[selinux-policy: 276/3172] start renaming filesystem interfaces
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:28:45 UTC 2010
commit 763c441e3b03983698ac2e5556f90803ce86693f
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jun 8 13:12:00 2005 +0000
start renaming filesystem interfaces
refpolicy/policy/global_tunables | 8 +-
refpolicy/policy/modules/admin/consoletype.te | 4 +-
refpolicy/policy/modules/admin/netutils.te | 6 +-
refpolicy/policy/modules/admin/rpm.te | 20 +-
refpolicy/policy/modules/admin/usermanage.te | 12 +-
refpolicy/policy/modules/apps/gpg.if | 2 +-
refpolicy/policy/modules/kernel/bootloader.te | 2 +-
refpolicy/policy/modules/kernel/devices.if | 6 +-
refpolicy/policy/modules/kernel/devices.te | 94 +++---
refpolicy/policy/modules/kernel/filesystem.if | 468 +++++++++++-----------
refpolicy/policy/modules/kernel/kernel.if | 24 +-
refpolicy/policy/modules/kernel/kernel.te | 10 +-
refpolicy/policy/modules/kernel/terminal.if | 2 +-
refpolicy/policy/modules/kernel/terminal.te | 2 +-
refpolicy/policy/modules/services/cron.if | 4 +-
refpolicy/policy/modules/services/cron.te | 6 +-
refpolicy/policy/modules/services/mta.te | 2 +-
refpolicy/policy/modules/services/remotelogin.te | 2 +-
refpolicy/policy/modules/services/sendmail.te | 4 +-
refpolicy/policy/modules/system/authlogin.if | 6 +-
refpolicy/policy/modules/system/authlogin.te | 6 +-
refpolicy/policy/modules/system/clock.te | 2 +-
refpolicy/policy/modules/system/domain.if | 2 +-
refpolicy/policy/modules/system/files.if | 30 +-
refpolicy/policy/modules/system/files.te | 80 ++--
refpolicy/policy/modules/system/getty.te | 2 +-
refpolicy/policy/modules/system/hostname.te | 4 +-
refpolicy/policy/modules/system/hotplug.te | 4 +-
refpolicy/policy/modules/system/init.te | 24 +-
refpolicy/policy/modules/system/iptables.te | 2 +-
refpolicy/policy/modules/system/libraries.te | 2 +-
refpolicy/policy/modules/system/locallogin.te | 2 +-
refpolicy/policy/modules/system/logging.te | 10 +-
refpolicy/policy/modules/system/lvm.te | 2 +-
refpolicy/policy/modules/system/modutils.te | 6 +-
refpolicy/policy/modules/system/mount.te | 22 +-
refpolicy/policy/modules/system/selinux.te | 20 +-
refpolicy/policy/modules/system/selinuxutil.te | 20 +-
refpolicy/policy/modules/system/sysnetwork.te | 4 +-
refpolicy/policy/modules/system/udev.te | 6 +-
refpolicy/policy/modules/system/userdomain.if | 57 ++-
41 files changed, 509 insertions(+), 482 deletions(-)
---
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index 9dc1832..69b4342 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -1,4 +1,10 @@
+## <tunable name="fcron_crond" dftval="false">
+## Enable extra rules in the cron domain
+## to support fcron.
+## </tunable>
+tunable_def(fcron_crond,false)
+
## <tunable name="use_dns" dftval="false">
-## Allow the use of DNS for name resolution.
+## Allow the use of DNS for name resolution.
## </tunable>
tunable_def(use_dns,false)
diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te
index 4560712..2ed973f 100644
--- a/refpolicy/policy/modules/admin/consoletype.te
+++ b/refpolicy/policy/modules/admin/consoletype.te
@@ -34,7 +34,7 @@ allow consoletype_t self:msg { send receive };
kernel_use_file_descriptors(consoletype_t)
kernel_ignore_read_system_state(consoletype_t)
-filesystem_get_all_filesystems_attributes(consoletype_t)
+fs_get_all_fs_attributes(consoletype_t)
terminal_use_console(consoletype_t)
terminal_use_general_physical_terminal(consoletype_t)
@@ -51,7 +51,7 @@ libraries_use_dynamic_loader(consoletype_t)
libraries_use_shared_libraries(consoletype_t)
ifdef(`distro_redhat', `
- filesystem_use_tmpfs_character_devices(consoletype_t)
+ fs_use_tmpfs_character_devices(consoletype_t)
')
optional_policy(`authlogin.te', `
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index ede8c86..9a35ab6 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -57,7 +57,7 @@ corenetwork_sendrecv_udp_on_all_ports(netutils_t)
corenetwork_bind_tcp_on_all_nodes(netutils_t)
corenetwork_bind_udp_on_all_nodes(netutils_t)
-filesystem_get_persistent_filesystem_attributes(netutils_t)
+fs_get_persistent_fs_attributes(netutils_t)
init_use_file_descriptors(netutils_t)
init_script_use_pseudoterminal(netutils_t)
@@ -115,7 +115,7 @@ corenetwork_sendrecv_udp_on_all_ports(ping_t)
corenetwork_bind_udp_on_all_nodes(ping_t)
corenetwork_bind_tcp_on_all_nodes(ping_t)
-filesystem_ignore_get_persistent_filesystem_attributes(ping_t)
+fs_ignore_get_persistent_fs_attributes(ping_t)
domain_use_widely_inheritable_file_descriptors(ping_t)
@@ -173,7 +173,7 @@ corenetwork_sendrecv_udp_on_all_ports(traceroute_t)
corenetwork_bind_udp_on_all_nodes(traceroute_t)
corenetwork_bind_tcp_on_all_nodes(traceroute_t)
-filesystem_ignore_get_persistent_filesystem_attributes(traceroute_t)
+fs_ignore_get_persistent_fs_attributes(traceroute_t)
domain_use_widely_inheritable_file_descriptors(traceroute_t)
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 83a0db6..40ab210 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -86,7 +86,7 @@ allow rpm_t rpm_tmpfs_t:file { create ioctl read getattr lock write setattr appe
allow rpm_t rpm_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow rpm_t rpm_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow rpm_t rpm_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-filesystem_create_private_tmpfs_data(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_create_private_tmpfs_data(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# Access /var/lib/rpm files
allow rpm_t rpm_var_lib_t:file { create ioctl read getattr lock write setattr append link unlink rename };
@@ -116,9 +116,9 @@ corenetwork_bind_udp_on_all_nodes(rpm_t)
devices_get_pseudorandom_data(rpm_t)
#devices_manage_all_device_types(rpm_t)
-#filesystem_manage_nfs_dir(rpm_t)
-#filesystem_manage_nfs_files(rpm_t)
-filesystem_get_all_filesystems_attributes(rpm_t)
+#fs_manage_nfs_dir(rpm_t)
+#fs_manage_nfs_files(rpm_t)
+fs_get_all_fs_attributes(rpm_t)
storage_raw_write_fixed_disk(rpm_t)
# for installing kernel packages
@@ -242,7 +242,7 @@ allow rpm_script_t rpm_script_tmpfs_t:file { create ioctl read getattr lock writ
allow rpm_script_t rpm_script_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow rpm_script_t rpm_script_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow rpm_script_t rpm_script_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-filesystem_create_private_tmpfs_data(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_create_private_tmpfs_data(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctl(rpm_script_t)
kernel_get_selinuxfs_mount_point(rpm_script_t)
@@ -259,12 +259,12 @@ devices_manage_generic_character_devices(rpm_script_t)
devices_manage_all_block_devices(rpm_script_t)
devices_manage_all_character_devices(rpm_script_t)
-filesystem_manage_nfs_files(rpm_script_t)
-filesystem_get_nfs_filesystem_attributes(rpm_script_t)
+fs_manage_nfs_files(rpm_script_t)
+fs_get_nfs_fs_attributes(rpm_script_t)
# why is this not using mount?
-filesystem_get_persistent_filesystem_attributes(rpm_script_t)
-filesystem_mount_persistent_filesystem(rpm_script_t)
-filesystem_unmount_persistent_filesystem(rpm_script_t)
+fs_get_persistent_fs_attributes(rpm_script_t)
+fs_mount_persistent_fs(rpm_script_t)
+fs_unmount_persistent_fs(rpm_script_t)
storage_raw_read_fixed_disk(rpm_script_t)
storage_raw_write_fixed_disk(rpm_script_t)
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 79064a9..3698461 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -87,7 +87,7 @@ kernel_compute_selinux_reachable_user_contexts(chfn_t)
terminal_use_all_private_physical_terminals(chfn_t)
terminal_use_all_private_pseudoterminals(chfn_t)
-filesystem_get_persistent_filesystem_attributes(chfn_t)
+fs_get_persistent_fs_attributes(chfn_t)
# for SSP
devices_get_pseudorandom_data(chfn_t)
@@ -163,7 +163,7 @@ kernel_read_system_state(crack_t)
# for SSP
devices_get_pseudorandom_data(crack_t)
-filesystem_get_persistent_filesystem_attributes(crack_t)
+fs_get_persistent_fs_attributes(crack_t)
files_read_general_system_config(crack_t)
files_read_runtime_system_config(crack_t)
@@ -217,7 +217,7 @@ kernel_compute_selinux_create_context(groupadd_t)
kernel_compute_selinux_relabel_context(groupadd_t)
kernel_compute_selinux_reachable_user_contexts(groupadd_t)
-filesystem_get_persistent_filesystem_attributes(groupadd_t)
+fs_get_persistent_fs_attributes(groupadd_t)
terminal_use_all_private_physical_terminals(groupadd_t)
terminal_use_all_private_pseudoterminals(groupadd_t)
@@ -295,7 +295,7 @@ kernel_compute_selinux_reachable_user_contexts(passwd_t)
# for SSP
devices_get_pseudorandom_data(passwd_t)
-filesystem_get_persistent_filesystem_attributes(passwd_t)
+fs_get_persistent_fs_attributes(passwd_t)
# /usr/bin/passwd asks for w access to utmp, but it will operate
# correctly without it. Do not audit write denials to utmp.
@@ -394,7 +394,7 @@ kernel_read_system_state(sysadm_passwd_t)
# for SSP
devices_get_pseudorandom_data(sysadm_passwd_t)
-filesystem_get_persistent_filesystem_attributes(sysadm_passwd_t)
+fs_get_persistent_fs_attributes(sysadm_passwd_t)
terminal_use_all_private_physical_terminals(sysadm_passwd_t)
terminal_use_all_private_pseudoterminals(sysadm_passwd_t)
@@ -483,7 +483,7 @@ kernel_compute_selinux_reachable_user_contexts(useradd_t)
# for getting the number of groups
kernel_read_kernel_sysctl(useradd_t)
-filesystem_get_persistent_filesystem_attributes(useradd_t)
+fs_get_persistent_fs_attributes(useradd_t)
terminal_use_all_private_physical_terminals(useradd_t)
terminal_use_all_private_pseudoterminals(useradd_t)
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 3ed253e..6f93c8a 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -79,7 +79,7 @@ define(`gpg_per_userdomain_template',`
devices_get_random_data($1_gpg_t)
devices_get_pseudorandom_data($1_gpg_t)
- filesystem_get_persistent_filesystem_attributes($1_gpg_t)
+ fs_get_persistent_fs_attributes($1_gpg_t)
files_read_general_system_config($1_gpg_t)
files_read_general_application_resources($1_gpg_t)
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index 6defbf2..925f84c 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -106,7 +106,7 @@ devices_get_pseudorandom_data(bootloader_t)
# for reading BIOS data
devices_raw_read_memory(bootloader_t)
-filesystem_get_persistent_filesystem_attributes(bootloader_t)
+fs_get_persistent_fs_attributes(bootloader_t)
terminal_get_all_private_physical_terminal_attributes(bootloader_t)
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 95c2e0f..3bcb1b6 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -12,10 +12,10 @@ define(`devices_make_device_node',`
typeattribute $1 device_node;
- filesystem_associate($1)
+ fs_associate($1)
optional_policy(`distro_redhat',`
- filesystem_tmpfs_associate($1)
+ fs_tmpfs_associate($1)
')
')
@@ -370,7 +370,7 @@ define(`devices_create_dev_entry',`
type_transition $1 device_t:$3 $2;
optional_policy(`distro_redhat',`
- filesystem_tmpfs_associate($2)
+ fs_tmpfs_associate($2)
')
')
diff --git a/refpolicy/policy/modules/kernel/devices.te b/refpolicy/policy/modules/kernel/devices.te
index aece234..a541a81 100644
--- a/refpolicy/policy/modules/kernel/devices.te
+++ b/refpolicy/policy/modules/kernel/devices.te
@@ -11,7 +11,7 @@ attribute memory_raw_write;
type device_t;
files_make_file(device_t)
files_make_mountpoint(device_t)
-filesystem_tmpfs_associate(device_t)
+fs_tmpfs_associate(device_t)
# Only directories and symlinks should be labeled device_t.
# If there are other files with this type, it is wrong.
@@ -25,142 +25,142 @@ filesystem_tmpfs_associate(device_t)
# Type for /dev/agpgart
#
type agp_device_t, device_node;
-filesystem_associate(agp_device_t)
-filesystem_tmpfs_associate(agp_device_t)
+fs_associate(agp_device_t)
+fs_tmpfs_associate(agp_device_t)
#
# Type for /dev/apm_bios
#
type apm_bios_t, device_node;
-filesystem_associate(apm_bios_t)
-filesystem_tmpfs_associate(apm_bios_t)
+fs_associate(apm_bios_t)
+fs_tmpfs_associate(apm_bios_t)
type cardmgr_dev_t, device_node;
-filesystem_associate(cardmgr_dev_t)
-filesystem_tmpfs_associate(cardmgr_dev_t)
+fs_associate(cardmgr_dev_t)
+fs_tmpfs_associate(cardmgr_dev_t)
