[selinux-policy: 1239/3172] another round of renaming
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:52:14 UTC 2010
commit 103fe2807fbfec6ce3aab2c9d6de21c25df53cc2
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Feb 21 18:40:44 2006 +0000
another round of renaming
refpolicy/policy/modules/admin/acct.te | 4 +-
refpolicy/policy/modules/admin/amanda.te | 10 +-
refpolicy/policy/modules/admin/consoletype.te | 2 +-
refpolicy/policy/modules/admin/firstboot.te | 16 ++--
refpolicy/policy/modules/admin/kudzu.te | 6 +-
refpolicy/policy/modules/admin/logrotate.te | 8 +-
refpolicy/policy/modules/admin/logwatch.te | 4 +-
refpolicy/policy/modules/admin/mrtg.te | 2 +-
refpolicy/policy/modules/admin/netutils.te | 2 +-
refpolicy/policy/modules/admin/portage.if | 4 +-
refpolicy/policy/modules/admin/portage.te | 6 +-
refpolicy/policy/modules/admin/prelink.te | 6 +-
refpolicy/policy/modules/admin/readahead.te | 4 +-
refpolicy/policy/modules/admin/rpm.te | 14 ++--
refpolicy/policy/modules/admin/su.if | 6 +-
refpolicy/policy/modules/admin/sudo.if | 8 +-
refpolicy/policy/modules/admin/updfstab.te | 2 +-
refpolicy/policy/modules/admin/usermanage.te | 32 +++---
refpolicy/policy/modules/admin/vpn.te | 8 +-
refpolicy/policy/modules/apps/cdrecord.if | 16 ++--
refpolicy/policy/modules/apps/gpg.if | 4 +-
refpolicy/policy/modules/apps/irc.if | 10 +-
refpolicy/policy/modules/apps/java.if | 20 ++--
refpolicy/policy/modules/apps/lockdev.if | 2 +-
refpolicy/policy/modules/apps/screen.if | 4 +-
refpolicy/policy/modules/apps/tvtime.if | 10 +-
refpolicy/policy/modules/apps/uml.if | 6 +-
refpolicy/policy/modules/apps/uml.te | 4 +-
refpolicy/policy/modules/apps/userhelper.if | 4 +-
refpolicy/policy/modules/apps/webalizer.te | 8 +-
refpolicy/policy/modules/kernel/bootloader.if | 4 +-
refpolicy/policy/modules/kernel/bootloader.te | 10 +-
refpolicy/policy/modules/kernel/devices.if | 2 +-
refpolicy/policy/modules/kernel/files.if | 26 +++---
refpolicy/policy/modules/kernel/filesystem.if | 4 +-
refpolicy/policy/modules/kernel/storage.if | 4 +-
refpolicy/policy/modules/services/apache.if | 10 +-
refpolicy/policy/modules/services/apache.te | 28 +++---
refpolicy/policy/modules/services/apm.te | 14 ++--
refpolicy/policy/modules/services/arpwatch.te | 6 +-
refpolicy/policy/modules/services/automount.te | 12 +-
refpolicy/policy/modules/services/avahi.te | 4 +-
refpolicy/policy/modules/services/bind.te | 8 +-
refpolicy/policy/modules/services/bluetooth.te | 14 ++--
refpolicy/policy/modules/services/canna.te | 8 +-
refpolicy/policy/modules/services/comsat.te | 4 +-
refpolicy/policy/modules/services/cron.if | 14 ++--
refpolicy/policy/modules/services/cron.te | 26 +++---
refpolicy/policy/modules/services/cups.te | 30 +++---
refpolicy/policy/modules/services/cvs.te | 4 +-
refpolicy/policy/modules/services/cyrus.te | 10 +-
refpolicy/policy/modules/services/dbskk.te | 4 +-
refpolicy/policy/modules/services/dbus.if | 2 +-
refpolicy/policy/modules/services/dbus.te | 6 +-
refpolicy/policy/modules/services/dhcp.te | 8 +-
refpolicy/policy/modules/services/distcc.te | 8 +-
refpolicy/policy/modules/services/dovecot.te | 4 +-
refpolicy/policy/modules/services/fetchmail.te | 6 +-
refpolicy/policy/modules/services/finger.te | 8 +-
refpolicy/policy/modules/services/ftp.if | 10 +-
refpolicy/policy/modules/services/ftp.te | 32 +++---
refpolicy/policy/modules/services/gpm.te | 8 +-
refpolicy/policy/modules/services/hal.te | 6 +-
refpolicy/policy/modules/services/howl.te | 4 +-
refpolicy/policy/modules/services/i18n_input.te | 6 +-
refpolicy/policy/modules/services/inetd.te | 12 +-
refpolicy/policy/modules/services/inn.te | 8 +-
refpolicy/policy/modules/services/irqbalance.te | 4 +-
refpolicy/policy/modules/services/kerberos.te | 16 ++--
refpolicy/policy/modules/services/ktalk.te | 4 +-
refpolicy/policy/modules/services/ldap.te | 12 +-
refpolicy/policy/modules/services/lpd.if | 6 +-
refpolicy/policy/modules/services/lpd.te | 10 +-
refpolicy/policy/modules/services/mailman.if | 6 +-
refpolicy/policy/modules/services/mailman.te | 4 +-
refpolicy/policy/modules/services/mta.if | 30 +++---
refpolicy/policy/modules/services/mta.te | 16 ++--
refpolicy/policy/modules/services/mysql.te | 10 +-
.../policy/modules/services/networkmanager.te | 6 +-
refpolicy/policy/modules/services/nis.te | 16 ++--
refpolicy/policy/modules/services/nscd.te | 6 +-
refpolicy/policy/modules/services/ntp.te | 10 +-
refpolicy/policy/modules/services/openct.te | 4 +-
refpolicy/policy/modules/services/pegasus.te | 6 +-
refpolicy/policy/modules/services/portmap.te | 8 +-
refpolicy/policy/modules/services/postfix.if | 4 +-
refpolicy/policy/modules/services/postfix.te | 4 +-
refpolicy/policy/modules/services/postgresql.te | 14 ++--
refpolicy/policy/modules/services/ppp.te | 20 ++--
refpolicy/policy/modules/services/privoxy.te | 6 +-
refpolicy/policy/modules/services/procmail.te | 4 +-
refpolicy/policy/modules/services/radius.te | 6 +-
refpolicy/policy/modules/services/radvd.te | 4 +-
refpolicy/policy/modules/services/remotelogin.te | 6 +-
refpolicy/policy/modules/services/rlogin.te | 6 +-
refpolicy/policy/modules/services/roundup.te | 6 +-
refpolicy/policy/modules/services/rpc.te | 4 +-
refpolicy/policy/modules/services/rshd.te | 2 +-
refpolicy/policy/modules/services/rsync.te | 4 +-
refpolicy/policy/modules/services/samba.if | 10 +-
refpolicy/policy/modules/services/samba.te | 30 +++---
refpolicy/policy/modules/services/sasl.te | 4 +-
refpolicy/policy/modules/services/sendmail.if | 2 +-
refpolicy/policy/modules/services/sendmail.te | 10 +-
refpolicy/policy/modules/services/slrnpull.te | 6 +-
refpolicy/policy/modules/services/smartmon.te | 6 +-
refpolicy/policy/modules/services/snmp.te | 12 +-
refpolicy/policy/modules/services/spamassassin.if | 16 ++--
refpolicy/policy/modules/services/spamassassin.te | 14 ++--
refpolicy/policy/modules/services/squid.te | 8 +-
refpolicy/policy/modules/services/ssh.if | 14 ++--
refpolicy/policy/modules/services/ssh.te | 4 +-
refpolicy/policy/modules/services/stunnel.te | 6 +-
refpolicy/policy/modules/services/sysstat.te | 4 +-
refpolicy/policy/modules/services/tcpd.te | 2 +-
refpolicy/policy/modules/services/telnet.te | 4 +-
refpolicy/policy/modules/services/tftp.te | 4 +-
refpolicy/policy/modules/services/timidity.te | 4 +-
refpolicy/policy/modules/services/uucp.te | 6 +-
refpolicy/policy/modules/services/xfs.te | 8 +-
refpolicy/policy/modules/services/xserver.if | 24 +++---
refpolicy/policy/modules/services/xserver.te | 18 ++--
refpolicy/policy/modules/services/zebra.te | 8 +-
refpolicy/policy/modules/system/authlogin.if | 8 +-
refpolicy/policy/modules/system/authlogin.te | 4 +-
refpolicy/policy/modules/system/fstools.te | 4 +-
refpolicy/policy/modules/system/getty.te | 10 +-
refpolicy/policy/modules/system/hotplug.te | 4 +-
refpolicy/policy/modules/system/init.if | 2 +-
refpolicy/policy/modules/system/init.te | 14 ++--
refpolicy/policy/modules/system/ipsec.te | 12 +-
refpolicy/policy/modules/system/iptables.te | 4 +-
refpolicy/policy/modules/system/libraries.te | 2 +-
refpolicy/policy/modules/system/locallogin.te | 14 ++--
refpolicy/policy/modules/system/logging.if | 4 +-
refpolicy/policy/modules/system/logging.te | 24 +++---
refpolicy/policy/modules/system/lvm.te | 12 +-
refpolicy/policy/modules/system/modutils.te | 14 ++--
refpolicy/policy/modules/system/mount.te | 2 +-
refpolicy/policy/modules/system/pcmcia.te | 10 +-
refpolicy/policy/modules/system/raid.te | 2 +-
refpolicy/policy/modules/system/selinuxutil.te | 6 +-
refpolicy/policy/modules/system/sysnetwork.if | 6 +-
refpolicy/policy/modules/system/sysnetwork.te | 8 +-
refpolicy/policy/modules/system/udev.te | 6 +-
refpolicy/policy/modules/system/userdomain.if | 104 ++++++++++----------
refpolicy/policy/modules/system/userdomain.te | 4 +-
147 files changed, 687 insertions(+), 687 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/acct.te b/refpolicy/policy/modules/admin/acct.te
index 0beb2c7..4697a9a 100644
--- a/refpolicy/policy/modules/admin/acct.te
+++ b/refpolicy/policy/modules/admin/acct.te
@@ -68,7 +68,7 @@ logging_send_syslog_msg(acct_t)
miscfiles_read_localization(acct_t)
-userdom_dontaudit_search_sysadm_home_dir(acct_t)
+userdom_dontaudit_search_sysadm_home_dirs(acct_t)
userdom_dontaudit_use_unpriv_user_fds(acct_t)
ifdef(`targeted_policy',`
@@ -80,7 +80,7 @@ ifdef(`targeted_policy',`
optional_policy(`cron',`
optional_policy(`authlogin',`
# for monthly cron job
- auth_filetrans_login_records(acct_t)
+ auth_log_filetrans_login_records(acct_t)
auth_manage_login_records(acct_t)
')
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index 671397b..75bb440 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -116,11 +116,11 @@ allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
allow amanda_t amanda_log_t:file create_file_perms;
allow amanda_t amanda_log_t:dir { rw_dir_perms setattr };
-logging_filetrans_log(amanda_t,amanda_log_t,{ file dir })
+logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
allow amanda_t amanda_tmp_t:dir create_dir_perms;
allow amanda_t amanda_tmp_t:file create_file_perms;
-files_filetrans_tmp(amanda_t, amanda_tmp_t, { file dir })
+files_tmp_filetrans(amanda_t, amanda_tmp_t, { file dir })
kernel_read_system_state(amanda_t)
kernel_read_kernel_sysctls(amanda_t)
@@ -206,14 +206,14 @@ allow amanda_recover_t amanda_recover_dir_t:file create_file_perms;
allow amanda_recover_t amanda_recover_dir_t:lnk_file create_lnk_perms;
allow amanda_recover_t amanda_recover_dir_t:sock_file create_file_perms;
allow amanda_recover_t amanda_recover_dir_t:fifo_file create_file_perms;
-userdom_filetrans_sysadm_home_dir(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file })
+userdom_sysadm_home_dir_filetrans(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file })
allow amanda_recover_t amanda_tmp_t:dir create_dir_perms;
allow amanda_recover_t amanda_tmp_t:file create_file_perms;
allow amanda_recover_t amanda_tmp_t:lnk_file create_lnk_perms;
allow amanda_recover_t amanda_tmp_t:sock_file create_file_perms;
allow amanda_recover_t amanda_tmp_t:fifo_file create_file_perms;
-files_filetrans_tmp(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file })
+files_tmp_filetrans(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file })
kernel_read_system_state(amanda_recover_t)
kernel_read_kernel_sysctls(amanda_recover_t)
@@ -252,7 +252,7 @@ miscfiles_read_localization(amanda_recover_t)
sysnet_read_config(amanda_recover_t)
-userdom_search_sysadm_home_subdirs(amanda_recover_t)
+userdom_search_sysadm_home_content_dirs(amanda_recover_t)
optional_policy(`mount',`
mount_send_nfs_client_request(amanda_recover_t)
diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te
index e17e6df..8d9cf0d 100644
--- a/refpolicy/policy/modules/admin/consoletype.te
+++ b/refpolicy/policy/modules/admin/consoletype.te
@@ -105,7 +105,7 @@ optional_policy(`rpm',`
')
optional_policy(`userdomain',`
- userdom_use_unpriv_users_fd(consoletype_t)
+ userdom_use_unpriv_users_fds(consoletype_t)
')
ifdef(`TODO',`
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index 07a9e16..5ca6a16 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -40,7 +40,7 @@ allow firstboot_t firstboot_etc_t:file { getattr read };
allow firstboot_t firstboot_rw_t:dir create_dir_perms;
allow firstboot_t firstboot_rw_t:file create_file_perms;
-files_filetrans_etc(firstboot_t,firstboot_rw_t,file)
+files_etc_filetrans(firstboot_t,firstboot_rw_t,file)
# The big hammer
unconfined_domain(firstboot_t)
@@ -99,13 +99,13 @@ modutils_read_module_config(firstboot_t)
modutils_read_module_deps(firstboot_t)
# Add/remove user home directories
-userdom_manage_generic_user_home_dirs(firstboot_t)
-userdom_manage_generic_user_home_files(firstboot_t)
-userdom_manage_generic_user_home_symlinks(firstboot_t)
-userdom_manage_generic_user_home_pipes(firstboot_t)
-userdom_manage_generic_user_home_sockets(firstboot_t)
-userdom_filetrans_generic_user_home_dir(firstboot_t)
-userdom_filetrans_generic_user_home(firstboot_t,{ dir file lnk_file fifo_file sock_file })
+userdom_manage_generic_user_home_content_dirs(firstboot_t)
+userdom_manage_generic_user_home_content_files(firstboot_t)
+userdom_manage_generic_user_home_content_symlinks(firstboot_t)
+userdom_manage_generic_user_home_content_pipes(firstboot_t)
+userdom_manage_generic_user_home_content_sockets(firstboot_t)
+userdom_home_filetrans_generic_user_home_dir(firstboot_t)
+userdom_generic_user_home_dir_filetrans_generic_user_home_content(firstboot_t,{ dir file lnk_file fifo_file sock_file })
ifdef(`targeted_policy',`
unconfined_domtrans(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/kudzu.te b/refpolicy/policy/modules/admin/kudzu.te
index 75cf926..8425e54 100644
--- a/refpolicy/policy/modules/admin/kudzu.te
+++ b/refpolicy/policy/modules/admin/kudzu.te
@@ -31,11 +31,11 @@ allow kudzu_t self:udp_socket { create ioctl };
allow kudzu_t kudzu_tmp_t:dir create_file_perms;
allow kudzu_t kudzu_tmp_t:{ file chr_file } create_file_perms;
-files_filetrans_tmp(kudzu_t, kudzu_tmp_t, { file dir chr_file })
+files_tmp_filetrans(kudzu_t, kudzu_tmp_t, { file dir chr_file })
allow kudzu_t kudzu_var_run_t:file create_file_perms;
allow kudzu_t kudzu_var_run_t:dir create_dir_perms;
-files_filetrans_pid(kudzu_t,kudzu_var_run_t)
+files_pid_filetrans(kudzu_t,kudzu_var_run_t)
kernel_change_ring_buffer_level(kudzu_t)
kernel_list_proc(kudzu_t)
@@ -119,7 +119,7 @@ modutils_domtrans_insmod(kudzu_t)
sysnet_read_config(kudzu_t)
-userdom_search_sysadm_home_dir(kudzu_t)
+userdom_search_sysadm_home_dirs(kudzu_t)
userdom_dontaudit_use_unpriv_user_fds(kudzu_t)
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/admin/logrotate.te b/refpolicy/policy/modules/admin/logrotate.te
index b2395f0..52b2926 100644
--- a/refpolicy/policy/modules/admin/logrotate.te
+++ b/refpolicy/policy/modules/admin/logrotate.te
@@ -51,18 +51,18 @@ allow logrotate_t self:msgq create_msgq_perms;
allow logrotate_t self:msg { send receive };
allow logrotate_t logrotate_lock_t:file create_file_perms;
-files_filetrans_lock(logrotate_t,logrotate_lock_t)
+files_lock_filetrans(logrotate_t,logrotate_lock_t)
can_exec(logrotate_t, logrotate_tmp_t)
allow logrotate_t logrotate_tmp_t:dir create_dir_perms;
allow logrotate_t logrotate_tmp_t:file create_file_perms;
-files_filetrans_tmp(logrotate_t, logrotate_tmp_t, { file dir })
+files_tmp_filetrans(logrotate_t, logrotate_tmp_t, { file dir })
# for /var/lib/logrotate.status and /var/lib/logcheck
allow logrotate_t logrotate_var_lib_t:dir { create rw_dir_perms };
allow logrotate_t logrotate_var_lib_t:file create_file_perms;
-files_filetrans_var_lib(logrotate_t, logrotate_var_lib_t)
+files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t)
kernel_read_system_state(logrotate_t)
kernel_read_kernel_sysctls(logrotate_t)
@@ -118,7 +118,7 @@ seutil_dontaudit_read_config(logrotate_t)
sysnet_read_config(logrotate_t)
-userdom_use_unpriv_users_fd(logrotate_t)
+userdom_use_unpriv_users_fds(logrotate_t)
cron_system_entry(logrotate_t, logrotate_exec_t)
cron_search_spool(logrotate_t)
diff --git a/refpolicy/policy/modules/admin/logwatch.te b/refpolicy/policy/modules/admin/logwatch.te
index d0bcbb9..913ad19 100644
--- a/refpolicy/policy/modules/admin/logwatch.te
+++ b/refpolicy/policy/modules/admin/logwatch.te
@@ -32,7 +32,7 @@ allow logwatch_t logwatch_cache_t:file create_file_perms;
allow logwatch_t logwatch_tmp_t:dir create_dir_perms;
allow logwatch_t logwatch_tmp_t:file create_file_perms;
-files_filetrans_tmp(logwatch_t, logwatch_tmp_t, { file dir })
+files_tmp_filetrans(logwatch_t, logwatch_tmp_t, { file dir })
kernel_read_fs_sysctls(logwatch_t)
kernel_read_kernel_sysctls(logwatch_t)
@@ -71,7 +71,7 @@ miscfiles_read_localization(logwatch_t)
selinux_dontaudit_getattr_dir(logwatch_t)
-userdom_dontaudit_search_sysadm_home_dir(logwatch_t)
+userdom_dontaudit_search_sysadm_home_dirs(logwatch_t)
userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t)
mta_send_mail(logwatch_t)
diff --git a/refpolicy/policy/modules/admin/mrtg.te b/refpolicy/policy/modules/admin/mrtg.te
index 8badd19..1389d4c 100644
--- a/refpolicy/policy/modules/admin/mrtg.te
+++ b/refpolicy/policy/modules/admin/mrtg.te
@@ -46,7 +46,7 @@ allow mrtg_t mrtg_lock_t:lnk_file create_lnk_perms;
allow mrtg_t mrtg_log_t:file create_file_perms;
allow mrtg_t mrtg_log_t:dir rw_dir_perms;
-logging_filetrans_log(mrtg_t,mrtg_log_t,{ file dir })
+logging_log_filetrans(mrtg_t,mrtg_log_t,{ file dir })
allow mrtg_t mrtg_var_lib_t:dir rw_dir_perms;
allow mrtg_t mrtg_var_lib_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 003a6a5..e707217 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -39,7 +39,7 @@ allow netutils_t self:tcp_socket create_stream_socket_perms;
allow netutils_t netutils_tmp_t:dir create_dir_perms;
allow netutils_t netutils_tmp_t:file create_file_perms;
-files_filetrans_tmp(netutils_t, netutils_tmp_t, { file dir })
+files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
kernel_search_proc(netutils_t)
diff --git a/refpolicy/policy/modules/admin/portage.if b/refpolicy/policy/modules/admin/portage.if
index 279fd5b..7b4229f 100644
--- a/refpolicy/policy/modules/admin/portage.if
+++ b/refpolicy/policy/modules/admin/portage.if
@@ -129,14 +129,14 @@ template(`portage_compile_domain_template',`
allow $1_t $1_tmp_t:lnk_file create_lnk_perms;
allow $1_t $1_tmp_t:fifo_file manage_file_perms;
allow $1_t $1_tmp_t:sock_file manage_file_perms;
- files_filetrans_tmp($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file })
+ files_tmp_filetrans($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file })
allow $1_t $1_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# write merge logs
allow $1_t portage_log_t:dir setattr;
diff --git a/refpolicy/policy/modules/admin/portage.te b/refpolicy/policy/modules/admin/portage.te
index 4ab7df3..2d33bf9 100644
--- a/refpolicy/policy/modules/admin/portage.te
+++ b/refpolicy/policy/modules/admin/portage.te
@@ -55,7 +55,7 @@ allow portage_fetch_t portage_t:fifo_file rw_file_perms;
allow portage_fetch_t portage_t:process sigchld;
allow portage_t portage_log_t:file create_file_perms;
-logging_filetrans_log(portage_t,portage_log_t)
+logging_log_filetrans(portage_t,portage_log_t)
# transition to sandbox for compiling
domain_trans(portage_t,portage_exec_t,portage_sandbox_t)
@@ -126,7 +126,7 @@ allow portage_fetch_t portage_ebuild_t:file manage_file_perms;
allow portage_fetch_t portage_fetch_tmp_t:dir create_dir_perms;
allow portage_fetch_t portage_fetch_tmp_t:file create_file_perms;
-files_filetrans_tmp(portage_fetch_t, portage_fetch_tmp_t, { file dir })
+files_tmp_filetrans(portage_fetch_t, portage_fetch_tmp_t, { file dir })
# portage makes home dir the portage tmp dir, so
# wget looks for .wgetrc there
@@ -166,7 +166,7 @@ miscfiles_read_localization(portage_fetch_t)
sysnet_read_config(portage_fetch_t)
sysnet_dns_name_resolve(portage_fetch_t)
-userdom_dontaudit_read_sysadm_home_files(portage_fetch_t)
+userdom_dontaudit_read_sysadm_home_content_files(portage_fetch_t)
ifdef(`hide_broken_symptoms',`
dontaudit portage_fetch_t portage_cache_t:file read;
diff --git a/refpolicy/policy/modules/admin/prelink.te b/refpolicy/policy/modules/admin/prelink.te
index 0c30116..cff2919 100644
--- a/refpolicy/policy/modules/admin/prelink.te
+++ b/refpolicy/policy/modules/admin/prelink.te
@@ -27,13 +27,13 @@ allow prelink_t self:process { execheap execmem execstack };
allow prelink_t self:fifo_file rw_file_perms;
allow prelink_t prelink_cache_t:file manage_file_perms;
-files_filetrans_etc(prelink_t, prelink_cache_t, file)
-files_filetrans_var_lib(prelink_t, prelink_cache_t, file)
+files_etc_filetrans(prelink_t, prelink_cache_t, file)
+files_var_lib_filetrans(prelink_t, prelink_cache_t, file)
allow prelink_t prelink_log_t:dir { setattr rw_dir_perms };
allow prelink_t prelink_log_t:file { create ra_file_perms };
allow prelink_t prelink_log_t:lnk_file read;
-logging_filetrans_log(prelink_t, prelink_log_t)
+logging_log_filetrans(prelink_t, prelink_log_t)
# prelink misc objects that are not system
# libraries or entrypoints
diff --git a/refpolicy/policy/modules/admin/readahead.te b/refpolicy/policy/modules/admin/readahead.te
index 095c168..8db168f 100644
--- a/refpolicy/policy/modules/admin/readahead.te
+++ b/refpolicy/policy/modules/admin/readahead.te
@@ -23,7 +23,7 @@ allow readahead_t self:process signal_perms;
allow readahead_t readahead_var_run_t:file create_file_perms;
allow readahead_t readahead_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(readahead_t,readahead_var_run_t)
+files_pid_filetrans(readahead_t,readahead_var_run_t)
kernel_read_kernel_sysctls(readahead_t)
kernel_read_system_state(readahead_t)
@@ -68,7 +68,7 @@ logging_send_syslog_msg(readahead_t)
miscfiles_read_localization(readahead_t)
userdom_dontaudit_use_unpriv_user_fds(readahead_t)
-userdom_dontaudit_search_sysadm_home_dir(readahead_t)
+userdom_dontaudit_search_sysadm_home_dirs(readahead_t)
ifdef(`targeted_policy',`
files_dontaudit_read_root_files(readahead_t)
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index c9ebd15..16570df 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -73,19 +73,19 @@ allow rpm_t self:file rw_file_perms;;
allow rpm_t rpm_tmp_t:dir create_dir_perms;
allow rpm_t rpm_tmp_t:file create_file_perms;
-files_filetrans_tmp(rpm_t, rpm_tmp_t, { file dir })
+files_tmp_filetrans(rpm_t, rpm_tmp_t, { file dir })
allow rpm_t rpm_tmpfs_t:dir create_dir_perms;
allow rpm_t rpm_tmpfs_t:file create_file_perms;
allow rpm_t rpm_tmpfs_t:lnk_file create_file_perms;
allow rpm_t rpm_tmpfs_t:sock_file create_file_perms;
allow rpm_t rpm_tmpfs_t:fifo_file create_file_perms;
-fs_filetrans_tmpfs(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_tmpfs_filetrans(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# Access /var/lib/rpm files
allow rpm_t rpm_var_lib_t:file create_file_perms;
allow rpm_t rpm_var_lib_t:dir rw_dir_perms;
-files_filetrans_var_lib(rpm_t,rpm_var_lib_t,dir)
+files_var_lib_filetrans(rpm_t,rpm_var_lib_t,dir)
kernel_read_system_state(rpm_t)
kernel_read_kernel_sysctls(rpm_t)
@@ -171,7 +171,7 @@ seutil_manage_bin_policy(rpm_t)
sysnet_read_config(rpm_t)
-userdom_use_unpriv_users_fd(rpm_t)
+userdom_use_unpriv_users_fds(rpm_t)
ifdef(`distro_redhat',`
unconfined_domain(rpm_t)
@@ -184,7 +184,7 @@ ifdef(`targeted_policy',`
# conflicts since rpm_t is an alias of
# unconfined in the targeted policy
allow rpm_t rpm_log_t:file create_file_perms;
- logging_filetrans_log(rpm_t,rpm_log_t)
+ logging_log_filetrans(rpm_t,rpm_log_t)
')
optional_policy(`cron',`
@@ -240,14 +240,14 @@ allow rpm_script_t rpm_tmp_t:file r_file_perms;
allow rpm_script_t rpm_script_tmp_t:dir mounton;
allow rpm_script_t rpm_script_tmp_t:dir create_dir_perms;
allow rpm_script_t rpm_script_tmp_t:file create_file_perms;
-files_filetrans_tmp(rpm_script_t, rpm_script_tmp_t, { file dir })
+files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
allow rpm_script_t rpm_script_tmpfs_t:dir create_dir_perms;
allow rpm_script_t rpm_script_tmpfs_t:file create_file_perms;
allow rpm_script_t rpm_script_tmpfs_t:lnk_file create_lnk_perms;
allow rpm_script_t rpm_script_tmpfs_t:sock_file create_file_perms;
allow rpm_script_t rpm_script_tmpfs_t:fifo_file create_file_perms;
-fs_filetrans_tmpfs(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_tmpfs_filetrans(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow rpm_t rpm_script_t:fd use;
allow rpm_script_t rpm_t:fd use;
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index 6a02a2e..b73cdf5 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -180,7 +180,7 @@ template(`su_per_userdomain_template',`
miscfiles_read_localization($1_su_t)
userdom_use_user_terminals($1,$1_su_t)
- userdom_search_user_home($1,$1_su_t)
+ userdom_search_user_home_dirs($1,$1_su_t)
ifdef(`enable_polyinstantiation',`
fs_mount_xattr_fs($1_su_t)
@@ -196,8 +196,8 @@ template(`su_per_userdomain_template',`
allow $1_su_t self:process sigstop;
corecmd_exec_bin($1_su_t)
- userdom_manage_all_users_home_files($1_su_t)
- userdom_manage_all_users_home_symlinks($1_su_t)
+ userdom_manage_all_users_home_content_files($1_su_t)
+ userdom_manage_all_users_home_content_symlinks($1_su_t)
')
tunable_policy(`use_nfs_home_dirs',`
diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if
index 95b96e9..73fa50e 100644
--- a/refpolicy/policy/modules/admin/sudo.if
+++ b/refpolicy/policy/modules/admin/sudo.if
@@ -120,14 +120,14 @@ template(`sudo_per_userdomain_template',`
miscfiles_read_localization($1_sudo_t)
- userdom_manage_user_home_files($1,$1_sudo_t)
- userdom_manage_user_home_symlinks($1,$1_sudo_t)
+ userdom_manage_user_home_content_files($1,$1_sudo_t)
+ userdom_manage_user_home_content_symlinks($1,$1_sudo_t)
userdom_manage_user_tmp_files($1,$1_sudo_t)
userdom_manage_user_tmp_symlinks($1,$1_sudo_t)
userdom_use_user_terminals($1,$1_sudo_t)
- userdom_use_unpriv_users_fd($1_sudo_t)
+ userdom_use_unpriv_users_fds($1_sudo_t)
# for some PAM modules and for cwd
- userdom_dontaudit_search_all_users_home($1_sudo_t)
+ userdom_dontaudit_search_all_users_home_content($1_sudo_t)
optional_policy(`nis',`
nis_use_ypbind($1_sudo_t)
diff --git a/refpolicy/policy/modules/admin/updfstab.te b/refpolicy/policy/modules/admin/updfstab.te
index 7991c6a..c3e32d1 100644
--- a/refpolicy/policy/modules/admin/updfstab.te
+++ b/refpolicy/policy/modules/admin/updfstab.te
@@ -82,7 +82,7 @@ seutil_read_default_contexts(updfstab_t)
seutil_read_file_contexts(updfstab_t)
userdom_use_sysadm_ttys(updfstab_t)
-userdom_dontaudit_search_all_users_home(updfstab_t)
+userdom_dontaudit_search_all_users_home_content(updfstab_t)
userdom_dontaudit_use_unpriv_user_fds(updfstab_t)
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 4f7f300..f2efebf 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -127,10 +127,10 @@ logging_send_syslog_msg(chfn_t)
# uses unix_chkpwd for checking passwords
seutil_dontaudit_search_config(chfn_t)
-userdom_use_unpriv_users_fd(chfn_t)
+userdom_use_unpriv_users_fds(chfn_t)
# user generally runs this from their home directory, so do not audit a search
# on user home dir
-userdom_dontaudit_search_all_users_home(chfn_t)
+userdom_dontaudit_search_all_users_home_content(chfn_t)
optional_policy(`nis',`
nis_use_ypbind(chfn_t)
@@ -155,7 +155,7 @@ files_search_var(crack_t)
allow crack_t crack_tmp_t:dir create_dir_perms;
allow crack_t crack_tmp_t:file create_file_perms;
-files_filetrans_tmp(crack_t, crack_tmp_t, { file dir })
+files_tmp_filetrans(crack_t, crack_tmp_t, { file dir })
kernel_read_system_state(crack_t)
@@ -176,7 +176,7 @@ libs_use_shared_libs(crack_t)
logging_send_syslog_msg(crack_t)
-userdom_dontaudit_search_sysadm_home_dir(crack_t)
+userdom_dontaudit_search_sysadm_home_dirs(crack_t)
optional_policy(`cron',`
cron_system_entry(crack_t,crack_exec_t)
@@ -244,9 +244,9 @@ auth_use_nsswitch(groupadd_t)
seutil_read_config(groupadd_t)
-userdom_use_unpriv_users_fd(groupadd_t)
+userdom_use_unpriv_users_fds(groupadd_t)
# for when /root is the cwd
-userdom_dontaudit_search_sysadm_home_dir(groupadd_t)
+userdom_dontaudit_search_sysadm_home_dirs(groupadd_t)
optional_policy(`nis',`
nis_use_ypbind(groupadd_t)
@@ -333,13 +333,13 @@ miscfiles_read_localization(passwd_t)
seutil_dontaudit_search_config(passwd_t)
-userdom_use_unpriv_users_fd(passwd_t)
+userdom_use_unpriv_users_fds(passwd_t)
# make sure that getcon succeeds
userdom_getattr_all_users(passwd_t)
userdom_read_all_users_state(passwd_t)
# user generally runs this from their home directory, so do not audit a search
# on user home dir
-userdom_dontaudit_search_all_users_home(passwd_t)
+userdom_dontaudit_search_all_users_home_content(passwd_t)
optional_policy(`nis',`
nis_use_ypbind(passwd_t)
@@ -372,7 +372,7 @@ allow sysadm_passwd_t self:msg { send receive };
# allow vipw to create temporary files under /var/tmp/vi.recover
allow sysadm_passwd_t sysadm_passwd_tmp_t:dir create_dir_perms;
allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
-files_filetrans_tmp(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
+files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
files_search_var(sysadm_passwd_t)
kernel_read_kernel_sysctls(sysadm_passwd_t)
@@ -427,10 +427,10 @@ logging_send_syslog_msg(sysadm_passwd_t)
seutil_dontaudit_search_config(sysadm_passwd_t)
-userdom_use_unpriv_users_fd(sysadm_passwd_t)
+userdom_use_unpriv_users_fds(sysadm_passwd_t)
# user generally runs this from their home directory, so do not audit a search
# on user home dir
-userdom_dontaudit_search_all_users_home(sysadm_passwd_t)
+userdom_dontaudit_search_all_users_home_content(sysadm_passwd_t)
optional_policy(`nis',`
nis_use_ypbind(sysadm_passwd_t)
@@ -501,13 +501,13 @@ miscfiles_read_localization(useradd_t)
seutil_read_config(useradd_t)
seutil_read_file_contexts(useradd_t)
-userdom_use_unpriv_users_fd(useradd_t)
+userdom_use_unpriv_users_fds(useradd_t)
# for when /root is the cwd
-userdom_dontaudit_search_sysadm_home_dir(useradd_t)
+userdom_dontaudit_search_sysadm_home_dirs(useradd_t)
# Add/remove user home directories
-userdom_filetrans_generic_user_home_dir(useradd_t)
-userdom_manage_generic_user_home_dirs(useradd_t)
-userdom_filetrans_generic_user_home(useradd_t,notdevfile_class_set)
+userdom_home_filetrans_generic_user_home_dir(useradd_t)
+userdom_manage_generic_user_home_content_dirs(useradd_t)
+userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
mta_manage_spool(useradd_t)
