[selinux-policy: 1098/3172] rename create verb to filetrans for type transitioning ifs
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:39:43 UTC 2010
commit 9d594986b793e8cc190ec7f77c30f21e85de5234
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Jan 13 21:06:49 2006 +0000
rename create verb to filetrans for type transitioning ifs
refpolicy/Changelog | 6 +-
refpolicy/policy/modules/admin/acct.te | 2 +-
refpolicy/policy/modules/admin/amanda.te | 6 +-
refpolicy/policy/modules/admin/firstboot.te | 6 +-
refpolicy/policy/modules/admin/kudzu.te | 4 +-
refpolicy/policy/modules/admin/logrotate.te | 6 +-
refpolicy/policy/modules/admin/logwatch.te | 2 +-
refpolicy/policy/modules/admin/netutils.te | 2 +-
refpolicy/policy/modules/admin/prelink.te | 4 +-
refpolicy/policy/modules/admin/readahead.te | 2 +-
refpolicy/policy/modules/admin/rpm.te | 12 ++--
refpolicy/policy/modules/admin/usermanage.te | 8 +-
refpolicy/policy/modules/admin/vpn.te | 6 +-
refpolicy/policy/modules/apps/gpg.if | 2 +-
refpolicy/policy/modules/apps/irc.if | 2 +-
refpolicy/policy/modules/apps/java.if | 2 +-
refpolicy/policy/modules/apps/lockdev.if | 2 +-
refpolicy/policy/modules/apps/screen.if | 4 +-
refpolicy/policy/modules/apps/webalizer.te | 4 +-
refpolicy/policy/modules/kernel/bootloader.if | 6 +-
refpolicy/policy/modules/kernel/bootloader.te | 6 +-
refpolicy/policy/modules/kernel/devices.if | 2 +-
refpolicy/policy/modules/kernel/files.if | 64 ++++++++++----------
refpolicy/policy/modules/kernel/filesystem.if | 4 +-
refpolicy/policy/modules/kernel/storage.if | 4 +-
refpolicy/policy/modules/services/apache.if | 2 +-
refpolicy/policy/modules/services/apache.te | 16 +++---
refpolicy/policy/modules/services/apm.te | 10 ++--
refpolicy/policy/modules/services/arpwatch.te | 4 +-
refpolicy/policy/modules/services/automount.te | 10 ++--
refpolicy/policy/modules/services/avahi.te | 2 +-
refpolicy/policy/modules/services/bind.te | 6 +-
refpolicy/policy/modules/services/bluetooth.te | 10 ++--
refpolicy/policy/modules/services/canna.te | 6 +-
refpolicy/policy/modules/services/comsat.te | 4 +-
refpolicy/policy/modules/services/cron.te | 10 ++--
refpolicy/policy/modules/services/cups.te | 22 ++++----
refpolicy/policy/modules/services/cvs.te | 4 +-
refpolicy/policy/modules/services/cyrus.te | 6 +-
refpolicy/policy/modules/services/dbskk.te | 4 +-
refpolicy/policy/modules/services/dbus.if | 2 +-
refpolicy/policy/modules/services/dbus.te | 4 +-
refpolicy/policy/modules/services/dhcp.te | 6 +-
refpolicy/policy/modules/services/distcc.te | 6 +-
refpolicy/policy/modules/services/dovecot.te | 2 +-
refpolicy/policy/modules/services/fetchmail.te | 4 +-
refpolicy/policy/modules/services/finger.te | 4 +-
refpolicy/policy/modules/services/ftp.te | 12 ++--
refpolicy/policy/modules/services/gpm.te | 6 +-
refpolicy/policy/modules/services/hal.te | 4 +-
refpolicy/policy/modules/services/howl.te | 2 +-
refpolicy/policy/modules/services/i18n_input.te | 2 +-
refpolicy/policy/modules/services/inetd.te | 10 ++--
refpolicy/policy/modules/services/inn.te | 6 +-
refpolicy/policy/modules/services/irqbalance.te | 2 +-
refpolicy/policy/modules/services/kerberos.te | 12 ++--
refpolicy/policy/modules/services/ktalk.te | 4 +-
refpolicy/policy/modules/services/ldap.te | 6 +-
refpolicy/policy/modules/services/lpd.te | 8 +-
refpolicy/policy/modules/services/mailman.if | 6 +-
refpolicy/policy/modules/services/mta.if | 8 +-
refpolicy/policy/modules/services/mta.te | 6 +-
refpolicy/policy/modules/services/mysql.te | 8 +-
.../policy/modules/services/networkmanager.te | 4 +-
refpolicy/policy/modules/services/nis.te | 10 ++--
refpolicy/policy/modules/services/nscd.te | 4 +-
refpolicy/policy/modules/services/ntp.te | 6 +-
refpolicy/policy/modules/services/openct.te | 2 +-
refpolicy/policy/modules/services/pegasus.te | 4 +-
refpolicy/policy/modules/services/portmap.te | 6 +-
refpolicy/policy/modules/services/postfix.if | 4 +-
refpolicy/policy/modules/services/postfix.te | 4 +-
refpolicy/policy/modules/services/postgresql.te | 12 ++--
refpolicy/policy/modules/services/ppp.te | 14 ++--
refpolicy/policy/modules/services/privoxy.te | 4 +-
refpolicy/policy/modules/services/radius.te | 4 +-
refpolicy/policy/modules/services/radvd.te | 2 +-
refpolicy/policy/modules/services/remotelogin.te | 2 +-
refpolicy/policy/modules/services/rlogin.te | 4 +-
refpolicy/policy/modules/services/roundup.te | 4 +-
refpolicy/policy/modules/services/rpc.te | 4 +-
refpolicy/policy/modules/services/rsync.te | 4 +-
refpolicy/policy/modules/services/samba.te | 18 +++---
refpolicy/policy/modules/services/sasl.te | 2 +-
refpolicy/policy/modules/services/sendmail.if | 2 +-
refpolicy/policy/modules/services/sendmail.te | 6 +-
refpolicy/policy/modules/services/slrnpull.te | 4 +-
refpolicy/policy/modules/services/smartmon.te | 4 +-
refpolicy/policy/modules/services/snmp.te | 10 ++--
refpolicy/policy/modules/services/spamassassin.if | 4 +-
refpolicy/policy/modules/services/spamassassin.te | 4 +-
refpolicy/policy/modules/services/squid.te | 4 +-
refpolicy/policy/modules/services/ssh.if | 4 +-
refpolicy/policy/modules/services/ssh.te | 4 +-
refpolicy/policy/modules/services/stunnel.te | 4 +-
refpolicy/policy/modules/services/sysstat.te | 2 +-
refpolicy/policy/modules/services/tcpd.te | 2 +-
refpolicy/policy/modules/services/telnet.te | 4 +-
refpolicy/policy/modules/services/tftp.te | 2 +-
refpolicy/policy/modules/services/timidity.te | 2 +-
refpolicy/policy/modules/services/uucp.te | 6 +-
refpolicy/policy/modules/services/xdm.te | 8 +-
refpolicy/policy/modules/services/xfs.te | 6 +-
refpolicy/policy/modules/services/zebra.te | 6 +-
refpolicy/policy/modules/system/authlogin.if | 8 +-
refpolicy/policy/modules/system/authlogin.te | 2 +-
refpolicy/policy/modules/system/fstools.te | 2 +-
refpolicy/policy/modules/system/getty.te | 10 ++--
refpolicy/policy/modules/system/hotplug.te | 2 +-
refpolicy/policy/modules/system/init.if | 2 +-
refpolicy/policy/modules/system/init.te | 12 ++--
refpolicy/policy/modules/system/ipsec.te | 10 ++--
refpolicy/policy/modules/system/iptables.te | 4 +-
refpolicy/policy/modules/system/libraries.te | 2 +-
refpolicy/policy/modules/system/locallogin.te | 4 +-
refpolicy/policy/modules/system/logging.if | 4 +-
refpolicy/policy/modules/system/logging.te | 18 +++---
refpolicy/policy/modules/system/lvm.te | 10 ++--
refpolicy/policy/modules/system/modutils.te | 8 +-
refpolicy/policy/modules/system/mount.te | 2 +-
refpolicy/policy/modules/system/pcmcia.te | 8 +-
refpolicy/policy/modules/system/raid.te | 2 +-
refpolicy/policy/modules/system/sysnetwork.if | 7 +-
refpolicy/policy/modules/system/sysnetwork.te | 6 +-
refpolicy/policy/modules/system/udev.te | 4 +-
refpolicy/policy/modules/system/userdomain.if | 12 ++--
refpolicy/policy/modules/system/userdomain.te | 2 +-
127 files changed, 381 insertions(+), 380 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 0b875c1..65fde0a 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,5 +1,7 @@
-- Fix expansion of interfaces from disabled
- modules.
+- Rename file type transition interfaces verb from create to
+ filetrans to differentiate it from create interfaces without
+ type transitions.
