENAME_DIR @PER_RENAME_DIR
  163. acl_group 1 file rename @PER_RENAME_FILE @PER_RENAME_FILE
  164. acl_group 1 file write/append @PER_WRITE_FILE
  165. acl_group 1 file link @PER_LINK_FILE @PER_LINK_FILE
  166. acl_group 1 file symlink @PER_LINK_FILE
  167. acl_group 1 task auto_domain_transition <kernel> //./app-user task.gid=10000-4294967295
  168. acl_group 1 task auto_domain_transition <kernel> //./app-user task.uid=10000-4294967295
  169. acl_group 1 task auto_domain_transition <kernel> //./felica-user task.gid=4000
  170. acl_group 1 task auto_domain_transition <kernel> //./felica-user task.uid=4000
  171. acl_group 1 task auto_domain_transition <kernel> //./fclock-user task.gid=4001
  172. acl_group 1 task auto_domain_transition <kernel> //./fclock-user task.uid=4001
  173. acl_group 1 task auto_domain_transition <kernel> //./felicaDT-user task.gid=4002
  174. acl_group 1 task auto_domain_transition <kernel> //./felicaDT-user task.uid=4002
  175. acl_group 1 task auto_domain_transition <kernel> //./felicaCTL-user task.gid=4003
  176. acl_group 1 task auto_domain_transition <kernel> //./felicaCTL-user task.uid=4003
  177. acl_group 1 task auto_domain_transition <kernel> //./taginv-user task.gid=4300
  178. acl_group 1 task auto_domain_transition <kernel> //./taginv-user task.uid=4300
  179. acl_group 1 task auto_domain_transition <kernel> //./iclink-user task.gid=4400
  180. acl_group 1 task auto_domain_transition <kernel> //./iclink-user task.uid=4400
  181. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=1-999
  182. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=1-999
  183. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=1001-3999
  184. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=1001-3999
  185. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=4004-4299
  186. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=4004-4299
  187. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=4301-4399
  188. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=4301-4399
  189. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=4401-9999
  190. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=4401-9999
  191. acl_group 1 task auto_domain_transition <kernel> //./system-user task.gid=1000
  192. acl_group 1 task auto_domain_transition <kernel> //./system-user task.uid=1000
  193.  
  194.  
  195.  
  196. #################################
  197. #### /proc/ccs/domain_policy ####
  198. #################################
  199. <kernel>
  200. use_profile 3
  201. file execute /init exec.realpath="/init" exec.argv[0]="/init"
  202. file mount /dev/block/sd\* /mnt/sdcard/usbStorage/ vfat 0x10
  203. file unmount /mnt/sdcard/usbStorage/
  204. use_group 0
  205. <kernel> //./app-user
  206. use_profile 3
  207. file execute @PER_EXEC_FILE task.euid=10000-4294967295 task.egid=10000-4294967295
  208. use_group 0
  209. <kernel> //./fclock-user
  210. use_profile 3
  211. file read /dev/felica_cfg
  212. file write /dev/felica_cen
  213. file write /dev/felica_cfg
  214. use_group 0
  215. <kernel> //./felica-user
  216. use_profile 3
  217. file read /dev/felica
  218. file read /system/app/MobileFeliCaClient.odex
  219. file write /dev/felica
  220. file write /dev/felica_pon
  221. use_group 0
  222. <kernel> //./felicaDT-user
  223. use_profile 3
  224. file read /dev/udlfomf
  225. file read /system/app/felicaDT.apk
  226. file read /system/app/felicaDT.odex
  227. file write /dev/udlfomf
  228. use_group 0
  229. <kernel> //./felicaCTL-user