#
# clock_device_t is the type of
# /dev/rtc.
#
type clock_device_t, device_node;
-filesystem_associate(clock_device_t)
-filesystem_tmpfs_associate(clock_device_t)
+fs_associate(clock_device_t)
+fs_tmpfs_associate(clock_device_t)
#
# cpu control devices /dev/cpu/0/*
#
type cpu_device_t, device_node;
-filesystem_associate(cpu_device_t)
-filesystem_tmpfs_associate(cpu_device_t)
+fs_associate(cpu_device_t)
+fs_tmpfs_associate(cpu_device_t)
type dri_device_t, device_node;
-filesystem_associate(dri_device_t)
-filesystem_tmpfs_associate(dri_device_t)
+fs_associate(dri_device_t)
+fs_tmpfs_associate(dri_device_t)
type event_device_t, device_node;
-filesystem_associate(event_device_t)
-filesystem_tmpfs_associate(event_device_t)
+fs_associate(event_device_t)
+fs_tmpfs_associate(event_device_t)
#
# Type for framebuffer /dev/fb/*
#
type framebuf_device_t, device_node;
-filesystem_associate(framebuf_device_t)
-filesystem_tmpfs_associate(framebuf_device_t)
+fs_associate(framebuf_device_t)
+fs_tmpfs_associate(framebuf_device_t)
#
# Type for /dev/mapper/control
#
type lvm_control_t, device_node;
-filesystem_associate(lvm_control_t)
-filesystem_tmpfs_associate(lvm_control_t)
+fs_associate(lvm_control_t)
+fs_tmpfs_associate(lvm_control_t)
#
# memory_device_t is the type of /dev/kmem,
# /dev/mem and /dev/port.
#
type memory_device_t, device_node;
-filesystem_associate(memory_device_t)
-filesystem_tmpfs_associate(memory_device_t)
+fs_associate(memory_device_t)
+fs_tmpfs_associate(memory_device_t)
neverallow ~memory_raw_read memory_device_t:{ chr_file blk_file } read;
neverallow ~memory_raw_write memory_device_t:{ chr_file blk_file } { append write };
type misc_device_t, device_node;
-filesystem_associate(misc_device_t)
-filesystem_tmpfs_associate(misc_device_t)
+fs_associate(misc_device_t)
+fs_tmpfs_associate(misc_device_t)
#
# A more general type for mouse devices.
#
type mouse_device_t, device_node;
-filesystem_associate(mouse_device_t)
-filesystem_tmpfs_associate(mouse_device_t)
+fs_associate(mouse_device_t)
+fs_tmpfs_associate(mouse_device_t)
#
# Type for /dev/cpu/mtrr and /proc/mtrr
#
type mtrr_device_t, device_node;
-filesystem_associate(mtrr_device_t)
-filesystem_tmpfs_associate(mtrr_device_t)
+fs_associate(mtrr_device_t)
+fs_tmpfs_associate(mtrr_device_t)
genfscon proc /mtrr context_template(system_u:object_r:mtrr_device_t,s0)
#
# null_device_t is the type of /dev/null.
#
type null_device_t, device_node;
-filesystem_associate(null_device_t)
-filesystem_tmpfs_associate(null_device_t)
+fs_associate(null_device_t)
+fs_tmpfs_associate(null_device_t)
sid devnull context_template(system_u:object_r:null_device_t,s0)
#
# Type for /dev/pmu
#
type power_device_t, device_node;
-filesystem_associate(power_device_t)
-filesystem_tmpfs_associate(power_device_t)
+fs_associate(power_device_t)
+fs_tmpfs_associate(power_device_t)
type printer_device_t, device_node;
-filesystem_associate(printer_device_t)
-filesystem_tmpfs_associate(printer_device_t)
+fs_associate(printer_device_t)
+fs_tmpfs_associate(printer_device_t)
#
# random_device_t is the type of /dev/random
#
type random_device_t, device_node;
-filesystem_associate(random_device_t)
-filesystem_tmpfs_associate(random_device_t)
+fs_associate(random_device_t)
+fs_tmpfs_associate(random_device_t)
type scanner_device_t, device_node;
-filesystem_associate(scanner_device_t)
-filesystem_tmpfs_associate(scanner_device_t)
+fs_associate(scanner_device_t)
+fs_tmpfs_associate(scanner_device_t)
#
# Type for sound devices and mixers
#
type sound_device_t, device_node;
-filesystem_associate(sound_device_t)
-filesystem_tmpfs_associate(sound_device_t)
+fs_associate(sound_device_t)
+fs_tmpfs_associate(sound_device_t)
#
# urandom_device_t is the type of /dev/urandom
#
type urandom_device_t, device_node;
-filesystem_associate(urandom_device_t)
-filesystem_tmpfs_associate(urandom_device_t)
+fs_associate(urandom_device_t)
+fs_tmpfs_associate(urandom_device_t)
type v4l_device_t, device_node;
-filesystem_associate(v4l_device_t)
-filesystem_tmpfs_associate(v4l_device_t)
+fs_associate(v4l_device_t)
+fs_tmpfs_associate(v4l_device_t)
type xserver_misc_device_t, device_node;
-filesystem_associate(xserver_misc_device_t)
-filesystem_tmpfs_associate(xserver_misc_device_t)
+fs_associate(xserver_misc_device_t)
+fs_tmpfs_associate(xserver_misc_device_t)
#
# zero_device_t is the type of /dev/zero.
#
type zero_device_t, device_node;
-filesystem_associate(zero_device_t)
-filesystem_tmpfs_associate(zero_device_t)
+fs_associate(zero_device_t)
+fs_tmpfs_associate(zero_device_t)
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index bf7e320..c992b29 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -3,29 +3,29 @@
########################################
#
-# filesystem_make_filesystem(type)
+# fs_make_fs(type)
#
-define(`filesystem_make_filesystem',`
+define(`fs_make_fs',`
requires_block_template(`$0'_depend)
typeattribute $1 fs_type;
')
-define(`filesystem_make_filesystem_depend',`
+define(`fs_make_fs_depend',`
attribute fs_type;
')
########################################
#
-# filesystem_associate(type)
+# fs_associate(type)
#
-define(`filesystem_associate',`
+define(`fs_associate',`
requires_block_template(`$0'_depend)
allow $1 fs_t:filesystem associate;
')
-define(`filesystem_associate_depend',`
+define(`fs_associate_depend',`
type fs_t;
class filesystem associate;
@@ -33,9 +33,9 @@ define(`filesystem_associate_depend',`
########################################
#
-# filesystem_noxattr_associate(type)
+# fs_noxattr_associate(type)
#
-define(`filesystem_noxattr_associate',`
+define(`fs_noxattr_associate',`
requires_block_template(`$0'_depend)
allow $1 autofs_t:filesystem associate;
@@ -47,7 +47,7 @@ define(`filesystem_noxattr_associate',`
allow $1 usbfs_t:filesystem associate;
')
-define(`filesystem_noxattr_associate_depend',`
+define(`fs_noxattr_associate_depend',`
type fs_t, nfs_t, cifs_t, dosfs_t, iso9660_t, autofs_t, usbfs_t, removable_t;
class filesystem associate;
@@ -55,15 +55,15 @@ define(`filesystem_noxattr_associate_depend',`
########################################
#
-# filesystem_mount_persistent_filesystem(domain)
+# fs_mount_persistent_fs(domain)
#
-define(`filesystem_mount_persistent_filesystem',`
+define(`fs_mount_persistent_fs',`
requires_block_template(`$0'_depend)
allow $1 fs_t:filesystem mount;
')
-define(`filesystem_mount_persistent_filesystem_depend',`
+define(`fs_mount_persistent_fs_depend',`
type fs_t;
class filesystem mount;
@@ -71,15 +71,15 @@ define(`filesystem_mount_persistent_filesystem_depend',`
########################################
#
-# filesystem_remount_persistent_filesystem(domain)
+# fs_remount_persistent_fs(domain)
#
-define(`filesystem_remount_persistent_filesystem',`
+define(`fs_remount_persistent_fs',`
requires_block_template(`$0'_depend)
allow $1 fs_t:filesystem remount;
')
-define(`filesystem_remount_persistent_filesystem_depend',`
+define(`fs_remount_persistent_fs_depend',`
type fs_t;
class filesystem remount;
@@ -87,15 +87,15 @@ define(`filesystem_remount_persistent_filesystem_depend',`
########################################
#
-# filesystem_unmount_persistent_filesystem(domain)
+# fs_unmount_persistent_fs(domain)
#
-define(`filesystem_unmount_persistent_filesystem',`
+define(`fs_unmount_persistent_fs',`
requires_block_template(`$0'_depend)
allow $1 fs_t:filesystem mount;
')
-define(`filesystem_unmount_persistent_filesystem_depend',`
+define(`fs_unmount_persistent_fs_depend',`
type fs_t;
class filesystem unmount;
@@ -103,15 +103,15 @@ define(`filesystem_unmount_persistent_filesystem_depend',`
########################################
#
-# filesystem_get_persistent_filesystem_attributes(domain)
+# fs_get_persistent_fs_attributes(domain)
#
-define(`filesystem_get_persistent_filesystem_attributes',`
+define(`fs_get_persistent_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 fs_t:filesystem getattr;
')
-define(`filesystem_get_persistent_filesystem_attributes_depend',`
+define(`fs_get_persistent_fs_attributes_depend',`
type fs_t;
class filesystem getattr;
@@ -119,15 +119,15 @@ define(`filesystem_get_persistent_filesystem_attributes_depend',`
########################################
#
-# filesystem_ignore_get_persistent_filesystem_attributes(domain)
+# fs_ignore_get_persistent_fs_attributes(domain)
#
-define(`filesystem_ignore_get_persistent_filesystem_attributes',`
+define(`fs_ignore_get_persistent_fs_attributes',`
requires_block_template(`$0'_depend)
dontaudit $1 fs_t:filesystem getattr;
')
-define(`filesystem_ignore_get_persistent_filesystem_attributes_depend',`
+define(`fs_ignore_get_persistent_fs_attributes_depend',`
type fs_t;
class filesystem getattr;
@@ -135,15 +135,15 @@ define(`filesystem_ignore_get_persistent_filesystem_attributes_depend',`
########################################
#
-# filesystem_relabelfrom_persistent_filesystem(domain)
+# fs_relabelfrom_persistent_fs(domain)
#
-define(`filesystem_relabelfrom_persistent_filesystem',`
+define(`fs_relabelfrom_persistent_fs',`
requires_block_template(`$0'_depend)
allow $1 fs_t:filesystem relabelfrom;
')
-define(`filesystem_relabelfrom_persistent_filesystem_depend',`
+define(`fs_relabelfrom_persistent_fs_depend',`
type fs_t;
class filesystem relabelfrom;
@@ -151,30 +151,30 @@ define(`filesystem_relabelfrom_persistent_filesystem_depend',`
########################################
#
-# filesystem_mount_automount_filesystem(domain)
+# fs_mount_automount_fs(domain)
#
-define(`filesystem_mount_automount_filesystem',`
+define(`fs_mount_automount_fs',`
requires_block_template(`$0'_depend)
allow $1 autofs_t:filesystem mount;
')
-define(`filesystem_mount_automount_filesystem_depend',`
+define(`fs_mount_automount_fs_depend',`
type autofs_t;
class filesystem mount;
')
########################################
#
-# filesystem_remount_automount_filesystem(domain)
+# fs_remount_automount_fs(domain)
#
-define(`filesystem_remount_automount_filesystem',`
+define(`fs_remount_automount_fs',`
requires_block_template(`$0'_depend)
allow $1 autofs_t:filesystem remount;
')
-define(`filesystem_remount_automount_filesystem_depend',`
+define(`fs_remount_automount_fs_depend',`
type autofs_t;
class filesystem remount;
@@ -182,15 +182,15 @@ define(`filesystem_remount_automount_filesystem_depend',`
########################################
#
-# filesystem_unmount_automount_filesystem(domain)
+# fs_unmount_automount_fs(domain)
#
-define(`filesystem_unmount_automount_filesystem',`
+define(`fs_unmount_automount_fs',`
requires_block_template(`$0'_depend)
allow $1 autofs_t:filesystem mount;
')
-define(`filesystem_unmount_automount_filesystem_depend',`
+define(`fs_unmount_automount_fs_depend',`
type autofs_t;
class filesystem unmount;
@@ -198,15 +198,15 @@ define(`filesystem_unmount_automount_filesystem_depend',`
########################################
#
-# filesystem_get_automount_filesystem_attributes(domain)
+# fs_get_automount_fs_attributes(domain)
#
-define(`filesystem_get_automount_filesystem_attributes',`
+define(`fs_get_automount_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 autofs_t:filesystem getattr;
')
-define(`filesystem_get_automount_filesystem_attributes_depend',`
+define(`fs_get_automount_fs_attributes_depend',`
type autofs_t;
class filesystem getattr;
@@ -214,16 +214,16 @@ define(`filesystem_get_automount_filesystem_attributes_depend',`
########################################
#
-# filesystem_register_binary_executable_type(domain)
+# fs_register_binary_executable_type(domain)
#
-define(`filesystem_register_binary_executable_type',`
+define(`fs_register_binary_executable_type',`
requires_block_template(`$0'_depend)
allow $1 binfmt_misc_fs_t:dir { getattr search };
allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
')
-define(`filesystem_register_binary_executable_type_depend',`
+define(`fs_register_binary_executable_type_depend',`
type binfmt_misc_fs_t;
class dir { getattr search };
@@ -232,15 +232,15 @@ define(`filesystem_register_binary_executable_type_depend',`
########################################
#
-# filesystem_mount_windows_network_filesystem(domain)
+# fs_mount_windows_network_fs(domain)
#
-define(`filesystem_mount_windows_network_filesystem',`
+define(`fs_mount_windows_network_fs',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:filesystem mount;
')
-define(`filesystem_mount_windows_network_filesystem_depend',`
+define(`fs_mount_windows_network_fs_depend',`