+- Fix expansion of interfaces from disabled modules.
- Rsync can be long running from init,
added rules to allow this.
- Add polyinstantiation build option.
diff --git a/refpolicy/policy/modules/admin/acct.te b/refpolicy/policy/modules/admin/acct.te
index 198e212..e632a4a 100644
--- a/refpolicy/policy/modules/admin/acct.te
+++ b/refpolicy/policy/modules/admin/acct.te
@@ -80,7 +80,7 @@ ifdef(`targeted_policy',`
optional_policy(`cron',`
optional_policy(`authlogin',`
# for monthly cron job
- auth_create_login_records(acct_t)
+ auth_filetrans_login_records(acct_t)
auth_manage_login_records(acct_t)
')
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index b951681..ded070f 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -116,11 +116,11 @@ allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
allow amanda_t amanda_log_t:file create_file_perms;
allow amanda_t amanda_log_t:dir { rw_dir_perms setattr };
-logging_create_log(amanda_t,amanda_log_t,{ file dir })
+logging_filetrans_log(amanda_t,amanda_log_t,{ file dir })
allow amanda_t amanda_tmp_t:dir create_dir_perms;
allow amanda_t amanda_tmp_t:file create_file_perms;
-files_create_tmp_files(amanda_t, amanda_tmp_t, { file dir })
+files_filetrans_tmp(amanda_t, amanda_tmp_t, { file dir })
kernel_read_system_state(amanda_t)
kernel_read_kernel_sysctl(amanda_t)
@@ -213,7 +213,7 @@ allow amanda_recover_t amanda_tmp_t:file create_file_perms;
allow amanda_recover_t amanda_tmp_t:lnk_file create_lnk_perms;
allow amanda_recover_t amanda_tmp_t:sock_file create_file_perms;
allow amanda_recover_t amanda_tmp_t:fifo_file create_file_perms;
-files_create_tmp_files(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file })
+files_filetrans_tmp(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file })
kernel_read_system_state(amanda_recover_t)
kernel_read_kernel_sysctl(amanda_recover_t)
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index e2bab19..634a025 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -40,7 +40,7 @@ allow firstboot_t firstboot_etc_t:file { getattr read };
allow firstboot_t firstboot_rw_t:dir create_dir_perms;
allow firstboot_t firstboot_rw_t:file create_file_perms;
-files_create_etc_config(firstboot_t,firstboot_rw_t,file)
+files_filetrans_etc(firstboot_t,firstboot_rw_t,file)
# The big hammer
unconfined_domain_template(firstboot_t)
@@ -99,9 +99,9 @@ modutils_read_module_conf(firstboot_t)
modutils_read_mods_deps(firstboot_t)
# Add/remove user home directories
-userdom_create_generic_user_home_dir(firstboot_t)
+userdom_filetrans_generic_user_home_dir(firstboot_t)
userdom_manage_generic_user_home_dir(firstboot_t)
-userdom_create_generic_user_home(firstboot_t,{ dir file lnk_file fifo_file sock_file })
+userdom_filetrans_generic_user_home(firstboot_t,{ dir file lnk_file fifo_file sock_file })
userdom_manage_generic_user_home_dirs(firstboot_t)
userdom_manage_generic_user_home_files(firstboot_t)
userdom_manage_generic_user_home_symlinks(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/kudzu.te b/refpolicy/policy/modules/admin/kudzu.te
index 8151576..3fbcee3 100644
--- a/refpolicy/policy/modules/admin/kudzu.te
+++ b/refpolicy/policy/modules/admin/kudzu.te
@@ -32,11 +32,11 @@ allow kudzu_t self:udp_socket { create ioctl };
allow kudzu_t kudzu_tmp_t:dir create_file_perms;
allow kudzu_t kudzu_tmp_t:{ file chr_file } create_file_perms;
-files_create_tmp_files(kudzu_t, kudzu_tmp_t, { file dir chr_file })
+files_filetrans_tmp(kudzu_t, kudzu_tmp_t, { file dir chr_file })
allow kudzu_t kudzu_var_run_t:file create_file_perms;
allow kudzu_t kudzu_var_run_t:dir create_dir_perms;
-files_create_pid(kudzu_t,kudzu_var_run_t)
+files_filetrans_pid(kudzu_t,kudzu_var_run_t)
kernel_change_ring_buffer_level(kudzu_t)
kernel_list_proc(kudzu_t)
diff --git a/refpolicy/policy/modules/admin/logrotate.te b/refpolicy/policy/modules/admin/logrotate.te
index 6343040..3356ccf 100644
--- a/refpolicy/policy/modules/admin/logrotate.te
+++ b/refpolicy/policy/modules/admin/logrotate.te
@@ -51,18 +51,18 @@ allow logrotate_t self:msgq create_msgq_perms;
allow logrotate_t self:msg { send receive };
allow logrotate_t logrotate_lock_t:file create_file_perms;
-files_create_lock(logrotate_t,logrotate_lock_t)
+files_filetrans_lock(logrotate_t,logrotate_lock_t)
can_exec(logrotate_t, logrotate_tmp_t)
allow logrotate_t logrotate_tmp_t:dir create_dir_perms;
allow logrotate_t logrotate_tmp_t:file create_file_perms;
-files_create_tmp_files(logrotate_t, logrotate_tmp_t, { file dir })
+files_filetrans_tmp(logrotate_t, logrotate_tmp_t, { file dir })
# for /var/lib/logrotate.status and /var/lib/logcheck
allow logrotate_t logrotate_var_lib_t:dir { create rw_dir_perms };
allow logrotate_t logrotate_var_lib_t:file create_file_perms;
-files_create_var_lib(logrotate_t, logrotate_var_lib_t)
+files_filetrans_var_lib(logrotate_t, logrotate_var_lib_t)
kernel_read_system_state(logrotate_t)
kernel_read_kernel_sysctl(logrotate_t)
diff --git a/refpolicy/policy/modules/admin/logwatch.te b/refpolicy/policy/modules/admin/logwatch.te
index 886bf37..c03ddbd 100644
--- a/refpolicy/policy/modules/admin/logwatch.te
+++ b/refpolicy/policy/modules/admin/logwatch.te
@@ -32,7 +32,7 @@ allow logwatch_t logwatch_cache_t:file create_file_perms;
allow logwatch_t logwatch_tmp_t:dir create_dir_perms;
allow logwatch_t logwatch_tmp_t:file create_file_perms;
-files_create_tmp_files(logwatch_t, logwatch_tmp_t, { file dir })
+files_filetrans_tmp(logwatch_t, logwatch_tmp_t, { file dir })
kernel_read_fs_sysctl(logwatch_t)
kernel_read_kernel_sysctl(logwatch_t)
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 7f9b295..39536df 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -39,7 +39,7 @@ allow netutils_t self:tcp_socket create_stream_socket_perms;
allow netutils_t netutils_tmp_t:dir create_dir_perms;
allow netutils_t netutils_tmp_t:file create_file_perms;
-files_create_tmp_files(netutils_t, netutils_tmp_t, { file dir })
+files_filetrans_tmp(netutils_t, netutils_tmp_t, { file dir })
kernel_search_proc(netutils_t)
diff --git a/refpolicy/policy/modules/admin/prelink.te b/refpolicy/policy/modules/admin/prelink.te
index 91c5f86..b5f4b1f 100644
--- a/refpolicy/policy/modules/admin/prelink.te
+++ b/refpolicy/policy/modules/admin/prelink.te
@@ -27,12 +27,12 @@ allow prelink_t self:process { execheap execmem execstack };
allow prelink_t self:fifo_file rw_file_perms;
allow prelink_t prelink_cache_t:file manage_file_perms;
-files_create_etc_config(prelink_t, prelink_cache_t, file)
+files_filetrans_etc(prelink_t, prelink_cache_t, file)
allow prelink_t prelink_log_t:dir { setattr rw_dir_perms };
allow prelink_t prelink_log_t:file { create ra_file_perms };
allow prelink_t prelink_log_t:lnk_file read;
-logging_create_log(prelink_t, prelink_log_t)
+logging_filetrans_log(prelink_t, prelink_log_t)
# prelink misc objects that are not system
# libraries or entrypoints
diff --git a/refpolicy/policy/modules/admin/readahead.te b/refpolicy/policy/modules/admin/readahead.te
index 505b153..2bf7ddf 100644
--- a/refpolicy/policy/modules/admin/readahead.te
+++ b/refpolicy/policy/modules/admin/readahead.te
@@ -23,7 +23,7 @@ allow readahead_t self:process signal_perms;
allow readahead_t readahead_var_run_t:file create_file_perms;
allow readahead_t readahead_var_run_t:dir rw_dir_perms;
-files_create_pid(readahead_t,readahead_var_run_t)
+files_filetrans_pid(readahead_t,readahead_var_run_t)
kernel_read_kernel_sysctl(readahead_t)
kernel_read_system_state(readahead_t)
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index a47f16b..2fde59e 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -73,19 +73,19 @@ allow rpm_t self:file rw_file_perms;;
allow rpm_t rpm_tmp_t:dir create_dir_perms;
allow rpm_t rpm_tmp_t:file create_file_perms;
-files_create_tmp_files(rpm_t, rpm_tmp_t, { file dir })
+files_filetrans_tmp(rpm_t, rpm_tmp_t, { file dir })
allow rpm_t rpm_tmpfs_t:dir create_dir_perms;
allow rpm_t rpm_tmpfs_t:file create_file_perms;
allow rpm_t rpm_tmpfs_t:lnk_file create_file_perms;
allow rpm_t rpm_tmpfs_t:sock_file create_file_perms;
allow rpm_t rpm_tmpfs_t:fifo_file create_file_perms;