  230. use_profile 3
  231. file read /system/app/FeliCaControl.apk
  232. use_group 0
  233. <kernel> //./taginv-user
  234. use_profile 3
  235. file read /system/lib/libSecureIDDB_jni.so
  236. use_group 0
  237. <kernel> //./iclink-user
  238. use_profile 3
  239. file read /system/lib/libSecureIDDB_jni.so
  240. use_group 0
  241. <kernel> //./other-user
  242. use_profile 3
  243. file execute @PER_EXEC_FILE task.euid=1-999 task.egid=1-999
  244. file execute @PER_EXEC_FILE task.euid=1001-9999 task.egid=1001-9999
  245. use_group 0
  246. <kernel> //./system-user
  247. use_profile 3
  248. capability use_kernel_module
  249. file execute @PER_EXEC_FILE task.euid=1000 task.egid=1000
  250. file read /system/app/MobileFeliCaClient.odex
  251. file read /system/app/felicaDT.apk
  252. file read /system/app/felicaDT.odex
  253. file read /system/app/FeliCaControl.apk
  254. file write /dev/felica_rws
  255. file read /system/lib/libSafetyBox_jni.so
  256. file read /system/lib/libSecureIDDB_jni.so
  257. use_group 0
  258. <kernel> /init
  259. use_profile 3
  260. capability use_kernel_module
  261. file execute /sbin/adbd exec.realpath="/sbin/adbd" exec.argv[0]="/sbin/adbd"
  262. file execute /system/bin/app_process exec.realpath="/system/bin/app_process" exec.argv[0]="/system/bin/app_process"
  263. file execute /system/bin/felicamdl exec.realpath="/system/bin/felicamdl" exec.argv[0]="/system/bin/felicamdl"
  264. file execute /system/bin/mediaserver exec.realpath="/system/bin/mediaserver" exec.argv[0]="/system/bin/mediaserver"
  265. file execute /system/bin/mid exec.realpath="/system/bin/mid" exec.argv[0]="/system/bin/mid"
  266. file execute /system/bin/rild exec.realpath="/system/bin/rild" exec.argv[0]="/system/bin/rild"
  267. file execute /system/bin/vold exec.realpath="/system/bin/vold" exec.argv[0]="/system/bin/vold"
  268. file execute /system/xbin/ash exec.realpath="/system/xbin/ash" exec.argv[0]="/system/xbin/ash"
  269. file execute /vendorpa/etc/load.smc.sh exec.realpath="/vendorpa/etc/load.smc.sh" exec.argv[0]="/vendorpa/etc/load.smc.sh"
  270. file execute @PER_EXEC_FILE
  271. file mount /dev/block/mmcblk0p13 /system/ ext4 0x1
  272. file mount /dev/block/mmcblk0p5 /ccpu/ ext4 0x6
  273. file mount /dev/block/mmcblk0p19 /ccpu1/ ext4 0x6
  274. file mount /dev/block/mmcblk0p15 /cache/ ext4 0x406
  275. file mount /dev/block/mmcblk0p17 /log2/ ext4 0x6
  276. file mount /dev/block/mmcblk0p18 /misc4/ ext4 0x6
  277. file mount /dev/block/mmcblk0p16 /log/ ext4 0x6
  278. file mount /dev/block/mmcblk0p14 /data/ ext4 0x406
  279. file mount /dev/mapper/private1 /mnt/sdcard/safetybox/ ext4 0x0
  280. file mount /sys/kernel/debug sysfs:/kernel/debug/ debugfs 0x0
  281. file mount devpts /dev/pts/ devpts 0x0
  282. file mount none /acct/ cgroup 0x0
  283. file mount none /dev/cpuctl/ cgroup 0x0
  284. file mount proc /proc/ proc 0x0
  285. file mount rootfs / --remount 0x1
  286. file mount sysfs /sys/ sysfs 0x0
  287. file mount tmpfs /dev/ tmpfs 0x0
  288. file mount tmpfs /mnt/asec/ tmpfs 0x0
  289. file mount tmpfs /mnt/obb/ tmpfs 0x0
  290. file mount tmpfs /tmp/ tmpfs 0x0
  291. file unmount /mnt/sdcard/safetybox/
  292. file unmount /mnt/secure/staging/safetybox/
  293. file read /dev/block/mmcblk0p10
  294. file read /dev/block/mmcblk0p20
  295. file read /dev/block/mmcblk0p22
  296. file read /system/app/FeliCaControl.apk
  297. file symlink /d symlink.target="/sys/kernel/debug"
  298. file symlink /etc symlink.target="/system/etc"
