diff options
Diffstat (limited to 'tools/flask/policy/policy/constraints')
-rw-r--r-- | tools/flask/policy/policy/constraints | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/constraints b/tools/flask/policy/policy/constraints index beb949c9b6..765ed4d0cd 100644 --- a/tools/flask/policy/policy/constraints +++ b/tools/flask/policy/policy/constraints @@ -22,6 +22,19 @@ # role_op : == | != | eq | dom | domby | incomp # # names : name | { name_list } -# name_list : name | name_list name +# name_list : name | name_list name # +# Prevent event channels and grants between different customers + +constrain event bind ( + u1 == system_u or + u2 == system_u or + u1 == u2 +); + +constrain grant { map_read map_write copy } ( + u1 == system_u or + u2 == system_u or + u1 == u2 +); |