-fs_create_tmpfs_data(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_filetrans_tmpfs(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# Access /var/lib/rpm files
allow rpm_t rpm_var_lib_t:file create_file_perms;
allow rpm_t rpm_var_lib_t:dir rw_dir_perms;
-files_create_var_lib(rpm_t,rpm_var_lib_t,dir)
+files_filetrans_var_lib(rpm_t,rpm_var_lib_t,dir)
kernel_read_system_state(rpm_t)
kernel_read_kernel_sysctl(rpm_t)
@@ -184,7 +184,7 @@ ifdef(`targeted_policy',`
# conflicts since rpm_t is an alias of
# unconfined in the targeted policy
allow rpm_t rpm_log_t:file create_file_perms;
- logging_create_log(rpm_t,rpm_log_t)
+ logging_filetrans_log(rpm_t,rpm_log_t)
')
optional_policy(`cron',`
@@ -240,14 +240,14 @@ allow rpm_script_t rpm_tmp_t:file r_file_perms;
allow rpm_script_t rpm_script_tmp_t:dir mounton;
allow rpm_script_t rpm_script_tmp_t:dir create_dir_perms;
allow rpm_script_t rpm_script_tmp_t:file create_file_perms;
-files_create_tmp_files(rpm_script_t, rpm_script_tmp_t, { file dir })
+files_filetrans_tmp(rpm_script_t, rpm_script_tmp_t, { file dir })
allow rpm_script_t rpm_script_tmpfs_t:dir create_dir_perms;
allow rpm_script_t rpm_script_tmpfs_t:file create_file_perms;
allow rpm_script_t rpm_script_tmpfs_t:lnk_file create_lnk_perms;
allow rpm_script_t rpm_script_tmpfs_t:sock_file create_file_perms;
allow rpm_script_t rpm_script_tmpfs_t:fifo_file create_file_perms;
-fs_create_tmpfs_data(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_filetrans_tmpfs(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow rpm_t rpm_script_t:fd use;
allow rpm_script_t rpm_t:fd use;
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 0316748..c4bf881 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -155,7 +155,7 @@ files_search_var(crack_t)
allow crack_t crack_tmp_t:dir create_dir_perms;
allow crack_t crack_tmp_t:file create_file_perms;
-files_create_tmp_files(crack_t, crack_tmp_t, { file dir })
+files_filetrans_tmp(crack_t, crack_tmp_t, { file dir })
kernel_read_system_state(crack_t)
@@ -369,7 +369,7 @@ allow sysadm_passwd_t self:msg { send receive };
# allow vipw to create temporary files under /var/tmp/vi.recover
allow sysadm_passwd_t sysadm_passwd_tmp_t:dir create_dir_perms;
allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
-files_create_tmp_files(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
+files_filetrans_tmp(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
files_search_var(sysadm_passwd_t)
kernel_read_kernel_sysctl(sysadm_passwd_t)
@@ -502,9 +502,9 @@ userdom_use_unpriv_users_fd(useradd_t)
# for when /root is the cwd
userdom_dontaudit_search_sysadm_home_dir(useradd_t)
# Add/remove user home directories
-userdom_create_generic_user_home_dir(useradd_t)
+userdom_filetrans_generic_user_home_dir(useradd_t)
userdom_manage_generic_user_home_dir(useradd_t)
-userdom_create_generic_user_home(useradd_t,notdevfile_class_set)
+userdom_filetrans_generic_user_home(useradd_t,notdevfile_class_set)
mta_manage_spool(useradd_t)
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index e5c5172..cc8544d 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -37,11 +37,11 @@ allow vpnc_t self:socket create_socket_perms;
allow vpnc_t vpnc_tmp_t:dir create_dir_perms;
allow vpnc_t vpnc_tmp_t:file create_file_perms;
-files_create_tmp_files(vpnc_t, vpnc_tmp_t, { file dir })
+files_filetrans_tmp(vpnc_t, vpnc_tmp_t, { file dir })
allow vpnc_t vpnc_var_run_t:file create_file_perms;
allow vpnc_t vpnc_var_run_t:dir rw_dir_perms;
-files_create_pid(vpnc_t,vpnc_var_run_t)
+files_filetrans_pid(vpnc_t,vpnc_var_run_t)
kernel_read_system_state(vpnc_t)
kernel_read_network_state(vpnc_t)
@@ -96,7 +96,7 @@ miscfiles_read_localization(vpnc_t)
seutil_dontaudit_search_config(vpnc_t)
sysnet_exec_ifconfig(vpnc_t)
-sysnet_create_config(vpnc_t)
+sysnet_filetrans_config(vpnc_t)
sysnet_manage_config(vpnc_t)
userdom_use_all_user_fd(vpnc_t)
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 3495ef0..9899d03 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -238,7 +238,7 @@ template(`gpg_per_userdomain_template',`
allow $2 $1_gpg_agent_tmp_t:dir create_dir_perms;
allow $2 $1_gpg_agent_tmp_t:file create_file_perms;
allow $2 $1_gpg_agent_tmp_t:sock_file create_file_perms;
- files_create_tmp_files($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir })
+ files_filetrans_tmp($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir })
corecmd_search_bin($1_gpg_agent_t)
diff --git a/refpolicy/policy/modules/apps/irc.if b/refpolicy/policy/modules/apps/irc.if
index 2eb7109..54dfd75 100644
--- a/refpolicy/policy/modules/apps/irc.if
+++ b/refpolicy/policy/modules/apps/irc.if
@@ -70,7 +70,7 @@ template(`irc_per_userdomain_template',`
allow $1_irc_t $1_tmp_t:lnk_file create_lnk_perms;
allow $1_irc_t $1_tmp_t:sock_file create_file_perms;
allow $1_irc_t $1_tmp_t:fifo_file create_file_perms;
- files_create_tmp_files($1_irc_t,$1_tmp_t,{ file dir lnk_file sock_file fifo_file })
+ files_filetrans_tmp($1_irc_t,$1_tmp_t,{ file dir lnk_file sock_file fifo_file })
# Transition from the user domain to the derived domain.
domain_auto_trans($2,irc_exec_t,$1_irc_t)
diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if
index 7e146c7..213f514 100644
--- a/refpolicy/policy/modules/apps/java.if
+++ b/refpolicy/policy/modules/apps/java.if
@@ -59,7 +59,7 @@ template(`java_per_userdomain_template',`
allow $1_javaplugin_t $1_javaplugin_tmp_t:dir create_dir_perms;
allow $1_javaplugin_t $1_javaplugin_tmp_t:file create_file_perms;
- files_create_tmp_files($1_javaplugin_t,$1_javaplugin_tmp_t,{ file dir })
+ files_filetrans_tmp($1_javaplugin_t,$1_javaplugin_tmp_t,{ file dir })
# cjp: rw_dir_perms here doesnt make sense
allow $1_javaplugin_t $1_home_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/apps/lockdev.if b/refpolicy/policy/modules/apps/lockdev.if
index 2e4e8ca..009db0f 100644
--- a/refpolicy/policy/modules/apps/lockdev.if
+++ b/refpolicy/policy/modules/apps/lockdev.if
@@ -62,7 +62,7 @@ template(`lockdev_per_userdomain_template',`
allow $1_lockdev_t $2:process sigchld;
allow $1_lockdev_t $1_lockdev_lock_t:file create_file_perms;
- files_create_lock($1_lockdev_t,$1_lockdev_lock_t)
+ files_filetrans_lock($1_lockdev_t,$1_lockdev_lock_t)
files_read_all_locks($1_lockdev_t)
diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if
index 51a6e14..d49aac3 100644
--- a/refpolicy/policy/modules/apps/screen.if
+++ b/refpolicy/policy/modules/apps/screen.if
@@ -68,14 +68,14 @@ template(`screen_per_userdomain_template',`
allow $1_screen_t $1_screen_tmp_t:dir create_dir_perms;
allow $1_screen_t $1_screen_tmp_t:file create_file_perms;
allow $1_screen_t $1_screen_tmp_t:fifo_file create_file_perms;
- files_create_tmp_files($1_screen_t, $1_screen_tmp_t, { file dir })
+ files_filetrans_tmp($1_screen_t, $1_screen_tmp_t, { file dir })
# Create fifo
allow $1_screen_t screen_dir_t:dir rw_dir_perms;
allow $1_screen_t screen_dir_t:dir create_dir_perms;
allow $1_screen_t $1_screen_var_run_t:fifo_file create_file_perms;
type_transition $1_screen_t screen_dir_t:fifo_file $1_screen_var_run_t;
- files_create_pid($1_screen_t,screen_dir_t,dir)
+ files_filetrans_pid($1_screen_t,screen_dir_t,dir)
allow $1_screen_t $1_screen_ro_home_t:dir r_dir_perms;
allow $1_screen_t $1_screen_ro_home_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index 3cea361..70704c3 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -50,11 +50,11 @@ allow webalizer_t webalizer_etc_t:file { getattr read };
allow webalizer_t webalizer_tmp_t:dir create_dir_perms;
allow webalizer_t webalizer_tmp_t:file create_file_perms;
-files_create_tmp_files(webalizer_t, webalizer_tmp_t, { file dir })
+files_filetrans_tmp(webalizer_t, webalizer_tmp_t, { file dir })
allow webalizer_t webalizer_var_lib_t:file create_file_perms;
allow webalizer_t webalizer_var_lib_t:dir rw_dir_perms;
-files_create_var_lib(webalizer_t,webalizer_var_lib_t)
+files_filetrans_var_lib(webalizer_t,webalizer_var_lib_t)
kernel_read_kernel_sysctl(webalizer_t)
kernel_read_system_state(webalizer_t)
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index 7e8b198..721402e 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -138,7 +138,7 @@ interface(`bootloader_rw_boot_symlinks',`