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index 05fd317..0c5ee06 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -38,11 +38,11 @@ allow vpnc_t self:socket create_socket_perms;
allow vpnc_t vpnc_tmp_t:dir create_dir_perms;
allow vpnc_t vpnc_tmp_t:file create_file_perms;
-files_filetrans_tmp(vpnc_t, vpnc_tmp_t, { file dir })
+files_tmp_filetrans(vpnc_t, vpnc_tmp_t, { file dir })
allow vpnc_t vpnc_var_run_t:file create_file_perms;
allow vpnc_t vpnc_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(vpnc_t,vpnc_var_run_t)
+files_pid_filetrans(vpnc_t,vpnc_var_run_t)
kernel_read_system_state(vpnc_t)
kernel_read_network_state(vpnc_t)
@@ -98,11 +98,11 @@ miscfiles_read_localization(vpnc_t)
seutil_dontaudit_search_config(vpnc_t)
sysnet_exec_ifconfig(vpnc_t)
-sysnet_filetrans_config(vpnc_t)
+sysnet_etc_filetrans_config(vpnc_t)
sysnet_manage_config(vpnc_t)
userdom_use_all_users_fds(vpnc_t)
-userdom_dontaudit_search_all_users_home(vpnc_t)
+userdom_dontaudit_search_all_users_home_content(vpnc_t)
optional_policy(`dbus',`
dbus_system_bus_client_template(vpnc,vpnc_t)
diff --git a/refpolicy/policy/modules/apps/cdrecord.if b/refpolicy/policy/modules/apps/cdrecord.if
index b532521..41bb205 100644
--- a/refpolicy/policy/modules/apps/cdrecord.if
+++ b/refpolicy/policy/modules/apps/cdrecord.if
@@ -105,7 +105,7 @@ template(`cdrecord_per_userdomain_template', `
userdom_use_user_terminals($1,$1_cdrecord_t)
userdom_use_user_terminals($1,$2)
- userdom_read_user_home_files($1,$1_cdrecord_t)
+ userdom_read_user_home_content_files($1,$1_cdrecord_t)
# Handle nfs home dirs
tunable_policy(`cdrecord_read_content && use_nfs_home_dirs',`
@@ -138,9 +138,9 @@ template(`cdrecord_per_userdomain_template', `
userdom_list_user_tmp($1,$1_cdrecord_t)
userdom_read_user_tmp_files($1,$1_cdrecord_t)
userdom_read_user_tmp_symlinks($1,$1_cdrecord_t)
- userdom_search_user_home($1,$1_cdrecord_t)
- userdom_read_user_home_files($1,$1_cdrecord_t)
- userdom_read_user_home_symlinks($1,$1_cdrecord_t)
+ userdom_search_user_home_dirs($1,$1_cdrecord_t)
+ userdom_read_user_home_content_files($1,$1_cdrecord_t)
+ userdom_read_user_home_content_symlinks($1,$1_cdrecord_t)
ifdef(`enable_mls',`
',`
@@ -155,8 +155,8 @@ template(`cdrecord_per_userdomain_template', `
fs_donaudit_read_removable_files($1_cdrecord_t)
userdom_dontaudit_list_user_tmp($1,$1_cdrecord_t)
userdom_dontaudit_read_user_tmp_files($1,$1_cdrecord_t)
- userdom_dontaudit_list_user_home_dir($1,$1_cdrecord_t)
- userdom_dontaudit_read_user_home_files($1,$1_cdrecord_t)
+ userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t)
+ userdom_dontaudit_read_user_home_content_files($1,$1_cdrecord_t)
')
# Handle default_t content
@@ -173,7 +173,7 @@ template(`cdrecord_per_userdomain_template', `
tunable_policy(`cdrecord_read_content && read_untrusted_content',`
files_list_tmp($1_cdrecord_t)
files_list_home($1_cdrecord_t)
- userdom_search_user_home($1,$1_cdrecord_t)
+ userdom_search_user_home_dirs($1,$1_cdrecord_t)
userdom_list_user_untrusted_content($1,$1_cdrecord_t)
userdom_read_user_untrusted_content_files($1,$1_cdrecord_t)
@@ -184,7 +184,7 @@ template(`cdrecord_per_userdomain_template', `
',`
files_dontaudit_list_tmp($1_cdrecord_t)
files_dontaudit_list_home($1_cdrecord_t)
- userdom_dontaudit_list_user_home_dir($1,$1_cdrecord_t)
+ userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t)
userdom_dontaudit_list_user_untrusted_content($1,$1_cdrecord_t)
userdom_dontaudit_read_user_untrusted_content_files($1,$1_cdrecord_t)
userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_cdrecord_t)
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index f45a3e5..ebe004f 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -59,7 +59,7 @@ template(`gpg_per_userdomain_template',`
files_tmp_file($1_gpg_agent_tmp_t)
type $1_gpg_secret_t;
- userdom_user_home_file($1,$1_gpg_secret_t)
+ userdom_user_home_content($1,$1_gpg_secret_t)
type $1_gpg_helper_t;
domain_type($1_gpg_helper_t)
@@ -243,7 +243,7 @@ template(`gpg_per_userdomain_template',`
allow $2 $1_gpg_agent_tmp_t:dir create_dir_perms;
allow $2 $1_gpg_agent_tmp_t:file create_file_perms;
allow $2 $1_gpg_agent_tmp_t:sock_file create_file_perms;
- files_filetrans_tmp($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir })
+ files_tmp_filetrans($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir })
corecmd_search_bin($1_gpg_agent_t)
diff --git a/refpolicy/policy/modules/apps/irc.if b/refpolicy/policy/modules/apps/irc.if
index 3f01ad3..6dda6fd 100644
--- a/refpolicy/policy/modules/apps/irc.if
+++ b/refpolicy/policy/modules/apps/irc.if
@@ -48,14 +48,14 @@ template(`irc_per_userdomain_template',`
role $3 types $1_irc_t;
type $1_irc_exec_t;
- userdom_user_home_file($1,$1_irc_exec_t)
+ userdom_user_home_content($1,$1_irc_exec_t)
domain_entry_file($1_irc_t,$1_irc_exec_t)
type $1_irc_home_t;
- userdom_user_home_file($1,$1_irc_home_t)
+ userdom_user_home_content($1,$1_irc_home_t)
type $1_irc_tmp_t;
- userdom_user_home_file($1,$1_irc_tmp_t)
+ userdom_user_home_content($1,$1_irc_tmp_t)
########################################
#
@@ -71,7 +71,7 @@ template(`irc_per_userdomain_template',`
allow $1_irc_t $1_irc_home_t:dir create_dir_perms;
allow $1_irc_t $1_irc_home_t:file create_file_perms;
allow $1_irc_t $1_irc_home_t:lnk_file create_lnk_perms;
- userdom_filetrans_user_home_dir($1,$1_irc_t,$1_irc_home_t,{ dir file lnk_file })
+ userdom_user_home_dir_filetrans($1,$1_irc_t,$1_irc_home_t,{ dir file lnk_file })
# access files under /tmp
allow $1_irc_t $1_irc_tmp_t:dir create_dir_perms;
@@ -79,7 +79,7 @@ template(`irc_per_userdomain_template',`
allow $1_irc_t $1_irc_tmp_t:lnk_file create_lnk_perms;
allow $1_irc_t $1_irc_tmp_t:sock_file create_file_perms;
allow $1_irc_t $1_irc_tmp_t:fifo_file create_file_perms;
- files_filetrans_tmp($1_irc_t,$1_irc_tmp_t,{ file dir lnk_file sock_file fifo_file })
+ files_tmp_filetrans($1_irc_t,$1_irc_tmp_t,{ file dir lnk_file sock_file fifo_file })
# Transition from the user domain to the derived domain.
domain_auto_trans($2,irc_exec_t,$1_irc_t)
diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if
index 930d7a6..949ac27 100644
--- a/refpolicy/policy/modules/apps/java.if
+++ b/refpolicy/policy/modules/apps/java.if
@@ -68,14 +68,14 @@ template(`java_per_userdomain_template',`
allow $1_javaplugin_t $1_javaplugin_tmp_t:dir create_dir_perms;
allow $1_javaplugin_t $1_javaplugin_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_javaplugin_t,$1_javaplugin_tmp_t,{ file dir })
+ files_tmp_filetrans($1_javaplugin_t,$1_javaplugin_tmp_t,{ file dir })
allow $1_javaplugin_t $1_javaplugin_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_javaplugin_t $1_javaplugin_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_javaplugin_t $1_javaplugin_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_javaplugin_t $1_javaplugin_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_javaplugin_t $1_javaplugin_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- fs_filetrans_tmpfs($1_javaplugin_t,$1_javaplugin_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_javaplugin_t,$1_javaplugin_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# cjp: rw_dir_perms here doesnt make sense
allow $1_javaplugin_t $1_home_t:dir rw_dir_perms;
@@ -140,14 +140,14 @@ template(`java_per_userdomain_template',`
sysnet_read_config($1_javaplugin_t)
userdom_dontaudit_use_user_terminals($1,$1_javaplugin_t)
- userdom_dontaudit_setattr_user_home_files($1,$1_javaplugin_t)
- userdom_dontaudit_exec_user_home_files($1,$1_javaplugin_t)
- userdom_manage_user_home_subdirs($1,$1_javaplugin_t)
- userdom_manage_user_home_files($1,$1_javaplugin_t)
- userdom_manage_user_home_symlinks($1,$1_javaplugin_t)
- userdom_manage_user_home_pipes($1,$1_javaplugin_t)
- userdom_manage_user_home_sockets($1,$1_javaplugin_t)
- userdom_filetrans_user_home($1,$1_javaplugin_t,{ file lnk_file sock_file fifo_file })
+ userdom_dontaudit_setattr_user_home_content_files($1,$1_javaplugin_t)
+ userdom_dontaudit_exec_user_home_content_files($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_files($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_pipes($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_sockets($1,$1_javaplugin_t)
+ userdom_user_home_dir_filetrans_user_home_content($1,$1_javaplugin_t,{ file lnk_file sock_file fifo_file })
# libdeploy.so legacy
tunable_policy(`allow_execmem',`
diff --git a/refpolicy/policy/modules/apps/lockdev.if b/refpolicy/policy/modules/apps/lockdev.if
index 6b94b13..f2c078d 100644
--- a/refpolicy/policy/modules/apps/lockdev.if
+++ b/refpolicy/policy/modules/apps/lockdev.if
@@ -68,7 +68,7 @@ template(`lockdev_per_userdomain_template',`
allow $1_lockdev_t $2:process sigchld;
allow $1_lockdev_t $1_lockdev_lock_t:file create_file_perms;
- files_filetrans_lock($1_lockdev_t,$1_lockdev_lock_t)
+ files_lock_filetrans($1_lockdev_t,$1_lockdev_lock_t)
files_read_all_locks($1_lockdev_t)
diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if
index e443859..4478c4d 100644
--- a/refpolicy/policy/modules/apps/screen.if
+++ b/refpolicy/policy/modules/apps/screen.if
@@ -74,14 +74,14 @@ template(`screen_per_userdomain_template',`
allow $1_screen_t $1_screen_tmp_t:dir create_dir_perms;
allow $1_screen_t $1_screen_tmp_t:file create_file_perms;
allow $1_screen_t $1_screen_tmp_t:fifo_file create_file_perms;
- files_filetrans_tmp($1_screen_t, $1_screen_tmp_t, { file dir })
+ files_tmp_filetrans($1_screen_t, $1_screen_tmp_t, { file dir })
# Create fifo
allow $1_screen_t screen_dir_t:dir rw_dir_perms;
allow $1_screen_t screen_dir_t:dir create_dir_perms;
allow $1_screen_t $1_screen_var_run_t:fifo_file create_file_perms;
type_transition $1_screen_t screen_dir_t:fifo_file $1_screen_var_run_t;
- files_filetrans_pid($1_screen_t,screen_dir_t,dir)
+ files_pid_filetrans($1_screen_t,screen_dir_t,dir)
allow $1_screen_t $1_screen_ro_home_t:dir r_dir_perms;
allow $1_screen_t $1_screen_ro_home_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/apps/tvtime.if b/refpolicy/policy/modules/apps/tvtime.if
index 49f02e5..1bf5022 100644
--- a/refpolicy/policy/modules/apps/tvtime.if
+++ b/refpolicy/policy/modules/apps/tvtime.if
@@ -45,7 +45,7 @@ template(`tvtime_per_userdomain_template',`
role $3 types $1_tvtime_t;
type $1_tvtime_home_t alias $1_tvtime_rw_t;
- userdom_user_home_file($1,$1_tvtime_home_t)
+ userdom_user_home_content($1,$1_tvtime_home_t)
files_poly_member($1_tvtime_home_t)
type $1_tvtime_tmp_t;
@@ -69,18 +69,18 @@ template(`tvtime_per_userdomain_template',`
allow $1_tvtime_t $1_tvtime_home_t:file manage_file_perms;
allow $1_tvtime_t $1_tvtime_home_t:lnk_file create_lnk_perms;
type_transition $1_tvtime_t $1_home_dir_t:dir $1_tvtime_home_t;
- userdom_filetrans_user_home_dir($1,$1_tvtime_t,$1_tvtime_home_t,dir)
+ userdom_user_home_dir_filetrans($1,$1_tvtime_t,$1_tvtime_home_t,dir)
allow $1_tvtime_t $1_tvtime_tmp_t:dir create_dir_perms;
allow $1_tvtime_t $1_tvtime_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_tvtime_t, $1_tvtime_tmp_t, { file dir fifo_file })
+ files_tmp_filetrans($1_tvtime_t, $1_tvtime_tmp_t, { file dir fifo_file })
allow $1_tvtime_t $1_tvtime_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_tvtime_t $1_tvtime_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_tvtime_t $1_tvtime_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_tvtime_t $1_tvtime_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_tvtime_t $1_tvtime_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- fs_filetrans_tmpfs($1_tvtime_t,$1_tvtime_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_tvtime_t,$1_tvtime_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# Type transition
domain_auto_trans($2, tvtime_exec_t, $1_tvtime_t)
@@ -128,7 +128,7 @@ template(`tvtime_per_userdomain_template',`
miscfiles_read_fonts($1_tvtime_t)
userdom_use_user_terminals($1,$1_tvtime_t)
- userdom_read_user_home_files($1,$1_tvtime_t)
+ userdom_read_user_home_content_files($1,$1_tvtime_t)
# X access, Home files
tunable_policy(`use_nfs_home_dirs',`
diff --git a/refpolicy/policy/modules/apps/uml.if b/refpolicy/policy/modules/apps/uml.if
index 54ea479..3e2fbc1 100644
--- a/refpolicy/policy/modules/apps/uml.if
+++ b/refpolicy/policy/modules/apps/uml.if
@@ -81,7 +81,7 @@ template(`uml_per_userdomain_template',`
allow $1_uml_t $1_uml_tmp_t:dir create_dir_perms;
allow $1_uml_t $1_uml_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_uml_t, $1_uml_tmp_t, { file dir })
+ files_tmp_filetrans($1_uml_t, $1_uml_tmp_t, { file dir })
can_exec($1_uml_t, $1_uml_tmp_t)
allow $1_uml_t $1_uml_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
@@ -89,7 +89,7 @@ template(`uml_per_userdomain_template',`
allow $1_uml_t $1_uml_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_uml_t $1_uml_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_uml_t $1_uml_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- fs_filetrans_tmpfs($1_uml_t,$1_uml_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_uml_t,$1_uml_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
can_exec($1_uml_t, $1_uml_tmpfs_t)
# access config files
@@ -102,7 +102,7 @@ template(`uml_per_userdomain_template',`
allow $1_uml_t $1_uml_rw_t:lnk_file create_lnk_perms;
allow $1_uml_t $1_uml_rw_t:sock_file create_file_perms;
allow $1_uml_t $1_uml_rw_t:fifo_file create_file_perms;
- userdom_filetrans_user_home_dir($1,$1_uml_t,$1_uml_rw_t,{ file lnk_file sock_file fifo_file })
+ userdom_user_home_dir_filetrans($1,$1_uml_t,$1_uml_rw_t,{ file lnk_file sock_file fifo_file })
allow $2 uml_ro_t:dir r_dir_perms;
allow $2 uml_ro_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/apps/uml.te b/refpolicy/policy/modules/apps/uml.te
index 3f54226..db58cf3 100644
--- a/refpolicy/policy/modules/apps/uml.te
+++ b/refpolicy/policy/modules/apps/uml.te
@@ -32,7 +32,7 @@ allow uml_switch_t self:unix_stream_socket create_stream_socket_perms;
allow uml_switch_t uml_switch_var_run_t:sock_file create_file_perms;
allow uml_switch_t uml_switch_var_run_t:file create_file_perms;
allow uml_switch_t uml_switch_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(uml_switch_t,uml_switch_var_run_t,file)
+files_pid_filetrans(uml_switch_t,uml_switch_var_run_t,file)
kernel_read_kernel_sysctls(uml_switch_t)
kernel_list_proc(uml_switch_t)
@@ -58,7 +58,7 @@ logging_send_syslog_msg(uml_switch_t)
miscfiles_read_localization(uml_switch_t)
userdom_dontaudit_use_unpriv_user_fds(uml_switch_t)
-userdom_dontaudit_search_sysadm_home_dir(uml_switch_t)
+userdom_dontaudit_search_sysadm_home_dirs(uml_switch_t)
ifdef(`targeted_policy',`
files_dontaudit_read_root_files(uml_switch_t)
diff --git a/refpolicy/policy/modules/apps/userhelper.if b/refpolicy/policy/modules/apps/userhelper.if
index 0a1b067..ac9f205 100644
--- a/refpolicy/policy/modules/apps/userhelper.if
+++ b/refpolicy/policy/modules/apps/userhelper.if
@@ -105,7 +105,7 @@ template(`userhelper_per_userdomain_template',`
files_list_var_lib($1_userhelper_t)
# Write to utmp.
- files_filetrans_pid($1_userhelper_t,initrc_var_run_t)
+ files_pid_filetrans($1_userhelper_t,initrc_var_run_t)
# Read the /etc/security/default_type file
files_read_etc_files($1_userhelper_t)
# Read /var.
@@ -153,7 +153,7 @@ template(`userhelper_per_userdomain_template',`
seutil_read_config($1_userhelper_t)
seutil_read_default_contexts($1_userhelper_t)
- userdom_use_unpriv_users_fd($1_userhelper_t)
+ userdom_use_unpriv_users_fds($1_userhelper_t)
# Allow $1_userhelper_t to transition to user domains.
userdom_bin_spec_domtrans_unpriv_users($1_userhelper_t)
userdom_sbin_spec_domtrans_unpriv_users($1_userhelper_t)
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index 04a815e..6200fae 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -50,11 +50,11 @@ allow webalizer_t webalizer_etc_t:file { getattr read };
allow webalizer_t webalizer_tmp_t:dir create_dir_perms;
allow webalizer_t webalizer_tmp_t:file create_file_perms;
-files_filetrans_tmp(webalizer_t, webalizer_tmp_t, { file dir })
+files_tmp_filetrans(webalizer_t, webalizer_tmp_t, { file dir })
allow webalizer_t webalizer_var_lib_t:file create_file_perms;
allow webalizer_t webalizer_var_lib_t:dir rw_dir_perms;
-files_filetrans_var_lib(webalizer_t,webalizer_var_lib_t)
+files_var_lib_filetrans(webalizer_t,webalizer_var_lib_t)
kernel_read_kernel_sysctls(webalizer_t)
kernel_read_system_state(webalizer_t)
@@ -86,8 +86,8 @@ miscfiles_read_localization(webalizer_t)
sysnet_read_config(webalizer_t)
-userdom_use_unpriv_users_fd(webalizer_t)
-userdom_dontaudit_search_all_users_home(webalizer_t)
+userdom_use_unpriv_users_fds(webalizer_t)
+userdom_dontaudit_search_all_users_home_content(webalizer_t)
apache_read_log(webalizer_t)
apache_manage_sys_content(webalizer_t)
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index 8242530..9927a33 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -447,9 +447,9 @@ interface(`bootloader_manage_kernel_modules',`
########################################
#
-# bootloader_filetrans_modules(domain,privatetype,[class(es)])
+# bootloader_modules_filetrans(domain,privatetype,[class(es)])
#
-interface(`bootloader_filetrans_modules',`
+interface(`bootloader_modules_filetrans',`
gen_require(`
type modules_object_t;
')
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index a432466..3a510c1 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -80,16 +80,16 @@ allow bootloader_t boot_t:lnk_file create_lnk_perms;
allow bootloader_t bootloader_etc_t:file r_file_perms;
# uncomment the following lines if you use "lilo -p"
#allow bootloader_t bootloader_etc_t:file { create ioctl read getattr lock write setattr append link unlink rename };
-#files_filetrans_etc(bootloader_t,bootloader_etc_t)
+#files_etc_filetrans(bootloader_t,bootloader_etc_t)
allow bootloader_t bootloader_tmp_t:dir create_dir_perms;
allow bootloader_t bootloader_tmp_t:file create_file_perms;
allow bootloader_t bootloader_tmp_t:chr_file create_file_perms;
allow bootloader_t bootloader_tmp_t:blk_file create_file_perms;
allow bootloader_t bootloader_tmp_t:lnk_file create_lnk_perms;
-files_filetrans_tmp(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
+files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
-files_filetrans_root(bootloader_t,bootloader_tmp_t)
+files_root_filetrans(bootloader_t,bootloader_tmp_t)
allow bootloader_t modules_object_t:dir r_dir_perms;
allow bootloader_t modules_object_t:file r_file_perms;
@@ -228,8 +228,8 @@ optional_policy(`rpm',`
')
optional_policy(`userdomain',`
- userdom_dontaudit_search_staff_home_dir(bootloader_t)
- userdom_dontaudit_search_sysadm_home_dir(bootloader_t)
+ userdom_dontaudit_search_staff_home_dirs(bootloader_t)
+ userdom_dontaudit_search_sysadm_home_dirs(bootloader_t)
')
ifdef(`TODO',`
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index d037910..45a9d27 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -559,7 +559,7 @@ interface(`dev_manage_generic_chr_files',`
## </summary>
## </param>
#
-interface(`dev_filetrans_dev',`
+interface(`dev_filetrans',`
gen_require(`
type device_t;
')
diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if
index 73e5560..126f85d 100644
--- a/refpolicy/policy/modules/kernel/files.if
+++ b/refpolicy/policy/modules/kernel/files.if
@@ -968,7 +968,7 @@ interface(`files_list_root',`
## </summary>
## </param>
#
-interface(`files_filetrans_root',`
+interface(`files_root_filetrans',`
gen_require(`
type root_t;
')
@@ -1500,9 +1500,9 @@ interface(`files_manage_etc_runtime_files',`
########################################
#
-# files_filetrans_etc(domain,privatetype,[class(es)])
+# files_etc_filetrans(domain,privatetype,[class(es)])
#
-interface(`files_filetrans_etc',`
+interface(`files_etc_filetrans',`
gen_require(`
type etc_t;
')
@@ -1883,7 +1883,7 @@ interface(`files_list_home',`
## </summary>
## </param>
#
-interface(`files_filetrans_home',`
+interface(`files_home_filetrans',`
gen_require(`
type home_root_t;
')
@@ -2297,9 +2297,9 @@ interface(`files_setattr_all_tmp_dirs',`
########################################
#
-# files_filetrans_tmp(domain,private_type,[object class(es)])
+# files_tmp_filetrans(domain,private_type,[object class(es)])
#
-interface(`files_filetrans_tmp',`
+interface(`files_tmp_filetrans',`
gen_require(`
type tmp_t;
')
@@ -2467,7 +2467,7 @@ interface(`files_read_usr_symlinks',`
## </summary>
## </param>
#
-interface(`files_filetrans_usr',`
+interface(`files_usr_filetrans',`
gen_require(`
type usr_t;
')
@@ -2717,7 +2717,7 @@ interface(`files_manage_var_symlinks',`
## </summary>
## </param>
#
-interface(`files_filetrans_var',`
+interface(`files_var_filetrans',`
gen_require(`
type var_t;
')
@@ -2807,7 +2807,7 @@ interface(`files_list_var_lib',`
## </summary>
## </param>
#
-interface(`files_filetrans_var_lib',`
+interface(`files_var_lib_filetrans',`
gen_require(`
type var_t, var_lib_t;
')
@@ -3019,9 +3019,9 @@ interface(`files_read_all_locks',`
########################################
#
-# files_filetrans_lock(domain,private_type,[object class(es)])
+# files_lock_filetrans(domain,private_type,[object class(es)])
#
-interface(`files_filetrans_lock',`
+interface(`files_lock_filetrans',`
gen_require(`
type var_t, var_lock_t;
')
@@ -3102,9 +3102,9 @@ interface(`files_list_pids',`
########################################
#
-# files_filetrans_pid(domain,pidfile,[object class(es)])
+# files_pid_filetrans(domain,pidfile,[object class(es)])
#
-interface(`files_filetrans_pid',`
+interface(`files_pid_filetrans',`
gen_require(`
type var_t, var_run_t;
')
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 0702509..c1d5981 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -2425,9 +2425,9 @@ interface(`fs_manage_tmpfs_dirs',`
########################################
#
-# fs_filetrans_tmpfs(domain,derivedtype,[class])
+# fs_tmpfs_filetrans(domain,derivedtype,[class])
#
-interface(`fs_filetrans_tmpfs',`
+interface(`fs_tmpfs_filetrans',`
gen_require(`
type tmpfs_t;
')
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index 020b6cc..81152e9 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -183,7 +183,7 @@ interface(`storage_create_fixed_disk',`
')
allow $1 fixed_disk_device_t:blk_file create_file_perms;
- dev_filetrans_dev($1,fixed_disk_device_t,blk_file)
+ dev_filetrans($1,fixed_disk_device_t,blk_file)
typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
')
@@ -225,7 +225,7 @@ interface(`storage_create_fixed_disk_tmpfs',`
')
allow $1 fixed_disk_device_t:blk_file create_file_perms;
- fs_filetrans_tmpfs($1,fixed_disk_device_t,blk_file)
+ fs_tmpfs_filetrans($1,fixed_disk_device_t,blk_file)
typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
')
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index c5a1a7b..a4d9ca5 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -84,7 +84,7 @@ template(`apache_content_template',`
allow httpd_$1_script_t httpd_$1_script_rw_t:lnk_file create_lnk_perms;
allow httpd_$1_script_t httpd_$1_script_rw_t:sock_file create_file_perms;
allow httpd_$1_script_t httpd_$1_script_rw_t:fifo_file create_file_perms;
- files_filetrans_tmp(httpd_$1_script_t,httpd_$1_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+ files_tmp_filetrans(httpd_$1_script_t,httpd_$1_script_rw_t,{ dir file lnk_file sock_file fifo_file })
kernel_dontaudit_search_sysctl(httpd_$1_script_t)
kernel_dontaudit_search_kernel_sysctl(httpd_$1_script_t)
@@ -274,7 +274,7 @@ template(`apache_per_userdomain_template', `
apache_content_template($1)
typeattribute httpd_$1_content_t httpd_script_domains;
- userdom_user_home_file($1,httpd_$1_content_t)
+ userdom_user_home_content($1,httpd_$1_content_t)
role $3 types httpd_$1_script_t;
@@ -323,9 +323,9 @@ template(`apache_per_userdomain_template', `
# allow accessing files/dirs below the users home dir
tunable_policy(`httpd_enable_homedirs',`
- userdom_search_user_home($1,httpd_t)
- userdom_search_user_home($1,httpd_suexec_t)
- userdom_search_user_home($1,httpd_$1_script_t)
+ userdom_search_user_home_dirs($1,httpd_t)
+ userdom_search_user_home_dirs($1,httpd_suexec_t)
+ userdom_search_user_home_dirs($1,httpd_$1_script_t)
')
')
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index 9704b48..39f988a 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -166,14 +166,14 @@ allow httpd_t httpd_config_t:lnk_file { getattr read };
can_exec(httpd_t, httpd_exec_t)
allow httpd_t httpd_lock_t:file create_file_perms;
-files_filetrans_lock(httpd_t,httpd_lock_t)
+files_lock_filetrans(httpd_t,httpd_lock_t)
allow httpd_t httpd_log_t:dir { setattr rw_dir_perms };
allow httpd_t httpd_log_t:file { create ra_file_perms };
allow httpd_t httpd_log_t:lnk_file read;
# cjp: need to refine create interfaces to
# cut this back to add_name only
-logging_filetrans_log(httpd_t,httpd_log_t)
+logging_log_filetrans(httpd_t,httpd_log_t)
allow httpd_t httpd_modules_t:file rx_file_perms;
allow httpd_t httpd_modules_t:dir r_dir_perms;
@@ -190,23 +190,23 @@ allow httpd_t httpd_sys_content_t:file r_file_perms;
allow httpd_t httpd_tmp_t:dir create_dir_perms;
allow httpd_t httpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(httpd_t, httpd_tmp_t, { file dir })
+files_tmp_filetrans(httpd_t, httpd_tmp_t, { file dir })
allow httpd_t httpd_tmpfs_t:dir create_dir_perms;
allow httpd_t httpd_tmpfs_t:file create_file_perms;
allow httpd_t httpd_tmpfs_t:lnk_file create_lnk_perms;
allow httpd_t httpd_tmpfs_t:sock_file create_file_perms;
allow httpd_t httpd_tmpfs_t:fifo_file create_file_perms;
-fs_filetrans_tmpfs(httpd_t,httpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_tmpfs_filetrans(httpd_t,httpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow httpd_t httpd_var_lib_t:file create_file_perms;
allow httpd_t httpd_var_lib_t:dir rw_dir_perms;
-files_filetrans_var_lib(httpd_t,httpd_var_lib_t)
+files_var_lib_filetrans(httpd_t,httpd_var_lib_t)
allow httpd_t httpd_var_run_t:file create_file_perms;
allow httpd_t httpd_var_run_t:sock_file create_file_perms;
allow httpd_t httpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(httpd_t,httpd_var_run_t, { file sock_file })
+files_pid_filetrans(httpd_t,httpd_var_run_t, { file sock_file })
allow httpd_t squirrelmail_spool_t:dir create_dir_perms;
allow httpd_t squirrelmail_spool_t:file create_file_perms;
@@ -281,8 +281,8 @@ seutil_dontaudit_search_config(httpd_t)
sysnet_use_ldap(httpd_t)
sysnet_read_config(httpd_t)
-userdom_use_unpriv_users_fd(httpd_t)
-userdom_dontaudit_search_sysadm_home_dir(httpd_t)
+userdom_use_unpriv_users_fds(httpd_t)
+userdom_dontaudit_search_sysadm_home_dirs(httpd_t)
mta_send_mail(httpd_t)
@@ -292,7 +292,7 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_files(httpd_t)
tunable_policy(`httpd_enable_homedirs',`
- userdom_search_generic_user_home_dir(httpd_t)
+ userdom_search_generic_user_home_dirs(httpd_t)
')
')
@@ -494,7 +494,7 @@ allow httpd_php_t httpd_log_t:file ra_file_perms;
allow httpd_php_t httpd_php_tmp_t:dir create_dir_perms;
allow httpd_php_t httpd_php_tmp_t:file create_file_perms;
-files_filetrans_tmp(httpd_php_t, httpd_php_tmp_t, { file dir })
+files_tmp_filetrans(httpd_php_t, httpd_php_tmp_t, { file dir })
fs_search_auto_mountpoints(httpd_php_t)
@@ -502,7 +502,7 @@ libs_exec_lib_files(httpd_php_t)
libs_use_ld_so(httpd_php_t)
libs_use_shared_libs(httpd_php_t)
-userdom_use_unpriv_users_fd(httpd_php_t)
+userdom_use_unpriv_users_fds(httpd_php_t)
optional_policy(`mysql',`
mysql_stream_connect(httpd_php_t)
@@ -539,7 +539,7 @@ allow httpd_suexec_t httpd_t:fifo_file getattr;
allow httpd_suexec_t httpd_suexec_tmp_t:dir create_dir_perms;
allow httpd_suexec_t httpd_suexec_tmp_t:file create_file_perms;
-files_filetrans_tmp(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
+files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
kernel_read_kernel_sysctls(httpd_suexec_t)
kernel_list_proc(httpd_suexec_t)
@@ -568,7 +568,7 @@ miscfiles_read_localization(httpd_suexec_t)
ifdef(`targeted_policy',`
tunable_policy(`httpd_enable_homedirs',`
- userdom_search_generic_user_home_dir(httpd_suexec_t)
+ userdom_search_generic_user_home_dirs(httpd_suexec_t)
')
')
@@ -678,7 +678,7 @@ ifdef(`distro_redhat',`
ifdef(`targeted_policy',`
tunable_policy(`httpd_enable_homedirs',`
- userdom_search_generic_user_home_dir(httpd_sys_script_t)
+ userdom_search_generic_user_home_dirs(httpd_sys_script_t)
')
')
diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te
index 79c914b..f0c11c0 100644
--- a/refpolicy/policy/modules/services/apm.te
+++ b/refpolicy/policy/modules/services/apm.te
@@ -72,16 +72,16 @@ allow apmd_t self:unix_dgram_socket create_socket_perms;
allow apmd_t self:unix_stream_socket create_stream_socket_perms;
allow apmd_t apmd_log_t:file create_file_perms;
-logging_filetrans_log(apmd_t,apmd_log_t)
+logging_log_filetrans(apmd_t,apmd_log_t)
allow apmd_t apmd_tmp_t:dir create_dir_perms;
allow apmd_t apmd_tmp_t:file create_file_perms;
-files_filetrans_tmp(apmd_t, apmd_tmp_t, { file dir })
+files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir })
allow apmd_t apmd_var_run_t:dir rw_dir_perms;
allow apmd_t apmd_var_run_t:file create_file_perms;
allow apmd_t apmd_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(apmd_t, apmd_var_run_t, { file sock_file })
+files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(apmd_t)
kernel_rw_all_sysctls(apmd_t)
@@ -146,12 +146,12 @@ modutils_read_module_config(apmd_t)
seutil_dontaudit_read_config(apmd_t)
userdom_dontaudit_use_unpriv_user_fds(apmd_t)
-userdom_dontaudit_search_sysadm_home_dir(apmd_t)
-userdom_dontaudit_search_all_users_home(apmd_t) # Excessive?