type cifs_t;
class filesystem mount;
@@ -248,15 +248,15 @@ define(`filesystem_mount_windows_network_filesystem_depend',`
########################################
#
-# filesystem_remount_windows_network_filesystem(domain)
+# fs_remount_windows_network_fs(domain)
#
-define(`filesystem_remount_windows_network_filesystem',`
+define(`fs_remount_windows_network_fs',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:filesystem remount;
')
-define(`filesystem_remount_windows_network_filesystem_depend',`
+define(`fs_remount_windows_network_fs_depend',`
type cifs_t;
class filesystem remount;
@@ -264,15 +264,15 @@ define(`filesystem_remount_windows_network_filesystem_depend',`
########################################
#
-# filesystem_unmount_windows_network_filesystem(domain)
+# fs_unmount_windows_network_fs(domain)
#
-define(`filesystem_unmount_windows_network_filesystem',`
+define(`fs_unmount_windows_network_fs',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:filesystem mount;
')
-define(`filesystem_unmount_windows_network_filesystem_depend',`
+define(`fs_unmount_windows_network_fs_depend',`
type cifs_t;
class filesystem unmount;
@@ -280,15 +280,15 @@ define(`filesystem_unmount_windows_network_filesystem_depend',`
########################################
#
-# filesystem_get_windows_network_filesystem_attributes(domain)
+# fs_get_windows_network_fs_attributes(domain)
#
-define(`filesystem_get_windows_network_filesystem_attributes',`
+define(`fs_get_windows_network_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:filesystem getattr;
')
-define(`filesystem_get_windows_network_filesystem_attributes_depend',`
+define(`fs_get_windows_network_fs_attributes_depend',`
type cifs_t;
class filesystem getattr;
@@ -296,16 +296,16 @@ define(`filesystem_get_windows_network_filesystem_attributes_depend',`
########################################
#
-# filesystem_execute_windows_network_files(domain)
+# fs_execute_windows_network_files(domain)
#
-define(`filesystem_execute_windows_network_files',`
+define(`fs_execute_windows_network_files',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:dir r_dir_perms;
allow $1 cifs_t:file { getattr read execute execute_no_trans };
')
-define(`filesystem_execute_windows_network_files_depend',`
+define(`fs_execute_windows_network_files_depend',`
type cifs_t;
class dir r_dir_perms;
@@ -314,15 +314,15 @@ define(`filesystem_execute_windows_network_files_depend',`
########################################
#
-# filesystem_manage_windows_network_directories(domain)
+# fs_manage_windows_network_directories(domain)
#
-define(`filesystem_manage_windows_network_directories',`
+define(`fs_manage_windows_network_directories',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:dir create_file_perms;
')
-define(`filesystem_manage_windows_network_directories_depend',`
+define(`fs_manage_windows_network_directories_depend',`
type cifs_t;
class dir create_file_perms;
@@ -330,16 +330,16 @@ define(`filesystem_manage_windows_network_directories_depend',`
########################################
#
-# filesystem_manage_windows_network_files(domain)
+# fs_manage_windows_network_files(domain)
#
-define(`filesystem_manage_windows_network_files',`
+define(`fs_manage_windows_network_files',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:dir rw_dir_perms;
allow $1 cifs_t:file create_file_perms;
')
-define(`filesystem_manage_windows_network_files_depend',`
+define(`fs_manage_windows_network_files_depend',`
type cifs_t;
class dir rw_dir_perms;
@@ -348,16 +348,16 @@ define(`filesystem_manage_windows_network_files_depend',`
########################################
#
-# filesystem_manage_windows_network_symbolic_links(domain)
+# fs_manage_windows_network_symbolic_links(domain)
#
-define(`filesystem_manage_windows_network_symbolic_links',`
+define(`fs_manage_windows_network_symbolic_links',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:dir rw_dir_perms;
allow $1 cifs_t:lnk_file create_lnk_perms;
')
-define(`filesystem_manage_windows_network_symbolic_links_depend',`
+define(`fs_manage_windows_network_symbolic_links_depend',`
type cifs_t;
class dir rw_dir_perms;
@@ -366,16 +366,16 @@ define(`filesystem_manage_windows_network_symbolic_links_depend',`
########################################
#
-# filesystem_manage_windows_network_named_pipes(domain)
+# fs_manage_windows_network_named_pipes(domain)
#
-define(`filesystem_manage_windows_network_named_pipes',`
+define(`fs_manage_windows_network_named_pipes',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:dir rw_dir_perms;
allow $1 cifs_t:fifo_file create_file_perms;
')
-define(`filesystem_manage_windows_network_named_pipes_depend',`
+define(`fs_manage_windows_network_named_pipes_depend',`
type cifs_t;
class dir rw_dir_perms;
@@ -384,16 +384,16 @@ define(`filesystem_manage_windows_network_named_pipes_depend',`
########################################
#
-# filesystem_manage_windows_network_named_sockets(domain)
+# fs_manage_windows_network_named_sockets(domain)
#
-define(`filesystem_manage_windows_network_named_sockets',`
+define(`fs_manage_windows_network_named_sockets',`
requires_block_template(`$0'_depend)
allow $1 cifs_t:dir rw_file_perms;
allow $1 cifs_t:sock_file create_file_perms;
')
-define(`filesystem_manage_windows_network_named_sockets_depend',`
+define(`fs_manage_windows_network_named_sockets_depend',`
type cifs_t;
class dir rw_dir_perms;
@@ -402,15 +402,15 @@ define(`filesystem_manage_windows_network_named_sockets_depend',`
########################################
#
-# filesystem_mount_dos_filesystem(domain)
+# fs_mount_dos_fs(domain)
#
-define(`filesystem_mount_dos_filesystem',`
+define(`fs_mount_dos_fs',`
requires_block_template(`$0'_depend)
allow $1 dosfs_t:filesystem mount;
')
-define(`filesystem_mount_dos_filesystem_depend',`
+define(`fs_mount_dos_fs_depend',`
type dosfs_t;
class filesystem mount;
@@ -418,15 +418,15 @@ define(`filesystem_mount_dos_filesystem_depend',`
########################################
#
-# filesystem_remount_dos_filesystem(domain)
+# fs_remount_dos_fs(domain)
#
-define(`filesystem_remount_dos_filesystem',`
+define(`fs_remount_dos_fs',`
requires_block_template(`$0'_depend)
allow $1 dosfs_t:filesystem remount;
')
-define(`filesystem_remount_dos_filesystem_depend',`
+define(`fs_remount_dos_fs_depend',`
type dosfs_t;
class filesystem remount;
@@ -434,15 +434,15 @@ define(`filesystem_remount_dos_filesystem_depend',`
########################################
#
-# filesystem_unmount_dos_filesystem(domain)
+# fs_unmount_dos_fs(domain)
#
-define(`filesystem_unmount_dos_filesystem',`
+define(`fs_unmount_dos_fs',`
requires_block_template(`$0'_depend)
allow $1 dosfs_t:filesystem mount;
')
-define(`filesystem_unmount_dos_filesystem_depend',`
+define(`fs_unmount_dos_fs_depend',`
type dosfs_t;
class filesystem unmount;
@@ -450,15 +450,15 @@ define(`filesystem_unmount_dos_filesystem_depend',`
########################################
#
-# filesystem_get_dos_filesystem_attributes(domain)
+# fs_get_dos_fs_attributes(domain)
#
-define(`filesystem_get_dos_filesystem_attributes',`
+define(`fs_get_dos_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 dosfs_t:filesystem getattr;
')
-define(`filesystem_get_dos_filesystem_attributes_depend',`
+define(`fs_get_dos_fs_attributes_depend',`
type dosfs_t;
class filesystem getattr;
@@ -466,15 +466,15 @@ define(`filesystem_get_dos_filesystem_attributes_depend',`
########################################
#
-# filesystem_relabelfrom_dos_filesystem(domain)
+# fs_relabelfrom_dos_fs(domain)
#
-define(`filesystem_relabelfrom_dos_filesystem',`
+define(`fs_relabelfrom_dos_fs',`
requires_block_template(`$0'_depend)
allow $1 dosfs_t:filesystem relabelfrom;
')
-define(`filesystem_relabelfrom_dos_filesystem_depend',`
+define(`fs_relabelfrom_dos_fs_depend',`
type dosfs_t;
class filesystem relabelfrom;
@@ -482,15 +482,15 @@ define(`filesystem_relabelfrom_dos_filesystem_depend',`
########################################
#
-# filesystem_mount_cd_filesystem(domain)
+# fs_mount_cd_fs(domain)
#
-define(`filesystem_mount_cd_filesystem',`
+define(`fs_mount_cd_fs',`
requires_block_template(`$0'_depend)
allow $1 iso9660_t:filesystem mount;
')
-define(`filesystem_mount_cd_filesystem_depend',`
+define(`fs_mount_cd_fs_depend',`
type iso9660_t;
class filesystem mount;
@@ -498,15 +498,15 @@ define(`filesystem_mount_cd_filesystem_depend',`
########################################
#
-# filesystem_remount_cd_filesystem(domain)
+# fs_remount_cd_fs(domain)
#
-define(`filesystem_remount_cd_filesystem',`
+define(`fs_remount_cd_fs',`
requires_block_template(`$0'_depend)
allow $1 iso9660_t:filesystem remount;
')
-define(`filesystem_remount_cd_filesystem_depend',`
+define(`fs_remount_cd_fs_depend',`
type iso9660_t;
class filesystem remount;
@@ -514,15 +514,15 @@ define(`filesystem_remount_cd_filesystem_depend',`
########################################
#
-# filesystem_unmount_cd_filesystem(domain)
+# fs_unmount_cd_fs(domain)
#
-define(`filesystem_unmount_cd_filesystem',`
+define(`fs_unmount_cd_fs',`
requires_block_template(`$0'_depend)
allow $1 iso9660_t:filesystem mount;
')
-define(`filesystem_unmount_cd_filesystem_depend',`
+define(`fs_unmount_cd_fs_depend',`
type iso9660_t;
class filesystem unmount;
@@ -530,15 +530,15 @@ define(`filesystem_unmount_cd_filesystem_depend',`
########################################
#
-# filesystem_get_cd_filesystem_attributes(domain)
+# fs_get_cd_fs_attributes(domain)
#
-define(`filesystem_get_cd_filesystem_attributes',`
+define(`fs_get_cd_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 iso9660_t:filesystem getattr;
')
-define(`filesystem_get_cd_filesystem_attributes_depend',`
+define(`fs_get_cd_fs_attributes_depend',`
type iso9660_t;
class filesystem getattr;
@@ -546,15 +546,15 @@ define(`filesystem_get_cd_filesystem_attributes_depend',`
########################################
#
-# filesystem_mount_nfs_filesystem(domain)
+# fs_mount_nfs_fs(domain)
#
-define(`filesystem_mount_nfs_filesystem',`
+define(`fs_mount_nfs_fs',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:filesystem mount;
')
-define(`filesystem_mount_nfs_filesystem_depend',`
+define(`fs_mount_nfs_fs_depend',`
type nfs_t;
class filesystem mount;
@@ -562,15 +562,15 @@ define(`filesystem_mount_nfs_filesystem_depend',`
########################################
#
-# filesystem_remount_nfs_filesystem(domain)
+# fs_remount_nfs_fs(domain)
#
-define(`filesystem_remount_nfs_filesystem',`
+define(`fs_remount_nfs_fs',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:filesystem remount;
')
-define(`filesystem_remount_nfs_filesystem_depend',`
+define(`fs_remount_nfs_fs_depend',`
type nfs_t;
class filesystem remount;
@@ -578,15 +578,15 @@ define(`filesystem_remount_nfs_filesystem_depend',`
########################################
#
-# filesystem_unmount_nfs_filesystem(domain)
+# fs_unmount_nfs_fs(domain)
#
-define(`filesystem_unmount_nfs_filesystem',`
+define(`fs_unmount_nfs_fs',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:filesystem mount;
')
-define(`filesystem_unmount_nfs_filesystem_depend',`
+define(`fs_unmount_nfs_fs_depend',`
type nfs_t;
class filesystem unmount;
@@ -594,15 +594,15 @@ define(`filesystem_unmount_nfs_filesystem_depend',`
########################################
#
-# filesystem_get_nfs_filesystem_attributes(domain)
+# fs_get_nfs_fs_attributes(domain)
#
-define(`filesystem_get_nfs_filesystem_attributes',`
+define(`fs_get_nfs_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:filesystem getattr;
')
-define(`filesystem_get_nfs_filesystem_attributes_depend',`
+define(`fs_get_nfs_fs_attributes_depend',`
type nfs_t;
class filesystem getattr;
@@ -610,16 +610,16 @@ define(`filesystem_get_nfs_filesystem_attributes_depend',`
########################################
#
-# filesystem_execute_nfs_files(domain)
+# fs_execute_nfs_files(domain)
#
-define(`filesystem_execute_nfs_files',`
+define(`fs_execute_nfs_files',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:dir r_dir_perms;
allow $1 nfs_t:file { getattr read execute execute_no_trans };
')
-define(`filesystem_execute_nfs_files_depend',`
+define(`fs_execute_nfs_files_depend',`
type nfs_t;
class dir r_dir_perms;
@@ -628,15 +628,15 @@ define(`filesystem_execute_nfs_files_depend',`
########################################
#
-# filesystem_manage_nfs_directories(domain)
+# fs_manage_nfs_directories(domain)