  299. file symlink /sdcard symlink.target="/mnt/sdcard"
  300. file symlink /vendor symlink.target="/system/vendor"
  301. file write /dev/block/mmcblk0p20
  302. file write /dev/block/mmcblk0p22
  303. use_group 0
  304. <kernel> /init /sbin/adbd
  305. use_profile 3
  306. file execute /system/bin/sh exec.realpath="/system/bin/sh" exec.argv[0]="/system/bin/sh" task.euid=2000
  307. use_group 0
  308. <kernel> /init /sbin/adbd /system/bin/sh
  309. use_profile 3
  310. file execute /system/bin/app_process exec.realpath="/system/bin/app_process" exec.argv[0]="/system/bin/app_process" task.euid=2000
  311. file execute @PER_EXEC_FILE task.euid=2000
  312. use_group 0
  313. <kernel> /init /system/bin/felicamdl
  314. use_profile 3
  315. file read /dev/felica_interrupt
  316. use_group 0
  317. <kernel> /init /system/bin/mediaserver
  318. use_profile 3
  319. file read /dev/block/mmcblk0p10
  320. use_group 0
  321. <kernel> /init /system/bin/mid
  322. use_profile 3
  323. capability use_kernel_module
  324. file execute /system/bin/sh exec.realpath="/system/bin/sh" exec.argv[0]="sh"
  325. file read /dev/mem
  326. file write /dev/mem
  327. use_group 0
  328. <kernel> /init /system/bin/mid /system/bin/sh
  329. use_profile 3
  330. file execute @PER_EXEC_FILE
  331. use_group 0
  332. <kernel> /init /system/bin/rild
  333. use_profile 3
  334. use_group 0
  335. <kernel> /init /system/bin/vold
  336. use_profile 3
  337. file execute @PER_EXEC_FILE
  338. file mount /dev/block/dm-\$ /mnt/asec/\*/ vfat 0x87
  339. file mount /dev/block/dm-\$ /mnt/asec/\*/ vfat 0x8E
  340. file mount /dev/block/loop\$ /mnt/asec/\*/ --remount 0x87
  341. file mount /dev/block/loop\$ /mnt/obb/\*/ vfat 0x87
  342. file mount /dev/block/vold/\*:\* /mnt/secure/staging/ vfat 0x8E
  343. file mount /mnt/sdcard/ /mnt/secure/staging/ --move 0x0
  344. file mount /mnt/sdcard/usbStorage/ /mnt/secure/staging/ --move 0x0
  345. file mount /mnt/secure/staging/ /mnt/sdcard/ --move 0x0
  346. file mount /mnt/secure/staging/ /mnt/sdcard/usbStorage/ --move 0x0
  347. file mount /mnt/secure/staging/.android_secure/ /mnt/secure/asec/ --bind 0x0
  348. file mount tmpfs /mnt/secure/staging/.android_secure/ tmpfs 0x1
  349. file unmount /mnt/asec/\*/
  350. file unmount /mnt/obb/\*/
  351. file unmount /mnt/sdcard/usbStorage/
  352. file unmount /mnt/secure/asec/
  353. file unmount /mnt/secure/staging/
  354. file unmount /mnt/secure/staging/.android_secure/
  355. use_group 0
  356. <kernel> /init /system/xbin/ash
  357. use_profile 3
  358. file execute @PER_EXEC_FILE
  359. use_group 0
  360. <kernel> /init /vendorpa/etc/load.smc.sh
  361. use_profile 3
  362. file execute /smc_pa_ctrl exec.realpath="/smc_pa_ctrl" exec.argv[0]="/smc_pa_ctrl"
  363. file execute /vendorpa/bin/encdec_pa exec.realpath="/vendorpa/bin/encdec_pa" exec.argv[0]="/vendorpa/bin/encdec_pa"
  364. use_group 0
  365. <kernel> /init /vendorpa/etc/load.smc.sh /smc_pa_ctrl
  366. use_profile 3
  367. file read /dev/smc_pa.ift
  368. use_group 0
  369. <kernel> /init /vendorpa/etc/load.smc.sh /vendorpa/bin/encdec_pa
  370. use_profile 3
  371. file read /dev/smc_pa.ift
  372. file write /dev/smc_pa.ift
  373. use_group 0
  374. <kernel> /system/bin/app_process
  375. use_profile 3
  376. file execute /system/bin/dexopt exec.realpath="/system/bin/dexopt" exec.argv[0]="/system/bin/dexopt"
  377. use_group 1
  378. <kernel> /system/bin/app_process /system/bin/dexopt
  379. use_profile 3
  380. use_group 0
  381.  