+userdom_dontaudit_search_sysadm_home_dirs(apmd_t)
+userdom_dontaudit_search_all_users_home_content(apmd_t) # Excessive?
ifdef(`distro_redhat',`
allow apmd_t apmd_lock_t:file create_file_perms;
- files_filetrans_lock(apmd_t,apmd_lock_t)
+ files_lock_filetrans(apmd_t,apmd_lock_t)
can_exec(apmd_t, apmd_var_run_t)
@@ -176,7 +176,7 @@ ifdef(`distro_redhat',`
ifdef(`distro_suse',`
allow apmd_t apmd_var_lib_t:file create_file_perms;
allow apmd_t apmd_var_lib_t:dir create_dir_perms;
- files_filetrans_var_lib(apmd_t,apmd_var_lib_t)
+ files_var_lib_filetrans(apmd_t,apmd_var_lib_t)
')
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te
index 871afbd..c8c9209 100644
--- a/refpolicy/policy/modules/services/arpwatch.te
+++ b/refpolicy/policy/modules/services/arpwatch.te
@@ -39,11 +39,11 @@ allow arpwatch_t arpwatch_data_t:lnk_file create_lnk_perms;
allow arpwatch_t arpwatch_tmp_t:dir create_dir_perms;
allow arpwatch_t arpwatch_tmp_t:file create_file_perms;
-files_filetrans_tmp(arpwatch_t, arpwatch_tmp_t, { file dir })
+files_tmp_filetrans(arpwatch_t, arpwatch_tmp_t, { file dir })
allow arpwatch_t arpwatch_var_run_t:file create_file_perms;
allow arpwatch_t arpwatch_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(arpwatch_t,arpwatch_var_run_t)
+files_pid_filetrans(arpwatch_t,arpwatch_var_run_t)
kernel_read_kernel_sysctls(arpwatch_t)
kernel_list_proc(arpwatch_t)
@@ -89,7 +89,7 @@ miscfiles_read_localization(arpwatch_t)
sysnet_read_config(arpwatch_t)
userdom_dontaudit_use_unpriv_user_fds(arpwatch_t)
-userdom_dontaudit_search_sysadm_home_dir(arpwatch_t)
+userdom_dontaudit_search_sysadm_home_dirs(arpwatch_t)
mta_send_mail(arpwatch_t)
diff --git a/refpolicy/policy/modules/services/automount.te b/refpolicy/policy/modules/services/automount.te
index ff2d8f6..d2d1202 100644
--- a/refpolicy/policy/modules/services/automount.te
+++ b/refpolicy/policy/modules/services/automount.te
@@ -42,20 +42,20 @@ allow automount_t automount_etc_t:file { getattr read };
can_exec(automount_t, automount_etc_t)
allow automount_t automount_lock_t:file create_file_perms;
-files_filetrans_lock(automount_t,automount_lock_t)
+files_lock_filetrans(automount_t,automount_lock_t)
allow automount_t automount_tmp_t:dir create_dir_perms;
allow automount_t automount_tmp_t:file create_file_perms;
-files_filetrans_tmp(automount_t, automount_tmp_t, { file dir })
+files_tmp_filetrans(automount_t, automount_tmp_t, { file dir })
# Allow automount to create and delete directories in / and /home
allow automount_t automount_tmp_t:dir create_dir_perms;
-files_filetrans_home(automount_t,automount_tmp_t)
-files_filetrans_root(automount_t,automount_tmp_t,dir)
+files_home_filetrans(automount_t,automount_tmp_t)
+files_root_filetrans(automount_t,automount_tmp_t,dir)
allow automount_t automount_var_run_t:file create_file_perms;
allow automount_t automount_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(automount_t,automount_var_run_t)
+files_pid_filetrans(automount_t,automount_var_run_t)
kernel_read_kernel_sysctls(automount_t)
kernel_read_fs_sysctls(automount_t)
@@ -129,7 +129,7 @@ sysnet_use_ldap(automount_t)
sysnet_read_config(automount_t)
userdom_dontaudit_use_unpriv_user_fds(automount_t)
-userdom_dontaudit_search_sysadm_home_dir(automount_t)
+userdom_dontaudit_search_sysadm_home_dirs(automount_t)
ifdef(`targeted_policy', `
files_dontaudit_read_root_files(automount_t)
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index 9dcfe25..1ebdfcb 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -31,7 +31,7 @@ allow avahi_t self:udp_socket create_socket_perms;
allow avahi_t avahi_var_run_t:sock_file create_file_perms;
allow avahi_t avahi_var_run_t:file create_file_perms;
allow avahi_t avahi_var_run_t:dir { rw_dir_perms setattr };
-files_filetrans_pid(avahi_t,avahi_var_run_t)
+files_pid_filetrans(avahi_t,avahi_var_run_t)
kernel_read_kernel_sysctls(avahi_t)
kernel_list_proc(avahi_t)
@@ -80,7 +80,7 @@ miscfiles_read_localization(avahi_t)
sysnet_read_config(avahi_t)
userdom_dontaudit_use_unpriv_user_fds(avahi_t)
-userdom_dontaudit_search_sysadm_home_dir(avahi_t)
+userdom_dontaudit_search_sysadm_home_dirs(avahi_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(avahi_t)
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index db63aa8..f79ebe7 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -76,16 +76,16 @@ can_exec(named_t, named_exec_t)
allow named_t named_log_t:file create_file_perms;
allow named_t named_log_t:dir rw_dir_perms;
-logging_filetrans_log(named_t,named_log_t,{ file dir })
+logging_log_filetrans(named_t,named_log_t,{ file dir })
allow named_t named_tmp_t:dir create_dir_perms;
allow named_t named_tmp_t:file create_file_perms;
-files_filetrans_tmp(named_t, named_tmp_t, { file dir })
+files_tmp_filetrans(named_t, named_tmp_t, { file dir })
allow named_t named_var_run_t:dir rw_dir_perms;
allow named_t named_var_run_t:file create_file_perms;
allow named_t named_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(named_t,named_var_run_t,{ file sock_file })
+files_pid_filetrans(named_t,named_var_run_t,{ file sock_file })
# read zone files
allow named_t named_zone_t:dir r_dir_perms;
@@ -143,7 +143,7 @@ miscfiles_read_localization(named_t)
sysnet_read_config(named_t)
userdom_dontaudit_use_unpriv_user_fds(named_t)
-userdom_dontaudit_search_sysadm_home_dir(named_t)
+userdom_dontaudit_search_sysadm_home_dirs(named_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(named_t)
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 3a2d2e6..4215207 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -69,20 +69,20 @@ allow bluetooth_helper_t bluetooth_t:fifo_file rw_file_perms;
allow bluetooth_helper_t bluetooth_t:process sigchld;
allow bluetooth_t bluetooth_lock_t:file create_file_perms;
-files_filetrans_lock(bluetooth_t,bluetooth_lock_t)
+files_lock_filetrans(bluetooth_t,bluetooth_lock_t)
allow bluetooth_t bluetooth_tmp_t:dir create_dir_perms;
allow bluetooth_t bluetooth_tmp_t:file create_file_perms;
-files_filetrans_tmp(bluetooth_t, bluetooth_tmp_t, { file dir })
+files_tmp_filetrans(bluetooth_t, bluetooth_tmp_t, { file dir })
allow bluetooth_t bluetooth_var_lib_t:file create_file_perms;
allow bluetooth_t bluetooth_var_lib_t:dir create_dir_perms;
-files_filetrans_var_lib(bluetooth_t,bluetooth_var_lib_t)
+files_var_lib_filetrans(bluetooth_t,bluetooth_var_lib_t)
allow bluetooth_t bluetooth_var_run_t:dir rw_dir_perms;
allow bluetooth_t bluetooth_var_run_t:file create_file_perms;
allow bluetooth_t bluetooth_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(bluetooth_t, bluetooth_var_run_t, { file sock_file })
+files_pid_filetrans(bluetooth_t, bluetooth_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(bluetooth_t)
kernel_read_system_state(bluetooth_t)
@@ -135,7 +135,7 @@ sysnet_read_config(bluetooth_t)
userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
userdom_dontaudit_use_sysadm_ptys(bluetooth_t)
-userdom_dontaudit_search_sysadm_home_dir(bluetooth_t)
+userdom_dontaudit_search_sysadm_home_dirs(bluetooth_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(bluetooth_t)
@@ -175,7 +175,7 @@ allow bluetooth_helper_t bluetooth_t:socket { read write };
allow bluetooth_helper_t bluetooth_helper_tmp_t:dir create_dir_perms;
allow bluetooth_helper_t bluetooth_helper_tmp_t:file create_file_perms;
-files_filetrans_tmp(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir })
+files_tmp_filetrans(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir })
kernel_read_system_state(bluetooth_helper_t)
kernel_read_kernel_sysctls(bluetooth_helper_t)
@@ -202,7 +202,7 @@ logging_send_syslog_msg(bluetooth_helper_t)
miscfiles_read_localization(bluetooth_helper_t)
miscfiles_read_fonts(bluetooth_helper_t)
-userdom_search_all_users_home(bluetooth_helper_t)
+userdom_search_all_users_home_content(bluetooth_helper_t)
optional_policy(`nscd',`
nscd_socket_use(bluetooth_helper_t)
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index 92f4304..e8dd2f8 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -33,17 +33,17 @@ allow canna_t self:tcp_socket create_stream_socket_perms;
allow canna_t canna_log_t:file create_file_perms;
allow canna_t canna_log_t:dir { rw_dir_perms setattr };
-logging_filetrans_log(canna_t,canna_log_t,{ file dir })
+logging_log_filetrans(canna_t,canna_log_t,{ file dir })
allow canna_t canna_var_lib_t:dir create_dir_perms;
allow canna_t canna_var_lib_t:file create_file_perms;
allow canna_t canna_var_lib_t:lnk_file create_lnk_perms;
-files_filetrans_var_lib(canna_t,canna_var_lib_t)
+files_var_lib_filetrans(canna_t,canna_var_lib_t)
allow canna_t canna_var_run_t:dir rw_dir_perms;
allow canna_t canna_var_run_t:file create_file_perms;
allow canna_t canna_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(canna_t, canna_var_run_t, { file sock_file })
+files_pid_filetrans(canna_t, canna_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(canna_t)
kernel_read_system_state(canna_t)
@@ -85,7 +85,7 @@ miscfiles_read_localization(canna_t)
sysnet_read_config(canna_t)
userdom_dontaudit_use_unpriv_user_fds(canna_t)
-userdom_dontaudit_search_sysadm_home_dir(canna_t)
+userdom_dontaudit_search_sysadm_home_dirs(canna_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(canna_t)
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 0686a4b..5728688 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -33,11 +33,11 @@ allow comsat_t self:udp_socket create_socket_perms;
allow comsat_t comsat_tmp_t:dir create_dir_perms;
allow comsat_t comsat_tmp_t:file create_file_perms;
-files_filetrans_tmp(comsat_t, comsat_tmp_t, { file dir })
+files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })
allow comsat_t comsat_var_run_t:file create_file_perms;
allow comsat_t comsat_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(comsat_t,comsat_var_run_t)
+files_pid_filetrans(comsat_t,comsat_var_run_t)
kernel_read_kernel_sysctls(comsat_t)
kernel_read_network_state(comsat_t)
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index 12318aa..ccaf8b9 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -141,14 +141,14 @@ template(`cron_per_userdomain_template',`
userdom_manage_user_tmp_pipes($1,$1_crond_t)
userdom_manage_user_tmp_sockets($1,$1_crond_t)
# Run scripts in user home directory and access shared libs.
- userdom_exec_user_home_files($1,$1_crond_t)
+ userdom_exec_user_home_content_files($1,$1_crond_t)
# Access user files and dirs.
# userdom_manage_user_home_subdir_dirs($1,$1_crond_t)
- userdom_manage_user_home_files($1,$1_crond_t)
- userdom_manage_user_home_symlinks($1,$1_crond_t)
- userdom_manage_user_home_pipes($1,$1_crond_t)
- userdom_manage_user_home_sockets($1,$1_crond_t)
-# userdom_filetrans_user_home($1,$1_crond_t,notdevfile_class_set)
+ userdom_manage_user_home_content_files($1,$1_crond_t)
+ userdom_manage_user_home_content_symlinks($1,$1_crond_t)
+ userdom_manage_user_home_content_pipes($1,$1_crond_t)
+ userdom_manage_user_home_content_sockets($1,$1_crond_t)
+# userdom_user_home_dir_filetrans_user_home_content($1,$1_crond_t,notdevfile_class_set)
tunable_policy(`fcron_crond', `
allow crond_t $1_cron_spool_t:file create_file_perms;
@@ -242,7 +242,7 @@ template(`cron_per_userdomain_template',`
# Access terminals.
userdom_use_user_terminals($1,$1_crontab_t)
# Read user crontabs
- userdom_read_user_home_files($1,$1_crontab_t)
+ userdom_read_user_home_content_files($1,$1_crontab_t)
tunable_policy(`fcron_crond', `
# fcron wants an instant update of a crontab change for the administrator
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 5dea9e5..b1ebb3d 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -80,7 +80,7 @@ allow crond_t self:msgq create_msgq_perms;
allow crond_t self:msg { send receive };
allow crond_t crond_var_run_t:file create_file_perms;
-files_filetrans_pid(crond_t,crond_var_run_t)
+files_pid_filetrans(crond_t,crond_var_run_t)
allow crond_t cron_spool_t:dir rw_dir_perms;
allow crond_t cron_spool_t:file r_file_perms;
@@ -134,9 +134,9 @@ seutil_sigchld_newrole(crond_t)
miscfiles_read_localization(crond_t)
-userdom_use_unpriv_users_fd(crond_t)
+userdom_use_unpriv_users_fds(crond_t)
# Not sure why this is needed
-userdom_list_all_users_home_dir(crond_t)
+userdom_list_all_users_home_dirs(crond_t)
ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
@@ -152,24 +152,24 @@ ifdef(`targeted_policy',`
allow crond_t system_crond_tmp_t:lnk_file create_lnk_perms;
allow crond_t system_crond_tmp_t:sock_file create_file_perms;
allow crond_t system_crond_tmp_t:fifo_file create_file_perms;
- files_filetrans_tmp(crond_t,system_crond_tmp_t,{ dir file lnk_file sock_file fifo_file })
+ files_tmp_filetrans(crond_t,system_crond_tmp_t,{ dir file lnk_file sock_file fifo_file })
unconfined_domain(crond_t)
# cjp: fix this to generic_user interfaces
- userdom_manage_user_home_subdirs(user,crond_t)
- userdom_manage_generic_user_home_files(crond_t)
- userdom_manage_generic_user_home_symlinks(crond_t)
- userdom_manage_generic_user_home_sockets(crond_t)
- userdom_manage_generic_user_home_pipes(crond_t)
- userdom_filetrans_generic_user_home(crond_t,{ dir file lnk_file fifo_file sock_file })
+ userdom_manage_user_home_content_dirs(user,crond_t)
+ userdom_manage_generic_user_home_content_files(crond_t)
+ userdom_manage_generic_user_home_content_symlinks(crond_t)
+ userdom_manage_generic_user_home_content_sockets(crond_t)
+ userdom_manage_generic_user_home_content_pipes(crond_t)
+ userdom_generic_user_home_dir_filetrans_generic_user_home_content(crond_t,{ dir file lnk_file fifo_file sock_file })
allow crond_t unconfined_t:dbus send_msg;
allow crond_t initrc_t:dbus send_msg;
',`
allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms;
- files_filetrans_tmp(crond_t, crond_tmp_t, { file dir })
+ files_tmp_filetrans(crond_t, crond_tmp_t, { file dir })
mta_send_mail(crond_t)
')
@@ -247,11 +247,11 @@ ifdef(`targeted_policy',`
# Write /var/lock/makewhatis.lock.
allow system_crond_t system_crond_lock_t:file create_file_perms;
- files_filetrans_lock(system_crond_t,system_crond_lock_t)
+ files_lock_filetrans(system_crond_t,system_crond_lock_t)
# write temporary files
allow system_crond_t system_crond_tmp_t:file create_file_perms;
- files_filetrans_tmp(system_crond_t,system_crond_tmp_t)
+ files_tmp_filetrans(system_crond_t,system_crond_tmp_t)
# write temporary files in crond tmp dir:
allow system_crond_t crond_tmp_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 7c30ba5..327f202 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -92,7 +92,7 @@ files_search_etc(cupsd_t)
allow cupsd_t cupsd_rw_etc_t:file manage_file_perms;
allow cupsd_t cupsd_rw_etc_t:dir manage_dir_perms;
type_transition cupsd_t cupsd_etc_t:file cupsd_rw_etc_t;
-files_filetrans_var(cupsd_t,cupsd_rw_etc_t,{ dir file })
+files_var_filetrans(cupsd_t,cupsd_rw_etc_t,{ dir file })
# allow cups to execute its backend scripts
can_exec(cupsd_t, cupsd_exec_t)
@@ -101,16 +101,16 @@ allow cupsd_t cupsd_exec_t:lnk_file read;
allow cupsd_t cupsd_log_t:file create_file_perms;
allow cupsd_t cupsd_log_t:dir { setattr rw_dir_perms };
-logging_filetrans_log(cupsd_t,cupsd_log_t,{ file dir })
+logging_log_filetrans(cupsd_t,cupsd_log_t,{ file dir })
allow cupsd_t cupsd_tmp_t:dir create_dir_perms;
allow cupsd_t cupsd_tmp_t:file create_file_perms;
allow cupsd_t cupsd_tmp_t:fifo_file create_file_perms;
-files_filetrans_tmp(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
+files_tmp_filetrans(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
allow cupsd_t cupsd_var_run_t:file create_file_perms;
allow cupsd_t cupsd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(cupsd_t,cupsd_var_run_t)
+files_pid_filetrans(cupsd_t,cupsd_var_run_t)
allow cupsd_t hplip_var_run_t:file { read getattr };
@@ -190,7 +190,7 @@ seutil_dontaudit_read_config(cupsd_t)
sysnet_read_config(cupsd_t)
userdom_dontaudit_use_unpriv_user_fds(cupsd_t)
-userdom_dontaudit_search_all_users_home(cupsd_t)
+userdom_dontaudit_search_all_users_home_content(cupsd_t)