#
-define(`filesystem_manage_nfs_directories',`
+define(`fs_manage_nfs_directories',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:dir create_dir_perms;
')
-define(`filesystem_manage_nfs_directories_depend',`
+define(`fs_manage_nfs_directories_depend',`
type nfs_t;
class dir create_dir_perms;
@@ -644,16 +644,16 @@ define(`filesystem_manage_nfs_directories_depend',`
########################################
#
-# filesystem_manage_nfs_files(domain)
+# fs_manage_nfs_files(domain)
#
-define(`filesystem_manage_nfs_files',`
+define(`fs_manage_nfs_files',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:dir rw_dir_perms;
allow $1 nfs_t:file create_file_perms;
')
-define(`filesystem_manage_nfs_files_depend',`
+define(`fs_manage_nfs_files_depend',`
type nfs_t;
class dir rw_dir_perms;
@@ -662,16 +662,16 @@ define(`filesystem_manage_nfs_files_depend',`
########################################
#
-# filesystem_manage_nfs_symbolic_links(domain)
+# fs_manage_nfs_symbolic_links(domain)
#
-define(`filesystem_manage_nfs_symbolic_links',`
+define(`fs_manage_nfs_symbolic_links',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:dir rw_dir_perms;
allow $1 nfs_t:lnk_file create_lnk_perms;
')
-define(`filesystem_manage_nfs_symbolic_links_depend',`
+define(`fs_manage_nfs_symbolic_links_depend',`
type nfs_t;
class dir r_dir_perms;
@@ -680,16 +680,16 @@ define(`filesystem_manage_nfs_symbolic_links_depend',`
########################################
#
-# filesystem_manage_nfs_named_pipes(domain)
+# fs_manage_nfs_named_pipes(domain)
#
-define(`filesystem_manage_nfs_named_pipes',`
+define(`fs_manage_nfs_named_pipes',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:dir rw_dir_perms;
allow $1 nfs_t:fifo_file create_file_perms;
')
-define(`filesystem_manage_nfs_named_pipes_depend',`
+define(`fs_manage_nfs_named_pipes_depend',`
type nfs_t;
class dir { getattr search read write add_name remove_name };
@@ -698,16 +698,16 @@ define(`filesystem_manage_nfs_named_pipes_depend',`
########################################
#
-# filesystem_manage_nfs_named_sockets(domain)
+# fs_manage_nfs_named_sockets(domain)
#
-define(`filesystem_manage_nfs_named_sockets',`
+define(`fs_manage_nfs_named_sockets',`
requires_block_template(`$0'_depend)
allow $1 nfs_t:dir rw_dir_perms;
allow $1 nfs_t:sock_file create_file_perms;
')
-define(`filesystem_manage_nfs_named_sockets_depend',`
+define(`fs_manage_nfs_named_sockets_depend',`
type nfs_t;
class dir rw_dir_perms;
@@ -716,15 +716,15 @@ define(`filesystem_manage_nfs_named_sockets_depend',`
########################################
#
-# filesystem_mount_nfsd_filesystem(domain)
+# fs_mount_nfsd_fs(domain)
#
-define(`filesystem_mount_nfsd_filesystem',`
+define(`fs_mount_nfsd_fs',`
requires_block_template(`$0'_depend)
allow $1 nfsd_fs_t:filesystem mount;
')
-define(`filesystem_mount_nfsd_filesystem_depend',`
+define(`fs_mount_nfsd_fs_depend',`
type nfsd_fs_t;
class filesystem mount;
@@ -732,15 +732,15 @@ define(`filesystem_mount_nfsd_filesystem_depend',`
########################################
#
-# filesystem_remount_nfsd_filesystem(domain)
+# fs_remount_nfsd_fs(domain)
#
-define(`filesystem_remount_nfsd_filesystem',`
+define(`fs_remount_nfsd_fs',`
requires_block_template(`$0'_depend)
allow $1 nfsd_fs_t:filesystem remount;
')
-define(`filesystem_remount_nfsd_filesystem_depend',`
+define(`fs_remount_nfsd_fs_depend',`
type nfsd_fs_t;
class filesystem remount;
@@ -748,15 +748,15 @@ define(`filesystem_remount_nfsd_filesystem_depend',`
########################################
#
-# filesystem_unmount_nfsd_filesystem(domain)
+# fs_unmount_nfsd_fs(domain)
#
-define(`filesystem_unmount_nfsd_filesystem',`
+define(`fs_unmount_nfsd_fs',`
requires_block_template(`$0'_depend)
allow $1 nfsd_fs_t:filesystem mount;
')
-define(`filesystem_unmount_nfsd_filesystem_depend',`
+define(`fs_unmount_nfsd_fs_depend',`
type nfsd_fs_t;
class filesystem unmount;
@@ -764,15 +764,15 @@ define(`filesystem_unmount_nfsd_filesystem_depend',`
########################################
#
-# filesystem_get_nfsd_filesystem_attributes(domain)
+# fs_get_nfsd_fs_attributes(domain)
#
-define(`filesystem_get_nfsd_filesystem_attributes',`
+define(`fs_get_nfsd_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 nfsd_fs_t:filesystem getattr;
')
-define(`filesystem_get_nfsd_filesystem_attributes_depend',`
+define(`fs_get_nfsd_fs_attributes_depend',`
type nfsd_fs_t;
class filesystem getattr;
@@ -780,15 +780,15 @@ define(`filesystem_get_nfsd_filesystem_attributes_depend',`
########################################
#
-# filesystem_mount_ram_filesystem(domain)
+# fs_mount_ram_fs(domain)
#
-define(`filesystem_mount_ram_filesystem',`
+define(`fs_mount_ram_fs',`
requires_block_template(`$0'_depend)
allow $1 ramfs_t:filesystem mount;
')
-define(`filesystem_mount_ram_filesystem_depend',`
+define(`fs_mount_ram_fs_depend',`
type ramfs_t;
class filesystem mount;
@@ -796,15 +796,15 @@ define(`filesystem_mount_ram_filesystem_depend',`
########################################
#
-# filesystem_remount_ram_filesystem(domain)
+# fs_remount_ram_fs(domain)
#
-define(`filesystem_remount_ram_filesystem',`
+define(`fs_remount_ram_fs',`
requires_block_template(`$0'_depend)
allow $1 ramfs_t:filesystem remount;
')
-define(`filesystem_remount_ram_filesystem_depend',`
+define(`fs_remount_ram_fs_depend',`
type ramfs_t;
class filesystem remount;
@@ -812,15 +812,15 @@ define(`filesystem_remount_ram_filesystem_depend',`
########################################
#
-# filesystem_unmount_ram_filesystem(domain)
+# fs_unmount_ram_fs(domain)
#
-define(`filesystem_unmount_ram_filesystem',`
+define(`fs_unmount_ram_fs',`
requires_block_template(`$0'_depend)
allow $1 ramfs_t:filesystem mount;
')
-define(`filesystem_unmount_ram_filesystem_depend',`
+define(`fs_unmount_ram_fs_depend',`
type ramfs_t;
class filesystem unmount;
@@ -828,15 +828,15 @@ define(`filesystem_unmount_ram_filesystem_depend',`
########################################
#
-# filesystem_get_ram_filesystem_attributes(domain)
+# fs_get_ram_fs_attributes(domain)
#
-define(`filesystem_get_ram_filesystem_attributes',`
+define(`fs_get_ram_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 ramfs_t:filesystem getattr;
')
-define(`filesystem_get_ram_filesystem_attributes_depend',`
+define(`fs_get_ram_fs_attributes_depend',`
type ramfs_t;
class filesystem getattr;
@@ -844,15 +844,15 @@ define(`filesystem_get_ram_filesystem_attributes_depend',`
########################################
#
-# filesystem_mount_rom_filesystem(domain)
+# fs_mount_rom_fs(domain)
#
-define(`filesystem_mount_rom_filesystem',`
+define(`fs_mount_rom_fs',`
requires_block_template(`$0'_depend)
allow $1 romfs_t:filesystem mount;
')
-define(`filesystem_mount_rom_filesystem_depend',`
+define(`fs_mount_rom_fs_depend',`
type romfs_t;
class filesystem mount;
@@ -860,15 +860,15 @@ define(`filesystem_mount_rom_filesystem_depend',`
########################################
#
-# filesystem_remount_rom_filesystem(domain)
+# fs_remount_rom_fs(domain)
#
-define(`filesystem_remount_rom_filesystem',`
+define(`fs_remount_rom_fs',`
requires_block_template(`$0'_depend)
allow $1 romfs_t:filesystem remount;
')
-define(`filesystem_remount_rom_filesystem_depend',`
+define(`fs_remount_rom_fs_depend',`
type romfs_t;
class filesystem remount;
@@ -876,15 +876,15 @@ define(`filesystem_remount_rom_filesystem_depend',`
########################################
#
-# filesystem_unmount_rom_filesystem(domain)
+# fs_unmount_rom_fs(domain)
#
-define(`filesystem_unmount_rom_filesystem',`
+define(`fs_unmount_rom_fs',`
requires_block_template(`$0'_depend)
allow $1 romfs_t:filesystem mount;
')
-define(`filesystem_unmount_rom_filesystem_depend',`
+define(`fs_unmount_rom_fs_depend',`
type romfs_t;
class filesystem unmount;
@@ -892,15 +892,15 @@ define(`filesystem_unmount_rom_filesystem_depend',`
########################################
#
-# filesystem_get_rom_filesystem_attributes(domain)
+# fs_get_rom_fs_attributes(domain)
#
-define(`filesystem_get_rom_filesystem_attributes',`
+define(`fs_get_rom_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 romfs_t:filesystem getattr;
')
-define(`filesystem_get_rom_filesystem_attributes_depend',`
+define(`fs_get_rom_fs_attributes_depend',`
type romfs_t;
class filesystem getattr;
@@ -908,15 +908,15 @@ define(`filesystem_get_rom_filesystem_attributes_depend',`
########################################
#
-# filesystem_mount_rpc_pipefs_filesystem(domain)
+# fs_mount_rpc_pipefs_fs(domain)
#
-define(`filesystem_mount_rpc_pipefs_filesystem',`
+define(`fs_mount_rpc_pipefs_fs',`
requires_block_template(`$0'_depend)
allow $1 rpc_pipefs_t:filesystem mount;
')
-define(`filesystem_mount_rpc_pipefs_filesystem_depend',`
+define(`fs_mount_rpc_pipefs_fs_depend',`
type rpc_pipefs_t;
class filesystem mount;
@@ -924,15 +924,15 @@ define(`filesystem_mount_rpc_pipefs_filesystem_depend',`
########################################
#
-# filesystem_remount_rpc_pipefs_filesystem(domain)
+# fs_remount_rpc_pipefs_fs(domain)
#
-define(`filesystem_remount_rpc_pipefs_filesystem',`
+define(`fs_remount_rpc_pipefs_fs',`
requires_block_template(`$0'_depend)
allow $1 rpc_pipefs_t:filesystem remount;
')
-define(`filesystem_remount_rpc_pipefs_filesystem_depend',`
+define(`fs_remount_rpc_pipefs_fs_depend',`
type rpc_pipefs_t;
class filesystem remount;
@@ -940,15 +940,15 @@ define(`filesystem_remount_rpc_pipefs_filesystem_depend',`
########################################
#
-# filesystem_unmount_rpc_pipefs_filesystem(domain)
+# fs_unmount_rpc_pipefs_fs(domain)
#
-define(`filesystem_unmount_rpc_pipefs_filesystem',`
+define(`fs_unmount_rpc_pipefs_fs',`
requires_block_template(`$0'_depend)
allow $1 rpc_pipefs_t:filesystem mount;
')
-define(`filesystem_unmount_rpc_pipefs_filesystem_depend',`
+define(`fs_unmount_rpc_pipefs_fs_depend',`
type rpc_pipefs_t;
class filesystem unmount;
@@ -956,15 +956,15 @@ define(`filesystem_unmount_rpc_pipefs_filesystem_depend',`
########################################
#
-# filesystem_get_rpc_pipefs_filesystem_attributes(domain)
+# fs_get_rpc_pipefs_fs_attributes(domain)
#
-define(`filesystem_get_rpc_pipefs_filesystem_attributes',`
+define(`fs_get_rpc_pipefs_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 rpc_pipefs_t:filesystem getattr;
')
-define(`filesystem_get_rpc_pipefs_filesystem_attributes_depend',`
+define(`fs_get_rpc_pipefs_fs_attributes_depend',`
type rpc_pipefs_t;
class filesystem getattr;
@@ -972,15 +972,15 @@ define(`filesystem_get_rpc_pipefs_filesystem_attributes_depend',`
########################################
#
-# filesystem_mount_tmpfs_filesystem(domain)
+# fs_mount_tmpfs_fs(domain)
#
-define(`filesystem_mount_tmpfs_filesystem',`
+define(`fs_mount_tmpfs_fs',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:filesystem mount;
')
-define(`filesystem_mount_tmpfs_filesystem_depend',`
+define(`fs_mount_tmpfs_fs_depend',`
type tmpfs_t;
class filesystem mount;
@@ -988,15 +988,15 @@ define(`filesystem_mount_tmpfs_filesystem_depend',`
########################################
#
-# filesystem_remount_tmpfs_filesystem(domain)
+# fs_remount_tmpfs_fs(domain)
#
-define(`filesystem_remount_tmpfs_filesystem',`
+define(`fs_remount_tmpfs_fs',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:filesystem remount;
')
-define(`filesystem_remount_tmpfs_filesystem_depend',`
+define(`fs_remount_tmpfs_fs_depend',`
type tmpfs_t;
class filesystem remount;
@@ -1004,15 +1004,15 @@ define(`filesystem_remount_tmpfs_filesystem_depend',`
########################################
#
-# filesystem_unmount_tmpfs_filesystem(domain)
+# fs_unmount_tmpfs_fs(domain)
#
-define(`filesystem_unmount_tmpfs_filesystem',`
+define(`fs_unmount_tmpfs_fs',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:filesystem mount;
')
-define(`filesystem_unmount_tmpfs_filesystem_depend',`
+define(`fs_unmount_tmpfs_fs_depend',`
type tmpfs_t;
class filesystem unmount;
@@ -1020,22 +1020,22 @@ define(`filesystem_unmount_tmpfs_filesystem_depend',`
########################################
#
-# filesystem_get_tmpfs_filesystem_attributes(domain)
+# fs_get_tmpfs_fs_attributes(domain)
#
-define(`filesystem_get_tmpfs_filesystem_attributes',`
+define(`fs_get_tmpfs_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:filesystem getattr;
')
-define(`filesystem_get_tmpfs_filesystem_attributes_depend',`
+define(`fs_get_tmpfs_fs_attributes_depend',`
type tmpfs_t;
class filesystem getattr;
')