## The type of the process performing this action.
## </param>
#
-interface(`bootloader_create_kernel',`
+interface(`bootloader_create_kernel_img',`
gen_require(`
type boot_t;
')
@@ -399,9 +399,9 @@ interface(`bootloader_manage_kernel_modules',`
########################################
#
-# bootloader_create_modules(domain,privatetype,[class(es)])
+# bootloader_filetrans_modules(domain,privatetype,[class(es)])
#
-interface(`bootloader_create_modules',`
+interface(`bootloader_filetrans_modules',`
gen_require(`
type modules_object_t;
')
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index d907f50..2a792b7 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -80,16 +80,16 @@ allow bootloader_t boot_t:lnk_file create_lnk_perms;
allow bootloader_t bootloader_etc_t:file r_file_perms;
# uncomment the following lines if you use "lilo -p"
#allow bootloader_t bootloader_etc_t:file { create ioctl read getattr lock write setattr append link unlink rename };
-#files_create_etc_config(bootloader_t,bootloader_etc_t)
+#files_filetrans_etc(bootloader_t,bootloader_etc_t)
allow bootloader_t bootloader_tmp_t:dir create_dir_perms;
allow bootloader_t bootloader_tmp_t:file create_file_perms;
allow bootloader_t bootloader_tmp_t:chr_file create_file_perms;
allow bootloader_t bootloader_tmp_t:blk_file create_file_perms;
allow bootloader_t bootloader_tmp_t:lnk_file create_lnk_perms;
-files_create_tmp_files(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
+files_filetrans_tmp(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
-files_create_root(bootloader_t,bootloader_tmp_t)
+files_filetrans_root(bootloader_t,bootloader_tmp_t)
allow bootloader_t modules_object_t:dir r_dir_perms;
allow bootloader_t modules_object_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 83e5dc2..7f65d38 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -484,7 +484,7 @@ interface(`dev_manage_generic_chr_file',`
## the transition will occur.
## </param>
#
-interface(`dev_create_dev_node',`
+interface(`dev_filetrans_dev_node',`
gen_require(`
type device_t;
')
diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if
index 30720ec..4f6c9f4 100644
--- a/refpolicy/policy/modules/kernel/files.if
+++ b/refpolicy/policy/modules/kernel/files.if
@@ -952,23 +952,20 @@ interface(`files_list_root',`
########################################
## <summary>
## Create an object in the root directory, with a private
-## type. If no object class is specified, the
-## default is file.
+## type.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## <param name="private type" optional="true">
-## The type of the object to be created. If no type
-## is specified, the type of the root directory will
-## be used.
+## <param name="private type">
+## The type of the object to be created.
## </param>
## <param name="object" optional="true">
## The object class of the object being created. If
## no class is specified, file will be used.
## </param>
#
-interface(`files_create_root',`
+interface(`files_filetrans_root',`
gen_require(`
type root_t;
class dir create_dir_perms;
@@ -977,17 +974,9 @@ interface(`files_create_root',`
allow $1 root_t:dir rw_dir_perms;
ifelse(`$3',`',`
- ifelse(`$2',`',`
- allow $1 root_t:file create_file_perms;
- ',`
- type_transition $1 root_t:file $2;
- ')
+ type_transition $1 root_t:file $2;
',`
- ifelse(`$2',`',`
- allow $1 root_t:$3 create_file_perms;
- ',`
- type_transition $1 root_t:$3 $2;
- ')
+ type_transition $1 root_t:$3 $2;
')
')
@@ -1501,9 +1490,9 @@ interface(`files_manage_etc_runtime_files',`
########################################
#
-# files_create_etc_config(domain,privatetype,[class(es)])
+# files_filetrans_etc(domain,privatetype,[class(es)])
#
-interface(`files_create_etc_config',`
+interface(`files_filetrans_etc',`
gen_require(`
type etc_t;
class dir rw_dir_perms;
@@ -1847,23 +1836,32 @@ interface(`files_list_home',`
########################################
## <summary>
-## Create home directories
+## Create objects in /home.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
## <param name="home_type">
-## The type of the home directory
+## The private type.
+## </param>
+## <param name="object" optional="true">
+## The object class of the object being created. If
+## no class is specified, dir will be used.
## </param>
#
-interface(`files_create_home_dirs',`
+interface(`files_filetrans_home',`
gen_require(`
type home_root_t;
- class dir rw_dir_perms;
')
allow $1 home_root_t:dir rw_dir_perms;
- type_transition $1 home_root_t:dir $2;
+
+ ifelse(`$3',`',`
+ type_transition $1 home_root_t:dir $2;
+ ',`
+ type_transition $1 home_root_t:$3 $2;
+ ')
+
')
########################################
@@ -2245,9 +2243,9 @@ interface(`files_setattr_all_tmp_dirs',`
########################################
#
-# files_create_tmp_files(domain,private_type,[object class(es)])
+# files_filetrans_tmp(domain,private_type,[object class(es)])
#
-interface(`files_create_tmp_files',`
+interface(`files_filetrans_tmp',`
gen_require(`
type tmp_t;
class dir rw_dir_perms;
@@ -2412,7 +2410,7 @@ interface(`files_read_usr_symlinks',`
## The object class. If not specified, file is used.
## </param>
#
-interface(`files_create_usr',`
+interface(`files_filetrans_usr',`
gen_require(`
type usr_t;
class dir rw_dir_perms;
@@ -2640,7 +2638,7 @@ interface(`files_manage_var_symlinks',`
## The object class. If not specified, file is used.
## </param>
#
-interface(`files_create_var',`
+interface(`files_filetrans_var',`
gen_require(`
type var_t;
class dir rw_dir_perms;