# Write to /var/spool/cups.
lpd_manage_spool(cupsd_t)
@@ -299,11 +299,11 @@ allow ptal_t ptal_var_run_t:file create_file_perms;
allow ptal_t ptal_var_run_t:lnk_file create_lnk_perms;
allow ptal_t ptal_var_run_t:sock_file create_file_perms;
allow ptal_t ptal_var_run_t:fifo_file create_file_perms;
-files_filetrans_pid(ptal_t,ptal_var_run_t,{ dir file lnk_file sock_file fifo_file })
+files_pid_filetrans(ptal_t,ptal_var_run_t,{ dir file lnk_file sock_file fifo_file })
allow ptal_t ptal_var_run_t:file create_file_perms;
allow ptal_t ptal_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(ptal_t,ptal_var_run_t)
+files_pid_filetrans(ptal_t,ptal_var_run_t)
kernel_read_kernel_sysctls(ptal_t)
kernel_list_proc(ptal_t)
@@ -345,7 +345,7 @@ miscfiles_read_localization(ptal_t)
sysnet_read_config(ptal_t)
userdom_dontaudit_use_unpriv_user_fds(ptal_t)
-userdom_dontaudit_search_all_users_home(ptal_t)
+userdom_dontaudit_search_all_users_home_content(ptal_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(ptal_t)
@@ -390,7 +390,7 @@ files_search_etc(hplip_t)
allow hplip_t hplip_var_run_t:file create_file_perms;
allow hplip_t hplip_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(hplip_t,hplip_var_run_t)
+files_pid_filetrans(hplip_t,hplip_var_run_t)
kernel_read_system_state(hplip_t)
kernel_read_kernel_sysctls(hplip_t)
@@ -442,7 +442,7 @@ miscfiles_read_localization(hplip_t)
sysnet_read_config(hplip_t)
userdom_dontaudit_use_unpriv_user_fds(hplip_t)
-userdom_dontaudit_search_sysadm_home_dir(hplip_t)
+userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
lpd_read_config(cupsd_t)
@@ -497,7 +497,7 @@ dontaudit cupsd_config_t cupsd_t:process ptrace;
allow cupsd_config_t cupsd_config_var_run_t:file create_file_perms;
allow cupsd_config_t cupsd_config_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(cupsd_config_t,cupsd_config_var_run_t)
+files_pid_filetrans(cupsd_config_t,cupsd_config_var_run_t)
can_exec(cupsd_config_t, cupsd_config_exec_t)
@@ -511,7 +511,7 @@ allow cupsd_config_t cupsd_log_t:file rw_file_perms;
allow cupsd_config_t cupsd_rw_etc_t:dir rw_dir_perms;
allow cupsd_config_t cupsd_rw_etc_t:file manage_file_perms;
allow cupsd_config_t cupsd_rw_etc_t:lnk_file create_lnk_perms;
-files_filetrans_var(cupsd_config_t,cupsd_rw_etc_t)
+files_var_filetrans(cupsd_config_t,cupsd_rw_etc_t)
allow cupsd_config_t cupsd_var_run_t:file { getattr read };
@@ -563,7 +563,7 @@ seutil_dontaudit_search_config(cupsd_config_t)
sysnet_read_config(cupsd_config_t)
userdom_dontaudit_use_unpriv_user_fds(cupsd_config_t)
-userdom_dontaudit_search_sysadm_home_dir(cupsd_config_t)
+userdom_dontaudit_search_sysadm_home_dirs(cupsd_config_t)
ifdef(`distro_redhat',`
init_getattr_script_files(cupsd_config_t)
@@ -678,11 +678,11 @@ allow cupsd_lpd_t cupsd_etc_t:lnk_file { getattr read };
allow cupsd_lpd_t cupsd_lpd_tmp_t:dir create_dir_perms;
allow cupsd_lpd_t cupsd_lpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(cupsd_lpd_t, cupsd_lpd_tmp_t, { file dir })
+files_tmp_filetrans(cupsd_lpd_t, cupsd_lpd_tmp_t, { file dir })
allow cupsd_lpd_t cupsd_lpd_var_run_t:file create_file_perms;
allow cupsd_lpd_t cupsd_lpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(cupsd_lpd_t,cupsd_lpd_var_run_t)
+files_pid_filetrans(cupsd_lpd_t,cupsd_lpd_var_run_t)
allow cupsd_lpd_t cupsd_rw_etc_t:dir list_dir_perms;
allow cupsd_lpd_t cupsd_rw_etc_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index c4e324d..f2a985e 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -38,11 +38,11 @@ allow cvs_t cvs_data_t:lnk_file create_lnk_perms;
allow cvs_t cvs_tmp_t:dir create_dir_perms;
allow cvs_t cvs_tmp_t:file create_file_perms;
-files_filetrans_tmp(cvs_t, cvs_tmp_t, { file dir })
+files_tmp_filetrans(cvs_t, cvs_tmp_t, { file dir })
allow cvs_t cvs_var_run_t:file create_file_perms;
allow cvs_t cvs_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(cvs_t,cvs_var_run_t)
+files_pid_filetrans(cvs_t,cvs_var_run_t)
kernel_read_kernel_sysctls(cvs_t)
kernel_read_system_state(cvs_t)
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index 7ca391f..7462a07 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -44,16 +44,16 @@ allow cyrus_t self:udp_socket create_socket_perms;
allow cyrus_t cyrus_tmp_t:dir create_dir_perms;
allow cyrus_t cyrus_tmp_t:file create_file_perms;
-files_filetrans_tmp(cyrus_t, cyrus_tmp_t, { file dir })
+files_tmp_filetrans(cyrus_t, cyrus_tmp_t, { file dir })
allow cyrus_t cyrus_var_lib_t:dir create_dir_perms;
allow cyrus_t cyrus_var_lib_t:{file sock_file lnk_file} create_file_perms;
-files_filetrans_pid(cyrus_t,cyrus_var_run_t)
+files_pid_filetrans(cyrus_t,cyrus_var_run_t)
allow cyrus_t cyrus_var_run_t:dir rw_dir_perms;
allow cyrus_t cyrus_var_run_t:sock_file create_file_perms;
allow cyrus_t cyrus_var_run_t:file create_file_perms;
-files_filetrans_pid(cyrus_t,cyrus_var_run_t,{ file sock_file })
+files_pid_filetrans(cyrus_t,cyrus_var_run_t,{ file sock_file })
kernel_read_kernel_sysctls(cyrus_t)
kernel_read_system_state(cyrus_t)
@@ -106,8 +106,8 @@ miscfiles_read_certs(cyrus_t)
sysnet_read_config(cyrus_t)
userdom_dontaudit_use_unpriv_user_fds(cyrus_t)
-userdom_dontaudit_search_sysadm_home_dir(cyrus_t)
-userdom_use_unpriv_users_fd(cyrus_t)
+userdom_dontaudit_search_sysadm_home_dirs(cyrus_t)
+userdom_use_unpriv_users_fds(cyrus_t)
userdom_use_sysadm_ptys(cyrus_t)
mta_manage_spool(cyrus_t)
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index f3494c6..de7dffa 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -39,11 +39,11 @@ optional_policy(`kerberos',`
allow dbskkd_t dbskkd_tmp_t:dir create_dir_perms;
allow dbskkd_t dbskkd_tmp_t:file create_file_perms;
-files_filetrans_tmp(dbskkd_t, dbskkd_tmp_t, { file dir })
+files_tmp_filetrans(dbskkd_t, dbskkd_tmp_t, { file dir })
allow dbskkd_t dbskkd_var_run_t:file create_file_perms;
allow dbskkd_t dbskkd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(dbskkd_t,dbskkd_var_run_t)
+files_pid_filetrans(dbskkd_t,dbskkd_var_run_t)
kernel_read_kernel_sysctls(dbskkd_t)
kernel_read_system_state(dbskkd_t)
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index 6c5f397..b96f17f 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -97,7 +97,7 @@ template(`dbus_per_userdomain_template',`
allow $1_dbusd_t $1_dbusd_tmp_t:dir create_dir_perms;
allow $1_dbusd_t $1_dbusd_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_dbusd_t, $1_dbusd_tmp_t, { file dir })
+ files_tmp_filetrans($1_dbusd_t, $1_dbusd_tmp_t, { file dir })
domain_auto_trans($2, system_dbusd_exec_t, $1_dbusd_t)
allow $2 $1_dbusd_t:fd use;
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index 6e80243..817e0b8 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -47,12 +47,12 @@ allow system_dbusd_t dbusd_etc_t:lnk_file { getattr read };
allow system_dbusd_t system_dbusd_tmp_t:dir create_dir_perms;
allow system_dbusd_t system_dbusd_tmp_t:file create_file_perms;
-files_filetrans_tmp(system_dbusd_t, system_dbusd_tmp_t, { file dir })
+files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
allow system_dbusd_t system_dbusd_var_run_t:file create_file_perms;
allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms;
allow system_dbusd_t system_dbusd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(system_dbusd_t,system_dbusd_var_run_t)
+files_pid_filetrans(system_dbusd_t,system_dbusd_var_run_t)
kernel_read_system_state(system_dbusd_t)
kernel_read_kernel_sysctls(system_dbusd_t)
@@ -108,7 +108,7 @@ seutil_read_default_contexts(system_dbusd_t)
seutil_sigchld_newrole(system_dbusd_t)
userdom_dontaudit_use_unpriv_user_fds(system_dbusd_t)
-userdom_dontaudit_search_sysadm_home_dir(system_dbusd_t)
+userdom_dontaudit_search_sysadm_home_dirs(system_dbusd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(system_dbusd_t)
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index 6f12f4c..501a064 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -41,15 +41,15 @@ can_exec(dhcpd_t,dhcpd_exec_t)
allow dhcpd_t dhcpd_state_t:dir rw_dir_perms;
allow dhcpd_t dhcpd_state_t:file create_file_perms;
-sysnet_filetrans_dhcp_state(dhcpd_t,dhcpd_state_t)
+sysnet_dhcp_state_filetrans(dhcpd_t,dhcpd_state_t)
allow dhcpd_t dhcpd_tmp_t:dir create_dir_perms;
allow dhcpd_t dhcpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(dhcpd_t, dhcpd_tmp_t, { file dir })
+files_tmp_filetrans(dhcpd_t, dhcpd_tmp_t, { file dir })
allow dhcpd_t dhcpd_var_run_t:file create_file_perms;
allow dhcpd_t dhcpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(dhcpd_t,dhcpd_var_run_t)
+files_pid_filetrans(dhcpd_t,dhcpd_var_run_t)
kernel_read_system_state(dhcpd_t)
kernel_read_kernel_sysctls(dhcpd_t)
@@ -103,7 +103,7 @@ sysnet_read_config(dhcpd_t)
sysnet_read_dhcp_config(dhcpd_t)
userdom_dontaudit_use_unpriv_user_fds(dhcpd_t)
-userdom_dontaudit_search_sysadm_home_dir(dhcpd_t)
+userdom_dontaudit_search_sysadm_home_dirs(dhcpd_t)
ifdef(`distro_gentoo',`
allow dhcpd_t self:capability { chown dac_override setgid setuid sys_chroot };
diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te
index b4abd00..5ba39e2 100644
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@@ -32,15 +32,15 @@ allow distccd_t self:tcp_socket create_stream_socket_perms;
allow distccd_t self:udp_socket create_socket_perms;
allow distccd_t distccd_log_t:file create_file_perms;
-logging_filetrans_log(distccd_t,distccd_log_t)
+logging_log_filetrans(distccd_t,distccd_log_t)
allow distccd_t distccd_tmp_t:dir create_dir_perms;
allow distccd_t distccd_tmp_t:file create_file_perms;
-files_filetrans_tmp(distccd_t, distccd_tmp_t, { file dir })
+files_tmp_filetrans(distccd_t, distccd_tmp_t, { file dir })
allow distccd_t distccd_var_run_t:file create_file_perms;
allow distccd_t distccd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(distccd_t,distccd_var_run_t)
+files_pid_filetrans(distccd_t,distccd_var_run_t)
kernel_read_system_state(distccd_t)
kernel_read_kernel_sysctls(distccd_t)
@@ -87,7 +87,7 @@ miscfiles_read_localization(distccd_t)
sysnet_read_config(distccd_t)
userdom_dontaudit_use_unpriv_user_fds(distccd_t)
-userdom_dontaudit_search_sysadm_home_dir(distccd_t)
+userdom_dontaudit_search_sysadm_home_dirs(distccd_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(distccd_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index d1d8add..f1703b4 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -65,7 +65,7 @@ allow dovecot_t dovecot_spool_t:lnk_file create_lnk_perms;
allow dovecot_t dovecot_var_run_t:file create_file_perms;
allow dovecot_t dovecot_var_run_t:sock_file create_file_perms;
allow dovecot_t dovecot_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(dovecot_t,dovecot_var_run_t)
+files_pid_filetrans(dovecot_t,dovecot_var_run_t)
kernel_read_kernel_sysctls(dovecot_t)
kernel_read_system_state(dovecot_t)
@@ -113,7 +113,7 @@ sysnet_read_config(dovecot_t)
sysnet_use_ldap(dovecot_auth_t)
userdom_dontaudit_use_unpriv_user_fds(dovecot_t)
-userdom_dontaudit_search_sysadm_home_dir(dovecot_t)
+userdom_dontaudit_search_sysadm_home_dirs(dovecot_t)
userdom_priveleged_home_dir_manager(dovecot_t)
mta_manage_spool(dovecot_t)
diff --git a/refpolicy/policy/modules/services/fetchmail.te b/refpolicy/policy/modules/services/fetchmail.te
index 07fc423..bda2585 100644
--- a/refpolicy/policy/modules/services/fetchmail.te
+++ b/refpolicy/policy/modules/services/fetchmail.te
@@ -34,11 +34,11 @@ allow fetchmail_t self:netlink_route_socket r_netlink_socket_perms;
allow fetchmail_t fetchmail_etc_t:file r_file_perms;
allow fetchmail_t fetchmail_uidl_cache_t:file create_file_perms;
-mta_filetrans_spool(fetchmail_t,fetchmail_uidl_cache_t)
+mta_spool_filetrans(fetchmail_t,fetchmail_uidl_cache_t)
allow fetchmail_t fetchmail_var_run_t:file create_file_perms;
allow fetchmail_t fetchmail_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(fetchmail_t,fetchmail_var_run_t)
+files_pid_filetrans(fetchmail_t,fetchmail_var_run_t)
kernel_read_kernel_sysctls(fetchmail_t)
kernel_list_proc(fetchmail_t)
@@ -90,7 +90,7 @@ miscfiles_read_certs(fetchmail_t)
sysnet_read_config(fetchmail_t)
userdom_dontaudit_use_unpriv_user_fds(fetchmail_t)
-userdom_dontaudit_search_sysadm_home_dir(fetchmail_t)
+userdom_dontaudit_search_sysadm_home_dirs(fetchmail_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(fetchmail_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index 0764b3f..c6bae03 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -34,14 +34,14 @@ allow fingerd_t self:unix_stream_socket create_socket_perms;
allow fingerd_t fingerd_var_run_t:file create_file_perms;
allow fingerd_t fingerd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(fingerd_t,fingerd_var_run_t)
+files_pid_filetrans(fingerd_t,fingerd_var_run_t)
allow fingerd_t fingerd_etc_t:file r_file_perms;
allow fingerd_t fingerd_etc_t:dir r_dir_perms;
allow fingerd_t fingerd_etc_t:lnk_file { getattr read };
allow fingerd_t fingerd_log_t:file create_file_perms;
-logging_filetrans_log(fingerd_t,fingerd_log_t)
+logging_log_filetrans(fingerd_t,fingerd_log_t)
kernel_read_kernel_sysctls(fingerd_t)
kernel_read_system_state(fingerd_t)
@@ -97,9 +97,9 @@ sysnet_read_config(fingerd_t)
miscfiles_read_localization(fingerd_t)
-userdom_read_unpriv_users_home_files(fingerd_t)
+userdom_read_unpriv_users_home_content_files(fingerd_t)
userdom_dontaudit_use_unpriv_user_fds(fingerd_t)
-userdom_dontaudit_search_sysadm_home_dir(fingerd_t)
+userdom_dontaudit_search_sysadm_home_dirs(fingerd_t)
# stop it accessing sub-directories, prevents checking a Maildir for new mail,
# have to change this when we create a type for Maildir
userdom_dontaudit_search_generic_user_home_dirs(fingerd_t)
diff --git a/refpolicy/policy/modules/services/ftp.if b/refpolicy/policy/modules/services/ftp.if
index 7e3738a..9b89315 100644
--- a/refpolicy/policy/modules/services/ftp.if
+++ b/refpolicy/policy/modules/services/ftp.if
@@ -25,11 +25,11 @@
#
template(`ftp_per_userdomain_template',`
tunable_policy(`ftpd_is_daemon',`
- userdom_manage_user_home_files($1,ftpd_t)
- userdom_manage_user_home_symlinks($1,ftpd_t)
- userdom_manage_user_home_sockets($1,ftpd_t)
- userdom_manage_user_home_pipes($1,ftpd_t)
- userdom_filetrans_user_home($1,ftpd_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_manage_user_home_content_files($1,ftpd_t)
+ userdom_manage_user_home_content_symlinks($1,ftpd_t)
+ userdom_manage_user_home_content_sockets($1,ftpd_t)
+ userdom_manage_user_home_content_pipes($1,ftpd_t)
+ userdom_user_home_dir_filetrans_user_home_content($1,ftpd_t,{ dir file lnk_file sock_file fifo_file })
')
')
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index bb23ecb..eccdf54 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -48,22 +48,22 @@ allow ftpd_t ftpd_etc_t:file r_file_perms;
allow ftpd_t ftpd_tmp_t:dir create_dir_perms;
allow ftpd_t ftpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(ftpd_t, ftpd_tmp_t, { file dir })
+files_tmp_filetrans(ftpd_t, ftpd_tmp_t, { file dir })
allow ftpd_t ftpd_tmpfs_t:fifo_file create_file_perms;
allow ftpd_t ftpd_tmpfs_t:dir create_dir_perms;
allow ftpd_t ftpd_tmpfs_t:file create_file_perms;
allow ftpd_t ftpd_tmpfs_t:lnk_file create_lnk_perms;
allow ftpd_t ftpd_tmpfs_t:sock_file create_file_perms;
-fs_filetrans_tmpfs(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_tmpfs_filetrans(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow ftpd_t ftpd_var_run_t:file create_file_perms;
allow ftpd_t ftpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(ftpd_t,ftpd_var_run_t)
+files_pid_filetrans(ftpd_t,ftpd_var_run_t)
# Create and modify /var/log/xferlog.
allow ftpd_t xferlog_t:file create_file_perms;
-logging_filetrans_log(ftpd_t,xferlog_t)
+logging_log_filetrans(ftpd_t,xferlog_t)
kernel_read_kernel_sysctls(ftpd_t)
kernel_read_system_state(ftpd_t)
@@ -126,7 +126,7 @@ seutil_dontaudit_search_config(ftpd_t)
sysnet_read_config(ftpd_t)
-userdom_dontaudit_search_sysadm_home_dir(ftpd_t)
+userdom_dontaudit_search_sysadm_home_dirs(ftpd_t)
userdom_dontaudit_use_unpriv_user_fds(ftpd_t)
ifdef(`targeted_policy',`
@@ -137,11 +137,11 @@ ifdef(`targeted_policy',`
optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',`
- userdom_manage_generic_user_home_files(ftpd_t)
- userdom_manage_generic_user_home_symlinks(ftpd_t)
- userdom_manage_generic_user_home_sockets(ftpd_t)
- userdom_manage_generic_user_home_pipes(ftpd_t)
- userdom_filetrans_generic_user_home(ftpd_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_manage_generic_user_home_content_files(ftpd_t)
+ userdom_manage_generic_user_home_content_symlinks(ftpd_t)
+ userdom_manage_generic_user_home_content_sockets(ftpd_t)
+ userdom_manage_generic_user_home_content_pipes(ftpd_t)
+ userdom_generic_user_home_dir_filetrans_generic_user_home_content(ftpd_t,{ dir file lnk_file sock_file fifo_file })
')
')
')
@@ -153,19 +153,19 @@ tunable_policy(`allow_ftpd_anon_write',`
tunable_policy(`ftp_home_dir',`
# allow access to /home
files_list_home(ftpd_t)
- userdom_read_all_users_home_files(ftpd_t)
- userdom_manage_all_users_home_dirs(ftpd_t)
- userdom_manage_all_users_home_files(ftpd_t)
- userdom_manage_all_users_home_symlinks(ftpd_t)
+ userdom_read_all_users_home_content_files(ftpd_t)
+ userdom_manage_all_users_home_content_dirs(ftpd_t)
+ userdom_manage_all_users_home_content_files(ftpd_t)
+ userdom_manage_all_users_home_content_symlinks(ftpd_t)
ifdef(`targeted_policy',`
- userdom_filetrans_generic_user_home(ftpd_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_generic_user_home_dir_filetrans_generic_user_home_content(ftpd_t,{ dir file lnk_file sock_file fifo_file })
')
')
tunable_policy(`ftpd_is_daemon',`
allow ftpd_t ftpd_lock_t:file create_file_perms;
- files_filetrans_lock(ftpd_t,ftpd_lock_t)
+ files_lock_filetrans(ftpd_t,ftpd_lock_t)
corenet_tcp_bind_ftp_port(ftpd_t)
')
diff --git a/refpolicy/policy/modules/services/gpm.te b/refpolicy/policy/modules/services/gpm.te
index a485568..37fa597 100644
--- a/refpolicy/policy/modules/services/gpm.te
+++ b/refpolicy/policy/modules/services/gpm.te
@@ -36,14 +36,14 @@ allow gpm_t gpm_conf_t:lnk_file { getattr read };
allow gpm_t gpm_tmp_t:dir create_dir_perms;
allow gpm_t gpm_tmp_t:file create_file_perms;
-files_filetrans_tmp(gpm_t, gpm_tmp_t, { file dir })
+files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
allow gpm_t gpm_var_run_t:file create_file_perms;
-files_filetrans_pid(gpm_t,gpm_var_run_t)
+files_pid_filetrans(gpm_t,gpm_var_run_t)
allow gpm_t gpmctl_t:sock_file create_file_perms;
allow gpm_t gpmctl_t:fifo_file create_file_perms;
-dev_filetrans_dev(gpm_t,gpmctl_t,{ sock_file fifo_file })
+dev_filetrans(gpm_t,gpmctl_t,{ sock_file fifo_file })
# cjp: this has no effect
allow gpm_t gpmctl_t:unix_stream_socket name_bind;
@@ -76,7 +76,7 @@ logging_send_syslog_msg(gpm_t)
miscfiles_read_localization(gpm_t)
userdom_dontaudit_use_unpriv_user_fds(gpm_t)
-userdom_dontaudit_search_sysadm_home_dir(gpm_t)
+userdom_dontaudit_search_sysadm_home_dirs(gpm_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(gpm_t)
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 29ba45d..2a40ace 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -38,11 +38,11 @@ allow hald_t self:netlink_socket create_socket_perms;
allow hald_t hald_tmp_t:dir create_dir_perms;
allow hald_t hald_tmp_t:file create_file_perms;
-files_filetrans_tmp(hald_t, hald_tmp_t, { file dir })
+files_tmp_filetrans(hald_t, hald_tmp_t, { file dir })
allow hald_t hald_var_run_t:file create_file_perms;
allow hald_t hald_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(hald_t,hald_var_run_t)
+files_pid_filetrans(hald_t,hald_var_run_t)
kernel_read_system_state(hald_t)
kernel_read_network_state(hald_t)
@@ -141,7 +141,7 @@ seutil_read_default_contexts(hald_t)
sysnet_read_config(hald_t)
userdom_dontaudit_use_unpriv_user_fds(hald_t)
-userdom_dontaudit_search_sysadm_home_dir(hald_t)
+userdom_dontaudit_search_sysadm_home_dirs(hald_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(hald_t)
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index fb388d1..d49c0be 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -27,7 +27,7 @@ allow howl_t self:udp_socket create_socket_perms;
allow howl_t howl_var_run_t:file create_file_perms;
allow howl_t howl_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(howl_t,howl_var_run_t)
+files_pid_filetrans(howl_t,howl_var_run_t)
kernel_read_network_state(howl_t)
kernel_read_kernel_sysctls(howl_t)
@@ -74,7 +74,7 @@ miscfiles_read_localization(howl_t)
sysnet_read_config(howl_t)
userdom_dontaudit_use_unpriv_user_fds(howl_t)
-userdom_dontaudit_search_sysadm_home_dir(howl_t)
+userdom_dontaudit_search_sysadm_home_dirs(howl_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(howl_t)
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index d279f8f..8e7904a 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -30,7 +30,7 @@ allow i18n_input_t self:udp_socket create_socket_perms;
allow i18n_input_t i18n_input_var_run_t:dir create_dir_perms;
allow i18n_input_t i18n_input_var_run_t:file create_file_perms;
allow i18n_input_t i18n_input_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(i18n_input_t,i18n_input_var_run_t)
+files_pid_filetrans(i18n_input_t,i18n_input_var_run_t)
can_exec(i18n_input_t, i18n_input_exec_t)
@@ -83,8 +83,8 @@ miscfiles_read_localization(i18n_input_t)
sysnet_read_config(i18n_input_t)
userdom_dontaudit_use_unpriv_user_fds(i18n_input_t)
-userdom_dontaudit_search_sysadm_home_dir(i18n_input_t)
-userdom_read_unpriv_users_home_files(i18n_input_t)
+userdom_dontaudit_search_sysadm_home_dirs(i18n_input_t)
+userdom_read_unpriv_users_home_content_files(i18n_input_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(i18n_input_t)
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 3bfecd8..767e5df 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -43,14 +43,14 @@ allow inetd_t self:tcp_socket create_stream_socket_perms;
allow inetd_t self:udp_socket { connect connected_socket_perms };
allow inetd_t inetd_log_t:file create_file_perms;
-logging_filetrans_log(inetd_t,inetd_log_t)
+logging_log_filetrans(inetd_t,inetd_log_t)
allow inetd_t inetd_tmp_t:dir create_dir_perms;
allow inetd_t inetd_tmp_t:file create_file_perms;
-files_filetrans_tmp(inetd_t, inetd_tmp_t, { file dir })
+files_tmp_filetrans(inetd_t, inetd_tmp_t, { file dir })
allow inetd_t inetd_var_run_t:file create_file_perms;
-files_filetrans_pid(inetd_t,inetd_var_run_t)
+files_pid_filetrans(inetd_t,inetd_var_run_t)
kernel_read_kernel_sysctls(inetd_t)
kernel_list_proc(inetd_t)
@@ -119,7 +119,7 @@ miscfiles_read_localization(inetd_t)
sysnet_read_config(inetd_t)
userdom_dontaudit_use_unpriv_user_fds(inetd_t)
-userdom_dontaudit_search_sysadm_home_dir(inetd_t)
+userdom_dontaudit_search_sysadm_home_dirs(inetd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(inetd_t)
@@ -175,11 +175,11 @@ files_search_home(inetd_child_t)
allow inetd_child_t inetd_child_tmp_t:dir create_dir_perms;
allow inetd_child_t inetd_child_tmp_t:file create_file_perms;
-files_filetrans_tmp(inetd_child_t, inetd_child_tmp_t, { file dir })
+files_tmp_filetrans(inetd_child_t, inetd_child_tmp_t, { file dir })
allow inetd_child_t inetd_child_var_run_t:file create_file_perms;
allow inetd_child_t inetd_child_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(inetd_child_t,inetd_child_var_run_t)
+files_pid_filetrans(inetd_child_t,inetd_child_var_run_t)
kernel_read_kernel_sysctls(inetd_child_t)
kernel_read_system_state(inetd_child_t)
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index 5a65b0d..af05b80 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -45,16 +45,16 @@ can_exec(innd_t, innd_exec_t)
allow innd_t innd_log_t:file manage_file_perms;
allow innd_t innd_log_t:dir { setattr rw_dir_perms };
-logging_filetrans_log(innd_t,innd_log_t)
+logging_log_filetrans(innd_t,innd_log_t)
allow innd_t innd_var_lib_t:dir create_dir_perms;
allow innd_t innd_var_lib_t:file create_file_perms;
-files_filetrans_var_lib(innd_t,innd_var_lib_t)
+files_var_lib_filetrans(innd_t,innd_var_lib_t)
allow innd_t innd_var_run_t:dir create_dir_perms;
allow innd_t innd_var_run_t:file create_file_perms;
allow innd_t innd_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(innd_t,innd_var_run_t)
+files_pid_filetrans(innd_t,innd_var_run_t)
allow innd_t news_spool_t:dir create_dir_perms;
allow innd_t news_spool_t:file create_file_perms;
@@ -112,7 +112,7 @@ seutil_dontaudit_search_config(innd_t)
sysnet_read_config(innd_t)
userdom_dontaudit_use_unpriv_user_fds(innd_t)
-userdom_dontaudit_search_sysadm_home_dir(innd_t)
+userdom_dontaudit_search_sysadm_home_dirs(innd_t)
mta_send_mail(innd_t)
diff --git a/refpolicy/policy/modules/services/irqbalance.te b/refpolicy/policy/modules/services/irqbalance.te
index 9273682..477dcd9 100644
--- a/refpolicy/policy/modules/services/irqbalance.te
+++ b/refpolicy/policy/modules/services/irqbalance.te
@@ -23,7 +23,7 @@ allow irqbalance_t self:process signal_perms;
allow irqbalance_t irqbalance_var_run_t:file create_file_perms;
allow irqbalance_t irqbalance_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(irqbalance_t,irqbalance_var_run_t)
+files_pid_filetrans(irqbalance_t,irqbalance_var_run_t)
kernel_read_system_state(irqbalance_t)
kernel_read_kernel_sysctls(irqbalance_t)
@@ -52,7 +52,7 @@ logging_send_syslog_msg(irqbalance_t)
miscfiles_read_localization(irqbalance_t)
userdom_dontaudit_use_unpriv_user_fds(irqbalance_t)
-userdom_dontaudit_search_sysadm_home_dir(irqbalance_t)
+userdom_dontaudit_search_sysadm_home_dirs(irqbalance_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(irqbalance_t)
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 482827d..3a22cbf 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -62,7 +62,7 @@ allow kadmind_t self:tcp_socket connected_stream_socket_perms;
allow kadmind_t self:udp_socket create_socket_perms;
allow kadmind_t kadmind_log_t:file create_file_perms;
-logging_filetrans_log(kadmind_t,kadmind_log_t)
+logging_log_filetrans(kadmind_t,kadmind_log_t)
allow kadmind_t krb5_conf_t:file r_file_perms;
dontaudit kadmind_t krb5_conf_t:file write;
@@ -77,11 +77,11 @@ can_exec(kadmind_t, kadmind_exec_t)
allow kadmind_t kadmind_tmp_t:dir create_dir_perms;
allow kadmind_t kadmind_tmp_t:file create_file_perms;
-files_filetrans_tmp(kadmind_t, kadmind_tmp_t, { file dir })
+files_tmp_filetrans(kadmind_t, kadmind_tmp_t, { file dir })
allow kadmind_t kadmind_var_run_t:file create_file_perms;
allow kadmind_t kadmind_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(kadmind_t,kadmind_var_run_t)
+files_pid_filetrans(kadmind_t,kadmind_var_run_t)
kernel_read_kernel_sysctls(kadmind_t)
kernel_list_proc(kadmind_t)
@@ -129,7 +129,7 @@ miscfiles_read_localization(kadmind_t)
sysnet_read_config(kadmind_t)
userdom_dontaudit_use_unpriv_user_fds(kadmind_t)
-userdom_dontaudit_search_sysadm_home_dir(kadmind_t)
+userdom_dontaudit_search_sysadm_home_dirs(kadmind_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(kadmind_t)
@@ -172,18 +172,18 @@ allow krb5kdc_t krb5kdc_conf_t:file r_file_perms;
dontaudit krb5kdc_t krb5kdc_conf_t:file write;
allow krb5kdc_t krb5kdc_log_t:file create_file_perms;
-logging_filetrans_log(krb5kdc_t,krb5kdc_log_t)
+logging_log_filetrans(krb5kdc_t,krb5kdc_log_t)
allow krb5kdc_t krb5kdc_principal_t:file r_file_perms;
dontaudit krb5kdc_t krb5kdc_principal_t:file write;
allow krb5kdc_t krb5kdc_tmp_t:dir create_dir_perms;
allow krb5kdc_t krb5kdc_tmp_t:file create_file_perms;
-files_filetrans_tmp(krb5kdc_t, krb5kdc_tmp_t, { file dir })
+files_tmp_filetrans(krb5kdc_t, krb5kdc_tmp_t, { file dir })
allow krb5kdc_t krb5kdc_var_run_t:file create_file_perms;
allow krb5kdc_t krb5kdc_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(krb5kdc_t,krb5kdc_var_run_t)
+files_pid_filetrans(krb5kdc_t,krb5kdc_var_run_t)
kernel_read_system_state(krb5kdc_t)
kernel_read_kernel_sysctls(krb5kdc_t)
@@ -229,7 +229,7 @@ miscfiles_read_localization(krb5kdc_t)
sysnet_read_config(krb5kdc_t)
userdom_dontaudit_use_unpriv_user_fds(krb5kdc_t)
-userdom_dontaudit_search_sysadm_home_dir(krb5kdc_t)
+userdom_dontaudit_search_sysadm_home_dirs(krb5kdc_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(krb5kdc_t)
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
index 284c1c3..7e2ee1a 100644
--- a/refpolicy/policy/modules/services/ktalk.te
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -40,11 +40,11 @@ optional_policy(`kerberos',`
allow ktalkd_t ktalkd_tmp_t:dir create_dir_perms;
allow ktalkd_t ktalkd_tmp_t:file create_file_perms;
-files_filetrans_tmp(ktalkd_t, ktalkd_tmp_t, { file dir })
+files_tmp_filetrans(ktalkd_t, ktalkd_tmp_t, { file dir })
allow ktalkd_t ktalkd_var_run_t:file create_file_perms;
allow ktalkd_t ktalkd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(ktalkd_t,ktalkd_var_run_t)
+files_pid_filetrans(ktalkd_t,ktalkd_var_run_t)
kernel_read_kernel_sysctls(ktalkd_t)
kernel_read_system_state(ktalkd_t)
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index 6c4ddfc..ac2a356 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -59,7 +59,7 @@ allow slapd_t slapd_db_t:lnk_file create_lnk_perms;
allow slapd_t slapd_etc_t:file { getattr read };
allow slapd_t slapd_lock_t:file create_file_perms;
-files_filetrans_lock(slapd_t,slapd_lock_t)
+files_lock_filetrans(slapd_t,slapd_lock_t)
# Allow access to write the replication log (should tighten this)
allow slapd_t slapd_replog_t:dir create_dir_perms;
@@ -68,11 +68,11 @@ allow slapd_t slapd_replog_t:lnk_file create_lnk_perms;
allow slapd_t slapd_tmp_t:dir create_dir_perms;
allow slapd_t slapd_tmp_t:file create_file_perms;
-files_filetrans_tmp(slapd_t, slapd_tmp_t, { file dir })
+files_tmp_filetrans(slapd_t, slapd_tmp_t, { file dir })
allow slapd_t slapd_var_run_t:file create_file_perms;
allow slapd_t slapd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(slapd_t,slapd_var_run_t)
+files_pid_filetrans(slapd_t,slapd_var_run_t)
kernel_read_system_state(slapd_t)
kernel_read_kernel_sysctls(slapd_t)
@@ -121,17 +121,17 @@ miscfiles_read_localization(slapd_t)
sysnet_read_config(slapd_t)
userdom_dontaudit_use_unpriv_user_fds(slapd_t)
-userdom_dontaudit_search_sysadm_home_dir(slapd_t)
+userdom_dontaudit_search_sysadm_home_dirs(slapd_t)
ifdef(`targeted_policy',`
#reh slapcat will want to talk to the terminal
term_use_generic_ptys(slapd_t)
term_use_unallocated_ttys(slapd_t)
- userdom_search_generic_user_home_dir(slapd_t)
+ userdom_search_generic_user_home_dirs(slapd_t)
#need to be able to read ldif files created by root
# cjp: fix to not use templated interface:
- userdom_read_user_home_files(user,slapd_t)
+ userdom_read_user_home_content_files(user,slapd_t)
term_dontaudit_use_unallocated_ttys(slapd_t)
term_dontaudit_use_generic_ptys(slapd_t)
diff --git a/refpolicy/policy/modules/services/lpd.if b/refpolicy/policy/modules/services/lpd.if
index 7f22955..da7e607 100644
--- a/refpolicy/policy/modules/services/lpd.if
+++ b/refpolicy/policy/modules/services/lpd.if
@@ -81,7 +81,7 @@ template(`lpd_per_userdomain_template',`
allow $1_lpr_t $1_lpr_tmp_t:dir create_dir_perms;
allow $1_lpr_t $1_lpr_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_lpr_t, $1_lpr_tmp_t, { file dir })
+ files_tmp_filetrans($1_lpr_t, $1_lpr_tmp_t, { file dir })
allow $1_lpr_t $1_print_spool_t:file create_file_perms;
allow $1_lpr_t print_spool_t:dir rw_dir_perms;
@@ -162,7 +162,7 @@ template(`lpd_per_userdomain_template',`
tunable_policy(`read_untrusted_content',`
#list and read user specific untrusted content
files_list_home($1_lpr_t)
- userdom_list_user_home($1,$1_lpr_t)
+ userdom_list_user_home_dirs($1,$1_lpr_t)
userdom_read_user_untrusted_content_files($1,$1_lpr_t)
#list and read user specific temporary untrusted content
@@ -234,7 +234,7 @@ template(`lpr_admin_template',`
type $1_lpr_t;
')
- userdom_read_all_users_home_files($1_lpr_t)
+ userdom_read_all_users_home_content_files($1_lpr_t)
# Allow per user lpr domain read acces for specific user.
tunable_policy(`read_untrusted_content',`
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index 265095c..ef2913c 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -49,7 +49,7 @@ allow checkpc_t self:process { fork signal_perms };
allow checkpc_t self:unix_stream_socket create_socket_perms;
allow checkpc_t checkpc_log_t:file create_file_perms;
-logging_filetrans_log(checkpc_t,checkpc_log_t)
+logging_log_filetrans(checkpc_t,checkpc_log_t)
allow checkpc_t lpd_var_run_t:dir { search getattr };
files_search_pids(checkpc_t)
@@ -130,12 +130,12 @@ allow lpd_t self:unix_dgram_socket create_socket_perms;
allow lpd_t lpd_tmp_t:dir create_dir_perms;
allow lpd_t lpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(lpd_t, lpd_tmp_t, { file dir })
+files_tmp_filetrans(lpd_t, lpd_tmp_t, { file dir })
allow lpd_t lpd_var_run_t:dir rw_dir_perms;
allow lpd_t lpd_var_run_t:file create_file_perms;
allow lpd_t lpd_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(lpd_t,lpd_var_run_t)
+files_pid_filetrans(lpd_t,lpd_var_run_t)
# Write to /var/spool/lpd.
allow lpd_t print_spool_t:dir rw_dir_perms;
@@ -149,7 +149,7 @@ can_exec(lpd_t, printconf_t)
# Create and bind to /dev/printer.
allow lpd_t printer_t:lnk_file create_lnk_perms;
-dev_filetrans_dev(lpd_t,printer_t,lnk_file)
+dev_filetrans(lpd_t,printer_t,lnk_file)
# cjp: I believe these have no effect:
allow lpd_t printer_t:unix_stream_socket name_bind;
allow lpd_t printer_t:unix_dgram_socket name_bind;
@@ -215,7 +215,7 @@ miscfiles_read_localization(lpd_t)
sysnet_read_config(lpd_t)
userdom_dontaudit_use_unpriv_user_fds(lpd_t)
-userdom_dontaudit_search_sysadm_home_dir(lpd_t)
+userdom_dontaudit_search_sysadm_home_dirs(lpd_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(lpd_t)
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index 38f683a..b63b610 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -37,15 +37,15 @@ template(`mailman_domain_template', `
allow mailman_$1_t mailman_lock_t:dir rw_dir_perms;
allow mailman_$1_t mailman_lock_t:file create_file_perms;
- files_filetrans_lock(mailman_$1_t,mailman_lock_t)
+ files_lock_filetrans(mailman_$1_t,mailman_lock_t)
allow mailman_$1_t mailman_log_t:dir rw_dir_perms;
allow mailman_$1_t mailman_log_t:file create_file_perms;
- logging_filetrans_log(mailman_$1_t,mailman_log_t)
+ logging_log_filetrans(mailman_$1_t,mailman_log_t)
allow mailman_$1_t mailman_$1_tmp_t:dir create_dir_perms;
allow mailman_$1_t mailman_$1_tmp_t:file create_file_perms;
- files_filetrans_tmp(mailman_$1_t, mailman_$1_tmp_t, { file dir })
+ files_tmp_filetrans(mailman_$1_t, mailman_$1_tmp_t, { file dir })
kernel_read_kernel_sysctls(mailman_$1_t)
kernel_read_system_state(mailman_$1_t)
diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te
index 1f6880b..de1c248 100644
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@@ -98,8 +98,8 @@ seutil_dontaudit_search_config(mailman_queue_t)
# some of the following could probably be changed to dontaudit, someone who
# knows mailman well should test this out and send the changes
-userdom_search_sysadm_home_dir(mailman_queue_t)
-userdom_getattr_sysadm_home_dir(mailman_queue_t)
+userdom_search_sysadm_home_dirs(mailman_queue_t)
+userdom_getattr_sysadm_home_dirs(mailman_queue_t)
mta_tcp_connect_all_mailservers(mailman_queue_t)
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 6b60171..3888dce 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -118,7 +118,7 @@ template(`mta_base_mail_template',`
allow $1_mail_t $1_mail_tmp_t:dir create_dir_perms;
allow $1_mail_t $1_mail_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_mail_t, $1_mail_tmp_t, { file dir })
+ files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
allow $1_mail_t etc_mail_t:dir { getattr search };
@@ -214,16 +214,16 @@ template(`mta_per_userdomain_template',`
# Write to the user domain tty. cjp: why?
userdom_use_user_terminals($1,mta_user_agent)