  382.  
  383.  
  384. ###########################
  385. #### /proc/ccs/profile ####
  386. ###########################
  387. PROFILE_VERSION=20100903
  388. 0-COMMENT=-----Disabled Mode-----
  389. 0-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  390. 0-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  391. 1-COMMENT=-----Learning Mode-----
  392. 1-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  393. 1-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  394. 1-CONFIG::file::execute={ mode=learning grant_log=no reject_log=yes }
  395. 1-CONFIG::file::open={ mode=learning grant_log=no reject_log=yes }
  396. 1-CONFIG::file::symlink={ mode=learning grant_log=no reject_log=yes }
  397. 1-CONFIG::file::link={ mode=learning grant_log=no reject_log=yes }
  398. 1-CONFIG::file::rename={ mode=learning grant_log=no reject_log=yes }
  399. 1-CONFIG::file::chroot={ mode=learning grant_log=no reject_log=yes }
  400. 1-CONFIG::file::mount={ mode=learning grant_log=no reject_log=yes }
  401. 1-CONFIG::file::unmount={ mode=learning grant_log=no reject_log=yes }
  402. 1-CONFIG::file::pivot_root={ mode=learning grant_log=no reject_log=yes }
  403. 1-CONFIG::capability::use_kernel_module={ mode=learning grant_log=no reject_log=yes }
  404. 2-COMMENT=-----Permissive Mode-----
  405. 2-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  406. 2-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  407. 2-CONFIG::file::execute={ mode=permissive grant_log=no reject_log=yes }
  408. 2-CONFIG::file::open={ mode=permissive grant_log=no reject_log=yes }
  409. 2-CONFIG::file::symlink={ mode=permissive grant_log=no reject_log=yes }
  410. 2-CONFIG::file::link={ mode=permissive grant_log=no reject_log=yes }
  411. 2-CONFIG::file::rename={ mode=permissive grant_log=no reject_log=yes }
  412. 2-CONFIG::file::chroot={ mode=permissive grant_log=no reject_log=yes }
  413. 2-CONFIG::file::mount={ mode=permissive grant_log=no reject_log=yes }
  414. 2-CONFIG::file::unmount={ mode=permissive grant_log=no reject_log=yes }
  415. 2-CONFIG::file::pivot_root={ mode=permissive grant_log=no reject_log=yes }
  416. 2-CONFIG::capability::use_kernel_module={ mode=permissive grant_log=no reject_log=yes }
  417. 3-COMMENT=-----Enforcing Mode-----
  418. 3-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  419. 3-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  420. 3-CONFIG::file::execute={ mode=enforcing grant_log=no reject_log=yes }
  421. 3-CONFIG::file::open={ mode=enforcing grant_log=no reject_log=yes }
  422. 3-CONFIG::file::symlink={ mode=enforcing grant_log=no reject_log=yes }
  423. 3-CONFIG::file::link={ mode=enforcing grant_log=no reject_log=yes }
  424. 3-CONFIG::file::rename={ mode=enforcing grant_log=no reject_log=yes }
  425. 3-CONFIG::file::chroot={ mode=enforcing grant_log=no reject_log=yes }
  426. 3-CONFIG::file::mount={ mode=enforcing grant_log=no reject_log=yes }
  427. 3-CONFIG::file::unmount={ mode=enforcing grant_log=no reject_log=yes }
  428. 3-CONFIG::file::pivot_root={ mode=enforcing grant_log=no reject_log=yes }
  429. 3-CONFIG::capability::use_kernel_module={ mode=enforcing grant_log=no reject_log=yes }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!