@@ -2737,7 +2735,7 @@ interface(`files_list_var_lib',`
## The object class. If not specified, file is used.
## </param>
#
-interface(`files_create_var_lib',`
+interface(`files_filetrans_var_lib',`
gen_require(`
type var_t, var_lib_t;
class dir rw_dir_perms;
@@ -2934,9 +2932,9 @@ interface(`files_read_all_locks',`
########################################
#
-# files_create_lock(domain,private_type,[object class(es)])
+# files_filetrans_lock(domain,private_type,[object class(es)])
#
-interface(`files_create_lock',`
+interface(`files_filetrans_lock',`
gen_require(`
type var_t, var_lock_t;
class dir rw_dir_perms;
@@ -3016,9 +3014,9 @@ interface(`files_list_pids',`
########################################
#
-# files_create_pid(domain,pidfile,[object class(es)])
+# files_filetrans_pid(domain,pidfile,[object class(es)])
#
-interface(`files_create_pid',`
+interface(`files_filetrans_pid',`
gen_require(`
type var_t, var_run_t;
class dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 8e71d3c..ccf9265 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -2191,9 +2191,9 @@ interface(`fs_manage_tmpfs_dirs',`
########################################
#
-# fs_create_tmpfs_data(domain,derivedtype,[class])
+# fs_filetrans_tmpfs(domain,derivedtype,[class])
#
-interface(`fs_create_tmpfs_data',`
+interface(`fs_filetrans_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem associate;
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index c6c34fb..54c0cf8 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -152,7 +152,7 @@ interface(`storage_create_fixed_disk',`
')
allow $1 fixed_disk_device_t:blk_file create_file_perms;
- dev_create_dev_node($1,fixed_disk_device_t,blk_file)
+ dev_filetrans_dev_node($1,fixed_disk_device_t,blk_file)
typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
')
@@ -192,7 +192,7 @@ interface(`storage_create_fixed_disk_tmpfs',`
')
allow $1 fixed_disk_device_t:blk_file create_file_perms;
- fs_create_tmpfs_data($1,fixed_disk_device_t,blk_file)
+ fs_filetrans_tmpfs($1,fixed_disk_device_t,blk_file)
typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
')
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index 6748e10..93d0da3 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -82,7 +82,7 @@ template(`apache_content_template',`
allow httpd_$1_script_t httpd_$1_script_rw_t:lnk_file create_lnk_perms;
allow httpd_$1_script_t httpd_$1_script_rw_t:sock_file create_file_perms;
allow httpd_$1_script_t httpd_$1_script_rw_t:fifo_file create_file_perms;
- files_create_tmp_files(httpd_$1_script_t,httpd_$1_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+ files_filetrans_tmp(httpd_$1_script_t,httpd_$1_script_rw_t,{ dir file lnk_file sock_file fifo_file })
kernel_dontaudit_search_sysctl(httpd_$1_script_t)
kernel_dontaudit_search_kernel_sysctl(httpd_$1_script_t)
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index 32b7be4..0dcf3a2 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -166,14 +166,14 @@ allow httpd_t httpd_config_t:lnk_file { getattr read };
can_exec(httpd_t, httpd_exec_t)
allow httpd_t httpd_lock_t:file create_file_perms;
-files_create_lock(httpd_t,httpd_lock_t)
+files_filetrans_lock(httpd_t,httpd_lock_t)
allow httpd_t httpd_log_t:dir { setattr rw_dir_perms };
allow httpd_t httpd_log_t:file { create ra_file_perms };
allow httpd_t httpd_log_t:lnk_file read;
# cjp: need to refine create interfaces to
# cut this back to add_name only
-logging_create_log(httpd_t,httpd_log_t)
+logging_filetrans_log(httpd_t,httpd_log_t)
allow httpd_t httpd_modules_t:file rx_file_perms;
allow httpd_t httpd_modules_t:dir r_dir_perms;
@@ -190,23 +190,23 @@ allow httpd_t httpd_sys_content_t:file r_file_perms;
allow httpd_t httpd_tmp_t:dir create_dir_perms;
allow httpd_t httpd_tmp_t:file create_file_perms;
-files_create_tmp_files(httpd_t, httpd_tmp_t, { file dir })
+files_filetrans_tmp(httpd_t, httpd_tmp_t, { file dir })
allow httpd_t httpd_tmpfs_t:dir create_dir_perms;
allow httpd_t httpd_tmpfs_t:file create_file_perms;
allow httpd_t httpd_tmpfs_t:lnk_file create_lnk_perms;
allow httpd_t httpd_tmpfs_t:sock_file create_file_perms;
allow httpd_t httpd_tmpfs_t:fifo_file create_file_perms;
-fs_create_tmpfs_data(httpd_t,httpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_filetrans_tmpfs(httpd_t,httpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow httpd_t httpd_var_lib_t:file create_file_perms;
allow httpd_t httpd_var_lib_t:dir rw_dir_perms;
-files_create_var_lib(httpd_t,httpd_var_lib_t)
+files_filetrans_var_lib(httpd_t,httpd_var_lib_t)
allow httpd_t httpd_var_run_t:file create_file_perms;
allow httpd_t httpd_var_run_t:sock_file create_file_perms;
allow httpd_t httpd_var_run_t:dir rw_dir_perms;
-files_create_pid(httpd_t,httpd_var_run_t, { file sock_file })
+files_filetrans_pid(httpd_t,httpd_var_run_t, { file sock_file })
allow httpd_t squirrelmail_spool_t:dir create_dir_perms;
allow httpd_t squirrelmail_spool_t:file create_file_perms;
@@ -490,7 +490,7 @@ allow httpd_php_t httpd_log_t:file ra_file_perms;
allow httpd_php_t httpd_php_tmp_t:dir create_dir_perms;
allow httpd_php_t httpd_php_tmp_t:file create_file_perms;
-files_create_tmp_files(httpd_php_t, httpd_php_tmp_t, { file dir })
+files_filetrans_tmp(httpd_php_t, httpd_php_tmp_t, { file dir })
fs_search_auto_mountpoints(httpd_php_t)
@@ -535,7 +535,7 @@ allow httpd_suexec_t httpd_t:fifo_file getattr;
allow httpd_suexec_t httpd_suexec_tmp_t:dir create_dir_perms;
allow httpd_suexec_t httpd_suexec_tmp_t:file create_file_perms;
-files_create_tmp_files(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
+files_filetrans_tmp(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
kernel_read_kernel_sysctl(httpd_suexec_t)
kernel_list_proc(httpd_suexec_t)
diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te
index 25c64d2..7297b2e 100644
--- a/refpolicy/policy/modules/services/apm.te
+++ b/refpolicy/policy/modules/services/apm.te
@@ -72,16 +72,16 @@ allow apmd_t self:unix_dgram_socket create_socket_perms;
allow apmd_t self:unix_stream_socket create_stream_socket_perms;
allow apmd_t apmd_log_t:file create_file_perms;
-logging_create_log(apmd_t,apmd_log_t)
+logging_filetrans_log(apmd_t,apmd_log_t)
allow apmd_t apmd_tmp_t:dir create_dir_perms;
allow apmd_t apmd_tmp_t:file create_file_perms;
-files_create_tmp_files(apmd_t, apmd_tmp_t, { file dir })
+files_filetrans_tmp(apmd_t, apmd_tmp_t, { file dir })
allow apmd_t apmd_var_run_t:dir rw_dir_perms;
allow apmd_t apmd_var_run_t:file create_file_perms;
allow apmd_t apmd_var_run_t:sock_file create_file_perms;
-files_create_pid(apmd_t, apmd_var_run_t, { file sock_file })
+files_filetrans_pid(apmd_t, apmd_var_run_t, { file sock_file })
kernel_read_kernel_sysctl(apmd_t)
kernel_rw_all_sysctl(apmd_t)
@@ -151,7 +151,7 @@ userdom_dontaudit_search_all_users_home(apmd_t) # Excessive?
ifdef(`distro_redhat',`
allow apmd_t apmd_lock_t:file create_file_perms;
- files_create_lock(apmd_t,apmd_lock_t)
+ files_filetrans_lock(apmd_t,apmd_lock_t)
can_exec(apmd_t, apmd_var_run_t)
@@ -176,7 +176,7 @@ ifdef(`distro_redhat',`
ifdef(`distro_suse',`
allow apmd_t apmd_var_lib_t:file create_file_perms;
allow apmd_t apmd_var_lib_t:dir create_dir_perms;
- files_create_var_lib(apmd_t,apmd_var_lib_t)
+ files_filetrans_var_lib(apmd_t,apmd_var_lib_t)
')
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te
index ffa66d7..30994a6 100644
--- a/refpolicy/policy/modules/services/arpwatch.te
+++ b/refpolicy/policy/modules/services/arpwatch.te
@@ -39,11 +39,11 @@ allow arpwatch_t arpwatch_data_t:lnk_file create_lnk_perms;
allow arpwatch_t arpwatch_tmp_t:dir create_dir_perms;
allow arpwatch_t arpwatch_tmp_t:file create_file_perms;
-files_create_tmp_files(arpwatch_t, arpwatch_tmp_t, { file dir })
+files_filetrans_tmp(arpwatch_t, arpwatch_tmp_t, { file dir })