########################################
-## <interface name="filesystem_tmpfs_associate">
+## <interface name="fs_tmpfs_associate">
## <description>
## Allow the type to associate to tmpfs filesystems.
## </description>
@@ -1045,13 +1045,13 @@ define(`filesystem_get_tmpfs_filesystem_attributes_depend',`
## <infoflow type="none"/>
## </interface>
#
-define(`filesystem_tmpfs_associate',`
+define(`fs_tmpfs_associate',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:filesystem associate;
')
-define(`filesystem_tmpfs_associate_depend',`
+define(`fs_tmpfs_associate_depend',`
type tmpfs_t;
class filesystem associate;
@@ -1059,9 +1059,9 @@ define(`filesystem_tmpfs_associate_depend',`
########################################
#
-# filesystem_create_private_tmpfs_data(domain,derivedtype,[class])
+# fs_create_private_tmpfs_data(domain,derivedtype,[class])
#
-define(`filesystem_create_private_tmpfs_data',`
+define(`fs_create_private_tmpfs_data',`
requires_block_template(`$0'_depend)
allow $2 tmpfs_t:filesystem associate;
@@ -1074,7 +1074,7 @@ define(`filesystem_create_private_tmpfs_data',`
')
')
-define(`filesystem_create_private_tmpfs_data_depend',`
+define(`fs_create_private_tmpfs_data_depend',`
type tmpfs_t;
class filesystem associate;
@@ -1082,7 +1082,7 @@ define(`filesystem_create_private_tmpfs_data_depend',`
')
########################################
-## <interface name="filesystem_use_tmpfs_character_devices">
+## <interface name="fs_use_tmpfs_character_devices">
## <description>
## Read and write character nodes on tmpfs filesystems.
## </description>
@@ -1092,14 +1092,14 @@ define(`filesystem_create_private_tmpfs_data_depend',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`filesystem_use_tmpfs_character_devices',`
+define(`fs_use_tmpfs_character_devices',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:dir r_dir_perms;
allow $1 tmpfs_t:chr_file rw_file_perms;
')
-define(`filesystem_use_tmpfs_character_devices_depend',`
+define(`fs_use_tmpfs_character_devices_depend',`
type tmpfs_t;
class dir r_dir_perms;
@@ -1107,7 +1107,7 @@ define(`filesystem_use_tmpfs_character_devices_depend',`
')
########################################
-## <interface name="filesystem_relabel_tmpfs_character_devices">
+## <interface name="fs_relabel_tmpfs_character_devices">
## <description>
## Relabel character nodes on tmpfs filesystems.
## </description>
@@ -1117,14 +1117,14 @@ define(`filesystem_use_tmpfs_character_devices_depend',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`filesystem_relabel_tmpfs_character_devices',`
+define(`fs_relabel_tmpfs_character_devices',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:dir r_dir_perms;
allow $1 tmpfs_t:chr_file { getattr relabelfrom relabelto };
')
-define(`filesystem_relabel_tmpfs_character_devices_depend',`
+define(`fs_relabel_tmpfs_character_devices_depend',`
type tmpfs_t;
class dir r_dir_perms;
@@ -1132,7 +1132,7 @@ define(`filesystem_relabel_tmpfs_character_devices_depend',`
')
########################################
-## <interface name="filesystem_use_tmpfs_block_devices">
+## <interface name="fs_use_tmpfs_block_devices">
## <description>
## Read and write block nodes on tmpfs filesystems.
## </description>
@@ -1142,14 +1142,14 @@ define(`filesystem_relabel_tmpfs_character_devices_depend',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`filesystem_use_tmpfs_block_devices',`
+define(`fs_use_tmpfs_block_devices',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:dir r_dir_perms;
allow $1 tmpfs_t:blk_file rw_file_perms;
')
-define(`filesystem_use_tmpfs_block_devices_depend',`
+define(`fs_use_tmpfs_block_devices_depend',`
type tmpfs_t;
class dir r_dir_perms;
@@ -1157,7 +1157,7 @@ define(`filesystem_use_tmpfs_block_devices_depend',`
')
########################################
-## <interface name="filesystem_relabel_tmpfs_block_devices">
+## <interface name="fs_relabel_tmpfs_block_devices">
## <description>
## Relabel block nodes on tmpfs filesystems.
## </description>
@@ -1167,14 +1167,14 @@ define(`filesystem_use_tmpfs_block_devices_depend',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`filesystem_relabel_tmpfs_block_devices',`
+define(`fs_relabel_tmpfs_block_devices',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:dir r_dir_perms;
allow $1 tmpfs_t:blk_file { getattr relabelfrom relabelto };
')
-define(`filesystem_use_tmpfs_block_devices_depend',`
+define(`fs_use_tmpfs_block_devices_depend',`
type tmpfs_t;
class dir r_dir_perms;
@@ -1182,7 +1182,7 @@ define(`filesystem_use_tmpfs_block_devices_depend',`
')
########################################
-## <interface name="filesystem_manage_tmpfs_character_devices">
+## <interface name="fs_manage_tmpfs_character_devices">
## <description>
## Read and write, create and delete character
## nodes on tmpfs filesystems.
@@ -1193,14 +1193,14 @@ define(`filesystem_use_tmpfs_block_devices_depend',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`filesystem_manage_tmpfs_character_devices',`
+define(`fs_manage_tmpfs_character_devices',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:dir rw_dir_perms;
allow $1 tmpfs_t:chr_file create_file_perms;
')
-define(`filesystem_manage_tmpfs_character_devices_depend',`
+define(`fs_manage_tmpfs_character_devices_depend',`
type tmpfs_t;
class dir rw_dir_perms;
@@ -1208,7 +1208,7 @@ define(`filesystem_manage_tmpfs_character_devices_depend',`
')
########################################
-## <interface name="filesystem_manage_tmpfs_block_devices">
+## <interface name="fs_manage_tmpfs_block_devices">
## <description>
## Read and write, create and delete block nodes
## on tmpfs filesystems.
@@ -1219,14 +1219,14 @@ define(`filesystem_manage_tmpfs_character_devices_depend',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`filesystem_manage_tmpfs_block_devices',`
+define(`fs_manage_tmpfs_block_devices',`
requires_block_template(`$0'_depend)
allow $1 tmpfs_t:dir rw_dir_perms;
allow $1 tmpfs_t:blk_file create_file_perms;
')
-define(`filesystem_manage_tmpfs_block_devices_depend',`
+define(`fs_manage_tmpfs_block_devices_depend',`
type tmpfs_t;
class dir rw_dir_perms;
@@ -1235,15 +1235,15 @@ define(`filesystem_manage_tmpfs_block_devices_depend',`
########################################
#
-# filesystem_mount_all_filesystems(type)
+# fs_mount_all_fs(type)
#
-define(`filesystem_mount_all_filesystems',`
+define(`fs_mount_all_fs',`
requires_block_template(`$0'_depend)
allow $1 fs_type:filesystem mount;
')
-define(`filesystem_mount_all_filesystems_depend',`
+define(`fs_mount_all_fs_depend',`
attribute fs_type;
class filesystem mount;
@@ -1251,15 +1251,15 @@ define(`filesystem_mount_all_filesystems_depend',`
########################################
#
-# filesystem_remount_all_filesystems(type)
+# fs_remount_all_fs(type)
#
-define(`filesystem_remount_all_filesystems',`
+define(`fs_remount_all_fs',`
requires_block_template(`$0'_depend)
allow $1 fs_type:filesystem remount;
')
-define(`filesystem_remount_all_filesystems_depend',`
+define(`fs_remount_all_fs_depend',`
attribute fs_type;
class filesystem remount;
@@ -1267,15 +1267,15 @@ define(`filesystem_remount_all_filesystems_depend',`
########################################
#
-# filesystem_unmount_all_filesystems(type)
+# fs_unmount_all_fs(type)
#
-define(`filesystem_unmount_all_filesystems',`
+define(`fs_unmount_all_fs',`
requires_block_template(`$0'_depend)
allow $1 fs_type:filesystem unmount;
')
-define(`filesystem_mount_all_filesystems_depend',`
+define(`fs_mount_all_fs_depend',`
attribute fs_type;
class filesystem unmount;
@@ -1283,15 +1283,15 @@ define(`filesystem_mount_all_filesystems_depend',`
########################################
#
-# filesystem_get_all_filesystems_attributes(type)
+# fs_get_all_fs_attributes(type)
#
-define(`filesystem_get_all_filesystems_attributes',`
+define(`fs_get_all_fs_attributes',`
requires_block_template(`$0'_depend)
allow $1 fs_type:filesystem getattr;
')
-define(`filesystem_get_all_filesystems_attributes_depend',`
+define(`fs_get_all_fs_attributes_depend',`
attribute fs_type;
class filesystem getattr;
@@ -1299,15 +1299,15 @@ define(`filesystem_get_all_filesystems_attributes_depend',`
########################################
#
-# filesystem_get_all_filesystems_quotas(type)
+# fs_get_all_fs_quotas(type)
#
-define(`filesystem_get_all_filesystems_quotas',`
+define(`fs_get_all_fs_quotas',`
requires_block_template(`$0'_depend)
allow $1 fs_type:filesystem quotaget;
')
-define(`filesystem_get_all_filesystems_quotas_depend',`
+define(`fs_get_all_fs_quotas_depend',`
attribute fs_type;
class filesystem quotaget;
@@ -1315,15 +1315,15 @@ define(`filesystem_get_all_filesystems_quotas_depend',`
########################################
#
-# filesystem_set_all_filesystems_quotas(type)
+# fs_set_all_fs_quotas(type)
#
-define(`filesystem_set_all_filesystems_quotas',`
+define(`fs_set_all_fs_quotas',`
requires_block_template(`$0'_depend)
allow $1 fs_type:filesystem quotamod;
')
-define(`filesystem_set_all_filesystems_quotas_depend',`
+define(`fs_set_all_fs_quotas_depend',`
attribute fs_type;
class filesystem quotamod;
@@ -1331,9 +1331,9 @@ define(`filesystem_set_all_filesystems_quotas_depend',`
########################################
#
-# filesystem_get_all_file_attributes(type)
+# fs_get_all_file_attributes(type)
#
-define(`filesystem_get_all_file_attributes',`
+define(`fs_get_all_file_attributes',`
requires_block_template(`$0'_depend)
allow $1 fs_type:dir { search getattr };
@@ -1343,7 +1343,7 @@ define(`filesystem_get_all_file_attributes',`
allow $1 fs_type:sock_file getattr;
')
-define(`filesystem_get_all_file_attributes_depend',`
+define(`fs_get_all_file_attributes_depend',`
attribute fs_type;
class dir { search getattr };
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 1f1dd8d..53be1d3 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -129,7 +129,7 @@ define(`kernel_ignore_use_file_descriptors_depend',`
')
########################################
-## <interface name="kernel_make_root_filesystem_mountpoint">
+## <interface name="kernel_make_root_fs_mountpoint">
## <description>
## Allows the kernel to mount filesystems on
## the caller.
@@ -144,13 +144,13 @@ define(`kernel_ignore_use_file_descriptors_depend',`
## <infoflow type="both" weight="1"/>
## </interface>
#
-define(`kernel_make_root_filesystem_mountpoint',`
+define(`kernel_make_root_fs_mountpoint',`
requires_block_template(`$0'_depend)
allow kernel_t $1:dir mounton;
')
-define(`kernel_make_root_filesystem_mountpoint_depend',`
+define(`kernel_make_root_fs_mountpoint_depend',`
type kernel_t;
class dir mounton;
@@ -1481,7 +1481,7 @@ define(`kernel_modify_kernel_sysctl_depend',`
')
########################################
-## <interface name="kernel_read_filesystem_sysctl">
+## <interface name="kernel_read_fs_sysctl">
## <description>
## Allow caller to read filesystem information.
## </description>
@@ -1494,7 +1494,7 @@ define(`kernel_modify_kernel_sysctl_depend',`
## <infoflow type="read" weight="10"/>
## </interface>
#
-define(`kernel_read_filesystem_sysctl',`
+define(`kernel_read_fs_sysctl',`
requires_block_template(`$0'_depend)
allow $1 proc_t:dir search;
@@ -1503,7 +1503,7 @@ define(`kernel_read_filesystem_sysctl',`
allow $1 sysctl_fs_t:file { getattr read };
')
-define(`kernel_read_filesystem_sysctl_depend',`
+define(`kernel_read_fs_sysctl_depend',`
type proc_t, sysctl_t, sysctl_fs_t;
class dir { search getattr read };
@@ -1512,8 +1512,8 @@ define(`kernel_read_filesystem_sysctl_depend',`
########################################
#
-# kernel_modify_filesystem_sysctl(domain)
-## <interface name="kernel_modify_filesystem_sysctl">
+# kernel_modify_fs_sysctl(domain)
+## <interface name="kernel_modify_fs_sysctl">
## <description>
## Allow caller to modify filesystem information.
## </description>
@@ -1526,7 +1526,7 @@ define(`kernel_read_filesystem_sysctl_depend',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`kernel_modify_filesystem_sysctl',`
+define(`kernel_modify_fs_sysctl',`
requires_block_template(`$0'_depend)
allow $1 proc_t:dir search;
@@ -1535,7 +1535,7 @@ define(`kernel_modify_filesystem_sysctl',`
allow $1 sysctl_fs_t:file { getattr read write };
')
-define(`kernel_modify_filesystem_sysctl_depend',`
+define(`kernel_modify_fs_sysctl_depend',`
type proc_t, sysctl_t, sysctl_fs_t;
class dir { search getattr read };
@@ -1663,7 +1663,7 @@ define(`kernel_read_all_sysctl',`
kernel_read_hotplug_sysctl($1)
kernel_read_modprobe_sysctl($1)
kernel_read_kernel_sysctl($1)
- kernel_read_filesystem_sysctl($1)
+ kernel_read_fs_sysctl($1)
kernel_read_irq_sysctl($1)
kernel_read_rpc_sysctl($1)
')
@@ -1690,7 +1690,7 @@ define(`kernel_modify_all_sysctl',`
kernel_modify_hotplug_sysctl($1)
kernel_modify_modprobe_sysctl($1)
kernel_modify_kernel_sysctl($1)
- kernel_modify_filesystem_sysctl($1)
+ kernel_modify_fs_sysctl($1)
kernel_modify_irq_sysctl($1)
kernel_modify_rpc_sysctl($1)
')
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 37195a7..68bfa1f 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -55,7 +55,7 @@ sid tcp_socket context_template(system_u:object_r:unlabeled_t,s0)
