Lines Matching refs:sh

213 …引入安全隐患。对于这些高危进程xx，其基线策略在`//base/security/selinux_adapter/sepolicy/`下的`xx.baseline`文件中。以sh基线为例，形式如下：
215 (allow sh vendor_file (dir (search)))
218 (allow sh system_lib_file (dir (search)))
228         check 'sh' baseline in user mode failed
229 …   expect rule: (allow sh vendor_file (dir ())); actual rule: (allow sh vendor_file (dir (search)))
231 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
234         check 'sh' baseline in developer mode failed
235 …   expect rule: (allow sh vendor_file (dir ())); actual rule: (allow sh vendor_file (dir (search)))
237 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
243 …因为，新增了sh的策略`"allow sh vendor_file:dir search;"`，对应的cil形式为`"(allow sh vendor_file (dir (search)))"`…
264         check 'sh' baseline in user mode failed
265 …             expect rule: (allow sh rootfs (dir (search))); actual rule: (allow sh rootfs (dir ()))
267 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
270         check 'sh' baseline in developer mode failed
271 …             expect rule: (allow sh rootfs (dir (search))); actual rule: (allow sh rootfs (dir ()))
273 …1. Add the above actual rule to baseline file 'sh.baseline' under 'base/security/selinux_adapter/s…
277 需要同时删除基线，将`//base/security/selinux_adapter/sepolicy/`下的基线文件`sh.baseline`中的相关基线删除。
279 这里根据报错，要删除基线`"(allow sh rootfs (dir (search)))"`，另外，以符合`"actual rule"`，其他冗余基线报错的删除位置参考下表：