allow arpwatch_t arpwatch_var_run_t:file create_file_perms;
allow arpwatch_t arpwatch_var_run_t:dir rw_dir_perms;
-files_create_pid(arpwatch_t,arpwatch_var_run_t)
+files_filetrans_pid(arpwatch_t,arpwatch_var_run_t)
kernel_read_kernel_sysctl(arpwatch_t)
kernel_list_proc(arpwatch_t)
diff --git a/refpolicy/policy/modules/services/automount.te b/refpolicy/policy/modules/services/automount.te
index 3a5778b..bf22d32 100644
--- a/refpolicy/policy/modules/services/automount.te
+++ b/refpolicy/policy/modules/services/automount.te
@@ -42,20 +42,20 @@ allow automount_t automount_etc_t:file { getattr read };
can_exec(automount_t, automount_etc_t)
allow automount_t automount_lock_t:file create_file_perms;
-files_create_lock(automount_t,automount_lock_t)
+files_filetrans_lock(automount_t,automount_lock_t)
allow automount_t automount_tmp_t:dir create_dir_perms;
allow automount_t automount_tmp_t:file create_file_perms;
-files_create_tmp_files(automount_t, automount_tmp_t, { file dir })
+files_filetrans_tmp(automount_t, automount_tmp_t, { file dir })
# Allow automount to create and delete directories in / and /home
allow automount_t automount_tmp_t:dir create_dir_perms;
-files_create_home_dirs(automount_t,automount_tmp_t)
-files_create_root(automount_t,automount_tmp_t,dir)
+files_filetrans_home(automount_t,automount_tmp_t)
+files_filetrans_root(automount_t,automount_tmp_t,dir)
allow automount_t automount_var_run_t:file create_file_perms;
allow automount_t automount_var_run_t:dir rw_dir_perms;
-files_create_pid(automount_t,automount_var_run_t)
+files_filetrans_pid(automount_t,automount_var_run_t)
kernel_read_kernel_sysctl(automount_t)
kernel_read_fs_sysctl(automount_t)
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index a56b857..436c6c9 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -31,7 +31,7 @@ allow avahi_t self:udp_socket create_socket_perms;
allow avahi_t avahi_var_run_t:sock_file create_file_perms;
allow avahi_t avahi_var_run_t:file create_file_perms;
allow avahi_t avahi_var_run_t:dir { rw_dir_perms setattr };
-files_create_pid(avahi_t,avahi_var_run_t)
+files_filetrans_pid(avahi_t,avahi_var_run_t)
kernel_read_kernel_sysctl(avahi_t)
kernel_list_proc(avahi_t)
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index e2062cd..a3662b9 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -76,16 +76,16 @@ can_exec(named_t, named_exec_t)
allow named_t named_log_t:file create_file_perms;
allow named_t named_log_t:dir rw_dir_perms;
-logging_create_log(named_t,named_log_t,{ file dir })
+logging_filetrans_log(named_t,named_log_t,{ file dir })
allow named_t named_tmp_t:dir create_dir_perms;
allow named_t named_tmp_t:file create_file_perms;
-files_create_tmp_files(named_t, named_tmp_t, { file dir })
+files_filetrans_tmp(named_t, named_tmp_t, { file dir })
allow named_t named_var_run_t:dir rw_dir_perms;
allow named_t named_var_run_t:file create_file_perms;
allow named_t named_var_run_t:sock_file create_file_perms;
-files_create_pid(named_t,named_var_run_t,{ file sock_file })
+files_filetrans_pid(named_t,named_var_run_t,{ file sock_file })
# read zone files
allow named_t named_zone_t:dir r_dir_perms;
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 9c9e472..1c30d28 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -69,20 +69,20 @@ allow bluetooth_helper_t bluetooth_t:fifo_file rw_file_perms;
allow bluetooth_helper_t bluetooth_t:process sigchld;
allow bluetooth_t bluetooth_lock_t:file create_file_perms;
-files_create_lock(bluetooth_t,bluetooth_lock_t)
+files_filetrans_lock(bluetooth_t,bluetooth_lock_t)
allow bluetooth_t bluetooth_tmp_t:dir create_dir_perms;
allow bluetooth_t bluetooth_tmp_t:file create_file_perms;
-files_create_tmp_files(bluetooth_t, bluetooth_tmp_t, { file dir })
+files_filetrans_tmp(bluetooth_t, bluetooth_tmp_t, { file dir })
allow bluetooth_t bluetooth_var_lib_t:file create_file_perms;
allow bluetooth_t bluetooth_var_lib_t:dir create_dir_perms;
-files_create_var_lib(bluetooth_t,bluetooth_var_lib_t)
+files_filetrans_var_lib(bluetooth_t,bluetooth_var_lib_t)
allow bluetooth_t bluetooth_var_run_t:dir rw_dir_perms;
allow bluetooth_t bluetooth_var_run_t:file create_file_perms;
allow bluetooth_t bluetooth_var_run_t:sock_file create_file_perms;
-files_create_pid(bluetooth_t, bluetooth_var_run_t, { file sock_file })
+files_filetrans_pid(bluetooth_t, bluetooth_var_run_t, { file sock_file })
kernel_read_kernel_sysctl(bluetooth_t)
kernel_read_system_state(bluetooth_t)
@@ -174,7 +174,7 @@ allow bluetooth_helper_t bluetooth_t:socket { read write };
allow bluetooth_helper_t bluetooth_helper_tmp_t:dir create_dir_perms;
allow bluetooth_helper_t bluetooth_helper_tmp_t:file create_file_perms;
-files_create_tmp_files(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir })
+files_filetrans_tmp(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir })
kernel_read_system_state(bluetooth_helper_t)
kernel_read_kernel_sysctl(bluetooth_helper_t)
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index a39ac7f..6a60cce 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -33,17 +33,17 @@ allow canna_t self:tcp_socket create_stream_socket_perms;
allow canna_t canna_log_t:file create_file_perms;
allow canna_t canna_log_t:dir { rw_dir_perms setattr };
-logging_create_log(canna_t,canna_log_t,{ file dir })
+logging_filetrans_log(canna_t,canna_log_t,{ file dir })
allow canna_t canna_var_lib_t:dir create_dir_perms;
allow canna_t canna_var_lib_t:file create_file_perms;
allow canna_t canna_var_lib_t:lnk_file create_lnk_perms;
-files_create_var_lib(canna_t,canna_var_lib_t)
+files_filetrans_var_lib(canna_t,canna_var_lib_t)
allow canna_t canna_var_run_t:dir rw_dir_perms;
allow canna_t canna_var_run_t:file create_file_perms;
allow canna_t canna_var_run_t:sock_file create_file_perms;
-files_create_pid(canna_t, canna_var_run_t, { file sock_file })
+files_filetrans_pid(canna_t, canna_var_run_t, { file sock_file })
kernel_read_kernel_sysctl(canna_t)
kernel_read_system_state(canna_t)
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 418472f..330a670 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -33,11 +33,11 @@ allow comsat_t self:udp_socket create_socket_perms;
allow comsat_t comsat_tmp_t:dir create_dir_perms;
allow comsat_t comsat_tmp_t:file create_file_perms;
-files_create_tmp_files(comsat_t, comsat_tmp_t, { file dir })
+files_filetrans_tmp(comsat_t, comsat_tmp_t, { file dir })
allow comsat_t comsat_var_run_t:file create_file_perms;
allow comsat_t comsat_var_run_t:dir rw_dir_perms;
-files_create_pid(comsat_t,comsat_var_run_t)
+files_filetrans_pid(comsat_t,comsat_var_run_t)
kernel_read_kernel_sysctl(comsat_t)
kernel_read_network_state(comsat_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 90fcf06..ea6890b 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -80,7 +80,7 @@ allow crond_t self:msgq create_msgq_perms;
allow crond_t self:msg { send receive };
allow crond_t crond_var_run_t:file create_file_perms;
-files_create_pid(crond_t,crond_var_run_t)
+files_filetrans_pid(crond_t,crond_var_run_t)
allow crond_t cron_spool_t:dir rw_dir_perms;
allow crond_t cron_spool_t:file r_file_perms;
@@ -149,7 +149,7 @@ ifdef(`targeted_policy',`
allow crond_t system_crond_tmp_t:lnk_file create_lnk_perms;
allow crond_t system_crond_tmp_t:sock_file create_file_perms;
allow crond_t system_crond_tmp_t:fifo_file create_file_perms;
- files_create_tmp_files(crond_t,system_crond_tmp_t,{ dir file lnk_file sock_file fifo_file })
+ files_filetrans_tmp(crond_t,system_crond_tmp_t,{ dir file lnk_file sock_file fifo_file })
unconfined_domain_template(crond_t)
@@ -166,7 +166,7 @@ ifdef(`targeted_policy',`
',`
allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms;
- files_create_tmp_files(crond_t, crond_tmp_t, { file dir })
+ files_filetrans_tmp(crond_t, crond_tmp_t, { file dir })
mta_send_mail(crond_t)
')