# Create dead.letter in user home directories.
- userdom_manage_user_home_files($1,$1_mail_t)
- userdom_filetrans_user_home($1,$1_mail_t,file)
+ userdom_manage_user_home_content_files($1,$1_mail_t)
+ userdom_user_home_dir_filetrans_user_home_content($1,$1_mail_t,file)
# for reading .forward - maybe we need a new type for it?
# also for delivering mail to maildir
- userdom_manage_user_home_subdirs($1,mailserver_delivery)
- userdom_manage_user_home_files($1,mailserver_delivery)
- userdom_manage_user_home_symlinks($1,mailserver_delivery)
- userdom_manage_user_home_pipes($1,mailserver_delivery)
- userdom_manage_user_home_sockets($1,mailserver_delivery)
- userdom_filetrans_user_home($1,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
+ userdom_manage_user_home_content_dirs($1,mailserver_delivery)
+ userdom_manage_user_home_content_files($1,mailserver_delivery)
+ userdom_manage_user_home_content_symlinks($1,mailserver_delivery)
+ userdom_manage_user_home_content_pipes($1,mailserver_delivery)
+ userdom_manage_user_home_content_sockets($1,mailserver_delivery)
+ userdom_user_home_dir_filetrans_user_home_content($1,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
# Read user temporary files.
userdom_read_user_tmp_files($1,$1_mail_t)
userdom_dontaudit_append_user_tmp_files($1,$1_mail_t)
@@ -279,7 +279,7 @@ template(`mta_admin_template',`
ifdef(`strict_policy',`
# allow the sysadmin to do "mail someone < /home/user/whatever"
- userdom_read_unpriv_users_home_files($1_mail_t)
+ userdom_read_unpriv_users_home_content_files($1_mail_t)
')
optional_policy(`postfix',`
@@ -295,7 +295,7 @@ template(`mta_admin_template',`
allow $1_mail_t etc_aliases_t:lnk_file create_lnk_perms;
allow $1_mail_t etc_aliases_t:sock_file create_file_perms;
allow $1_mail_t etc_aliases_t:fifo_file create_file_perms;
- files_filetrans_etc($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
+ files_etc_filetrans($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
# postfix needs this for newaliases
files_getattr_tmp_dirs($1_mail_t)
@@ -304,7 +304,7 @@ template(`mta_admin_template',`
ifdef(`distro_redhat',`
# compatability for old default main.cf
- postfix_filetrans_config($1_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
+ postfix_config_filetrans($1_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
')
')
')
@@ -534,12 +534,12 @@ interface(`mta_read_aliases',`
## </summary>
## </param>
#
-interface(`mta_filetrans_aliases',`
+interface(`mta_etc_filetrans_aliases',`
gen_require(`
type etc_aliases_t;
')
- files_filetrans_etc($1,etc_aliases_t, file)
+ files_etc_filetrans($1,etc_aliases_t, file)
')
#######################################
@@ -661,7 +661,7 @@ interface(`mta_dontaudit_getattr_spool_files',`
## </summary>
## </param>
#
-interface(`mta_filetrans_spool',`
+interface(`mta_spool_filetrans',`
gen_require(`
type mail_spool_t;
')
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index b7f2cf1..df81f21 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -77,12 +77,12 @@ ifdef(`targeted_policy',`
# for reading .forward - maybe we need a new type for it?
# also for delivering mail to maildir
# cjp: fix this to generic_user interfaces
- userdom_manage_user_home_subdirs(user,mailserver_delivery)
- userdom_manage_generic_user_home_files(mailserver_delivery)
- userdom_manage_generic_user_home_symlinks(mailserver_delivery)
- userdom_manage_generic_user_home_sockets(mailserver_delivery)
- userdom_manage_generic_user_home_pipes(mailserver_delivery)
- userdom_filetrans_generic_user_home(mailserver_delivery,{ dir file lnk_file sock_file fifo_file })
+ userdom_manage_user_home_content_dirs(user,mailserver_delivery)
+ userdom_manage_generic_user_home_content_files(mailserver_delivery)
+ userdom_manage_generic_user_home_content_symlinks(mailserver_delivery)
+ userdom_manage_generic_user_home_content_sockets(mailserver_delivery)
+ userdom_manage_generic_user_home_content_pipes(mailserver_delivery)
+ userdom_generic_user_home_dir_filetrans_generic_user_home_content(mailserver_delivery,{ dir file lnk_file sock_file fifo_file })
# cjp: another require-in-else to resolve
# optional_policy(`postfix',`',`
@@ -140,7 +140,7 @@ optional_policy(`postfix',`
allow system_mail_t etc_aliases_t:lnk_file create_lnk_perms;
allow system_mail_t etc_aliases_t:sock_file create_file_perms;
allow system_mail_t etc_aliases_t:fifo_file create_file_perms;
- files_filetrans_etc(system_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
+ files_etc_filetrans(system_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
domain_use_interactive_fds(system_mail_t)
@@ -153,7 +153,7 @@ optional_policy(`postfix',`
ifdef(`distro_redhat',`
# compatability for old default main.cf
- postfix_filetrans_config(system_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
+ postfix_config_filetrans(system_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
')
optional_policy(`cron',`
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index aa6dc58..0e3f1cd 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -42,23 +42,23 @@ allow mysqld_t self:udp_socket create_socket_perms;
allow mysqld_t mysqld_db_t:dir create_dir_perms;
allow mysqld_t mysqld_db_t:file create_file_perms;
allow mysqld_t mysqld_db_t:lnk_file create_lnk_perms;
-files_filetrans_var_lib(mysqld_t,mysqld_db_t,{ dir file })
+files_var_lib_filetrans(mysqld_t,mysqld_db_t,{ dir file })
allow mysqld_t mysqld_etc_t:file { getattr read };
allow mysqld_t mysqld_etc_t:lnk_file { getattr read };
allow mysqld_t mysqld_etc_t:dir list_dir_perms;
allow mysqld_t mysqld_log_t:file create_file_perms;
-logging_filetrans_log(mysqld_t,mysqld_log_t)
+logging_log_filetrans(mysqld_t,mysqld_log_t)
allow mysqld_t mysqld_tmp_t:dir create_dir_perms;
allow mysqld_t mysqld_tmp_t:file create_file_perms;
-files_filetrans_tmp(mysqld_t, mysqld_tmp_t, { file dir })
+files_tmp_filetrans(mysqld_t, mysqld_tmp_t, { file dir })
allow mysqld_t mysqld_var_run_t:dir rw_dir_perms;
allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
allow mysqld_t mysqld_var_run_t:file create_file_perms;
-files_filetrans_pid(mysqld_t,mysqld_var_run_t)
+files_pid_filetrans(mysqld_t,mysqld_var_run_t)
kernel_list_proc(mysqld_t)
kernel_read_kernel_sysctls(mysqld_t)
@@ -108,7 +108,7 @@ sysnet_read_config(mysqld_t)
userdom_dontaudit_use_unpriv_user_fds(mysqld_t)
# for /root/.my.cnf - should not be needed:
-userdom_read_sysadm_home_files(mysqld_t)
+userdom_read_sysadm_home_content_files(mysqld_t)
ifdef(`distro_redhat',`
# because Fedora has the sock_file in the database directory
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 189b266..7529c39 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -32,7 +32,7 @@ allow NetworkManager_t self:packet_socket create_socket_perms;
allow NetworkManager_t NetworkManager_var_run_t:file create_file_perms;
allow NetworkManager_t NetworkManager_var_run_t:dir create_dir_perms;
allow NetworkManager_t NetworkManager_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
+files_pid_filetrans(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
@@ -103,10 +103,10 @@ sysnet_delete_dhcpc_pid(NetworkManager_t)
sysnet_search_dhcp_state(NetworkManager_t)
# in /etc created by NetworkManager will be labelled net_conf_t.
sysnet_manage_config(NetworkManager_t)
-sysnet_filetrans_config(NetworkManager_t)
+sysnet_etc_filetrans_config(NetworkManager_t)
userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
-userdom_dontaudit_search_sysadm_home_dir(NetworkManager_t)
+userdom_dontaudit_search_sysadm_home_dirs(NetworkManager_t)
userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
ifdef(`targeted_policy', `
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 590597a..f2a9f22 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -54,11 +54,11 @@ allow ypbind_t self:udp_socket create_socket_perms;
allow ypbind_t ypbind_tmp_t:dir create_dir_perms;
allow ypbind_t ypbind_tmp_t:file create_file_perms;
-files_filetrans_tmp(ypbind_t, ypbind_tmp_t, { file dir })
+files_tmp_filetrans(ypbind_t, ypbind_tmp_t, { file dir })
allow ypbind_t ypbind_var_run_t:file manage_file_perms;
allow ypbind_t ypbind_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(ypbind_t,ypbind_var_run_t)
+files_pid_filetrans(ypbind_t,ypbind_var_run_t)
allow ypbind_t var_yp_t:dir rw_dir_perms;
allow ypbind_t var_yp_t:file create_file_perms;
@@ -113,7 +113,7 @@ miscfiles_read_localization(ypbind_t)
sysnet_read_config(ypbind_t)
userdom_dontaudit_use_unpriv_user_fds(ypbind_t)
-userdom_dontaudit_search_sysadm_home_dir(ypbind_t)
+userdom_dontaudit_search_sysadm_home_dirs(ypbind_t)
portmap_udp_send(ypbind_t)
@@ -151,7 +151,7 @@ allow yppasswdd_t self:udp_socket create_socket_perms;
allow yppasswdd_t yppasswdd_var_run_t:file create_file_perms;
allow yppasswdd_t yppasswdd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(yppasswdd_t,yppasswdd_var_run_t)
+files_pid_filetrans(yppasswdd_t,yppasswdd_var_run_t)
allow yppasswdd_t var_yp_t:dir rw_dir_perms;
allow yppasswdd_t var_yp_t:file create_file_perms;
@@ -214,7 +214,7 @@ miscfiles_read_localization(yppasswdd_t)
sysnet_read_config(yppasswdd_t)
userdom_dontaudit_use_unpriv_user_fds(yppasswdd_t)
-userdom_dontaudit_search_sysadm_home_dir(yppasswdd_t)
+userdom_dontaudit_search_sysadm_home_dirs(yppasswdd_t)
portmap_udp_send(yppasswdd_t)
@@ -256,11 +256,11 @@ allow ypserv_t ypserv_conf_t:file { getattr read };
allow ypserv_t ypserv_tmp_t:dir create_dir_perms;
allow ypserv_t ypserv_tmp_t:file create_file_perms;
-files_filetrans_tmp(ypserv_t, ypserv_tmp_t, { file dir })
+files_tmp_filetrans(ypserv_t, ypserv_tmp_t, { file dir })
allow ypserv_t ypserv_var_run_t:dir rw_dir_perms;
allow ypserv_t ypserv_var_run_t:file manage_file_perms;
-files_filetrans_pid(ypserv_t,ypserv_var_run_t)
+files_pid_filetrans(ypserv_t,ypserv_var_run_t)
kernel_read_kernel_sysctls(ypserv_t)
kernel_list_proc(ypserv_t)
@@ -309,7 +309,7 @@ miscfiles_read_localization(ypserv_t)
sysnet_read_config(ypserv_t)
userdom_dontaudit_use_unpriv_user_fds(ypserv_t)
-userdom_dontaudit_search_sysadm_home_dir(ypserv_t)
+userdom_dontaudit_search_sysadm_home_dirs(ypserv_t)
portmap_udp_send(ypserv_t)
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index 1fbb726..9604862 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -45,12 +45,12 @@ allow nscd_t self:udp_socket create_socket_perms;
allow nscd_t self:nscd { admin getstat };
allow nscd_t nscd_log_t:file create_file_perms;
-logging_filetrans_log(nscd_t,nscd_log_t)
+logging_log_filetrans(nscd_t,nscd_log_t)
allow nscd_t nscd_var_run_t:file create_file_perms;
allow nscd_t nscd_var_run_t:sock_file create_file_perms;
allow nscd_t nscd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(nscd_t,nscd_var_run_t,{ file sock_file })
+files_pid_filetrans(nscd_t,nscd_var_run_t,{ file sock_file })
kernel_read_kernel_sysctls(nscd_t)
kernel_list_proc(nscd_t)
@@ -111,7 +111,7 @@ seutil_sigchld_newrole(nscd_t)
sysnet_read_config(nscd_t)
userdom_dontaudit_use_unpriv_user_fds(nscd_t)
-userdom_dontaudit_search_sysadm_home_dir(nscd_t)
+userdom_dontaudit_search_sysadm_home_dirs(nscd_t)
ifdef(`targeted_policy',`
term_use_unallocated_ttys(nscd_t)
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index 990ff20..1bc5d90 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -49,16 +49,16 @@ can_exec(ntpd_t,ntpd_exec_t)
allow ntpd_t ntpd_log_t:file create_file_perms;
allow ntpd_t ntpd_log_t:dir { rw_dir_perms setattr };
-logging_filetrans_log(ntpd_t,ntpd_log_t,{ file dir })
+logging_log_filetrans(ntpd_t,ntpd_log_t,{ file dir })
# for some reason it creates a file in /tmp
allow ntpd_t ntpd_tmp_t:dir create_dir_perms;
allow ntpd_t ntpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(ntpd_t, ntpd_tmp_t, { file dir })
+files_tmp_filetrans(ntpd_t, ntpd_tmp_t, { file dir })
allow ntpd_t ntpd_var_run_t:file create_file_perms;
allow ntpd_t ntpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(ntpd_t,ntpd_var_run_t)
+files_pid_filetrans(ntpd_t,ntpd_var_run_t)
kernel_read_kernel_sysctls(ntpd_t)
kernel_read_system_state(ntpd_t)
@@ -113,8 +113,8 @@ miscfiles_read_localization(ntpd_t)
sysnet_read_config(ntpd_t)
userdom_dontaudit_use_unpriv_user_fds(ntpd_t)
-userdom_list_sysadm_home_dir(ntpd_t)
-userdom_dontaudit_list_sysadm_home_dir(ntpd_t)
+userdom_list_sysadm_home_dirs(ntpd_t)
+userdom_dontaudit_list_sysadm_home_dirs(ntpd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(ntpd_t)
diff --git a/refpolicy/policy/modules/services/openct.te b/refpolicy/policy/modules/services/openct.te
index 3c10585..57bf22b 100644
--- a/refpolicy/policy/modules/services/openct.te
+++ b/refpolicy/policy/modules/services/openct.te
@@ -23,7 +23,7 @@ allow openct_t self:process signal_perms;
allow openct_t openct_var_run_t:file create_file_perms;
allow openct_t openct_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(openct_t,openct_var_run_t)
+files_pid_filetrans(openct_t,openct_var_run_t)
kernel_read_kernel_sysctls(openct_t)
kernel_list_proc(openct_t)
@@ -54,7 +54,7 @@ logging_send_syslog_msg(openct_t)
miscfiles_read_localization(openct_t)
userdom_dontaudit_use_unpriv_user_fds(openct_t)
-userdom_dontaudit_search_sysadm_home_dir(openct_t)
+userdom_dontaudit_search_sysadm_home_dirs(openct_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(openct_t)
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index a7805de..e1eb171 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -54,12 +54,12 @@ allow pegasus_t pegasus_mof_t:lnk_file { getattr read };
allow pegasus_t pegasus_tmp_t:dir create_dir_perms;
allow pegasus_t pegasus_tmp_t:file create_file_perms;
-files_filetrans_tmp(pegasus_t, pegasus_tmp_t, { file dir })
+files_tmp_filetrans(pegasus_t, pegasus_tmp_t, { file dir })
allow pegasus_t pegasus_var_run_t:file create_file_perms;
allow pegasus_t pegasus_var_run_t:sock_file { create setattr unlink };
allow pegasus_t pegasus_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(pegasus_t,pegasus_var_run_t)
+files_pid_filetrans(pegasus_t,pegasus_var_run_t)
kernel_read_kernel_sysctls(pegasus_t)
kernel_read_fs_sysctls(pegasus_t)
@@ -109,7 +109,7 @@ miscfiles_read_localization(pegasus_t)
sysnet_read_config(pegasus_t)
userdom_dontaudit_use_unpriv_user_fds(pegasus_t)
-userdom_dontaudit_search_sysadm_home_dir(pegasus_t)
+userdom_dontaudit_search_sysadm_home_dirs(pegasus_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(pegasus_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index aca993b..46bddd5 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -36,11 +36,11 @@ allow portmap_t self:udp_socket create_socket_perms;
allow portmap_t portmap_tmp_t:dir create_dir_perms;
allow portmap_t portmap_tmp_t:file create_file_perms;
-files_filetrans_tmp(portmap_t, portmap_tmp_t, { file dir })
+files_tmp_filetrans(portmap_t, portmap_tmp_t, { file dir })
allow portmap_t portmap_var_run_t:file create_file_perms;
allow portmap_t portmap_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(portmap_t,portmap_var_run_t)
+files_pid_filetrans(portmap_t,portmap_var_run_t)
kernel_read_kernel_sysctls(portmap_t)
kernel_list_proc(portmap_t)
@@ -95,7 +95,7 @@ miscfiles_read_localization(portmap_t)
sysnet_read_config(portmap_t)
userdom_dontaudit_use_unpriv_user_fds(portmap_t)
-userdom_dontaudit_search_sysadm_home_dir(portmap_t)
+userdom_dontaudit_search_sysadm_home_dirs(portmap_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(portmap_t)
@@ -162,7 +162,7 @@ allow portmap_helper_t self:tcp_socket create_stream_socket_perms;
allow portmap_helper_t self:udp_socket create_socket_perms;
allow portmap_helper_t portmap_var_run_t:file create_file_perms;
-files_filetrans_pid(portmap_helper_t,portmap_var_run_t)
+files_pid_filetrans(portmap_helper_t,portmap_var_run_t)
corenet_tcp_sendrecv_all_if(portmap_helper_t)
corenet_udp_sendrecv_all_if(portmap_helper_t)
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index d3c86c2..fe36911 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -45,7 +45,7 @@ template(`postfix_domain_template',`
allow postfix_$1_t postfix_spool_t:dir r_dir_perms;
allow postfix_$1_t postfix_var_run_t:file manage_file_perms;
- files_filetrans_pid(postfix_$1_t,postfix_var_run_t)
+ files_pid_filetrans(postfix_$1_t,postfix_var_run_t)
kernel_read_system_state(postfix_$1_t)
kernel_read_network_state(postfix_$1_t)
@@ -216,7 +216,7 @@ interface(`postfix_read_config',`
## </summary>
## </param>
#
-interface(`postfix_filetrans_config',`
+interface(`postfix_config_filetrans',`
gen_require(`
type postfix_etc_t;
')
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index 31794c4..b38aeee 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -257,7 +257,7 @@ allow postfix_local_t self:process { setsched setrlimit };
allow postfix_local_t postfix_local_tmp_t:dir create_dir_perms;
allow postfix_local_t postfix_local_tmp_t:file create_file_perms;
-files_filetrans_tmp(postfix_local_t, postfix_local_tmp_t, { file dir })
+files_tmp_filetrans(postfix_local_t, postfix_local_tmp_t, { file dir })
# connect to master process
allow postfix_local_t postfix_master_t:unix_stream_socket connectto;
@@ -301,7 +301,7 @@ allow postfix_map_t postfix_etc_t:lnk_file create_lnk_perms;
allow postfix_map_t postfix_map_tmp_t:dir create_dir_perms;
allow postfix_map_t postfix_map_tmp_t:file create_file_perms;
-files_filetrans_tmp(postfix_map_t, postfix_map_tmp_t, { file dir })
+files_tmp_filetrans(postfix_map_t, postfix_map_tmp_t, { file dir })
kernel_read_kernel_sysctls(postfix_map_t)
kernel_dontaudit_list_proc(postfix_map_t)
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index 477b642..4a9ca6e 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -48,7 +48,7 @@ allow postgresql_t postgresql_db_t:fifo_file create_file_perms;
allow postgresql_t postgresql_db_t:file create_file_perms;
allow postgresql_t postgresql_db_t:lnk_file create_lnk_perms;
allow postgresql_t postgresql_db_t:sock_file create_file_perms;
-files_filetrans_var_lib(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })
+files_var_lib_filetrans(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })
allow postgresql_t postgresql_etc_t:dir r_dir_perms;
allow postgresql_t postgresql_etc_t:file r_file_perms;
@@ -58,24 +58,24 @@ allow postgresql_t postgresql_exec_t:lnk_file { getattr read };
can_exec(postgresql_t, postgresql_exec_t )
allow postgresql_t postgresql_lock_t:file create_file_perms;
-files_filetrans_lock(postgresql_t,postgresql_lock_t)
+files_lock_filetrans(postgresql_t,postgresql_lock_t)
allow postgresql_t postgresql_log_t:dir rw_dir_perms;
allow postgresql_t postgresql_log_t:file create_file_perms;
-logging_filetrans_log(postgresql_t,postgresql_log_t,{ file dir })
+logging_log_filetrans(postgresql_t,postgresql_log_t,{ file dir })
allow postgresql_t postgresql_tmp_t:dir create_dir_perms;
allow postgresql_t postgresql_tmp_t:fifo_file create_file_perms;
allow postgresql_t postgresql_tmp_t:file create_file_perms;
allow postgresql_t postgresql_tmp_t:lnk_file create_lnk_perms;
allow postgresql_t postgresql_tmp_t:sock_file create_file_perms;
-files_filetrans_tmp(postgresql_t, postgresql_tmp_t, { dir file sock_file })
-fs_filetrans_tmpfs(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
+files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
+fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
allow postgresql_t postgresql_var_run_t:dir rw_dir_perms;
allow postgresql_t postgresql_var_run_t:file create_file_perms;
allow postgresql_t postgresql_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(postgresql_t,postgresql_var_run_t)
+files_pid_filetrans(postgresql_t,postgresql_var_run_t)
kernel_read_kernel_sysctls(postgresql_t)
kernel_read_system_state(postgresql_t)
@@ -136,7 +136,7 @@ seutil_dontaudit_search_config(postgresql_t)
sysnet_read_config(postgresql_t)
-userdom_dontaudit_search_sysadm_home_dir(postgresql_t)
+userdom_dontaudit_search_sysadm_home_dirs(postgresql_t)
userdom_dontaudit_use_sysadm_ttys(postgresql_t)
userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 941f901..864bdc3 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -80,23 +80,23 @@ allow pppd_t pppd_devpts_t:chr_file { rw_file_perms setattr };
allow pppd_t pppd_etc_t:dir rw_dir_perms;
allow pppd_t pppd_etc_t:file r_file_perms;
allow pppd_t pppd_etc_t:lnk_file { getattr read };
-files_filetrans_etc(pppd_t,pppd_etc_t)
+files_etc_filetrans(pppd_t,pppd_etc_t)
allow pppd_t pppd_etc_rw_t:file create_file_perms;
allow pppd_t pppd_lock_t:file create_file_perms;
-files_filetrans_lock(pppd_t,pppd_lock_t)
+files_lock_filetrans(pppd_t,pppd_lock_t)
allow pppd_t pppd_log_t:file create_file_perms;
-logging_filetrans_log(pppd_t,pppd_log_t)
+logging_log_filetrans(pppd_t,pppd_log_t)
allow pppd_t pppd_tmp_t:dir create_dir_perms;
allow pppd_t pppd_tmp_t:file create_file_perms;
-files_filetrans_tmp(pppd_t, pppd_tmp_t, { file dir })
+files_tmp_filetrans(pppd_t, pppd_tmp_t, { file dir })
allow pppd_t pppd_var_run_t:dir rw_dir_perms;
allow pppd_t pppd_var_run_t:file create_file_perms;
-files_filetrans_pid(pppd_t,pppd_var_run_t)
+files_pid_filetrans(pppd_t,pppd_var_run_t)
allow pppd_t pptp_t:process signal;
@@ -170,10 +170,10 @@ sysnet_exec_ifconfig(pppd_t)
sysnet_manage_config(pppd_t)
userdom_dontaudit_use_unpriv_user_fds(pppd_t)
-userdom_dontaudit_search_sysadm_home_dir(pppd_t)
+userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
# for ~/.ppprc - if it actually exists then you need some policy to read it
#allow pppd_t { sysadm_home_dir_t home_root_t user_home_dir_type }:dir search;
-userdom_search_sysadm_home_dir(pppd_t)
+userdom_search_sysadm_home_dirs(pppd_t)
userdom_search_unpriv_users_home_dirs(pppd_t)
ifdef(`targeted_policy', `
@@ -248,12 +248,12 @@ can_exec(pptp_t, pppd_etc_rw_t)
allow pptp_t pppd_log_t:file append;
allow pptp_t pptp_log_t:file create_file_perms;
-logging_filetrans_log(pptp_t,pptp_log_t)
+logging_log_filetrans(pptp_t,pptp_log_t)
allow pptp_t pptp_var_run_t:file create_file_perms;
allow pptp_t pptp_var_run_t:dir rw_dir_perms;
allow pptp_t pptp_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(pptp_t,pptp_var_run_t)
+files_pid_filetrans(pptp_t,pptp_var_run_t)
kernel_list_proc(pptp_t)
kernel_read_kernel_sysctls(pptp_t)
@@ -294,7 +294,7 @@ miscfiles_read_localization(pptp_t)
sysnet_read_config(pptp_t)
userdom_dontaudit_use_unpriv_user_fds(pptp_t)
-userdom_dontaudit_search_sysadm_home_dir(pptp_t)
+userdom_dontaudit_search_sysadm_home_dirs(pptp_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(pptp_t)
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index 00d5514..df6d6e4 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -32,11 +32,11 @@ allow privoxy_t privoxy_etc_rw_t:file rw_file_perms;
allow privoxy_t privoxy_log_t:file create_file_perms;
allow privoxy_t privoxy_log_t:dir rw_dir_perms;
-logging_filetrans_log(privoxy_t,privoxy_log_t)
+logging_log_filetrans(privoxy_t,privoxy_log_t)
allow privoxy_t privoxy_var_run_t:file create_file_perms;
allow privoxy_t privoxy_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(privoxy_t,privoxy_var_run_t)
+files_pid_filetrans(privoxy_t,privoxy_var_run_t)
kernel_read_kernel_sysctls(privoxy_t)
kernel_list_proc(privoxy_t)
@@ -76,7 +76,7 @@ miscfiles_read_localization(privoxy_t)
sysnet_dns_name_resolve(privoxy_t)
userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
-userdom_dontaudit_search_sysadm_home_dir(privoxy_t)
+userdom_dontaudit_search_sysadm_home_dirs(privoxy_t)
# cjp: this should really not be needed
userdom_use_sysadm_terms(privoxy_t)
diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te
index 7e38643..a5fd87c 100644
--- a/refpolicy/policy/modules/services/procmail.te
+++ b/refpolicy/policy/modules/services/procmail.te
@@ -65,8 +65,8 @@ miscfiles_read_localization(procmail_t)
# only works until we define a different type for maildir
userdom_priveleged_home_dir_manager(procmail_t)