# applied to selinuxfs inodes.
#
type security_t;
-filesystem_make_filesystem(security_t)
+fs_make_fs(security_t)
sid security context_template(system_u:object_r:security_t,s0)
genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
@@ -64,7 +64,7 @@ genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
#
type sysfs_t;
files_make_mountpoint(sysfs_t)
-filesystem_make_filesystem(sysfs_t)
+fs_make_fs(sysfs_t)
genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0)
#
@@ -72,7 +72,7 @@ genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0)
#
type usbfs_t alias usbdevfs_t;
files_make_mountpoint(usbfs_t)
-filesystem_make_filesystem(usbfs_t)
+fs_make_fs(usbfs_t)
genfscon usbfs / context_template(system_u:object_r:usbfs_t,s0)
genfscon usbdevfs / context_template(system_u:object_r:usbfs_t,s0)
@@ -82,7 +82,7 @@ genfscon usbdevfs / context_template(system_u:object_r:usbfs_t,s0)
type proc_t;
files_make_mountpoint(proc_t)
-filesystem_make_filesystem(proc_t)
+fs_make_fs(proc_t)
genfscon proc / context_template(system_u:object_r:proc_t,s0)
genfscon proc /sysvipc context_template(system_u:object_r:proc_t,s0)
@@ -209,7 +209,7 @@ domain_signal_all_domains(kernel_t)
# Mount root file system. Used when loading a policy
# from initrd, then mounting the root filesystem
-filesystem_mount_all_filesystems(kernel_t)
+fs_mount_all_fs(kernel_t)
# /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
corecommands_execute_general_programs(kernel_t)
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index 44d6b21..a91c107 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -67,7 +67,7 @@ define(`terminal_make_physical_terminal',`
')
ifdef(`distro_redhat',`
- filesystem_tmpfs_associate($2)
+ fs_tmpfs_associate($2)
')
')
diff --git a/refpolicy/policy/modules/kernel/terminal.te b/refpolicy/policy/modules/kernel/terminal.te
index 7f6654b..c2d69a3 100644
--- a/refpolicy/policy/modules/kernel/terminal.te
+++ b/refpolicy/policy/modules/kernel/terminal.te
@@ -22,7 +22,7 @@ devices_make_device_node(console_device_t)
#
type devpts_t;
files_make_mountpoint(devpts_t)
-filesystem_make_filesystem(devpts_t)
+fs_make_fs(devpts_t)
fs_use_trans devpts context_template(system_u:object_r:devpts_t,s0);
#
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index 157d94d..43060de 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -70,7 +70,7 @@ define(`cron_per_userdomain_template',`
devices_get_pseudorandom_data($1_crond_t)
- filesystem_get_all_filesystems_attributes($1_crond_t)
+ fs_get_all_fs_attributes($1_crond_t)
domain_execute_all_entrypoint_programs($1_crond_t)
@@ -153,7 +153,7 @@ define(`cron_per_userdomain_template',`
allow $1_crontab_t crond_log_t:file { getattr read append };
- filesystem_get_persistent_filesystem_attributes($1_crontab_t)
+ fs_get_persistent_fs_attributes($1_crontab_t)
domain_use_widely_inheritable_file_descriptors($1_crontab_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 8f4b821..515880f 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -89,7 +89,7 @@ kernel_compute_selinux_reachable_user_contexts(crond_t)
devices_get_pseudorandom_data(crond_t)
-filesystem_get_all_filesystems_attributes(crond_t)
+fs_get_all_fs_attributes(crond_t)
terminal_ignore_use_console(crond_t)
@@ -252,8 +252,8 @@ devices_get_all_block_device_attributes(system_crond_t)
devices_get_all_character_device_attributes(system_crond_t)
devices_get_pseudorandom_data(system_crond_t)
-filesystem_get_all_filesystems_attributes(system_crond_t)
-filesystem_get_all_file_attributes(system_crond_t)
+fs_get_all_fs_attributes(system_crond_t)
+fs_get_all_file_attributes(system_crond_t)
init_use_file_descriptors(system_crond_t)
init_script_use_file_descriptors(system_crond_t)
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 643b174..1e7cb0b 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -62,7 +62,7 @@ corenetwork_sendrecv_tcp_on_all_ports(system_mail_t)
devices_get_pseudorandom_data(system_mail_t)
-filesystem_get_persistent_filesystem_attributes(system_mail_t)
+fs_get_persistent_fs_attributes(system_mail_t)
init_script_use_pseudoterminal(system_mail_t)
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index daceb54..71979af 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -53,7 +53,7 @@ kernel_compute_selinux_reachable_user_contexts(remote_login_t)
# for SSP/ProPolice
devices_get_pseudorandom_data(remote_login_t)
-filesystem_get_persistent_filesystem_attributes(remote_login_t)
+fs_get_persistent_fs_attributes(remote_login_t)
init_script_modify_runtime_data(remote_login_t)
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 81746d7..d5f9ac4 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -56,7 +56,7 @@ corenetwork_bind_tcp_on_smtp_port(sendmail_t)
devices_get_pseudorandom_data(sendmail_t)
-filesystem_get_all_filesystems_attributes(sendmail_t)
+fs_get_all_fs_attributes(sendmail_t)
terminal_ignore_use_console(sendmail_t)
@@ -88,7 +88,7 @@ mta_manage_mail_spool(sendmail_t)
sysnetwork_read_network_config(sendmail_t)
-tunable_policy(`targeted_policy', `
+ifdef(`targeted_policy', `
terminal_ignore_use_general_physical_terminal(sendmail_t)
terminal_ignore_use_general_pseudoterminal(sendmail_t)
files_ignore_read_rootfs_file(sendmail_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 90fc4a7..7ee3f61 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -25,7 +25,7 @@ define(`authlogin_per_userdomain_template',`
# is_selinux_enabled
kernel_read_system_state($1_chkpwd_t)
- filesystem_ignore_get_persistent_filesystem_attributes($1_chkpwd_t)
+ fs_ignore_get_persistent_fs_attributes($1_chkpwd_t)
domain_use_widely_inheritable_file_descriptors($1_chkpwd_t)
@@ -154,9 +154,7 @@ define(`authlogin_login_program_transition_depend',`
define(`authlogin_check_password_transition',`
requires_block_template(`$0'_depend)
- allow $1 chkpwd_exec_t:file { getattr read execute };
- allow $1 system_chkpwd_t:process transition;
- type_transition $1 chkpwd_exec_t:process system_chkpwd_t;
+ domain_auto_trans($1,chkpwd_exec_t,system_chkpwd_t)
allow $1 system_chkpwd_t:fd use;
allow system_chkpwd_t $1:fd use;
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 5b643a1..3b9df98 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -170,8 +170,8 @@ selinux_read_file_contexts(pam_console_t)
userdomain_ignore_use_all_unprivileged_users_file_descriptors(pam_console_t)
-tunable_policy(`direct_sysadm_daemon', `
- dontaudit pam_console_t admin_tty_type:chr_file rw_file_perms;
+ifdef(`direct_sysadm_daemon', `
+ userdomain_dontaudit_use_admin_terminals(pam_console_t)
')
ifdef(`targeted_policy', `
@@ -236,7 +236,7 @@ allow system_chkpwd_t shadow_t:file { getattr read };
# is_selinux_enabled
kernel_read_system_state(system_chkpwd_t)
-filesystem_ignore_get_persistent_filesystem_attributes(system_chkpwd_t)
+fs_ignore_get_persistent_fs_attributes(system_chkpwd_t)
terminal_use_general_physical_terminal(system_chkpwd_t)
diff --git a/refpolicy/policy/modules/system/clock.te b/refpolicy/policy/modules/system/clock.te
index 5ba29d9..646f74e 100644
--- a/refpolicy/policy/modules/system/clock.te
+++ b/refpolicy/policy/modules/system/clock.te
@@ -34,7 +34,7 @@ kernel_read_hardware_state(hwclock_t)
devices_modify_realtime_clock(hwclock_t)
-filesystem_get_persistent_filesystem_attributes(hwclock_t)
+fs_get_persistent_fs_attributes(hwclock_t)
terminal_ignore_use_console(hwclock_t)
terminal_use_general_physical_terminal(hwclock_t)
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index fe8bcb6..21130a5 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -475,7 +475,7 @@ define(`domain_read_all_entrypoint_programs_depend',`
#
# domain_trans(source_domain,entrypoint_file,target_domain)
#
-define(`domain_auto_trans',`
+define(`domain_trans',`
requires_block_template(`$0'_depend)
allow $1 $2:file { getattr read execute };
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 116f0c4..e6f8bc1 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -8,8 +8,8 @@
define(`files_make_file',`
requires_block_template(`$0'_depend)
- filesystem_associate($1)
- filesystem_noxattr_associate($1)
+ fs_associate($1)
+ fs_noxattr_associate($1)
typeattribute $1 file_type;
')
@@ -93,7 +93,7 @@ define(`files_make_tmpfs_file',`
requires_block_template(`$0'_depend)
files_make_file($1)
- filesystem_tmpfs_associate($1)
+ fs_tmpfs_associate($1)
typeattribute $1 tmpfsfile;
')
@@ -258,15 +258,15 @@ define(`files_ignore_search_all_directories_depend',`
#######################################
#
-# files_relabelto_all_file_type_filesystems(domain)
+# files_relabelto_all_file_type_fs(domain)
#
-define(`files_relabelto_all_file_type_filesystems',`
+define(`files_relabelto_all_file_type_fs',`
requires_block_template(`$0'_depend)
allow $1 file_type:filesystem relabelto;
')
-define(`files_relabelto_all_file_type_filesystems_depend',`
+define(`files_relabelto_all_file_type_fs_depend',`
attribute file_type;
filesystem relabelto;
@@ -274,15 +274,15 @@ define(`files_relabelto_all_file_type_filesystems_depend',`
#######################################
#
-# files_mount_all_file_type_filesystems(domain)
+# files_mount_all_file_type_fs(domain)
#
-define(`files_mount_all_file_type_filesystems',`
+define(`files_mount_all_file_type_fs',`
requires_block_template(`$0'_depend)
allow $1 file_type:filesystem mount;
')
-define(`files_mount_all_file_type_filesystems_depend',`
+define(`files_mount_all_file_type_fs_depend',`
attribute file_type;
filesystem mount;
@@ -290,15 +290,15 @@ define(`files_mount_all_file_type_filesystems_depend',`
#######################################
#
-# files_unmount_all_file_type_filesystems(domain)
+# files_unmount_all_file_type_fs(domain)
#
-define(`files_unmount_all_file_type_filesystems',`
+define(`files_unmount_all_file_type_fs',`
requires_block_template(`$0'_depend)
allow $1 file_type:filesystem mount;
')
-define(`files_unmount_all_file_type_filesystems_depend',`
+define(`files_unmount_all_file_type_fs_depend',`
attribute file_type;
filesystem mount;
@@ -457,15 +457,15 @@ define(`files_remove_root_dir_entry_depend',`
########################################
#
-# files_unmount_root_filesystem(domain)
+# files_unmount_root_fs(domain)
#
-define(`files_unmount_root_filesystem',`
+define(`files_unmount_root_fs',`
requires_block_template(`$0'_depend)
allow $1 root_t:filesystem unmount;
')
-define(`files_unmount_root_filesystem_depend',`
+define(`files_unmount_root_fs_depend',`
type root_t;
class filesystem unmount;
diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te
index b22386d..dd2bc40 100644
--- a/refpolicy/policy/modules/system/files.te
+++ b/refpolicy/policy/modules/system/files.te
@@ -12,15 +12,15 @@ attribute tmpfsfile;
# match any specification in the file_contexts configuration
# other than the generic /.* specification.
type default_t, file_type, mountpoint;
-filesystem_associate(default_t)
-filesystem_noxattr_associate(default_t)
+fs_associate(default_t)
+fs_noxattr_associate(default_t)
#
# etc_t is the type of the system etc directories.
#
type etc_t, file_type;
-filesystem_associate(etc_t)
-filesystem_noxattr_associate(etc_t)
+fs_associate(etc_t)
+fs_noxattr_associate(etc_t)
#
# etc_runtime_t is the type of various
@@ -28,8 +28,8 @@ filesystem_noxattr_associate(etc_t)
# generated during initialization.
#
type etc_runtime_t, file_type;
-filesystem_associate(etc_runtime_t)
-filesystem_noxattr_associate(etc_runtime_t)
+fs_associate(etc_runtime_t)
+fs_noxattr_associate(etc_runtime_t)
#
# file_t is the default type of a file that has not yet been
@@ -37,9 +37,9 @@ filesystem_noxattr_associate(etc_runtime_t)
# that supports EAs).
#
type file_t, file_type, mountpoint;
-filesystem_associate(file_t)
-filesystem_noxattr_associate(file_t)
-kernel_make_root_filesystem_mountpoint(file_t)
+fs_associate(file_t)
+fs_noxattr_associate(file_t)
+kernel_make_root_fs_mountpoint(file_t)
sid file context_template(system_u:object_r:file_t,s0)
#
@@ -47,98 +47,98 @@ sid file context_template(system_u:object_r:file_t,s0)
# are created
#
type home_root_t, file_type, mountpoint;
-filesystem_associate(home_root_t)
-filesystem_noxattr_associate(home_root_t)
+fs_associate(home_root_t)
+fs_noxattr_associate(home_root_t)