@@ -261,11 +261,11 @@ ifdef(`targeted_policy',`
# Write /var/lock/makewhatis.lock.
allow system_crond_t system_crond_lock_t:file create_file_perms;
- files_create_lock(system_crond_t,system_crond_lock_t)
+ files_filetrans_lock(system_crond_t,system_crond_lock_t)
# write temporary files
allow system_crond_t system_crond_tmp_t:file create_file_perms;
- files_create_tmp_files(system_crond_t,system_crond_tmp_t)
+ files_filetrans_tmp(system_crond_t,system_crond_tmp_t)
# write temporary files in crond tmp dir:
allow system_crond_t crond_tmp_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 35f0305..6875f0e 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -92,7 +92,7 @@ files_search_etc(cupsd_t)
allow cupsd_t cupsd_rw_etc_t:file manage_file_perms;
allow cupsd_t cupsd_rw_etc_t:dir manage_dir_perms;
type_transition cupsd_t cupsd_etc_t:file cupsd_rw_etc_t;
-files_create_var(cupsd_t,cupsd_rw_etc_t,{ dir file })
+files_filetrans_var(cupsd_t,cupsd_rw_etc_t,{ dir file })
# allow cups to execute its backend scripts
can_exec(cupsd_t, cupsd_exec_t)
@@ -101,16 +101,16 @@ allow cupsd_t cupsd_exec_t:lnk_file read;
allow cupsd_t cupsd_log_t:file create_file_perms;
allow cupsd_t cupsd_log_t:dir { setattr rw_dir_perms };
-logging_create_log(cupsd_t,cupsd_log_t,{ file dir })
+logging_filetrans_log(cupsd_t,cupsd_log_t,{ file dir })
allow cupsd_t cupsd_tmp_t:dir create_dir_perms;
allow cupsd_t cupsd_tmp_t:file create_file_perms;
allow cupsd_t cupsd_tmp_t:fifo_file create_file_perms;
-files_create_tmp_files(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
+files_filetrans_tmp(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
allow cupsd_t cupsd_var_run_t:file create_file_perms;
allow cupsd_t cupsd_var_run_t:dir rw_dir_perms;
-files_create_pid(cupsd_t,cupsd_var_run_t)
+files_filetrans_pid(cupsd_t,cupsd_var_run_t)
allow cupsd_t hplip_var_run_t:file { read getattr };
@@ -299,11 +299,11 @@ allow ptal_t ptal_var_run_t:file create_file_perms;
allow ptal_t ptal_var_run_t:lnk_file create_lnk_perms;
allow ptal_t ptal_var_run_t:sock_file create_file_perms;
allow ptal_t ptal_var_run_t:fifo_file create_file_perms;
-files_create_pid(ptal_t,ptal_var_run_t,{ dir file lnk_file sock_file fifo_file })
+files_filetrans_pid(ptal_t,ptal_var_run_t,{ dir file lnk_file sock_file fifo_file })
allow ptal_t ptal_var_run_t:file create_file_perms;
allow ptal_t ptal_var_run_t:dir rw_dir_perms;
-files_create_pid(ptal_t,ptal_var_run_t)
+files_filetrans_pid(ptal_t,ptal_var_run_t)
kernel_read_kernel_sysctl(ptal_t)
kernel_list_proc(ptal_t)
@@ -390,7 +390,7 @@ files_search_etc(hplip_t)
allow hplip_t hplip_var_run_t:file create_file_perms;
allow hplip_t hplip_var_run_t:dir rw_dir_perms;
-files_create_pid(hplip_t,hplip_var_run_t)
+files_filetrans_pid(hplip_t,hplip_var_run_t)
kernel_read_system_state(hplip_t)
kernel_read_kernel_sysctl(hplip_t)
@@ -497,7 +497,7 @@ dontaudit cupsd_config_t cupsd_t:process ptrace;
allow cupsd_config_t cupsd_config_var_run_t:file create_file_perms;
allow cupsd_config_t cupsd_config_var_run_t:dir rw_dir_perms;
-files_create_pid(cupsd_config_t,cupsd_config_var_run_t)
+files_filetrans_pid(cupsd_config_t,cupsd_config_var_run_t)
can_exec(cupsd_config_t, cupsd_config_exec_t)
@@ -511,7 +511,7 @@ allow cupsd_config_t cupsd_log_t:file rw_file_perms;
allow cupsd_config_t cupsd_rw_etc_t:dir rw_dir_perms;
allow cupsd_config_t cupsd_rw_etc_t:file manage_file_perms;
allow cupsd_config_t cupsd_rw_etc_t:lnk_file create_lnk_perms;
-files_create_var(cupsd_config_t,cupsd_rw_etc_t)
+files_filetrans_var(cupsd_config_t,cupsd_rw_etc_t)
allow cupsd_config_t cupsd_var_run_t:file { getattr read };
@@ -679,11 +679,11 @@ allow cupsd_lpd_t cupsd_etc_t:lnk_file { getattr read };
allow cupsd_lpd_t cupsd_lpd_tmp_t:dir create_dir_perms;
allow cupsd_lpd_t cupsd_lpd_tmp_t:file create_file_perms;
-files_create_tmp_files(cupsd_lpd_t, cupsd_lpd_tmp_t, { file dir })
+files_filetrans_tmp(cupsd_lpd_t, cupsd_lpd_tmp_t, { file dir })
allow cupsd_lpd_t cupsd_lpd_var_run_t:file create_file_perms;
allow cupsd_lpd_t cupsd_lpd_var_run_t:dir rw_dir_perms;
-files_create_pid(cupsd_lpd_t,cupsd_lpd_var_run_t)
+files_filetrans_pid(cupsd_lpd_t,cupsd_lpd_var_run_t)
allow cupsd_lpd_t cupsd_rw_etc_t:dir list_dir_perms;
allow cupsd_lpd_t cupsd_rw_etc_t:file r_file_perms;
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index 08d2ad1..25cf01e 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -38,11 +38,11 @@ allow cvs_t cvs_data_t:lnk_file create_lnk_perms;
allow cvs_t cvs_tmp_t:dir create_dir_perms;
allow cvs_t cvs_tmp_t:file create_file_perms;
-files_create_tmp_files(cvs_t, cvs_tmp_t, { file dir })
+files_filetrans_tmp(cvs_t, cvs_tmp_t, { file dir })
allow cvs_t cvs_var_run_t:file create_file_perms;
allow cvs_t cvs_var_run_t:dir rw_dir_perms;
-files_create_pid(cvs_t,cvs_var_run_t)
+files_filetrans_pid(cvs_t,cvs_var_run_t)
kernel_read_kernel_sysctl(cvs_t)
kernel_read_system_state(cvs_t)
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index 5fe6d41..57f5b65 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -44,16 +44,16 @@ allow cyrus_t self:udp_socket create_socket_perms;
allow cyrus_t cyrus_tmp_t:dir create_dir_perms;
allow cyrus_t cyrus_tmp_t:file create_file_perms;
-files_create_tmp_files(cyrus_t, cyrus_tmp_t, { file dir })
+files_filetrans_tmp(cyrus_t, cyrus_tmp_t, { file dir })
allow cyrus_t cyrus_var_lib_t:dir create_dir_perms;
allow cyrus_t cyrus_var_lib_t:{file sock_file lnk_file} create_file_perms;
-files_create_pid(cyrus_t,cyrus_var_run_t)
+files_filetrans_pid(cyrus_t,cyrus_var_run_t)
allow cyrus_t cyrus_var_run_t:dir rw_dir_perms;
allow cyrus_t cyrus_var_run_t:sock_file create_file_perms;
allow cyrus_t cyrus_var_run_t:file create_file_perms;
-files_create_pid(cyrus_t,cyrus_var_run_t,{ file sock_file })
+files_filetrans_pid(cyrus_t,cyrus_var_run_t,{ file sock_file })
kernel_read_kernel_sysctl(cyrus_t)
kernel_read_system_state(cyrus_t)
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index 34f7d2a..fc4017d 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -39,11 +39,11 @@ optional_policy(`kerberos',`
allow dbskkd_t dbskkd_tmp_t:dir create_dir_perms;
allow dbskkd_t dbskkd_tmp_t:file create_file_perms;
-files_create_tmp_files(dbskkd_t, dbskkd_tmp_t, { file dir })
+files_filetrans_tmp(dbskkd_t, dbskkd_tmp_t, { file dir })
allow dbskkd_t dbskkd_var_run_t:file create_file_perms;
allow dbskkd_t dbskkd_var_run_t:dir rw_dir_perms;
-files_create_pid(dbskkd_t,dbskkd_var_run_t)
+files_filetrans_pid(dbskkd_t,dbskkd_var_run_t)
kernel_read_kernel_sysctl(dbskkd_t)
kernel_read_system_state(dbskkd_t)
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index 66468e1..2db8946 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -89,7 +89,7 @@ template(`dbus_per_userdomain_template',`
allow $1_dbusd_t $1_dbusd_tmp_t:dir create_dir_perms;
allow $1_dbusd_t $1_dbusd_tmp_t:file create_file_perms;
- files_create_tmp_files($1_dbusd_t, $1_dbusd_tmp_t, { file dir })
+ files_filetrans_tmp($1_dbusd_t, $1_dbusd_tmp_t, { file dir })
domain_auto_trans($2, system_dbusd_exec_t, $1_dbusd_t)
allow $2 $1_dbusd_t:fd use;
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index 75bdf43..cc73779 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -47,12 +47,12 @@ allow system_dbusd_t dbusd_etc_t:lnk_file { getattr read };
allow system_dbusd_t system_dbusd_tmp_t:dir create_dir_perms;
allow system_dbusd_t system_dbusd_tmp_t:file create_file_perms;
-files_create_tmp_files(system_dbusd_t, system_dbusd_tmp_t, { file dir })