# Do not audit attempts to access /root.
-userdom_dontaudit_search_sysadm_home_dir(procmail_t)
-userdom_dontaudit_search_staff_home_dir(procmail_t)
+userdom_dontaudit_search_sysadm_home_dirs(procmail_t)
+userdom_dontaudit_search_staff_home_dirs(procmail_t)
mta_manage_spool(procmail_t)
diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te
index 6ee1d51..01ebb54 100644
--- a/refpolicy/policy/modules/services/radius.te
+++ b/refpolicy/policy/modules/services/radius.te
@@ -41,11 +41,11 @@ files_search_etc(radiusd_t)
allow radiusd_t radiusd_log_t:file create_file_perms;
allow radiusd_t radiusd_log_t:dir create_dir_perms;
-logging_filetrans_log(radiusd_t,radiusd_log_t,{ file dir })
+logging_log_filetrans(radiusd_t,radiusd_log_t,{ file dir })
allow radiusd_t radiusd_var_run_t:file create_file_perms;
allow radiusd_t radiusd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(radiusd_t,radiusd_var_run_t)
+files_pid_filetrans(radiusd_t,radiusd_var_run_t)
kernel_read_kernel_sysctls(radiusd_t)
kernel_read_system_state(radiusd_t)
@@ -100,7 +100,7 @@ miscfiles_read_localization(radiusd_t)
sysnet_read_config(radiusd_t)
userdom_dontaudit_use_unpriv_user_fds(radiusd_t)
-userdom_dontaudit_search_sysadm_home_dir(radiusd_t)
+userdom_dontaudit_search_sysadm_home_dirs(radiusd_t)
userdom_dontaudit_getattr_sysadm_home_dirs(radiusd_t)
ifdef(`targeted_policy', `
diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te
index 7a6fb7c..c80d3bf 100644
--- a/refpolicy/policy/modules/services/radvd.te
+++ b/refpolicy/policy/modules/services/radvd.te
@@ -32,7 +32,7 @@ allow radvd_t radvd_etc_t:file { getattr read };
allow radvd_t radvd_var_run_t:file create_file_perms;
allow radvd_t radvd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(radvd_t,radvd_var_run_t)
+files_pid_filetrans(radvd_t,radvd_var_run_t)
kernel_read_kernel_sysctls(radvd_t)
kernel_read_net_sysctls(radvd_t)
@@ -76,7 +76,7 @@ miscfiles_read_localization(radvd_t)
sysnet_read_config(radvd_t)
userdom_dontaudit_use_unpriv_user_fds(radvd_t)
-userdom_dontaudit_search_sysadm_home_dir(radvd_t)
+userdom_dontaudit_search_sysadm_home_dirs(radvd_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(radvd_t)
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index 675e8f5..838748f 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -40,7 +40,7 @@ allow remote_login_t self:msg { send receive };
allow remote_login_t remote_login_tmp_t:dir create_dir_perms;
allow remote_login_t remote_login_tmp_t:file create_file_perms;
-files_filetrans_tmp(remote_login_t, remote_login_tmp_t, { file dir })
+files_tmp_filetrans(remote_login_t, remote_login_tmp_t, { file dir })
kernel_read_system_state(remote_login_t)
kernel_read_kernel_sysctls(remote_login_t)
@@ -120,8 +120,8 @@ sysnet_dns_name_resolve(remote_login_t)
miscfiles_read_localization(remote_login_t)
-userdom_use_unpriv_users_fd(remote_login_t)
-userdom_search_all_users_home(remote_login_t)
+userdom_use_unpriv_users_fds(remote_login_t)
+userdom_search_all_users_home_content(remote_login_t)
# Only permit unprivileged user domains to be entered via rlogin,
# since very weak authentication is used.
userdom_signal_unpriv_users(remote_login_t)
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index 31655e7..3ad6d0c 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -41,11 +41,11 @@ can_exec(rlogind_t, rlogind_exec_t)
allow rlogind_t rlogind_tmp_t:dir create_dir_perms;
allow rlogind_t rlogind_tmp_t:file create_file_perms;
-files_filetrans_tmp(rlogind_t, rlogind_tmp_t, { file dir })
+files_tmp_filetrans(rlogind_t, rlogind_tmp_t, { file dir })
allow rlogind_t rlogind_var_run_t:file create_file_perms;
allow rlogind_t rlogind_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(rlogind_t,rlogind_var_run_t)
+files_pid_filetrans(rlogind_t,rlogind_var_run_t)
kernel_read_kernel_sysctls(rlogind_t)
kernel_read_system_state(rlogind_t)
@@ -90,7 +90,7 @@ sysnet_read_config(rlogind_t)
userdom_setattr_unpriv_users_ptys(rlogind_t)
# cjp: this is egregious
-userdom_read_all_users_home_files(rlogind_t)
+userdom_read_all_users_home_content_files(rlogind_t)
remotelogin_domtrans(rlogind_t)
diff --git a/refpolicy/policy/modules/services/roundup.te b/refpolicy/policy/modules/services/roundup.te
index 1a04c2e..50168fb 100644
--- a/refpolicy/policy/modules/services/roundup.te
+++ b/refpolicy/policy/modules/services/roundup.te
@@ -30,11 +30,11 @@ allow roundup_t self:udp_socket create_socket_perms;
allow roundup_t roundup_var_run_t:file create_file_perms;
allow roundup_t roundup_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(roundup_t,roundup_var_run_t)
+files_pid_filetrans(roundup_t,roundup_var_run_t)
allow roundup_t roundup_var_lib_t:file create_file_perms;
allow roundup_t roundup_var_lib_t:dir rw_dir_perms;
-files_filetrans_var_lib(roundup_t,roundup_var_lib_t)
+files_var_lib_filetrans(roundup_t,roundup_var_lib_t)
kernel_read_kernel_sysctls(roundup_t)
kernel_list_proc(roundup_t)
@@ -86,7 +86,7 @@ miscfiles_read_localization(roundup_t)
sysnet_read_config(roundup_t)
userdom_dontaudit_use_unpriv_user_fds(roundup_t)
-userdom_dontaudit_search_sysadm_home_dir(roundup_t)
+userdom_dontaudit_search_sysadm_home_dirs(roundup_t)
ifdef(`targeted_policy',`
files_dontaudit_read_root_files(roundup_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index 2611e71..741c612 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -43,7 +43,7 @@ allow rpcd_t self:file { getattr read };
allow rpcd_t rpcd_var_run_t:file manage_file_perms;
allow rpcd_t rpcd_var_run_t:dir { rw_dir_perms setattr };
-files_filetrans_pid(rpcd_t,rpcd_var_run_t)
+files_pid_filetrans(rpcd_t,rpcd_var_run_t)
kernel_search_network_state(rpcd_t)
# for rpc.rquotad
@@ -124,7 +124,7 @@ allow gssd_t self:fifo_file { read write };
allow gssd_t gssd_tmp_t:dir create_dir_perms;
allow gssd_t gssd_tmp_t:file create_file_perms;
-files_filetrans_tmp(gssd_t, gssd_tmp_t, { file dir })
+files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
kernel_read_network_state(gssd_t)
kernel_read_network_state_symlinks(gssd_t)
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
index 6069c54..0d78310 100644
--- a/refpolicy/policy/modules/services/rshd.te
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -65,7 +65,7 @@ seutil_read_default_contexts(rshd_t)
sysnet_read_config(rshd_t)
-userdom_search_all_users_home(rshd_t)
+userdom_search_all_users_home_content(rshd_t)
ifdef(`targeted_policy',`
unconfined_domain(rshd_t)
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index 5b4b55e..2939b65 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -44,11 +44,11 @@ allow rsync_t rsync_data_t:lnk_file r_file_perms;
allow rsync_t rsync_tmp_t:dir create_dir_perms;
allow rsync_t rsync_tmp_t:file create_file_perms;
-files_filetrans_tmp(rsync_t, rsync_tmp_t, { file dir })
+files_tmp_filetrans(rsync_t, rsync_tmp_t, { file dir })
allow rsync_t rsync_var_run_t:file create_file_perms;
allow rsync_t rsync_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(rsync_t,rsync_var_run_t)
+files_pid_filetrans(rsync_t,rsync_var_run_t)
kernel_read_kernel_sysctls(rsync_t)
kernel_read_system_state(rsync_t)
diff --git a/refpolicy/policy/modules/services/samba.if b/refpolicy/policy/modules/services/samba.if
index 3e5a308..a38a6ea 100644
--- a/refpolicy/policy/modules/services/samba.if
+++ b/refpolicy/policy/modules/services/samba.if
@@ -33,11 +33,11 @@ template(`samba_per_userdomain_template',`
')
tunable_policy(`samba_enable_home_dirs',`
- userdom_manage_user_home_files($1,smbd_t)
- userdom_manage_user_home_symlinks($1,smbd_t)
- userdom_manage_user_home_sockets($1,smbd_t)
- userdom_manage_user_home_pipes($1,smbd_t)
- userdom_filetrans_user_home($1,smbd_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_manage_user_home_content_files($1,smbd_t)
+ userdom_manage_user_home_content_symlinks($1,smbd_t)
+ userdom_manage_user_home_content_sockets($1,smbd_t)
+ userdom_manage_user_home_content_pipes($1,smbd_t)
+ userdom_user_home_dir_filetrans_user_home_content($1,smbd_t,{ dir file lnk_file sock_file fifo_file })
')
')
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 25dc988..9d72348 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -103,7 +103,7 @@ type_transition samba_net_t samba_etc_t:file samba_secrets_t;
allow samba_net_t samba_net_tmp_t:dir create_dir_perms;
allow samba_net_t samba_net_tmp_t:file create_file_perms;
-files_filetrans_tmp(samba_net_t, samba_net_tmp_t, { file dir })
+files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
allow samba_net_t samba_var_t:dir rw_dir_perms;
allow samba_net_t samba_var_t:lnk_file create_lnk_perms;
@@ -139,7 +139,7 @@ miscfiles_read_localization(samba_net_t)
sysnet_read_config(samba_net_t)
-userdom_dontaudit_search_sysadm_home_dir(samba_net_t)
+userdom_dontaudit_search_sysadm_home_dirs(samba_net_t)
ifdef(`targeted_policy',`
term_use_generic_ptys(samba_net_t)
@@ -212,14 +212,14 @@ allow smbd_t samba_var_t:sock_file create_file_perms;
allow smbd_t smbd_tmp_t:dir create_dir_perms;
allow smbd_t smbd_tmp_t:file create_file_perms;
-files_filetrans_tmp(smbd_t, smbd_tmp_t, { file dir })
+files_tmp_filetrans(smbd_t, smbd_tmp_t, { file dir })
allow smbd_t nmbd_var_run_t:file rw_file_perms;
allow smbd_t smbd_var_run_t:dir create_dir_perms;
allow smbd_t smbd_var_run_t:file create_file_perms;
allow smbd_t smbd_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(smbd_t,smbd_var_run_t)
+files_pid_filetrans(smbd_t,smbd_var_run_t)
allow smbd_t winbind_var_run_t:sock_file { read write getattr };
@@ -284,9 +284,9 @@ mount_send_nfs_client_request(smbd_t)
sysnet_read_config(smbd_t)
-userdom_dontaudit_search_sysadm_home_dir(smbd_t)
+userdom_dontaudit_search_sysadm_home_dirs(smbd_t)
userdom_dontaudit_use_unpriv_user_fds(smbd_t)
-userdom_use_unpriv_users_fd(smbd_t)
+userdom_use_unpriv_users_fds(smbd_t)
ifdef(`targeted_policy', `
files_dontaudit_read_root_files(smbd_t)
@@ -356,7 +356,7 @@ allow nmbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow nmbd_t nmbd_var_run_t:file create_file_perms;
allow nmbd_t nmbd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(nmbd_t,nmbd_var_run_t)
+files_pid_filetrans(nmbd_t,nmbd_var_run_t)
allow nmbd_t samba_etc_t:dir { search getattr };
allow nmbd_t samba_etc_t:file { getattr read };
@@ -415,9 +415,9 @@ miscfiles_read_localization(nmbd_t)
sysnet_read_config(nmbd_t)
-userdom_dontaudit_search_sysadm_home_dir(nmbd_t)
+userdom_dontaudit_search_sysadm_home_dirs(nmbd_t)
userdom_dontaudit_use_unpriv_user_fds(nmbd_t)
-userdom_use_unpriv_users_fd(nmbd_t)
+userdom_use_unpriv_users_fds(nmbd_t)
ifdef(`targeted_policy', `
files_dontaudit_read_root_files(nmbd_t)
@@ -559,11 +559,11 @@ allow swat_t smbd_var_run_t:file read;
allow swat_t swat_tmp_t:dir create_dir_perms;
allow swat_t swat_tmp_t:file create_file_perms;
-files_filetrans_tmp(swat_t, swat_tmp_t, { file dir })
+files_tmp_filetrans(swat_t, swat_tmp_t, { file dir })
allow swat_t swat_var_run_t:file create_file_perms;
allow swat_t swat_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(swat_t,swat_var_run_t)
+files_pid_filetrans(swat_t,swat_var_run_t)
allow swat_t winbind_exec_t:file execute;
@@ -652,16 +652,16 @@ allow winbind_t samba_var_t:file create_file_perms;
allow winbind_t samba_var_t:lnk_file create_lnk_perms;
allow winbind_t winbind_log_t:file create_file_perms;
-logging_filetrans_log(winbind_t,winbind_log_t)
+logging_log_filetrans(winbind_t,winbind_log_t)
allow winbind_t winbind_tmp_t:dir create_dir_perms;
allow winbind_t winbind_tmp_t:file create_file_perms;
-files_filetrans_tmp(winbind_t, winbind_tmp_t, { file dir })
+files_tmp_filetrans(winbind_t, winbind_tmp_t, { file dir })
allow winbind_t winbind_var_run_t:file create_file_perms;
allow winbind_t winbind_var_run_t:sock_file create_file_perms;
allow winbind_t winbind_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(winbind_t,winbind_var_run_t)
+files_pid_filetrans(winbind_t,winbind_var_run_t)
kernel_read_kernel_sysctls(winbind_t)
kernel_list_proc(winbind_t)
@@ -708,7 +708,7 @@ sysnet_read_config(winbind_t)
sysnet_dns_name_resolve(winbind_t)
userdom_dontaudit_use_unpriv_user_fds(winbind_t)
-userdom_dontaudit_search_sysadm_home_dir(winbind_t)
+userdom_dontaudit_search_sysadm_home_dirs(winbind_t)
userdom_priveleged_home_dir_manager(winbind_t)
ifdef(`targeted_policy', `
diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te
index c3fe9f6..f45f555 100644
--- a/refpolicy/policy/modules/services/sasl.te
+++ b/refpolicy/policy/modules/services/sasl.te
@@ -29,7 +29,7 @@ allow saslauthd_t self:tcp_socket create_socket_perms;
allow saslauthd_t saslauthd_var_run_t:file create_file_perms;
allow saslauthd_t saslauthd_var_run_t:sock_file create_file_perms;
allow saslauthd_t saslauthd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(saslauthd_t,saslauthd_var_run_t)
+files_pid_filetrans(saslauthd_t,saslauthd_var_run_t)
kernel_read_kernel_sysctls(saslauthd_t)
kernel_read_system_state(saslauthd_t)
@@ -79,7 +79,7 @@ seutil_dontaudit_read_config(saslauthd_t)
sysnet_read_config(saslauthd_t)
userdom_dontaudit_use_unpriv_user_fds(saslauthd_t)
-userdom_dontaudit_search_sysadm_home_dir(saslauthd_t)
+userdom_dontaudit_search_sysadm_home_dirs(saslauthd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(saslauthd_t)
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index 28872b0..6af71b9 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -110,5 +110,5 @@ interface(`sendmail_create_log',`
type sendmail_log_t;
')
- logging_filetrans_log($1,sendmail_log_t,file)
+ logging_log_filetrans($1,sendmail_log_t,file)
')
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index c47c717..a03daf5 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -35,7 +35,7 @@ allow sendmail_t self:udp_socket create_socket_perms;
allow sendmail_t sendmail_log_t:file create_file_perms;
allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
-logging_filetrans_log(sendmail_t,sendmail_log_t,{ file dir })
+logging_log_filetrans(sendmail_t,sendmail_log_t,{ file dir })
kernel_read_kernel_sysctls(sendmail_t)
# for piping mail to a command
@@ -92,10 +92,10 @@ miscfiles_read_localization(sendmail_t)
sysnet_read_config(sendmail_t)
userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
-userdom_dontaudit_search_sysadm_home_dir(sendmail_t)
+userdom_dontaudit_search_sysadm_home_dirs(sendmail_t)
mta_read_config(sendmail_t)
-mta_filetrans_aliases(sendmail_t)
+mta_etc_filetrans_aliases(sendmail_t)
# Write to /etc/aliases and /etc/mail.
mta_rw_aliases(sendmail_t)
# Write to /var/spool/mail and /var/spool/mqueue.
@@ -110,10 +110,10 @@ ifdef(`targeted_policy',`
',`
allow sendmail_t sendmail_tmp_t:dir create_dir_perms;
allow sendmail_t sendmail_tmp_t:file create_file_perms;
- files_filetrans_tmp(sendmail_t, sendmail_tmp_t, { file dir })
+ files_tmp_filetrans(sendmail_t, sendmail_tmp_t, { file dir })
allow sendmail_t sendmail_var_run_t:file { getattr create read write append setattr unlink lock };
- files_filetrans_pid(sendmail_t,sendmail_var_run_t)
+ files_pid_filetrans(sendmail_t,sendmail_var_run_t)
')
optional_policy(`nis',`
diff --git a/refpolicy/policy/modules/services/slrnpull.te b/refpolicy/policy/modules/services/slrnpull.te
index 1c5679e..da215c1 100644
--- a/refpolicy/policy/modules/services/slrnpull.te
+++ b/refpolicy/policy/modules/services/slrnpull.te
@@ -28,7 +28,7 @@ dontaudit slrnpull_t self:capability sys_tty_config;
allow slrnpull_t self:process signal_perms;
allow slrnpull_t slrnpull_log_t:file create_file_perms;
-logging_filetrans_log(slrnpull_t,slrnpull_log_t)
+logging_log_filetrans(slrnpull_t,slrnpull_log_t)
allow slrnpull_t slrnpull_spool_t:dir rw_dir_perms;
allow slrnpull_t slrnpull_spool_t:dir create_dir_perms;
@@ -38,7 +38,7 @@ files_search_spool(slrnpull_t)
allow slrnpull_t slrnpull_var_run_t:file create_file_perms;
allow slrnpull_t slrnpull_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(slrnpull_t,slrnpull_var_run_t)
+files_pid_filetrans(slrnpull_t,slrnpull_var_run_t)
kernel_list_proc(slrnpull_t)
kernel_read_kernel_sysctls(slrnpull_t)
@@ -66,7 +66,7 @@ logging_send_syslog_msg(slrnpull_t)
miscfiles_read_localization(slrnpull_t)
userdom_dontaudit_use_unpriv_user_fds(slrnpull_t)
-userdom_dontaudit_search_sysadm_home_dir(slrnpull_t)
+userdom_dontaudit_search_sysadm_home_dirs(slrnpull_t)
ifdef(`targeted_policy',`
files_dontaudit_read_root_files(slrnpull_t)
diff --git a/refpolicy/policy/modules/services/smartmon.te b/refpolicy/policy/modules/services/smartmon.te
index dffd659..d0b84a1 100644
--- a/refpolicy/policy/modules/services/smartmon.te
+++ b/refpolicy/policy/modules/services/smartmon.te
@@ -31,11 +31,11 @@ allow fsdaemon_t self:udp_socket create_socket_perms;
allow fsdaemon_t fsdaemon_tmp_t:dir create_dir_perms;
allow fsdaemon_t fsdaemon_tmp_t:file create_file_perms;
-files_filetrans_tmp(fsdaemon_t, fsdaemon_tmp_t, { file dir })
+files_tmp_filetrans(fsdaemon_t, fsdaemon_tmp_t, { file dir })
allow fsdaemon_t fsdaemon_var_run_t:file create_file_perms;
allow fsdaemon_t fsdaemon_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(fsdaemon_t,fsdaemon_var_run_t)
+files_pid_filetrans(fsdaemon_t,fsdaemon_var_run_t)
kernel_read_kernel_sysctls(fsdaemon_t)
kernel_read_software_raid_state(fsdaemon_t)
@@ -86,7 +86,7 @@ miscfiles_read_localization(fsdaemon_t)
sysnet_read_config(fsdaemon_t)
userdom_dontaudit_use_unpriv_user_fds(fsdaemon_t)
-userdom_dontaudit_search_sysadm_home_dir(fsdaemon_t)
+userdom_dontaudit_search_sysadm_home_dirs(fsdaemon_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(fsdaemon_t)
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index 8da42d7..db1fd25 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -36,18 +36,18 @@ allow snmpd_t self:udp_socket connected_stream_socket_perms;
allow snmpd_t snmpd_etc_t:file { getattr read };
allow snmpd_t snmpd_log_t:file create_file_perms;
-logging_filetrans_log(snmpd_t,snmpd_log_t)
+logging_log_filetrans(snmpd_t,snmpd_log_t)
allow snmpd_t snmpd_var_lib_t:file create_file_perms;
allow snmpd_t snmpd_var_lib_t:sock_file create_file_perms;
allow snmpd_t snmpd_var_lib_t:dir create_dir_perms;
-files_filetrans_usr(snmpd_t,snmpd_var_lib_t)
-files_filetrans_var(snmpd_t,snmpd_var_lib_t,{ file dir sock_file })
-files_filetrans_var_lib(snmpd_t,snmpd_var_lib_t)
+files_usr_filetrans(snmpd_t,snmpd_var_lib_t)
+files_var_filetrans(snmpd_t,snmpd_var_lib_t,{ file dir sock_file })
+files_var_lib_filetrans(snmpd_t,snmpd_var_lib_t)
allow snmpd_t snmpd_var_run_t:file create_file_perms;
allow snmpd_t snmpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(snmpd_t,snmpd_var_run_t)
+files_pid_filetrans(snmpd_t,snmpd_var_run_t)
kernel_read_kernel_sysctls(snmpd_t)
kernel_read_net_sysctls(snmpd_t)
@@ -114,7 +114,7 @@ seutil_dontaudit_search_config(snmpd_t)
sysnet_read_config(snmpd_t)
userdom_dontaudit_use_unpriv_user_fds(snmpd_t)
-userdom_dontaudit_search_sysadm_home_dir(snmpd_t)
+userdom_dontaudit_search_sysadm_home_dirs(snmpd_t)
ifdef(`distro_redhat', `
optional_policy(`rpm',`
diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if
index f041eb6..00f5e90 100644
--- a/refpolicy/policy/modules/services/spamassassin.if
+++ b/refpolicy/policy/modules/services/spamassassin.if
@@ -54,7 +54,7 @@ template(`spamassassin_per_userdomain_template',`
role $3 types $1_spamassassin_t;
type $1_spamassassin_home_t alias $1_spamassassin_rw_t;
- userdom_user_home_file($1,$1_spamassassin_home_t)
+ userdom_user_home_content($1,$1_spamassassin_home_t)
files_poly_member($1_spamassassin_home_t)
type $1_spamassassin_tmp_t;
@@ -82,7 +82,7 @@ template(`spamassassin_per_userdomain_template',`
allow $1_spamc_t $1_spamc_tmp_t:dir create_dir_perms;
allow $1_spamc_t $1_spamc_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_spamc_t, $1_spamc_tmp_t, { file dir })
+ files_tmp_filetrans($1_spamc_t, $1_spamc_tmp_t, { file dir })
# Allow connecting to a local spamd
allow $1_spamc_t spamd_t:tcp_socket { connectto recvfrom };
@@ -147,7 +147,7 @@ template(`spamassassin_per_userdomain_template',`
sysnet_read_config($1_spamc_t)
- userdom_use_unpriv_users_fd($1_spamc_t)
+ userdom_use_unpriv_users_fds($1_spamc_t)
# cjp: this really should just be the
# terminal specific to the role
userdom_use_unpriv_users_ptys($1_spamc_t)
@@ -201,11 +201,11 @@ template(`spamassassin_per_userdomain_template',`
allow $1_spamassassin_t $1_spamassassin_home_t:lnk_file create_lnk_perms;
allow $1_spamassassin_t $1_spamassassin_home_t:sock_file create_file_perms;
allow $1_spamassassin_t $1_spamassassin_home_t:fifo_file create_file_perms;
- userdom_filetrans_user_home_dir($1,$1_spamassassin_t,$1_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_user_home_dir_filetrans($1,$1_spamassassin_t,$1_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
allow $1_spamassassin_t $1_spamassassin_tmp_t:dir create_dir_perms;
allow $1_spamassassin_t $1_spamassassin_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_spamassassin_t, $1_spamassassin_tmp_t, { file dir })
+ files_tmp_filetrans($1_spamassassin_t, $1_spamassassin_tmp_t, { file dir })
allow $2 $1_spamassassin_home_t:dir { create_dir_perms relabelfrom relabelto };
allow $2 $1_spamassassin_home_t:file { create_file_perms relabelfrom relabelto };
@@ -222,7 +222,7 @@ template(`spamassassin_per_userdomain_template',`
allow spamd_t $1_spamassassin_home_t:lnk_file create_lnk_perms;
allow spamd_t $1_spamassassin_home_t:sock_file create_file_perms;
allow spamd_t $1_spamassassin_home_t:fifo_file create_file_perms;
- userdom_filetrans_user_home_dir($1,spamd_t,$1_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_user_home_dir_filetrans($1,spamd_t,$1_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls($1_spamassassin_t)
@@ -262,8 +262,8 @@ template(`spamassassin_per_userdomain_template',`
sysnet_dns_name_resolve($1_spamassassin_t)
- userdom_use_unpriv_users_fd($1_spamassassin_t)
- userdom_search_user_home($1,$1_spamassassin_t)
+ userdom_use_unpriv_users_fds($1_spamassassin_t)
+ userdom_search_user_home_dirs($1,$1_spamassassin_t)
# cjp: this really should just be the
# terminal specific to the role
userdom_use_unpriv_users_ptys($1_spamassassin_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index eed5758..11f974f 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -51,11 +51,11 @@ allow spamd_t self:udp_socket create_socket_perms;
allow spamd_t spamd_tmp_t:dir create_dir_perms;
allow spamd_t spamd_tmp_t:file create_file_perms;
-files_filetrans_tmp(spamd_t, spamd_tmp_t, { file dir })
+files_tmp_filetrans(spamd_t, spamd_tmp_t, { file dir })
allow spamd_t spamd_var_run_t:file create_file_perms;
allow spamd_t spamd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(spamd_t,spamd_var_run_t)
+files_pid_filetrans(spamd_t,spamd_var_run_t)
kernel_read_all_sysctls(spamd_t)
kernel_read_system_state(spamd_t)
@@ -115,18 +115,18 @@ miscfiles_read_localization(spamd_t)
sysnet_read_config(spamd_t)
sysnet_use_ldap(spamd_t)
-userdom_use_unpriv_users_fd(spamd_t)
+userdom_use_unpriv_users_fds(spamd_t)
userdom_search_unpriv_users_home_dirs(spamd_t)
-userdom_dontaudit_search_sysadm_home_dir(spamd_t)
+userdom_dontaudit_search_sysadm_home_dirs(spamd_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(spamd_t)
term_dontaudit_use_generic_ptys(spamd_t)
files_dontaudit_read_root_files(spamd_t)
tunable_policy(`spamd_enable_home_dirs',`
- userdom_manage_generic_user_home_dirs(spamd_t)
- userdom_manage_generic_user_home_files(spamd_t)
- userdom_manage_generic_user_home_symlinks(spamd_t)
+ userdom_manage_generic_user_home_content_dirs(spamd_t)
+ userdom_manage_generic_user_home_content_files(spamd_t)
+ userdom_manage_generic_user_home_content_symlinks(spamd_t)
')
')
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index f11e92a..07f819d 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -58,11 +58,11 @@ can_exec(squid_t,squid_exec_t)
allow squid_t squid_log_t:file create_file_perms;
allow squid_t squid_log_t:dir rw_dir_perms;
-logging_filetrans_log(squid_t,squid_log_t,{ file dir })
+logging_log_filetrans(squid_t,squid_log_t,{ file dir })
allow squid_t squid_var_run_t:file create_file_perms;
allow squid_t squid_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(squid_t,squid_var_run_t)
+files_pid_filetrans(squid_t,squid_var_run_t)
kernel_read_kernel_sysctls(squid_t)
kernel_read_system_state(squid_t)
@@ -131,9 +131,9 @@ miscfiles_read_localization(squid_t)
sysnet_read_config(squid_t)
-userdom_use_unpriv_users_fd(squid_t)
+userdom_use_unpriv_users_fds(squid_t)
userdom_dontaudit_use_unpriv_user_fds(squid_t)
-userdom_dontaudit_search_sysadm_home_dir(squid_t)
+userdom_dontaudit_search_sysadm_home_dirs(squid_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(squid_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index 337db11..085171e 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -47,7 +47,7 @@ template(`ssh_per_userdomain_template',`
#
type $1_home_ssh_t;
- userdom_user_home_file($1,$1_home_ssh_t)
+ userdom_user_home_content($1,$1_home_ssh_t)
role $3 types $1_ssh_t;
type $1_ssh_t;
@@ -90,7 +90,7 @@ template(`ssh_per_userdomain_template',`
allow $1_ssh_t $1_ssh_tmpfs_t:lnk_file create_lnk_perms;
allow $1_ssh_t $1_ssh_tmpfs_t:sock_file manage_file_perms;
allow $1_ssh_t $1_ssh_tmpfs_t:fifo_file manage_file_perms;
- fs_filetrans_tmpfs($1_ssh_t,$1_ssh_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_ssh_t,$1_ssh_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# Transition from the user domain to the derived domain.