#
# lost_found_t is the type for the lost+found directories.
#
type lost_found_t, file_type;
-filesystem_associate(lost_found_t)
-filesystem_noxattr_associate(lost_found_t)
+fs_associate(lost_found_t)
+fs_noxattr_associate(lost_found_t)
#
# mnt_t is the type for mount points such as /mnt/cdrom
#
type mnt_t, file_type, mountpoint;
-filesystem_associate(mnt_t)
-filesystem_noxattr_associate(mnt_t)
+fs_associate(mnt_t)
+fs_noxattr_associate(mnt_t)
type no_access_t, file_type;
-filesystem_associate(no_access_t)
-filesystem_noxattr_associate(no_access_t)
+fs_associate(no_access_t)
+fs_noxattr_associate(no_access_t)
type poly_t, file_type;
-filesystem_associate(poly_t)
-filesystem_noxattr_associate(poly_t)
+fs_associate(poly_t)
+fs_noxattr_associate(poly_t)
type readable_t, file_type;
-filesystem_associate(readable_t)
-filesystem_noxattr_associate(readable_t)
+fs_associate(readable_t)
+fs_noxattr_associate(readable_t)
#
# root_t is the type for rootfs and the root directory.
#
type root_t, file_type, mountpoint;
-filesystem_associate(root_t)
-filesystem_noxattr_associate(root_t)
+fs_associate(root_t)
+fs_noxattr_associate(root_t)
kernel_read_directory_from(root_t)
-kernel_make_root_filesystem_mountpoint(root_t)
+kernel_make_root_fs_mountpoint(root_t)
genfscon rootfs / context_template(system_u:object_r:root_t,s0)
#
# src_t is the type of files in the system src directories.
#
type src_t, file_type;
-filesystem_associate(src_t)
-filesystem_noxattr_associate(src_t)
+fs_associate(src_t)
+fs_noxattr_associate(src_t)
#
# tmp_t is the type of the temporary directories
#
type tmp_t, file_type, tmpfile, mountpoint;
-filesystem_associate(tmp_t)
-filesystem_noxattr_associate(tmp_t)
+fs_associate(tmp_t)
+fs_noxattr_associate(tmp_t)
#
# usr_t is the type for /usr.
#
type usr_t, file_type, mountpoint;
-filesystem_associate(usr_t)
-filesystem_noxattr_associate(usr_t)
+fs_associate(usr_t)
+fs_noxattr_associate(usr_t)
#
# var_t is the type of /var
#
type var_t, file_type, mountpoint;
-filesystem_associate(var_t)
-filesystem_noxattr_associate(var_t)
+fs_associate(var_t)
+fs_noxattr_associate(var_t)
#
# var_lib_t is the type of /var/lib
#
type var_lib_t, file_type;
-filesystem_associate(var_lib_t)
-filesystem_noxattr_associate(var_lib_t)
+fs_associate(var_lib_t)
+fs_noxattr_associate(var_lib_t)
#
# var_lock_t is tye type of /var/lock
#
type var_lock_t, file_type, lockfile;
-filesystem_associate(var_lock_t)
-filesystem_noxattr_associate(var_lock_t)
+fs_associate(var_lock_t)
+fs_noxattr_associate(var_lock_t)
#
# var_run_t is the type of /var/run, usually
# used for pid and other runtime files.
#
type var_run_t, file_type, pidfile;
-filesystem_associate(var_run_t)
-filesystem_noxattr_associate(var_run_t)
+fs_associate(var_run_t)
+fs_noxattr_associate(var_run_t)
#
# var_spool_t is the type of /var/spool
#
type var_spool_t, file_type;
-filesystem_associate(var_spool_t)
-filesystem_noxattr_associate(var_spool_t)
+fs_associate(var_spool_t)
+fs_noxattr_associate(var_spool_t)
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index 6c9c9de..9835db4 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -45,7 +45,7 @@ allow getty_t getty_log_t:file { getattr append setattr };
kernel_read_hardware_state(getty_t)
# for error condition handling
-filesystem_get_persistent_filesystem_attributes(getty_t)
+fs_get_persistent_fs_attributes(getty_t)
# Chown, chmod, read and write ttys.
terminal_use_all_private_physical_terminals(getty_t)
diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te
index 178c4b6..e788ec5 100644
--- a/refpolicy/policy/modules/system/hostname.te
+++ b/refpolicy/policy/modules/system/hostname.te
@@ -31,7 +31,7 @@ kernel_ignore_use_file_descriptors(hostname_t)
files_read_general_system_config(hostname_t)
files_ignore_search_system_state_data_directory(hostname_t)
-filesystem_get_persistent_filesystem_attributes(hostname_t)
+fs_get_persistent_fs_attributes(hostname_t)
terminal_ignore_use_console(hostname_t)
terminal_use_all_private_physical_terminals(hostname_t)
@@ -55,7 +55,7 @@ miscfiles_read_localization(hostname_t)
userdomain_use_all_users_file_descriptors(hostname_t)
ifdef(`distro_redhat', `
- filesystem_use_tmpfs_character_devices(hostname_t)
+ fs_use_tmpfs_character_devices(hostname_t)
')
ifdef(`targeted_policy', `
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 020d664..9e659fd 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -61,7 +61,7 @@ corenetwork_bind_tcp_on_all_nodes(hotplug_t)
# for SSP
devices_get_pseudorandom_data(hotplug_t)
-filesystem_get_all_filesystems_attributes(hotplug_t)
+fs_get_all_fs_attributes(hotplug_t)
storage_set_fixed_disk_attributes(hotplug_t)
storage_set_removable_device_attributes(hotplug_t)
@@ -112,7 +112,7 @@ ifdef(`distro_redhat', `
optional_policy(`netutils.te', `
# for arping used for static IP addresses on PCMCIA ethernet
netutils_transition(hotplug_t)
- filesystem_use_tmpfs_character_devices(hotplug_t)
+ fs_use_tmpfs_character_devices(hotplug_t)
')
files_get_system_lock_file_attributes(hotplug_t)
')
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 65bb7c9..3837c97 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -42,8 +42,8 @@ type initrc_exec_t;
domain_make_entrypoint_file(initrc_t,initrc_exec_t)
type initrc_devpts_t;
-filesystem_associate(initrc_devpts_t)
-filesystem_noxattr_associate(initrc_devpts_t)
+fs_associate(initrc_devpts_t)
+fs_noxattr_associate(initrc_devpts_t)
terminal_make_pseudoterminal(initrc_devpts_t)
type initrc_var_run_t;
@@ -79,7 +79,7 @@ allow init_t init_var_run_t:file { create getattr read append write setattr unli
files_create_daemon_runtime_data(init_t,init_var_run_t)
allow init_t initctl_t:fifo_file { create getattr read append write setattr unlink };
-filesystem_tmpfs_associate(initctl_t)
+fs_tmpfs_associate(initctl_t)
devices_create_dev_entry(init_t,initctl_t,fifo_file)
# Modify utmp.
@@ -140,8 +140,8 @@ selinux_read_config(init_t)
miscfiles_read_localization(init_t)
ifdef(`distro_redhat',`
- filesystem_use_tmpfs_character_devices(init_t)
- filesystem_create_private_tmpfs_data(init_t,initctl_t,fifo_file)
+ fs_use_tmpfs_character_devices(init_t)
+ fs_create_private_tmpfs_data(init_t,initctl_t,fifo_file)
')
optional_policy(`authlogin.te',`
@@ -228,12 +228,12 @@ devices_remove_lvm_control_channel(initrc_t)
# Wants to remove udev.tbl:
devices_remove_dev_symbolic_links(initrc_t)
-filesystem_register_binary_executable_type(initrc_t)
+fs_register_binary_executable_type(initrc_t)
# cjp: not sure why these are here; should use mount policy
-filesystem_mount_all_filesystems(initrc_t)
-filesystem_unmount_all_filesystems(initrc_t)
-filesystem_remount_all_filesystems(initrc_t)
-filesystem_get_all_filesystems_attributes(initrc_t)
+fs_mount_all_fs(initrc_t)
+fs_unmount_all_fs(initrc_t)
+fs_remount_all_fs(initrc_t)
+fs_get_all_fs_attributes(initrc_t)
storage_get_fixed_disk_attributes(initrc_t)
storage_set_fixed_disk_attributes(initrc_t)
@@ -308,7 +308,7 @@ userdomain_read_all_users_data(initrc_t)
userdomain_use_admin_terminals(initrc_t)
ifdef(`distro_debian', `
- filesystem_create_private_tmpfs_data(initrc_t,initrc_var_run_t,dir)
+ fs_create_private_tmpfs_data(initrc_t,initrc_var_run_t,dir)
')
ifdef(`distro_redhat',`
@@ -336,7 +336,7 @@ ifdef(`distro_redhat',`
storage_raw_read_fixed_disk(initrc_t)
storage_raw_write_fixed_disk(initrc_t)
- filesystem_use_tmpfs_character_devices(initrc_t)
+ fs_use_tmpfs_character_devices(initrc_t)
files_create_boot_flag(initrc_t)
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index 9949f0f..17fbd3f 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -44,7 +44,7 @@ kernel_read_kernel_sysctl(iptables_t)
kernel_read_modprobe_sysctl(iptables_t)
kernel_use_file_descriptors(iptables_t)
-filesystem_get_persistent_filesystem_attributes(iptables_t)
+fs_get_persistent_fs_attributes(iptables_t)
terminal_ignore_use_console(iptables_t)
diff --git a/refpolicy/policy/modules/system/libraries.te b/refpolicy/policy/modules/system/libraries.te
index bb73e2c..004d929 100644
--- a/refpolicy/policy/modules/system/libraries.te
+++ b/refpolicy/policy/modules/system/libraries.te
@@ -60,7 +60,7 @@ allow ldconfig_t { shlib_t texrel_shlib_t }:file { getattr read execute };
kernel_read_system_state(ldconfig_t)
-filesystem_get_persistent_filesystem_attributes(ldconfig_t)
+fs_get_persistent_fs_attributes(ldconfig_t)
domain_use_widely_inheritable_file_descriptors(ldconfig_t)
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index b5b127f..7b24ef8 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -153,7 +153,7 @@ ifdef(`crack.te', `
allow local_login_t mouse_device_t:chr_file { getattr setattr };
-tunable_policy(`targeted_policy',`
+ifdef(`targeted_policy',`
unconfined_domain(local_login_t)
domain_auto_trans(local_login_t, shell_exec_t, unconfined_t)
')
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index beb0e0d..78160b1 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -61,7 +61,7 @@ files_create_daemon_runtime_data(auditd_t,auditd_var_run_t)
kernel_read_kernel_sysctl(auditd_t)
kernel_read_hardware_state(auditd_t)
-filesystem_get_all_filesystems_attributes(auditd_t)
+fs_get_all_fs_attributes(auditd_t)
terminal_ignore_use_console(auditd_t)
@@ -79,7 +79,7 @@ libraries_use_shared_libraries(auditd_t)
miscfiles_read_localization(auditd_t)
-tunable_policy(`targeted_policy', `
+ifdef(`targeted_policy', `
terminal_ignore_use_general_physical_terminal(auditd_t)
terminal_ignore_use_general_pseudoterminal(auditd_t)
files_ignore_read_rootfs_file(auditd_t)
@@ -132,7 +132,7 @@ bootloader_read_kernel_symbol_table(klogd_t)
devices_raw_read_memory(klogd_t)
-filesystem_get_all_filesystems_attributes(klogd_t)
+fs_get_all_fs_attributes(klogd_t)
files_create_daemon_runtime_data(klogd_t,klogd_var_run_t)
files_read_runtime_system_config(klogd_t)
@@ -208,7 +208,7 @@ corenetwork_sendrecv_udp_on_all_ports(syslogd_t)
corenetwork_bind_udp_on_all_nodes(syslogd_t)
corenetwork_bind_udp_on_syslogd_port(syslogd_t)
-filesystem_get_all_filesystems_attributes(syslogd_t)
+fs_get_all_fs_attributes(syslogd_t)
init_use_file_descriptors(syslogd_t)
init_script_use_pseudoterminal(syslogd_t)
@@ -243,7 +243,7 @@ ifdef(`klogd.te', `', `
kernel_change_ring_buffer_level(syslogd_t)
')
-tunable_policy(`targeted_policy', `
+ifdef(`targeted_policy', `
terminal_ignore_use_general_physical_terminal(syslogd_t)
terminal_ignore_use_general_pseudoterminal(syslogd_t)
files_ignore_read_rootfs_file(syslogd_t)
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index a58388f..e070a82 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -99,7 +99,7 @@ devices_ignore_get_generic_block_device_attributes(lvm_t)
devices_ignore_get_generic_pipe_attributes(lvm_t)
terminal_ignore_get_all_private_physical_terminal_attributes(lvm_t)
-filesystem_get_persistent_filesystem_attributes(lvm_t)
+fs_get_persistent_fs_attributes(lvm_t)
# LVM creates block devices in /dev/mapper or /dev/<vg>
# depending on its version
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 1c63c5b..7d16483 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -66,7 +66,7 @@ devices_write_mtrr(insmod_t)
devices_get_pseudorandom_data(insmod_t)
devices_direct_agp_access(insmod_t)
-filesystem_get_persistent_filesystem_attributes(insmod_t)
+fs_get_persistent_fs_attributes(insmod_t)
corecommands_execute_general_programs(insmod_t)
corecommands_execute_system_programs(insmod_t)
@@ -131,7 +131,7 @@ bootloader_create_private_module_dir_entry(depmod_t,modules_dep_t)
kernel_read_system_state(depmod_t)
-filesystem_get_persistent_filesystem_attributes(depmod_t)
+fs_get_persistent_fs_attributes(depmod_t)
terminal_use_console(depmod_t)
@@ -194,7 +194,7 @@ kernel_read_system_state(update_modules_t)
devices_get_pseudorandom_data(update_modules_t)
-filesystem_get_persistent_filesystem_attributes(update_modules_t)
+fs_get_persistent_fs_attributes(update_modules_t)
terminal_use_console(update_modules_t)
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 13d3ab2..8081366 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -31,11 +31,11 @@ storage_raw_write_fixed_disk(mount_t)