domain_auto_trans($2, ssh_exec_t, $1_ssh_t)
@@ -105,7 +105,7 @@ template(`ssh_per_userdomain_template',`
# Access the ssh temporary files.
allow $1_ssh_t sshd_tmp_t:dir create_dir_perms;
allow $1_ssh_t sshd_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_ssh_t, sshd_tmp_t, { file dir })
+ files_tmp_filetrans($1_ssh_t, sshd_tmp_t, { file dir })
# for rsync
allow $1_ssh_t $2:unix_stream_socket rw_socket_perms;
@@ -124,7 +124,7 @@ template(`ssh_per_userdomain_template',`
allow $2 sshd_t:unix_stream_socket rw_stream_socket_perms;
# ssh client can manage the keys and config
- userdom_search_user_home($1,$1_ssh_t)
+ userdom_search_user_home_dirs($1,$1_ssh_t)
allow $1_ssh_t $1_home_ssh_t:dir r_dir_perms;
allow $1_ssh_t $1_home_ssh_t:file create_file_perms;
allow $1_ssh_t $1_home_ssh_t:lnk_file { getattr read };
@@ -181,7 +181,7 @@ template(`ssh_per_userdomain_template',`
sysnet_read_config($1_ssh_t)
sysnet_dns_name_resolve($1_ssh_t)
- userdom_use_unpriv_users_fd($1_ssh_t)
+ userdom_use_unpriv_users_fds($1_ssh_t)
# Write to the user domain tty.
userdom_use_user_terminals($1,$1_ssh_t)
@@ -440,7 +440,7 @@ template(`ssh_server_template', `
term_create_pty($1_t,$1_devpts_t)
allow $1_t $1_var_run_t:file create_file_perms;
- files_filetrans_pid($1_t,$1_var_run_t,file)
+ files_pid_filetrans($1_t,$1_var_run_t,file)
can_exec($1_t, sshd_exec_t)
@@ -513,7 +513,7 @@ template(`ssh_server_template', `
sysnet_read_config($1_t)
userdom_dontaudit_relabelfrom_unpriv_users_ptys($1_t)
- userdom_search_all_users_home($1_t)
+ userdom_search_all_users_home_content($1_t)
# Allow checking users mail at login
mta_getattr_spool($1_t)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index a52fc49..9828be8 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -82,7 +82,7 @@ ifdef(`targeted_policy',`',`
allow sshd_t sshd_tmp_t:dir create_dir_perms;
allow sshd_t sshd_tmp_t:file create_file_perms;
allow sshd_t sshd_tmp_t:sock_file create_file_perms;
- files_filetrans_tmp(sshd_t, sshd_tmp_t, { dir file sock_file })
+ files_tmp_filetrans(sshd_t, sshd_tmp_t, { dir file sock_file })
# for X forwarding
corenet_tcp_bind_xserver_port(sshd_t)
@@ -217,7 +217,7 @@ ifdef(`targeted_policy',`',`
allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms;
allow ssh_keygen_t sshd_key_t:file create_file_perms;
- files_filetrans_etc(ssh_keygen_t,sshd_key_t,file)
+ files_etc_filetrans(ssh_keygen_t,sshd_key_t,file)
kernel_read_kernel_sysctls(ssh_keygen_t)
diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te
index 6bf3ecc..47a194b 100644
--- a/refpolicy/policy/modules/services/stunnel.te
+++ b/refpolicy/policy/modules/services/stunnel.te
@@ -45,11 +45,11 @@ allow stunnel_t stunnel_etc_t:lnk_file { getattr read };
allow stunnel_t stunnel_tmp_t:dir create_dir_perms;
allow stunnel_t stunnel_tmp_t:file create_file_perms;
-files_filetrans_tmp(stunnel_t, stunnel_tmp_t, { file dir })
+files_tmp_filetrans(stunnel_t, stunnel_tmp_t, { file dir })
allow stunnel_t stunnel_var_run_t:file create_file_perms;
allow stunnel_t stunnel_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(stunnel_t,stunnel_var_run_t)
+files_pid_filetrans(stunnel_t,stunnel_var_run_t)
kernel_read_kernel_sysctls(stunnel_t)
kernel_read_system_state(stunnel_t)
@@ -95,7 +95,7 @@ ifdef(`distro_gentoo', `
init_use_script_ptys(stunnel_t)
userdom_dontaudit_use_unpriv_user_fds(stunnel_t)
- userdom_dontaudit_search_sysadm_home_dir(stunnel_t)
+ userdom_dontaudit_search_sysadm_home_dirs(stunnel_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(stunnel_t)
diff --git a/refpolicy/policy/modules/services/sysstat.te b/refpolicy/policy/modules/services/sysstat.te
index f0a84f2..a3b3844 100644
--- a/refpolicy/policy/modules/services/sysstat.te
+++ b/refpolicy/policy/modules/services/sysstat.te
@@ -27,7 +27,7 @@ can_exec(sysstat_t, sysstat_exec_t)
allow sysstat_t sysstat_log_t:file create_file_perms;
allow sysstat_t sysstat_log_t:dir rw_dir_perms;
-logging_filetrans_log(sysstat_t,sysstat_log_t,{ file dir })
+logging_log_filetrans(sysstat_t,sysstat_log_t,{ file dir })
# get info from /proc
kernel_read_system_state(sysstat_t)
@@ -59,7 +59,7 @@ libs_use_shared_libs(sysstat_t)
miscfiles_read_localization(sysstat_t)
-userdom_dontaudit_list_sysadm_home_dir(sysstat_t)
+userdom_dontaudit_list_sysadm_home_dirs(sysstat_t)
optional_policy(`cron',`
cron_system_entry(sysstat_t,sysstat_exec_t)
diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te
index 447c3e2..dc6ec20 100644
--- a/refpolicy/policy/modules/services/tcpd.te
+++ b/refpolicy/policy/modules/services/tcpd.te
@@ -21,7 +21,7 @@ allow tcpd_t self:tcp_socket create_stream_socket_perms;
allow tcpd_t tcpd_tmp_t:dir create_dir_perms;
allow tcpd_t tcpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(tcpd_t, tcpd_tmp_t, { file dir })
+files_tmp_filetrans(tcpd_t, tcpd_tmp_t, { file dir })
corenet_raw_sendrecv_all_if(tcpd_t)
corenet_tcp_sendrecv_all_if(tcpd_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index e707da1..e682d0d 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -39,11 +39,11 @@ term_create_pty(telnetd_t,telnetd_devpts_t)
allow telnetd_t telnetd_tmp_t:dir create_dir_perms;
allow telnetd_t telnetd_tmp_t:file create_file_perms;
-files_filetrans_tmp(telnetd_t, telnetd_tmp_t, { file dir })
+files_tmp_filetrans(telnetd_t, telnetd_tmp_t, { file dir })
allow telnetd_t telnetd_var_run_t:file create_file_perms;
allow telnetd_t telnetd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(telnetd_t,telnetd_var_run_t)
+files_pid_filetrans(telnetd_t,telnetd_var_run_t)
kernel_read_kernel_sysctls(telnetd_t)
kernel_read_system_state(telnetd_t)
diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te
index 829137b..33c0b16 100644
--- a/refpolicy/policy/modules/services/tftp.te
+++ b/refpolicy/policy/modules/services/tftp.te
@@ -35,7 +35,7 @@ allow tftpd_t tftpdir_t:lnk_file { getattr read };
allow tftpd_t tftpd_var_run_t:file create_file_perms;
allow tftpd_t tftpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(tftpd_t,tftpd_var_run_t)
+files_pid_filetrans(tftpd_t,tftpd_var_run_t)
kernel_read_kernel_sysctls(tftpd_t)
kernel_list_proc(tftpd_t)
@@ -82,7 +82,7 @@ sysnet_read_config(tftpd_t)
userdom_dontaudit_use_unpriv_user_fds(tftpd_t)
userdom_dontaudit_use_sysadm_ttys(tftpd_t)
-userdom_dontaudit_search_sysadm_home_dir(tftpd_t)
+userdom_dontaudit_search_sysadm_home_dirs(tftpd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(tftpd_t)
diff --git a/refpolicy/policy/modules/services/timidity.te b/refpolicy/policy/modules/services/timidity.te
index 945716e..45d5f26 100644
--- a/refpolicy/policy/modules/services/timidity.te
+++ b/refpolicy/policy/modules/services/timidity.te
@@ -33,7 +33,7 @@ allow timidity_t timidity_tmpfs_t:file create_file_perms;
allow timidity_t timidity_tmpfs_t:lnk_file create_lnk_perms;
allow timidity_t timidity_tmpfs_t:sock_file create_file_perms;
allow timidity_t timidity_tmpfs_t:fifo_file create_file_perms;
-fs_filetrans_tmpfs(timidity_t,timidity_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_tmpfs_filetrans(timidity_t,timidity_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls(timidity_t)
# read /proc/cpuinfo
@@ -83,7 +83,7 @@ userdom_dontaudit_use_unpriv_user_fds(timidity_t)
# stupid timidity won't start if it can't search its current directory.
# allow this so /etc/init.d/alsasound start works from /root
# cjp: this should be fixed if possible so this rule can be removed.
-userdom_search_sysadm_home_dir(timidity_t)
+userdom_search_sysadm_home_dirs(timidity_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(timidity_t)
diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te
index 75c1bee..73dc366 100644
--- a/refpolicy/policy/modules/services/uucp.te
+++ b/refpolicy/policy/modules/services/uucp.te
@@ -41,7 +41,7 @@ allow uucpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow uucpd_t uucpd_log_t:file create_file_perms;
allow uucpd_t uucpd_log_t:dir { rw_dir_perms setattr };
-logging_filetrans_log(uucpd_t,uucpd_log_t,{ file dir })
+logging_log_filetrans(uucpd_t,uucpd_log_t,{ file dir })
allow uucpd_t uucpd_ro_t:dir r_dir_perms;
allow uucpd_t uucpd_ro_t:file r_file_perms;
@@ -57,11 +57,11 @@ allow uucpd_t uucpd_spool_t:lnk_file create_lnk_perms;
allow uucpd_t uucpd_tmp_t:dir create_dir_perms;
allow uucpd_t uucpd_tmp_t:file create_file_perms;
-files_filetrans_tmp(uucpd_t, uucpd_tmp_t, { file dir })
+files_tmp_filetrans(uucpd_t, uucpd_tmp_t, { file dir })
allow uucpd_t uucpd_var_run_t:file create_file_perms;
allow uucpd_t uucpd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(uucpd_t,uucpd_var_run_t)
+files_pid_filetrans(uucpd_t,uucpd_var_run_t)
kernel_read_kernel_sysctls(uucpd_t)
kernel_read_system_state(uucpd_t)
diff --git a/refpolicy/policy/modules/services/xfs.te b/refpolicy/policy/modules/services/xfs.te
index 0e76f13..916d0a5 100644
--- a/refpolicy/policy/modules/services/xfs.te
+++ b/refpolicy/policy/modules/services/xfs.te
@@ -29,11 +29,11 @@ allow xfs_t self:unix_dgram_socket create_socket_perms;
allow xfs_t xfs_tmp_t:dir create_dir_perms;
allow xfs_t xfs_tmp_t:sock_file create_file_perms;
-files_filetrans_tmp(xfs_t, xfs_tmp_t, { sock_file dir })
+files_tmp_filetrans(xfs_t, xfs_tmp_t, { sock_file dir })
allow xfs_t xfs_var_run_t:file create_file_perms;
allow xfs_t xfs_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(xfs_t,xfs_var_run_t)
+files_pid_filetrans(xfs_t,xfs_var_run_t)
# Bind to /tmp/.font-unix/fs-1.
# cjp: I do not believe this has an effect.
@@ -66,11 +66,11 @@ miscfiles_read_localization(xfs_t)
miscfiles_read_fonts(xfs_t)
userdom_dontaudit_use_unpriv_user_fds(xfs_t)
-userdom_dontaudit_search_sysadm_home_dir(xfs_t)
+userdom_dontaudit_search_sysadm_home_dirs(xfs_t)
ifdef(`distro_debian',`
# for /tmp/.font-unix/fs7100
- init_filetrans_script_tmp(xfs_t,xfs_tmp_t,sock_file)
+ init_script_tmp_filetrans(xfs_t,xfs_tmp_t,sock_file)
')
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/services/xserver.if b/refpolicy/policy/modules/services/xserver.if
index 5b4b838..9572d18 100644
--- a/refpolicy/policy/modules/services/xserver.if
+++ b/refpolicy/policy/modules/services/xserver.if
@@ -61,7 +61,7 @@ template(`xserver_common_domain_template',`
allow $1_xserver_t $1_xserver_tmp_t:dir manage_dir_perms;
allow $1_xserver_t $1_xserver_tmp_t:file manage_file_perms;
allow $1_xserver_t $1_xserver_tmp_t:sock_file manage_file_perms;
- files_filetrans_tmp($1_xserver_t, $1_xserver_tmp_t, { file dir sock_file })
+ files_tmp_filetrans($1_xserver_t, $1_xserver_tmp_t, { file dir sock_file })
allow $1_xserver_t xdm_xserver_tmp_t:dir rw_dir_perms;
type_transition $1_xserver_t xdm_xserver_tmp_t:sock_file $1_xserver_tmp_t;
@@ -71,7 +71,7 @@ template(`xserver_common_domain_template',`
allow $1_xserver_t $1_xserver_tmpfs_t:lnk_file create_lnk_perms;
allow $1_xserver_t $1_xserver_tmpfs_t:sock_file manage_file_perms;
allow $1_xserver_t $1_xserver_tmpfs_t:fifo_file manage_file_perms;
- fs_filetrans_tmpfs($1_xserver_t,$1_xserver_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_xserver_t,$1_xserver_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow $1_xserver_t xkb_var_lib_t:dir rw_dir_perms;
allow $1_xserver_t xkb_var_lib_t:file manage_file_perms;
@@ -81,7 +81,7 @@ template(`xserver_common_domain_template',`
# Create files in /var/log with the xserver_log_t type.
allow $1_xserver_t xserver_log_t:file manage_file_perms;
allow $1_xserver_t xserver_log_t:dir r_dir_perms;
- logging_filetrans_log($1_xserver_t,xserver_log_t,file)
+ logging_log_filetrans($1_xserver_t,xserver_log_t,file)
kernel_read_system_state($1_xserver_t)
kernel_read_device_sysctls($1_xserver_t)
@@ -235,7 +235,7 @@ template(`xserver_per_userdomain_template',`
type $1_iceauth_home_t alias $1_iceauth_rw_t;
files_poly_member($1_iceauth_home_t)
- userdom_user_home_file($1,$1_iceauth_home_t)
+ userdom_user_home_content($1,$1_iceauth_home_t)
type $1_xauth_t;
domain_type($1_xauth_t)
@@ -243,7 +243,7 @@ template(`xserver_per_userdomain_template',`
type $1_xauth_home_t alias $1_xauth_rw_t;
files_poly_member($1_xauth_home_t)
- userdom_user_home_file($1,$1_xauth_home_t)
+ userdom_user_home_content($1,$1_xauth_home_t)
type $1_xauth_tmp_t;
files_tmp_file($1_xauth_tmp_t)
@@ -283,7 +283,7 @@ template(`xserver_per_userdomain_template',`
locallogin_use_fd($1_xserver_t)
- userdom_search_user_home($1,$1_xserver_t)
+ userdom_search_user_home_dirs($1,$1_xserver_t)
userdom_use_user_ttys($1,$1_xserver_t)
userdom_setattr_user_ttys($1,$1_xserver_t)
userdom_rw_user_tmpfs_files($1,$1_xserver_t)
@@ -314,11 +314,11 @@ template(`xserver_per_userdomain_template',`
allow $1_xauth_t self:unix_stream_socket create_stream_socket_perms;
allow $1_xauth_t $1_xauth_home_t:file manage_file_perms;
- userdom_filetrans_user_home_dir($1,$1_xauth_t,$1_xauth_home_t,file)
+ userdom_user_home_dir_filetrans($1,$1_xauth_t,$1_xauth_home_t,file)
allow $1_xauth_t $1_xauth_tmp_t:dir create_dir_perms;
allow $1_xauth_t $1_xauth_tmp_t:file create_file_perms;
- files_filetrans_tmp($1_xauth_t, $1_xauth_tmp_t, { file dir })
+ files_tmp_filetrans($1_xauth_t, $1_xauth_tmp_t, { file dir })
domain_auto_trans($2, xauth_exec_t, $1_xauth_t)
allow $2 $1_xauth_t:fd use;
@@ -342,7 +342,7 @@ template(`xserver_per_userdomain_template',`
allow $2 $1_xauth_home_t:file { relabelfrom relabelto };
allow xdm_t $1_xauth_home_t:file manage_file_perms;
- userdom_filetrans_user_home_dir($1,xdm_t,$1_xauth_home_t,file)
+ userdom_user_home_dir_filetrans($1,xdm_t,$1_xauth_home_t,file)
domain_use_interactive_fds($1_xauth_t)
@@ -393,7 +393,7 @@ template(`xserver_per_userdomain_template',`
allow $1_iceauth_t $2:process sigchld;
allow $1_iceauth_t $1_iceauth_home_t:file manage_file_perms;
- userdom_filetrans_user_home_dir($1,$1_iceauth_t,$1_iceauth_home_t,file)
+ userdom_user_home_dir_filetrans($1,$1_iceauth_t,$1_iceauth_home_t,file)
# allow ps to show iceauth
allow $2 $1_iceauth_t:dir { search getattr read };
@@ -553,9 +553,9 @@ template(`xserver_user_client_template',`
miscfiles_read_fonts($2)
- userdom_search_user_home($1,$2)
+ userdom_search_user_home_dirs($1,$2)
# for .xsession-errors
- userdom_dontaudit_write_user_home_files($1,$2)
+ userdom_dontaudit_write_user_home_content_files($1,$2)
xserver_ro_session_template(xdm,$2,$3)
xserver_rw_session_template($1,$2,$3)
diff --git a/refpolicy/policy/modules/services/xserver.te b/refpolicy/policy/modules/services/xserver.te
index 06423fc..21a978c 100644
--- a/refpolicy/policy/modules/services/xserver.te
+++ b/refpolicy/policy/modules/services/xserver.te
@@ -202,9 +202,9 @@ seutil_read_default_contexts(xdm_t)
sysnet_read_config(xdm_t)
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
-userdom_dontaudit_search_sysadm_home_dir(xdm_t)
+userdom_dontaudit_search_sysadm_home_dirs(xdm_t)
# for .dmrc
-userdom_read_unpriv_users_home_files(xdm_t)
+userdom_read_unpriv_users_home_content_files(xdm_t)
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -216,27 +216,27 @@ ifdef(`enable_polyinstantiation',`
ifdef(`strict_policy',`
allow xdm_t xdm_lock_t:file create_file_perms;
- files_filetrans_lock(xdm_t,xdm_lock_t)
+ files_lock_filetrans(xdm_t,xdm_lock_t)
allow xdm_t xdm_tmp_t:dir create_dir_perms;
allow xdm_t xdm_tmp_t:file create_file_perms;
allow xdm_t xdm_tmp_t:file create_file_perms;
- files_filetrans_tmp(xdm_t, xdm_tmp_t, { file dir sock_file })
+ files_tmp_filetrans(xdm_t, xdm_tmp_t, { file dir sock_file })
allow xdm_t xdm_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow xdm_t xdm_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow xdm_t xdm_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow xdm_t xdm_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow xdm_t xdm_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- fs_filetrans_tmpfs(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow xdm_t xdm_var_lib_t:file create_file_perms;
allow xdm_t xdm_var_lib_t:dir create_dir_perms;
- files_filetrans_var_lib(xdm_t,xdm_var_lib_t)
+ files_var_lib_filetrans(xdm_t,xdm_var_lib_t)
allow xdm_t xdm_var_run_t:dir manage_dir_perms;
allow xdm_t xdm_var_run_t:fifo_file manage_file_perms;
- files_filetrans_pid(xdm_t,xdm_var_run_t,{ dir fifo_file })
+ files_pid_filetrans(xdm_t,xdm_var_run_t,{ dir fifo_file })
allow xdm_t xdm_xserver_t:process signal;
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
@@ -267,7 +267,7 @@ ifdef(`strict_policy',`
allow xdm_t xserver_log_t:dir { rw_dir_perms setattr };
allow xdm_t xserver_log_t:file manage_file_perms;
allow xdm_t xserver_log_t:fifo_file manage_file_perms;
- logging_filetrans_log(xdm_t,xserver_log_t,file)
+ logging_log_filetrans(xdm_t,xserver_log_t,file)
domain_subj_id_change_exemption(xdm_t)
domain_role_change_exemption(xdm_t)
@@ -412,7 +412,7 @@ ifdef(`strict_policy',`
# xdm_xserver_t may no longer have any reason
# to read ROLE_home_t - examine this in more detail
# (xauth?)
- userdom_read_unpriv_users_home_files(xdm_xserver_t)
+ userdom_read_unpriv_users_home_content_files(xdm_xserver_t)
ifdef(`TODO',`
# Read all global and per user fonts
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index f23c3d9..b606499 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -45,16 +45,16 @@ allow zebra_t zebra_conf_t:lnk_file { getattr read };
allow zebra_t zebra_log_t:file create_file_perms;
allow zebra_t zebra_log_t:sock_file create_file_perms;
allow zebra_t zebra_log_t:dir { rw_dir_perms setattr };
-logging_filetrans_log(zebra_t,zebra_log_t,{ sock_file file dir })
+logging_log_filetrans(zebra_t,zebra_log_t,{ sock_file file dir })
# /tmp/.bgpd is such a bad idea!
allow zebra_t zebra_tmp_t:sock_file create_file_perms;
-files_filetrans_tmp(zebra_t,zebra_tmp_t,sock_file)
+files_tmp_filetrans(zebra_t,zebra_tmp_t,sock_file)
allow zebra_t zebra_var_run_t:file manage_file_perms;
allow zebra_t zebra_var_run_t:sock_file manage_file_perms;
allow zebra_t zebra_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(zebra_t,zebra_var_run_t, { file sock_file })
+files_pid_filetrans(zebra_t,zebra_var_run_t, { file sock_file })
kernel_read_system_state(zebra_t)
kernel_read_kernel_sysctls(zebra_t)
@@ -105,7 +105,7 @@ miscfiles_read_localization(zebra_t)
sysnet_read_config(zebra_t)
userdom_dontaudit_use_unpriv_user_fds(zebra_t)
-userdom_dontaudit_search_sysadm_home_dir(zebra_t)
+userdom_dontaudit_search_sysadm_home_dirs(zebra_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(zebra_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 34ba8a2..9e864a3 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -413,7 +413,7 @@ interface(`auth_manage_shadow',`
')
allow $1 shadow_t:file create_file_perms;
- files_filetrans_etc($1,shadow_t,file)
+ files_etc_filetrans($1,shadow_t,file)
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
')
@@ -1109,14 +1109,14 @@ interface(`auth_rw_login_records',`
#######################################
#
-# auth_filetrans_login_records(domain)
+# auth_log_filetrans_login_records(domain)
#
-interface(`auth_filetrans_login_records',`
+interface(`auth_log_filetrans_login_records',`
gen_require(`
type wtmp_t;
')
- logging_filetrans_log($1,wtmp_t,file)
+ logging_log_filetrans($1,wtmp_t,file)
')
#######################################
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 5f5fa7b..defb023 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -96,7 +96,7 @@ allow pam_t pam_var_run_t:file { getattr read unlink };
allow pam_t pam_tmp_t:dir create_dir_perms;
allow pam_t pam_tmp_t:file create_file_perms;
-files_filetrans_tmp(pam_t, pam_tmp_t, { file dir })
+files_tmp_filetrans(pam_t, pam_tmp_t, { file dir })
kernel_read_system_state(pam_t)
@@ -115,7 +115,7 @@ libs_use_shared_libs(pam_t)
logging_send_syslog_msg(pam_t)
-userdom_use_unpriv_users_fd(pam_t)
+userdom_use_unpriv_users_fds(pam_t)
optional_policy(`locallogin',`
locallogin_use_fd(pam_t)
diff --git a/refpolicy/policy/modules/system/fstools.te b/refpolicy/policy/modules/system/fstools.te
index 89c2d44..6283ca0 100644
--- a/refpolicy/policy/modules/system/fstools.te
+++ b/refpolicy/policy/modules/system/fstools.te
@@ -42,7 +42,7 @@ can_exec(fsadm_t, fsadm_exec_t)
allow fsadm_t fsadm_tmp_t:dir create_dir_perms;
allow fsadm_t fsadm_tmp_t:file create_file_perms;
-files_filetrans_tmp(fsadm_t, fsadm_tmp_t, { file dir })
+files_tmp_filetrans(fsadm_t, fsadm_tmp_t, { file dir })
# Enable swapping to files
allow fsadm_t swapfile_t:file { getattr swapon };
@@ -139,7 +139,7 @@ modutils_read_module_config(fsadm_t)
seutil_read_config(fsadm_t)
-userdom_use_unpriv_users_fd(fsadm_t)
+userdom_use_unpriv_users_fds(fsadm_t)
ifdef(`targeted_policy',`
term_use_unallocated_ttys(fsadm_t)
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index 3afcb6a..bebab10 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -44,21 +44,21 @@ allow getty_t self:process { getpgid getsession signal_perms };
allow getty_t getty_etc_t:dir r_dir_perms;
allow getty_t getty_etc_t:file r_file_perms;
allow getty_t getty_etc_t:lnk_file { getattr read };
-files_filetrans_etc(getty_t,getty_etc_t,{ file dir })
+files_etc_filetrans(getty_t,getty_etc_t,{ file dir })
allow getty_t getty_lock_t:file create_file_perms;
-files_filetrans_lock(getty_t,getty_lock_t)
+files_lock_filetrans(getty_t,getty_lock_t)
allow getty_t getty_log_t:file create_file_perms;
-logging_filetrans_log(getty_t,getty_log_t)
+logging_log_filetrans(getty_t,getty_log_t)
allow getty_t getty_tmp_t:file create_file_perms;
allow getty_t getty_tmp_t:dir create_dir_perms;
-files_filetrans_tmp(getty_t,getty_tmp_t,{ file dir })
+files_tmp_filetrans(getty_t,getty_tmp_t,{ file dir })
allow getty_t getty_var_run_t:file create_file_perms;
allow getty_t getty_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(getty_t,getty_var_run_t)
+files_pid_filetrans(getty_t,getty_var_run_t)
kernel_list_proc(getty_t)
kernel_read_proc_symlinks(getty_t)
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 481ebf3..723bd71 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -42,7 +42,7 @@ can_exec(hotplug_t,hotplug_exec_t)
allow hotplug_t hotplug_var_run_t:file manage_file_perms;
allow hotplug_t hotplug_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(hotplug_t,hotplug_var_run_t)
+files_pid_filetrans(hotplug_t,hotplug_var_run_t)
kernel_sigchld(hotplug_t)
kernel_setpgid(hotplug_t)
@@ -123,7 +123,7 @@ seutil_dontaudit_search_config(hotplug_t)
sysnet_read_config(hotplug_t)
userdom_dontaudit_use_unpriv_user_fds(hotplug_t)
-userdom_dontaudit_search_sysadm_home_dir(hotplug_t)
+userdom_dontaudit_search_sysadm_home_dirs(hotplug_t)
ifdef(`distro_redhat', `
optional_policy(`netutils',`
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 11109a2..1da9f70 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -816,7 +816,7 @@ interface(`init_rw_script_tmp_files',`
## </summary>
## </param>
#
-interface(`init_filetrans_script_tmp',`
+interface(`init_script_tmp_filetrans',`
gen_require(`
type initrc_tmp_t;
')
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 9cf5c54..d83d909 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -104,11 +104,11 @@ allow init_t initrc_t:unix_stream_socket connectto;
# For /var/run/shutdown.pid.
allow init_t init_var_run_t:file { create getattr read append write setattr unlink };
-files_filetrans_pid(init_t,init_var_run_t)
+files_pid_filetrans(init_t,init_var_run_t)
allow init_t initctl_t:fifo_file { create getattr read append write setattr unlink };
fs_associate_tmpfs(initctl_t)
-dev_filetrans_dev(init_t,initctl_t,fifo_file)
+dev_filetrans(init_t,initctl_t,fifo_file)
# Modify utmp.
allow init_t initrc_var_run_t:file { rw_file_perms setattr };
@@ -167,7 +167,7 @@ miscfiles_read_localization(init_t)
ifdef(`distro_redhat',`
fs_rw_tmpfs_chr_files(init_t)
- fs_filetrans_tmpfs(init_t,initctl_t,fifo_file)
+ fs_tmpfs_filetrans(init_t,initctl_t,fifo_file)
')
ifdef(`targeted_policy',`
@@ -224,12 +224,12 @@ allow initrc_t initrc_state_t:file create_file_perms;
allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
allow initrc_t initrc_var_run_t:file create_file_perms;
-files_filetrans_pid(initrc_t,initrc_var_run_t)
+files_pid_filetrans(initrc_t,initrc_var_run_t)
can_exec(initrc_t,initrc_tmp_t)
allow initrc_t initrc_tmp_t:file create_file_perms;
allow initrc_t initrc_tmp_t:dir create_dir_perms;
-files_filetrans_tmp(initrc_t,initrc_tmp_t, { file dir })
+files_tmp_filetrans(initrc_t,initrc_tmp_t, { file dir })
init_write_initctl(initrc_t)
@@ -382,7 +382,7 @@ sysnet_read_config(initrc_t)
udev_rw_db(initrc_t)
-userdom_read_all_users_home_files(initrc_t)
+userdom_read_all_users_home_content_files(initrc_t)
# Allow access to the sysadm TTYs. Note that this will give access to the
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
# started from init should be placed in their own domain.
@@ -391,7 +391,7 @@ userdom_use_sysadm_terms(initrc_t)
ifdef(`distro_debian',`
dev_setattr_generic_dirs(initrc_t)
- fs_filetrans_tmpfs(initrc_t,initrc_var_run_t,dir)
+ fs_tmpfs_filetrans(initrc_t,initrc_var_run_t,dir)
# for storing state under /dev/shm
fs_setattr_tmpfs_dirs(initrc_t)
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index 06a1537..9010cfe 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -57,7 +57,7 @@ allow ipsec_t ipsec_key_file_t:lnk_file r_file_perms;
allow ipsec_t ipsec_var_run_t:file create_file_perms;
allow ipsec_t ipsec_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(ipsec_t,ipsec_var_run_t,{ file sock_file })
+files_pid_filetrans(ipsec_t,ipsec_var_run_t,{ file sock_file })
can_exec(ipsec_t, ipsec_mgmt_exec_t)
@@ -122,7 +122,7 @@ miscfiles_read_localization(ipsec_t)
sysnet_read_config(ipsec_t)
userdom_dontaudit_use_unpriv_user_fds(ipsec_t)
-userdom_dontaudit_search_sysadm_home_dir(ipsec_t)
+userdom_dontaudit_search_sysadm_home_dirs(ipsec_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(ipsec_t)
@@ -156,17 +156,17 @@ allow ipsec_mgmt_t self:key_socket { create setopt };
allow ipsec_mgmt_t self:fifo_file rw_file_perms;
allow ipsec_mgmt_t ipsec_mgmt_lock_t:file create_file_perms;
-files_filetrans_lock(ipsec_mgmt_t,ipsec_mgmt_lock_t)
+files_lock_filetrans(ipsec_mgmt_t,ipsec_mgmt_lock_t)
allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file create_file_perms;
-files_filetrans_pid(ipsec_mgmt_t,ipsec_mgmt_var_run_t)
+files_pid_filetrans(ipsec_mgmt_t,ipsec_mgmt_var_run_t)
allow ipsec_mgmt_t ipsec_var_run_t:dir rw_dir_perms;
allow ipsec_mgmt_t ipsec_var_run_t:file create_file_perms;
allow ipsec_mgmt_t ipsec_var_run_t:lnk_file create_lnk_perms;
allow ipsec_mgmt_t ipsec_var_run_t:sock_file create_file_perms;
-files_filetrans_pid(ipsec_mgmt_t,ipsec_var_run_t,sock_file)
+files_pid_filetrans(ipsec_mgmt_t,ipsec_var_run_t,sock_file)
# _realsetup needs to be able to cat /var/run/pluto.pid,
# run ps on that pid, and delete the file
@@ -182,7 +182,7 @@ allow ipsec_mgmt_t ipsec_key_file_t:dir rw_dir_perms;
allow ipsec_mgmt_t ipsec_key_file_t:lnk_file create_lnk_perms;
# cjp: combo of file_type_auto_trans and rw_dir_create_file
allow ipsec_mgmt_t ipsec_key_file_t:file create_file_perms;
-files_filetrans_etc(ipsec_mgmt_t,ipsec_key_file_t)
+files_etc_filetrans(ipsec_mgmt_t,ipsec_key_file_t)
# whack needs to connect to pluto
allow ipsec_mgmt_t ipsec_var_run_t:sock_file { read write };
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index 437c2e9..c48dee8 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -27,13 +27,13 @@ dontaudit iptables_t self:capability sys_tty_config;
allow iptables_t self:process { sigchld sigkill sigstop signull signal };
allow iptables_t iptables_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(iptables_t,iptables_var_run_t)
+files_pid_filetrans(iptables_t,iptables_var_run_t)
can_exec(iptables_t,iptables_exec_t)
allow iptables_t iptables_tmp_t:dir create_dir_perms;
allow iptables_t iptables_tmp_t:file create_file_perms;
-files_filetrans_tmp(iptables_t, iptables_tmp_t, { file dir })
+files_tmp_filetrans(iptables_t, iptables_tmp_t, { file dir })
allow iptables_t self:rawip_socket create_socket_perms;
diff --git a/refpolicy/policy/modules/system/libraries.te b/refpolicy/policy/modules/system/libraries.te
index 2307e0b..18bbd24 100644
--- a/refpolicy/policy/modules/system/libraries.te
+++ b/refpolicy/policy/modules/system/libraries.te
@@ -52,7 +52,7 @@ init_system_domain(ldconfig_t,ldconfig_exec_t)
role system_r types ldconfig_t;
allow ldconfig_t ld_so_cache_t:file create_file_perms;
-files_filetrans_etc(ldconfig_t,ld_so_cache_t,file)
+files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)
allow ldconfig_t lib_t:dir rw_dir_perms;
allow ldconfig_t lib_t:lnk_file { getattr create read unlink };
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index 4d838db..5c99514 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -52,11 +52,11 @@ allow local_login_t self:msgq create_msgq_perms;
allow local_login_t self:msg { send receive };
allow local_login_t local_login_lock_t:file create_file_perms;
-files_filetrans_lock(local_login_t,local_login_lock_t)
+files_lock_filetrans(local_login_t,local_login_lock_t)
allow local_login_t local_login_tmp_t:dir create_dir_perms;
allow local_login_t local_login_tmp_t:file create_file_perms;
-files_filetrans_tmp(local_login_t, local_login_tmp_t, { file dir })
+files_tmp_filetrans(local_login_t, local_login_tmp_t, { file dir })
kernel_read_system_state(local_login_t)
kernel_read_kernel_sysctls(local_login_t)
@@ -165,8 +165,8 @@ seutil_read_default_contexts(local_login_t)
userdom_spec_domtrans_all_users(local_login_t)
userdom_signal_all_users(local_login_t)
-userdom_search_all_users_home(local_login_t)
-userdom_use_unpriv_users_fd(local_login_t)
+userdom_search_all_users_home_content(local_login_t)
+userdom_use_unpriv_users_fds(local_login_t)
userdom_sigchld_all_users(local_login_t)