storage_raw_read_removable_device(mount_t)
storage_raw_write_removable_device(mount_t)
-filesystem_get_persistent_filesystem_attributes(mount_t)
-filesystem_mount_all_filesystems(mount_t)
-filesystem_unmount_all_filesystems(mount_t)
-filesystem_remount_all_filesystems(mount_t)
-filesystem_relabelfrom_persistent_filesystem(mount_t)
+fs_get_persistent_fs_attributes(mount_t)
+fs_mount_all_fs(mount_t)
+fs_unmount_all_fs(mount_t)
+fs_remount_all_fs(mount_t)
+fs_relabelfrom_persistent_fs(mount_t)
terminal_use_console(mount_t)
@@ -50,11 +50,11 @@ files_create_private_tmp_data(mount_t,mount_tmp_t,{ file dir })
files_read_general_system_config(mount_t)
files_manage_runtime_system_config(mount_t)
files_mount_on_all_mountpoints(mount_t)
-files_unmount_root_filesystem(mount_t)
+files_unmount_root_fs(mount_t)
# These rules need to be generalized. Only admin, initrc should have it:
-files_relabelto_all_file_type_filesystems(mount_t)
-files_mount_all_file_type_filesystems(mount_t)
-files_mount_all_file_type_filesystems(mount_t)
+files_relabelto_all_file_type_fs(mount_t)
+files_mount_all_file_type_fs(mount_t)
+files_mount_all_file_type_fs(mount_t)
init_use_file_descriptors(mount_t)
init_script_use_pseudoterminal(mount_t)
@@ -69,13 +69,13 @@ miscfiles_read_localization(mount_t)
userdomain_use_all_users_file_descriptors(mount_t)
ifdef(`distro_redhat',`
- filesystem_use_tmpfs_character_devices(mount_t)
+ fs_use_tmpfs_character_devices(mount_t)
allow mount_t tmpfs_t:dir mounton;
optional_policy(`authlogin.te',`
authlogin_pam_console_read_runtime_data(mount_t)
# mount config by default sets fscontext=removable_t
- filesystem_relabelfrom_dos_filesystem(mount_t)
+ fs_relabelfrom_dos_fs(mount_t)
')
')
diff --git a/refpolicy/policy/modules/system/selinux.te b/refpolicy/policy/modules/system/selinux.te
index 17a0c37..20d4bd6 100644
--- a/refpolicy/policy/modules/system/selinux.te
+++ b/refpolicy/policy/modules/system/selinux.te
@@ -111,7 +111,7 @@ allow checkpolicy_t policy_src_t:file { getattr read ioctl };
allow checkpolicy_t policy_src_t:lnk_file { getattr read };
allow checkpolicy_t selinux_config_t:dir search;
-filesystem_get_persistent_filesystem_attributes(checkpolicy_t)
+fs_get_persistent_fs_attributes(checkpolicy_t)
terminal_use_console(checkpolicy_t)
@@ -153,7 +153,7 @@ kernel_get_selinuxfs_mount_point(load_policy_t)
kernel_load_selinux_policy(load_policy_t)
kernel_set_selinux_boolean(load_policy_t)
-filesystem_get_persistent_filesystem_attributes(load_policy_t)
+fs_get_persistent_fs_attributes(load_policy_t)
terminal_use_console(load_policy_t)
terminal_list_pseudoterminals(load_policy_t)
@@ -205,7 +205,7 @@ kernel_compute_selinux_reachable_user_contexts(newrole_t)
devices_get_pseudorandom_data(newrole_t)
-filesystem_get_persistent_filesystem_attributes(newrole_t)
+fs_get_persistent_fs_attributes(newrole_t)
terminal_use_all_private_physical_terminals(newrole_t)
terminal_use_all_private_pseudoterminals(newrole_t)
@@ -287,7 +287,7 @@ kernel_compute_selinux_create_context(restorecon_t)
kernel_compute_selinux_relabel_context(restorecon_t)
kernel_compute_selinux_reachable_user_contexts(restorecon_t)
-filesystem_get_persistent_filesystem_attributes(restorecon_t)
+fs_get_persistent_fs_attributes(restorecon_t)
terminal_use_general_physical_terminal(restorecon_t)
@@ -319,10 +319,10 @@ files_read_all_directories(restorecon_t)
authlogin_relabel_to_shadow_passwords(restorecon_t)
ifdef(`distro_redhat', `
-filesystem_use_tmpfs_character_devices(restorecon_t)
-filesystem_use_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_character_devices(restorecon_t)
+fs_use_tmpfs_character_devices(restorecon_t)
+fs_use_tmpfs_block_devices(restorecon_t)
+fs_relabel_tmpfs_block_devices(restorecon_t)
+fs_relabel_tmpfs_character_devices(restorecon_t)
')
ifdef(`TODO',`
@@ -360,7 +360,7 @@ ifdef(`targeted_policy',`',`
# the failed access to the current directory
dontaudit run_init_t self:capability { dac_override dac_read_search };
- filesystem_get_persistent_filesystem_attributes(run_init_t)
+ fs_get_persistent_fs_attributes(run_init_t)
devices_ignore_list_device_nodes(run_init_t)
@@ -420,7 +420,7 @@ kernel_compute_selinux_create_context(setfiles_t)
kernel_compute_selinux_relabel_context(setfiles_t)
kernel_compute_selinux_reachable_user_contexts(setfiles_t)
-filesystem_get_persistent_filesystem_attributes(setfiles_t)
+fs_get_persistent_fs_attributes(setfiles_t)
terminal_use_all_private_physical_terminals(setfiles_t)
terminal_use_all_private_pseudoterminals(setfiles_t)
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 17a0c37..20d4bd6 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -111,7 +111,7 @@ allow checkpolicy_t policy_src_t:file { getattr read ioctl };
allow checkpolicy_t policy_src_t:lnk_file { getattr read };
allow checkpolicy_t selinux_config_t:dir search;
-filesystem_get_persistent_filesystem_attributes(checkpolicy_t)
+fs_get_persistent_fs_attributes(checkpolicy_t)
terminal_use_console(checkpolicy_t)
@@ -153,7 +153,7 @@ kernel_get_selinuxfs_mount_point(load_policy_t)
kernel_load_selinux_policy(load_policy_t)
kernel_set_selinux_boolean(load_policy_t)
-filesystem_get_persistent_filesystem_attributes(load_policy_t)
+fs_get_persistent_fs_attributes(load_policy_t)
terminal_use_console(load_policy_t)
terminal_list_pseudoterminals(load_policy_t)
@@ -205,7 +205,7 @@ kernel_compute_selinux_reachable_user_contexts(newrole_t)
devices_get_pseudorandom_data(newrole_t)
-filesystem_get_persistent_filesystem_attributes(newrole_t)
+fs_get_persistent_fs_attributes(newrole_t)
terminal_use_all_private_physical_terminals(newrole_t)
terminal_use_all_private_pseudoterminals(newrole_t)
@@ -287,7 +287,7 @@ kernel_compute_selinux_create_context(restorecon_t)
kernel_compute_selinux_relabel_context(restorecon_t)
kernel_compute_selinux_reachable_user_contexts(restorecon_t)
-filesystem_get_persistent_filesystem_attributes(restorecon_t)
+fs_get_persistent_fs_attributes(restorecon_t)
terminal_use_general_physical_terminal(restorecon_t)
@@ -319,10 +319,10 @@ files_read_all_directories(restorecon_t)
authlogin_relabel_to_shadow_passwords(restorecon_t)
ifdef(`distro_redhat', `
-filesystem_use_tmpfs_character_devices(restorecon_t)
-filesystem_use_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_character_devices(restorecon_t)
+fs_use_tmpfs_character_devices(restorecon_t)
+fs_use_tmpfs_block_devices(restorecon_t)
+fs_relabel_tmpfs_block_devices(restorecon_t)
+fs_relabel_tmpfs_character_devices(restorecon_t)
')
ifdef(`TODO',`
@@ -360,7 +360,7 @@ ifdef(`targeted_policy',`',`
# the failed access to the current directory
dontaudit run_init_t self:capability { dac_override dac_read_search };
- filesystem_get_persistent_filesystem_attributes(run_init_t)
+ fs_get_persistent_fs_attributes(run_init_t)
devices_ignore_list_device_nodes(run_init_t)
@@ -420,7 +420,7 @@ kernel_compute_selinux_create_context(setfiles_t)
kernel_compute_selinux_relabel_context(setfiles_t)
kernel_compute_selinux_reachable_user_contexts(setfiles_t)
-filesystem_get_persistent_filesystem_attributes(setfiles_t)
+fs_get_persistent_fs_attributes(setfiles_t)
terminal_use_all_private_physical_terminals(setfiles_t)
terminal_use_all_private_pseudoterminals(setfiles_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index f7ad7bd..af58a12 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -107,7 +107,7 @@ corenetwork_bind_udp_on_dhcpc_port(dhcpc_t)
# for SSP
devices_get_pseudorandom_data(dhcpc_t)
-filesystem_get_all_filesystems_attributes(dhcpc_t)
+fs_get_all_fs_attributes(dhcpc_t)
terminal_ignore_use_console(dhcpc_t)
terminal_ignore_use_all_private_physical_terminals(dhcpc_t)
@@ -268,7 +268,7 @@ kernel_read_network_state(ifconfig_t)
kernel_ignore_search_sysctl_dir(ifconfig_t)
kernel_ignore_search_network_sysctl_dir(ifconfig_t)
-filesystem_get_persistent_filesystem_attributes(ifconfig_t)
+fs_get_persistent_fs_attributes(ifconfig_t)
terminal_ignore_use_all_private_physical_terminals(ifconfig_t)
terminal_ignore_use_all_private_pseudoterminals(ifconfig_t)
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 40e2b34..6ce9680 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -79,7 +79,7 @@ kernel_compute_selinux_reachable_user_contexts(udev_t)
devices_manage_device_nodes(udev_t)
-filesystem_get_all_filesystems_attributes(udev_t)
+fs_get_all_fs_attributes(udev_t)
corecommands_execute_general_programs(udev_t)
corecommands_execute_system_programs(udev_t)
@@ -114,8 +114,8 @@ selinux_restorecon_transition(udev_t)
sysnetwork_ifconfig_transition(udev_t)
ifdef(`distro_redhat',`
- filesystem_manage_tmpfs_block_devices(udev_t)
- filesystem_manage_tmpfs_character_devices(udev_t)
+ fs_manage_tmpfs_block_devices(udev_t)
+ fs_manage_tmpfs_character_devices(udev_t)
# for arping used for static IP addresses on PCMCIA ethernet
netutils_transition(udev_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 549520a..5434eb7 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -88,7 +88,7 @@ define(`base_user_domain',`
allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- filesystem_create_private_tmpfs_data($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_create_private_tmpfs_data($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow $1_t $1_tty_device_t:chr_file { setattr getattr read write append ioctl lock };
@@ -136,8 +136,8 @@ define(`base_user_domain',`
devices_get_direct_rendering_interface_attributes($1_t)
devices_ignore_use_direct_rendering_interface($1_t)
- filesystem_get_all_filesystems_quotas($1_t)
- filesystem_get_all_filesystems_attributes($1_t)
+ fs_get_all_fs_quotas($1_t)
+ fs_get_all_fs_attributes($1_t)
# for eject
storage_get_fixed_disk_attributes($1_t)
@@ -180,21 +180,21 @@ define(`base_user_domain',`
}
if (use_nfs_home_dirs) {
- filesystem_manage_nfs_directories($1_t)
- filesystem_manage_nfs_files($1_t)
- filesystem_manage_nfs_symbolic_links($1_t)
- filesystem_manage_nfs_named_sockets($1_t)
- filesystem_manage_nfs_named_pipes($1_t)
- filesystem_execute_nfs_files($1_t)
+ fs_manage_nfs_directories($1_t)
+ fs_manage_nfs_files($1_t)
+ fs_manage_nfs_symbolic_links($1_t)
+ fs_manage_nfs_named_sockets($1_t)
+ fs_manage_nfs_named_pipes($1_t)
+ fs_execute_nfs_files($1_t)
}
if (use_samba_home_dirs) {
- filesystem_manage_windows_network_directories($1_t)
- filesystem_manage_windows_network_files($1_t)
- filesystem_manage_windows_network_symbolic_links($1_t)
- filesystem_manage_windows_network_named_sockets($1_t)
- filesystem_manage_windows_network_named_pipes($1_t)
- filesystem_execute_windows_network_files($1_t)
+ fs_manage_windows_network_directories($1_t)
+ fs_manage_windows_network_files($1_t)
+ fs_manage_windows_network_symbolic_links($1_t)
+ fs_manage_windows_network_named_sockets($1_t)
+ fs_manage_windows_network_named_pipes($1_t)
+ fs_execute_windows_network_files($1_t)
}
if (user_direct_mouse) {
@@ -686,8 +686,8 @@ define(`admin_domain_template',`
devices_get_all_block_device_attributes($1_t)
devices_get_all_character_device_attributes($1_t)
- filesystem_get_all_filesystems_attributes($1_t)
- filesystem_set_all_filesystems_quotas($1_t)
+ fs_get_all_fs_attributes($1_t)
+ fs_set_all_fs_quotas($1_t)
storage_raw_read_removable_device($1_t)
storage_raw_write_removable_device($1_t)
@@ -876,6 +876,29 @@ define(`userdomain_use_admin_terminals_depend',`
')
########################################
+## <interface name="userdomain_dontaudit_use_admin_terminals">
+## <description>
+## Do not audit attempts to use admin ttys and ptys.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="none"/>
+## </interface>
+#
+define(`userdomain_dontaudit_use_admin_terminals',`
+ requires_block_template(`$0'_depend)
+
+ dontaudit $1 admin_terminal:chr_file { read write };
+')
+
+define(`userdomain_dontaudit_use_admin_terminals_depend',`
+ attribute admin_terminal;
+
+ class chr_file { read write };
+')
+
+########################################
## <interface name="userdomain_search_all_users_home_dirs">
## <description>
## Search all users home directories.
More information about the scm-commits
mailing list