# Search for mail spool file.
@@ -255,10 +255,10 @@ seutil_read_default_contexts(sulogin_t)
auth_read_shadow(sulogin_t)
userdom_shell_domtrans_sysadm(sulogin_t)
-userdom_use_unpriv_users_fd(sulogin_t)
+userdom_use_unpriv_users_fds(sulogin_t)
userdom_use_sysadm_ptys(sulogin_t)
-userdom_search_staff_home_dir(sulogin_t)
-userdom_search_sysadm_home_dir(sulogin_t)
+userdom_search_staff_home_dirs(sulogin_t)
+userdom_search_sysadm_home_dirs(sulogin_t)
# suse and debian do not use pam with sulogin...
ifdef(`distro_suse', `define(`sulogin_no_pam')')
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index dc93191..163ada1 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -91,9 +91,9 @@ interface(`logging_domtrans_syslog',`
########################################
#
-# logging_filetrans_log(domain,privatetype,[class(es)])
+# logging_log_filetrans(domain,privatetype,[class(es)])
#
-interface(`logging_filetrans_log',`
+interface(`logging_log_filetrans',`
gen_require(`
type var_log_t;
')
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 4b14048..c8cebad 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -131,7 +131,7 @@ allow auditd_t var_log_t:dir search;
allow auditd_t auditd_var_run_t:file create_file_perms;
allow auditd_t auditd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(auditd_t,auditd_var_run_t)
+files_pid_filetrans(auditd_t,auditd_var_run_t)
kernel_read_kernel_sysctls(auditd_t)
kernel_list_proc(auditd_t)
@@ -170,7 +170,7 @@ mls_rangetrans_target(auditd_t)
seutil_dontaudit_read_config(auditd_t)
userdom_dontaudit_use_unpriv_user_fds(auditd_t)
-userdom_dontaudit_search_sysadm_home_dir(auditd_t)
+userdom_dontaudit_search_sysadm_home_dirs(auditd_t)
# cjp: this is questionable
userdom_use_sysadm_ttys(auditd_t)
@@ -199,11 +199,11 @@ allow klogd_t self:process signal_perms;
allow klogd_t klogd_tmp_t:file create_file_perms;
allow klogd_t klogd_tmp_t:dir create_dir_perms;
-files_filetrans_tmp(klogd_t,klogd_tmp_t,{ file dir })
+files_tmp_filetrans(klogd_t,klogd_tmp_t,{ file dir })
allow klogd_t klogd_var_run_t:file create_file_perms;
allow klogd_t klogd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(klogd_t,klogd_var_run_t)
+files_pid_filetrans(klogd_t,klogd_var_run_t)
kernel_read_system_state(klogd_t)
kernel_read_messages(klogd_t)
@@ -240,7 +240,7 @@ miscfiles_read_localization(klogd_t)
mls_file_read_up(klogd_t)
-userdom_dontaudit_search_sysadm_home_dir(klogd_t)
+userdom_dontaudit_search_sysadm_home_dirs(klogd_t)
optional_policy(`udev',`
udev_read_db(klogd_t)
@@ -275,7 +275,7 @@ allow syslogd_t self:udp_socket { connected_socket_perms connect };
# Create and bind to /dev/log or /var/run/log.
allow syslogd_t devlog_t:sock_file create_file_perms;
-files_filetrans_pid(syslogd_t,devlog_t,sock_file)
+files_pid_filetrans(syslogd_t,devlog_t,sock_file)
# create/append log files.
allow syslogd_t var_log_t:dir rw_dir_perms;
@@ -286,15 +286,15 @@ allow syslogd_t var_log_t:dir { create setattr };
# manage temporary files
allow syslogd_t syslogd_tmp_t:file create_file_perms;
allow syslogd_t syslogd_tmp_t:dir create_dir_perms;
-files_filetrans_tmp(syslogd_t,syslogd_tmp_t,{ dir file })
+files_tmp_filetrans(syslogd_t,syslogd_tmp_t,{ dir file })
allow syslogd_t syslogd_var_run_t:file create_file_perms;
-files_filetrans_pid(syslogd_t,syslogd_var_run_t,file)
+files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
# manage pid file
allow syslogd_t syslogd_var_run_t:file create_file_perms;
allow syslogd_t syslogd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(syslogd_t,syslogd_var_run_t)
+files_pid_filetrans(syslogd_t,syslogd_var_run_t)
kernel_read_kernel_sysctls(syslogd_t)
kernel_read_proc_symlinks(syslogd_t)
@@ -303,7 +303,7 @@ kernel_read_messages(syslogd_t)
kernel_clear_ring_buffer(syslogd_t)
kernel_change_ring_buffer_level(syslogd_t)
-dev_filetrans_dev(syslogd_t,devlog_t,sock_file)
+dev_filetrans(syslogd_t,devlog_t,sock_file)
dev_read_sysfs(syslogd_t)
fs_search_auto_mountpoints(syslogd_t)
@@ -350,11 +350,11 @@ sysnet_read_config(syslogd_t)
miscfiles_read_localization(syslogd_t)
userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
-userdom_dontaudit_search_sysadm_home_dir(syslogd_t)
+userdom_dontaudit_search_sysadm_home_dirs(syslogd_t)
ifdef(`distro_suse',`
# suse creates a /dev/log under /var/lib/stunnel for chrooted stunnel
- files_filetrans_var_lib(syslogd_t,devlog_t,sock_file)
+ files_var_lib_filetrans(syslogd_t,devlog_t,sock_file)
')
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index feb536f..282f004 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -55,7 +55,7 @@ allow clvmd_t self:udp_socket create_socket_perms;
allow clvmd_t clvmd_var_run_t:file create_file_perms;
allow clvmd_t clvmd_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(clvmd_t,clvmd_var_run_t)
+files_pid_filetrans(clvmd_t,clvmd_var_run_t)
kernel_read_kernel_sysctls(clvmd_t)
kernel_list_proc(clvmd_t)
@@ -102,7 +102,7 @@ seutil_sigchld_newrole(clvmd_t)
sysnet_read_config(clvmd_t)
userdom_dontaudit_use_unpriv_user_fds(clvmd_t)
-userdom_dontaudit_search_sysadm_home_dir(clvmd_t)
+userdom_dontaudit_search_sysadm_home_dirs(clvmd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(clvmd_t)
@@ -139,7 +139,7 @@ allow lvm_t self:unix_dgram_socket create_socket_perms;
allow lvm_t lvm_tmp_t:dir create_dir_perms;
allow lvm_t lvm_tmp_t:file create_file_perms;
-files_filetrans_tmp(lvm_t, lvm_tmp_t, { file dir })
+files_tmp_filetrans(lvm_t, lvm_tmp_t, { file dir })
# /lib/lvm-<version> holds the actual LVM binaries (and symlinks)
allow lvm_t lvm_exec_t:dir search;
@@ -151,11 +151,11 @@ can_exec(lvm_t, lvm_exec_t)
# Creating lock files
allow lvm_t lvm_lock_t:dir rw_dir_perms;
allow lvm_t lvm_lock_t:file create_file_perms;
-files_filetrans_lock(lvm_t,lvm_lock_t)
+files_lock_filetrans(lvm_t,lvm_lock_t)
allow lvm_t lvm_var_run_t:file create_file_perms;
allow lvm_t lvm_var_run_t:dir create_dir_perms;
-files_filetrans_pid(lvm_t,lvm_var_run_t)
+files_pid_filetrans(lvm_t,lvm_var_run_t)
allow lvm_t lvm_etc_t:file r_file_perms;
allow lvm_t lvm_etc_t:lnk_file r_file_perms;
@@ -164,7 +164,7 @@ allow lvm_t lvm_etc_t:dir rw_dir_perms;
allow lvm_t lvm_metadata_t:file create_file_perms;
allow lvm_t lvm_metadata_t:dir rw_dir_perms;
type_transition lvm_t lvm_etc_t:file lvm_metadata_t;
-files_filetrans_etc(lvm_t,lvm_metadata_t,file)
+files_etc_filetrans(lvm_t,lvm_metadata_t,file)
kernel_read_system_state(lvm_t)
kernel_read_kernel_sysctls(lvm_t)
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 0b77d31..c50a9c2 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -166,7 +166,7 @@ can_exec(depmod_t, depmod_exec_t)
allow depmod_t modules_conf_t:file r_file_perms;
allow depmod_t modules_dep_t:file create_file_perms;
-bootloader_filetrans_modules(depmod_t,modules_dep_t)
+bootloader_modules_filetrans(depmod_t,modules_dep_t)
kernel_read_system_state(depmod_t)
@@ -196,8 +196,8 @@ libs_use_shared_libs(depmod_t)
# Read System.map from home directories.
files_list_home(depmod_t)
-userdom_read_staff_home_files(depmod_t)
-userdom_read_sysadm_home_files(depmod_t)
+userdom_read_staff_home_content_files(depmod_t)
+userdom_read_sysadm_home_content_files(depmod_t)
ifdef(`targeted_policy', `
term_use_unallocated_ttys(depmod_t)
@@ -228,8 +228,8 @@ can_exec(update_modules_t, update_modules_exec_t)
# manage module loading configuration
allow update_modules_t modules_conf_t:file create_file_perms;
-bootloader_filetrans_modules(update_modules_t,modules_conf_t)
-files_filetrans_etc(update_modules_t,modules_conf_t)
+bootloader_modules_filetrans(update_modules_t,modules_conf_t)
+files_etc_filetrans(update_modules_t,modules_conf_t)
# transition to depmod
domain_auto_trans(update_modules_t, depmod_exec_t, depmod_t)
@@ -240,7 +240,7 @@ allow depmod_t update_modules_t:process sigchld;
allow update_modules_t update_modules_tmp_t:dir create_dir_perms;
allow update_modules_t update_modules_tmp_t:file create_file_perms;
-files_filetrans_tmp(update_modules_t, update_modules_tmp_t, { file dir })
+files_tmp_filetrans(update_modules_t, update_modules_tmp_t, { file dir })
kernel_read_kernel_sysctls(update_modules_t)
kernel_read_system_state(update_modules_t)
@@ -272,7 +272,7 @@ logging_send_syslog_msg(update_modules_t)
miscfiles_read_localization(update_modules_t)
-userdom_dontaudit_search_sysadm_home_dir(update_modules_t)
+userdom_dontaudit_search_sysadm_home_dirs(update_modules_t)
ifdef(`targeted_policy',`
term_use_generic_ptys(update_modules_t)
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index f71f77d..cde1b95 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -23,7 +23,7 @@ allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown
allow mount_t mount_tmp_t:file create_file_perms;
allow mount_t mount_tmp_t:dir create_dir_perms;
-files_filetrans_tmp(mount_t,mount_tmp_t,{ file dir })
+files_tmp_filetrans(mount_t,mount_tmp_t,{ file dir })
kernel_read_system_state(mount_t)
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 6f95942..6b57cf5 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -38,15 +38,15 @@ allow cardmgr_t self:unix_dgram_socket create_socket_perms;
allow cardmgr_t self:unix_stream_socket create_socket_perms;
allow cardmgr_t cardmgr_lnk_t:lnk_file create_lnk_perms;
-dev_filetrans_dev(cardmgr_t,cardmgr_lnk_t,lnk_file)
+dev_filetrans(cardmgr_t,cardmgr_lnk_t,lnk_file)
# Create stab file
allow cardmgr_t cardmgr_var_lib_t:file create_file_perms;
allow cardmgr_t cardmgr_var_lib_t:dir rw_dir_perms;
-files_filetrans_var_lib(cardmgr_t,cardmgr_var_lib_t)
+files_var_lib_filetrans(cardmgr_t,cardmgr_var_lib_t)
allow cardmgr_t cardmgr_var_run_t:file create_file_perms;
-files_filetrans_pid(cardmgr_t,cardmgr_var_run_t)
+files_pid_filetrans(cardmgr_t,cardmgr_var_run_t)
kernel_read_system_state(cardmgr_t)
kernel_read_kernel_sysctls(cardmgr_t)
@@ -114,11 +114,11 @@ modutils_domtrans_insmod(cardmgr_t)
sysnet_domtrans_ifconfig(cardmgr_t)
# for /etc/resolv.conf
-sysnet_filetrans_config(cardmgr_t)
+sysnet_etc_filetrans_config(cardmgr_t)
sysnet_manage_config(cardmgr_t)
userdom_dontaudit_use_unpriv_user_fds(cardmgr_t)
-userdom_dontaudit_search_sysadm_home_dir(cardmgr_t)
+userdom_dontaudit_search_sysadm_home_dirs(cardmgr_t)
ifdef(`targeted_policy',`
term_use_unallocated_ttys(cardmgr_t)
diff --git a/refpolicy/policy/modules/system/raid.te b/refpolicy/policy/modules/system/raid.te
index d1149f0..ace3f78 100644
--- a/refpolicy/policy/modules/system/raid.te
+++ b/refpolicy/policy/modules/system/raid.te
@@ -24,7 +24,7 @@ dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
allow mdadm_t mdadm_var_run_t:file create_file_perms;
-files_filetrans_pid(mdadm_t,mdadm_var_run_t)
+files_pid_filetrans(mdadm_t,mdadm_var_run_t)
kernel_read_system_state(mdadm_t)
kernel_read_kernel_sysctls(mdadm_t)
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 3e18e2a..aeb7218 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -274,9 +274,9 @@ logging_send_syslog_msg(newrole_t)
miscfiles_read_localization(newrole_t)
-userdom_use_unpriv_users_fd(newrole_t)
+userdom_use_unpriv_users_fds(newrole_t)
# for some PAM modules and for cwd
-userdom_dontaudit_search_all_users_home(newrole_t)
+userdom_dontaudit_search_all_users_home_content(newrole_t)
ifdef(`targeted_policy',`
# newrole does not make any sense in
@@ -527,7 +527,7 @@ miscfiles_read_localization(setfiles_t)
userdom_use_all_users_fds(setfiles_t)
# for config files in a home directory
-userdom_read_all_users_home_files(setfiles_t)
+userdom_read_all_users_home_content_files(setfiles_t)
ifdef(`TODO',`
# for upgrading glibc and other shared objects - without this the upgrade
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 0d5a065..ebf653c 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -251,12 +251,12 @@ interface(`sysnet_dontaudit_read_config',`
## </summary>
## </param>
#
-interface(`sysnet_filetrans_config',`
+interface(`sysnet_etc_filetrans_config',`
gen_require(`
type net_conf_t;
')
- files_filetrans_etc($1,net_conf_t,file)
+ files_etc_filetrans($1,net_conf_t,file)
')
#######################################
@@ -459,7 +459,7 @@ interface(`sysnet_search_dhcp_state',`
## </summary>
## </param>
#
-interface(`sysnet_filetrans_dhcp_state',`
+interface(`sysnet_dhcp_state_filetrans',`
gen_require(`
type dhcp_state_t;
')
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 04c2767..1568eb6 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -65,17 +65,17 @@ type_transition dhcpc_t dhcp_state_t:file dhcpc_state_t;
# create pid file
allow dhcpc_t dhcpc_var_run_t:file create_file_perms;
allow dhcpc_t dhcpc_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(dhcpc_t,dhcpc_var_run_t)
+files_pid_filetrans(dhcpc_t,dhcpc_var_run_t)
# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
# in /etc created by dhcpcd will be labelled net_conf_t.
allow dhcpc_t net_conf_t:file create_file_perms;
-files_filetrans_etc(dhcpc_t,net_conf_t,file)
+files_etc_filetrans(dhcpc_t,net_conf_t,file)
# create temp files
allow dhcpc_t dhcpc_tmp_t:dir create_dir_perms;
allow dhcpc_t dhcpc_tmp_t:file create_file_perms;
-files_filetrans_tmp(dhcpc_t, dhcpc_tmp_t, { file dir })
+files_tmp_filetrans(dhcpc_t, dhcpc_tmp_t, { file dir })
can_exec(dhcpc_t, dhcpc_exec_t)
@@ -144,7 +144,7 @@ miscfiles_read_localization(dhcpc_t)
modutils_domtrans_insmod(dhcpc_t)
-userdom_dontaudit_search_staff_home_dir(dhcpc_t)
+userdom_dontaudit_search_staff_home_dirs(dhcpc_t)
ifdef(`distro_redhat', `
files_exec_etc_files(dhcpc_t)
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 2adc630..329b2da 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -66,11 +66,11 @@ allow udev_t udev_etc_t:file r_file_perms;
# create udev database in /dev/.udevdb
allow udev_t udev_tbl_t:file create_file_perms;
-dev_filetrans_dev(udev_t,udev_tbl_t,file)
+dev_filetrans(udev_t,udev_tbl_t,file)
allow udev_t udev_var_run_t:file create_file_perms;
allow udev_t udev_var_run_t:dir rw_dir_perms;
-files_filetrans_pid(udev_t,udev_var_run_t)
+files_pid_filetrans(udev_t,udev_var_run_t)
kernel_read_system_state(udev_t)
kernel_getattr_core_if(udev_t)
@@ -143,7 +143,7 @@ seutil_domtrans_restorecon(udev_t)
sysnet_domtrans_ifconfig(udev_t)
userdom_use_sysadm_ttys(udev_t)
-userdom_dontaudit_search_all_users_home(udev_t)
+userdom_dontaudit_search_all_users_home_content(udev_t)
ifdef(`distro_redhat',`
fs_manage_tmpfs_dirs(udev_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 2a768ca..9cb8e88 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -123,7 +123,7 @@ template(`base_user_template',`
allow $1_t $1_tmp_t:dir create_dir_perms;
allow $1_t $1_tmp_t:sock_file create_file_perms;
allow $1_t $1_tmp_t:fifo_file create_file_perms;
- files_filetrans_tmp($1_t, $1_tmp_t, { dir notdevfile_class_set })
+ files_tmp_filetrans($1_t, $1_tmp_t, { dir notdevfile_class_set })
# Bind to a Unix domain socket in /tmp.
# cjp: this is combination is not checked and should be removed
@@ -134,7 +134,7 @@ template(`base_user_template',`
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
allow $1_t $1_tmpfs_t:sock_file create_file_perms;
allow $1_t $1_tmpfs_t:fifo_file create_file_perms;
- fs_filetrans_tmpfs($1_t,$1_tmpfs_t, { dir notdevfile_class_set } )
+ fs_tmpfs_filetrans($1_t,$1_tmpfs_t, { dir notdevfile_class_set } )
allow $1_t $1_tty_device_t:chr_file { setattr rw_file_perms };
@@ -1001,7 +1001,7 @@ template(`admin_user_template',`
## </summary>
## </param>
#
-template(`userdom_user_home_file',`
+template(`userdom_user_home_content',`
gen_require(`
attribute $1_file_type;
')
@@ -1105,7 +1105,7 @@ template(`userdom_create_user_pty',`
## </summary>
## </param>
#
-template(`userdom_search_user_home',`
+template(`userdom_search_user_home_dirs',`
gen_require(`
type $1_home_dir_t;
')
@@ -1139,7 +1139,7 @@ template(`userdom_search_user_home',`
## </summary>
## </param>
#
-template(`userdom_list_user_home',`
+template(`userdom_list_user_home_dirs',`
gen_require(`
type $1_home_dir_t;
')
@@ -1222,7 +1222,7 @@ template(`userdom_user_home_domtrans',`
## </summary>
## </param>
#
-template(`userdom_dontaudit_list_user_home_dir',`
+template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
type $1_home_dir_t;
')
@@ -1257,7 +1257,7 @@ template(`userdom_dontaudit_list_user_home_dir',`
## </summary>
## </param>
#
-template(`userdom_manage_user_home_subdirs',`
+template(`userdom_manage_user_home_content_dirs',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1294,7 +1294,7 @@ template(`userdom_manage_user_home_subdirs',`
## </summary>
## </param>
#
-template(`userdom_dontaudit_setattr_user_home_files',`
+template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1327,7 +1327,7 @@ template(`userdom_dontaudit_setattr_user_home_files',`
## </summary>
## </param>
#
-template(`userdom_read_user_home_files',`
+template(`userdom_read_user_home_content_files',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1363,7 +1363,7 @@ template(`userdom_read_user_home_files',`
## </summary>
## </param>
#
-template(`userdom_dontaudit_read_user_home_files',`
+template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
type $1_home_t;
')
@@ -1397,7 +1397,7 @@ template(`userdom_dontaudit_read_user_home_files',`
## </summary>
## </param>
#
-template(`userdom_dontaudit_write_user_home_files',`
+template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
type $1_home_t;
')
@@ -1430,7 +1430,7 @@ template(`userdom_dontaudit_write_user_home_files',`
## </summary>
## </param>
#
-template(`userdom_read_user_home_symlinks',`
+template(`userdom_read_user_home_content_symlinks',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1466,7 +1466,7 @@ template(`userdom_read_user_home_symlinks',`
## </summary>
## </param>
#
-template(`userdom_exec_user_home_files',`
+template(`userdom_exec_user_home_content_files',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1502,7 +1502,7 @@ template(`userdom_exec_user_home_files',`
## </summary>
## </param>
#
-template(`userdom_dontaudit_exec_user_home_files',`
+template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
type $1_home_t;
')
@@ -1537,7 +1537,7 @@ template(`userdom_dontaudit_exec_user_home_files',`
## </summary>
## </param>
#
-template(`userdom_manage_user_home_files',`
+template(`userdom_manage_user_home_content_files',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1575,7 +1575,7 @@ template(`userdom_manage_user_home_files',`
## </summary>
## </param>
#
-template(`userdom_manage_user_home_symlinks',`
+template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1613,7 +1613,7 @@ template(`userdom_manage_user_home_symlinks',`
## </summary>
## </param>
#
-template(`userdom_manage_user_home_pipes',`
+template(`userdom_manage_user_home_content_pipes',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1651,7 +1651,7 @@ template(`userdom_manage_user_home_pipes',`
## </summary>
## </param>
#
-template(`userdom_manage_user_home_sockets',`
+template(`userdom_manage_user_home_content_sockets',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -1702,7 +1702,7 @@ template(`userdom_manage_user_home_sockets',`
## </summary>
## </param>
#
-template(`userdom_filetrans_user_home_dir',`
+template(`userdom_user_home_dir_filetrans',`
gen_require(`
type $1_home_dir_t;
')
@@ -1747,7 +1747,7 @@ template(`userdom_filetrans_user_home_dir',`
## </summary>
## </param>
#
-template(`userdom_filetrans_user_home',`
+template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
type $1_home_dir_t, $1_home_t;
')
@@ -3104,7 +3104,7 @@ interface(`userdom_entry_spec_domtrans_sysadm',`
## </summary>
## </param>
#
-interface(`userdom_search_staff_home_dir',`
+interface(`userdom_search_staff_home_dirs',`
gen_require(`
type staff_home_dir_t;
')
@@ -3124,7 +3124,7 @@ interface(`userdom_search_staff_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_dontaudit_search_staff_home_dir',`
+interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
type staff_home_dir_t;
')
@@ -3143,7 +3143,7 @@ interface(`userdom_dontaudit_search_staff_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_dontaudit_append_staff_home_files',`
+interface(`userdom_dontaudit_append_staff_home_content_files',`
gen_require(`
type staff_home_t;
')
@@ -3161,7 +3161,7 @@ interface(`userdom_dontaudit_append_staff_home_files',`
## </summary>
## </param>
#
-interface(`userdom_read_staff_home_files',`
+interface(`userdom_read_staff_home_content_files',`
gen_require(`
type staff_home_dir_t, staff_home_t;
')
@@ -3402,7 +3402,7 @@ interface(`userdom_rw_sysadm_pipes',`
## </summary>
## </param>
#
-interface(`userdom_getattr_sysadm_home_dir',`
+interface(`userdom_getattr_sysadm_home_dirs',`
gen_require(`
type sysadm_home_dir_t;
')
@@ -3448,7 +3448,7 @@ interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
## </summary>
## </param>
#
-interface(`userdom_search_sysadm_home_dir',`
+interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
type sysadm_home_dir_t;
')
@@ -3467,7 +3467,7 @@ interface(`userdom_search_sysadm_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_dontaudit_search_sysadm_home_dir',`
+interface(`userdom_dontaudit_search_sysadm_home_dirs',`
ifdef(`targeted_policy',`
gen_require(`
type user_home_dir_t;
@@ -3493,7 +3493,7 @@ interface(`userdom_dontaudit_search_sysadm_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_list_sysadm_home_dir',`
+interface(`userdom_list_sysadm_home_dirs',`
gen_require(`
type sysadm_home_dir_t;
')
@@ -3512,7 +3512,7 @@ interface(`userdom_list_sysadm_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_dontaudit_list_sysadm_home_dir',`
+interface(`userdom_dontaudit_list_sysadm_home_dirs',`
gen_require(`
type sysadm_home_dir_t;
')
@@ -3531,7 +3531,7 @@ interface(`userdom_dontaudit_list_sysadm_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_dontaudit_read_sysadm_home_files',`
+interface(`userdom_dontaudit_read_sysadm_home_content_files',`
ifdef(`targeted_policy',`
gen_require(`
type user_home_dir_t, user_home_t;
@@ -3571,7 +3571,7 @@ interface(`userdom_dontaudit_read_sysadm_home_files',`
## </summary>
## </param>
#
-interface(`userdom_filetrans_sysadm_home_dir',`
+interface(`userdom_sysadm_home_dir_filetrans',`
gen_require(`
type sysadm_home_dir_t;
')
@@ -3590,7 +3590,7 @@ interface(`userdom_filetrans_sysadm_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_search_sysadm_home_subdirs',`
+interface(`userdom_search_sysadm_home_content_dirs',`
gen_require(`
type sysadm_home_dir_t, sysadm_home_t;
')
@@ -3608,7 +3608,7 @@ interface(`userdom_search_sysadm_home_subdirs',`
## </summary>
## </param>
#
-interface(`userdom_read_sysadm_home_files',`
+interface(`userdom_read_sysadm_home_content_files',`
gen_require(`
type sysadm_home_dir_t, sysadm_home_t;
')
@@ -3628,7 +3628,7 @@ interface(`userdom_read_sysadm_home_files',`
## </summary>
## </param>
#
-interface(`userdom_list_all_users_home_dir',`
+interface(`userdom_list_all_users_home_dirs',`
gen_require(`
attribute home_dir_type;
')
@@ -3647,7 +3647,7 @@ interface(`userdom_list_all_users_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_search_all_users_home',`
+interface(`userdom_search_all_users_home_content',`
gen_require(`
attribute home_dir_type, home_type;
')
@@ -3666,7 +3666,7 @@ interface(`userdom_search_all_users_home',`
## </summary>
## </param>
#
-interface(`userdom_dontaudit_search_all_users_home',`
+interface(`userdom_dontaudit_search_all_users_home_content',`
gen_require(`
attribute home_dir_type, home_type;
')
@@ -3684,7 +3684,7 @@ interface(`userdom_dontaudit_search_all_users_home',`
## </summary>
## </param>
#
-interface(`userdom_read_all_users_home_files',`
+interface(`userdom_read_all_users_home_content_files',`
gen_require(`
attribute home_type;
')
@@ -3705,7 +3705,7 @@ interface(`userdom_read_all_users_home_files',`
## </summary>
## </param>
#
-interface(`userdom_manage_all_users_home_dirs',`
+interface(`userdom_manage_all_users_home_content_dirs',`
gen_require(`
attribute home_type;
')
@@ -3725,7 +3725,7 @@ interface(`userdom_manage_all_users_home_dirs',`
## </summary>
## </param>
#
-interface(`userdom_manage_all_users_home_files',`
+interface(`userdom_manage_all_users_home_content_files',`
gen_require(`
attribute home_type;
')
@@ -3746,7 +3746,7 @@ interface(`userdom_manage_all_users_home_files',`
## </summary>
## </param>
#
-interface(`userdom_manage_all_users_home_symlinks',`
+interface(`userdom_manage_all_users_home_content_symlinks',`
gen_require(`
attribute home_type;
')
@@ -3813,7 +3813,7 @@ interface(`userdom_signal_unpriv_users',`
## </summary>
## </param>
#
-interface(`userdom_use_unpriv_users_fd',`
+interface(`userdom_use_unpriv_users_fds',`
gen_require(`
attribute unpriv_userdomain;
')
@@ -3851,12 +3851,12 @@ interface(`userdom_dontaudit_use_unpriv_user_fds',`
## </summary>
## </param>
#
-interface(`userdom_filetrans_generic_user_home_dir',`
+interface(`userdom_home_filetrans_generic_user_home_dir',`
gen_require(`
type user_home_dir_t;
')
- files_filetrans_home($1,user_home_dir_t)
+ files_home_filetrans($1,user_home_dir_t)
')
########################################
@@ -3869,7 +3869,7 @@ interface(`userdom_filetrans_generic_user_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_search_generic_user_home_dir',`
+interface(`userdom_search_generic_user_home_dirs',`
gen_require(`
type user_home_dir_t;
')
@@ -3894,7 +3894,7 @@ interface(`userdom_search_generic_user_home_dir',`
## </summary>
## </param>
#
-interface(`userdom_filetrans_generic_user_home',`
+interface(`userdom_generic_user_home_dir_filetrans_generic_user_home_content',`
gen_require(`
type user_home_dir_t, user_home_t;
')
@@ -3939,7 +3939,7 @@ interface(`userdom_dontaudit_search_generic_user_home_dirs',`
## </summary>
## </param>
#
-interface(`userdom_manage_generic_user_home_dirs',`
+interface(`userdom_manage_generic_user_home_content_dirs',`
gen_require(`
type user_home_t;
')
@@ -3958,7 +3958,7 @@ interface(`userdom_manage_generic_user_home_dirs',`
## </summary>
## </param>
#
-interface(`userdom_manage_generic_user_home_files',`
+interface(`userdom_manage_generic_user_home_content_files',`
gen_require(`
type user_home_t;
')
@@ -3978,7 +3978,7 @@ interface(`userdom_manage_generic_user_home_files',`
## </summary>
## </param>
#
-interface(`userdom_manage_generic_user_home_symlinks',`
+interface(`userdom_manage_generic_user_home_content_symlinks',`
gen_require(`
type user_home_t;
')
@@ -3998,7 +3998,7 @@ interface(`userdom_manage_generic_user_home_symlinks',`
## </summary>
## </param>
#
-interface(`userdom_manage_generic_user_home_pipes',`
+interface(`userdom_manage_generic_user_home_content_pipes',`
gen_require(`
type user_home_t;
')
@@ -4018,7 +4018,7 @@ interface(`userdom_manage_generic_user_home_pipes',`
## </summary>
## </param>
#
-interface(`userdom_manage_generic_user_home_sockets',`
+interface(`userdom_manage_generic_user_home_content_sockets',`
gen_require(`
type user_home_t;
')
@@ -4057,7 +4057,7 @@ interface(`userdom_search_unpriv_users_home_dirs',`
## </summary>
## </param>
#
-interface(`userdom_read_unpriv_users_home_files',`
+interface(`userdom_read_unpriv_users_home_content_files',`
gen_require(`
attribute user_home_dir_type, user_home_type;
')
@@ -4423,5 +4423,5 @@ interface(`userdom_unconfined',`
')
allow $1 user_home_dir_t:dir create_dir_perms;
- files_filetrans_home($1,user_home_dir_t)
+ files_home_filetrans($1,user_home_dir_t)
')
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 61b0826..6f8a6e2 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -150,7 +150,7 @@ ifdef(`targeted_policy',`
# Add/remove user home directories
allow sysadm_t user_home_dir_t:dir create_dir_perms;
- files_filetrans_home(sysadm_t,user_home_dir_t)
+ files_home_filetrans(sysadm_t,user_home_dir_t)
corecmd_exec_shell(sysadm_t)
@@ -178,7 +178,7 @@ ifdef(`targeted_policy',`
mls_file_downgrade(secadm_t)
logging_read_audit_log(secadm_t)
logging_domtrans_auditctl(secadm_t)
- userdom_dontaudit_append_staff_home_files(secadm_t)
+ userdom_dontaudit_append_staff_home_content_files(secadm_t)
', `
logging_domtrans_auditctl(sysadm_t)
logging_read_audit_log(sysadm_t)
More information about the scm-commits
mailing list