+files_filetrans_tmp(system_dbusd_t, system_dbusd_tmp_t, { file dir })
allow system_dbusd_t system_dbusd_var_run_t:file create_file_perms;
allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms;
allow system_dbusd_t system_dbusd_var_run_t:dir rw_dir_perms;
-files_create_pid(system_dbusd_t,system_dbusd_var_run_t)
+files_filetrans_pid(system_dbusd_t,system_dbusd_var_run_t)
kernel_read_system_state(system_dbusd_t)
kernel_read_kernel_sysctl(system_dbusd_t)
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index ee5a94b..294d420 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -41,15 +41,15 @@ can_exec(dhcpd_t,dhcpd_exec_t)
allow dhcpd_t dhcpd_state_t:dir rw_dir_perms;
allow dhcpd_t dhcpd_state_t:file create_file_perms;
-sysnet_create_dhcp_state(dhcpd_t,dhcpd_state_t)
+sysnet_filetrans_dhcp_state(dhcpd_t,dhcpd_state_t)
allow dhcpd_t dhcpd_tmp_t:dir create_dir_perms;
allow dhcpd_t dhcpd_tmp_t:file create_file_perms;
-files_create_tmp_files(dhcpd_t, dhcpd_tmp_t, { file dir })
+files_filetrans_tmp(dhcpd_t, dhcpd_tmp_t, { file dir })
allow dhcpd_t dhcpd_var_run_t:file create_file_perms;
allow dhcpd_t dhcpd_var_run_t:dir rw_dir_perms;
-files_create_pid(dhcpd_t,dhcpd_var_run_t)
+files_filetrans_pid(dhcpd_t,dhcpd_var_run_t)
kernel_read_system_state(dhcpd_t)
kernel_read_kernel_sysctl(dhcpd_t)
diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te
index 7ce4d6f..0af1681 100644
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@@ -32,15 +32,15 @@ allow distccd_t self:tcp_socket create_stream_socket_perms;
allow distccd_t self:udp_socket create_socket_perms;
allow distccd_t distccd_log_t:file create_file_perms;
-logging_create_log(distccd_t,distccd_log_t)
+logging_filetrans_log(distccd_t,distccd_log_t)
allow distccd_t distccd_tmp_t:dir create_dir_perms;
allow distccd_t distccd_tmp_t:file create_file_perms;
-files_create_tmp_files(distccd_t, distccd_tmp_t, { file dir })
+files_filetrans_tmp(distccd_t, distccd_tmp_t, { file dir })
allow distccd_t distccd_var_run_t:file create_file_perms;
allow distccd_t distccd_var_run_t:dir rw_dir_perms;
-files_create_pid(distccd_t,distccd_var_run_t)
+files_filetrans_pid(distccd_t,distccd_var_run_t)
kernel_read_system_state(distccd_t)
kernel_read_kernel_sysctl(distccd_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index e5b58d9..d1d7445 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -65,7 +65,7 @@ allow dovecot_t dovecot_spool_t:lnk_file create_lnk_perms;
allow dovecot_t dovecot_var_run_t:file create_file_perms;
allow dovecot_t dovecot_var_run_t:sock_file create_file_perms;
allow dovecot_t dovecot_var_run_t:dir rw_dir_perms;
-files_create_pid(dovecot_t,dovecot_var_run_t)
+files_filetrans_pid(dovecot_t,dovecot_var_run_t)
kernel_read_kernel_sysctl(dovecot_t)
kernel_read_system_state(dovecot_t)
diff --git a/refpolicy/policy/modules/services/fetchmail.te b/refpolicy/policy/modules/services/fetchmail.te
index d5ea203..44a8381 100644
--- a/refpolicy/policy/modules/services/fetchmail.te
+++ b/refpolicy/policy/modules/services/fetchmail.te
@@ -33,11 +33,11 @@ allow fetchmail_t self:udp_socket create_socket_perms;
allow fetchmail_t fetchmail_etc_t:file r_file_perms;
allow fetchmail_t fetchmail_uidl_cache_t:file create_file_perms;
-mta_create_spool(fetchmail_t,fetchmail_uidl_cache_t)
+mta_filetrans_spool(fetchmail_t,fetchmail_uidl_cache_t)
allow fetchmail_t fetchmail_var_run_t:file create_file_perms;
allow fetchmail_t fetchmail_var_run_t:dir rw_dir_perms;
-files_create_pid(fetchmail_t,fetchmail_var_run_t)
+files_filetrans_pid(fetchmail_t,fetchmail_var_run_t)
kernel_read_kernel_sysctl(fetchmail_t)
kernel_list_proc(fetchmail_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index 4550334..825d418 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -34,14 +34,14 @@ allow fingerd_t self:unix_stream_socket create_socket_perms;
allow fingerd_t fingerd_var_run_t:file create_file_perms;
allow fingerd_t fingerd_var_run_t:dir rw_dir_perms;
-files_create_pid(fingerd_t,fingerd_var_run_t)
+files_filetrans_pid(fingerd_t,fingerd_var_run_t)
allow fingerd_t fingerd_etc_t:file r_file_perms;
allow fingerd_t fingerd_etc_t:dir r_dir_perms;
allow fingerd_t fingerd_etc_t:lnk_file { getattr read };
allow fingerd_t fingerd_log_t:file create_file_perms;
-logging_create_log(fingerd_t,fingerd_log_t)
+logging_filetrans_log(fingerd_t,fingerd_log_t)
kernel_read_kernel_sysctl(fingerd_t)
kernel_read_system_state(fingerd_t)
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index 0b90109..d83523a 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -48,22 +48,22 @@ allow ftpd_t ftpd_etc_t:file r_file_perms;
allow ftpd_t ftpd_tmp_t:dir create_dir_perms;
allow ftpd_t ftpd_tmp_t:file create_file_perms;
-files_create_tmp_files(ftpd_t, ftpd_tmp_t, { file dir })
+files_filetrans_tmp(ftpd_t, ftpd_tmp_t, { file dir })
allow ftpd_t ftpd_tmpfs_t:fifo_file create_file_perms;
allow ftpd_t ftpd_tmpfs_t:dir create_dir_perms;
allow ftpd_t ftpd_tmpfs_t:file create_file_perms;
allow ftpd_t ftpd_tmpfs_t:lnk_file create_lnk_perms;
allow ftpd_t ftpd_tmpfs_t:sock_file create_file_perms;
-fs_create_tmpfs_data(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_filetrans_tmpfs(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow ftpd_t ftpd_var_run_t:file create_file_perms;
allow ftpd_t ftpd_var_run_t:dir rw_dir_perms;
-files_create_pid(ftpd_t,ftpd_var_run_t)
+files_filetrans_pid(ftpd_t,ftpd_var_run_t)
# Create and modify /var/log/xferlog.
allow ftpd_t xferlog_t:file create_file_perms;
-logging_create_log(ftpd_t,xferlog_t)
+logging_filetrans_log(ftpd_t,xferlog_t)
kernel_read_kernel_sysctl(ftpd_t)
kernel_read_system_state(ftpd_t)
@@ -160,13 +160,13 @@ tunable_policy(`ftp_home_dir',`
userdom_manage_all_user_symlinks(ftpd_t)
ifdef(`targeted_policy',`
- userdom_create_generic_user_home(ftpd_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_filetrans_generic_user_home(ftpd_t,{ dir file lnk_file sock_file fifo_file })
')
')
tunable_policy(`ftpd_is_daemon',`
allow ftpd_t ftpd_lock_t:file create_file_perms;
- files_create_lock(ftpd_t,ftpd_lock_t)
+ files_filetrans_lock(ftpd_t,ftpd_lock_t)
corenet_tcp_bind_ftp_port(ftpd_t)
')
diff --git a/refpolicy/policy/modules/services/gpm.te b/refpolicy/policy/modules/services/gpm.te
index beb05f1..09bc8c5 100644
--- a/refpolicy/policy/modules/services/gpm.te
+++ b/refpolicy/policy/modules/services/gpm.te
@@ -36,14 +36,14 @@ allow gpm_t gpm_conf_t:lnk_file { getattr read };
allow gpm_t gpm_tmp_t:dir create_dir_perms;
allow gpm_t gpm_tmp_t:file create_file_perms;
-files_create_tmp_files(gpm_t, gpm_tmp_t, { file dir })
+files_filetrans_tmp(gpm_t, gpm_tmp_t, { file dir })
allow gpm_t gpm_var_run_t:file create_file_perms;
-files_create_pid(gpm_t,gpm_var_run_t)
+files_filetrans_pid(gpm_t,gpm_var_run_t)
allow gpm_t gpmctl_t:sock_file create_file_perms;
allow gpm_t gpmctl_t:fifo_file create_file_perms;
-dev_create_dev_node(gpm_t,gpmctl_t,{ sock_file fifo_file })
+dev_filetrans_dev_node(gpm_t,gpmctl_t,{ sock_file fifo_file })
# cjp: this has no effect
allow gpm_t gpmctl_t:unix_stream_socket name_bind;
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 27ee77e..93199de 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -38,11 +38,11 @@ allow hald_t self:netlink_socket create_socket_perms;
allow hald_t hald_tmp_t:dir create_dir_perms;
allow hald_t hald_tmp_t:file create_file_perms;
-files_create_tmp_files(hald_t, hald_tmp_t, { file dir })
+files_filetrans_tmp(hald_t, hald_tmp_t, { file dir })
allow hald_t hald_var_run_t:file create_file_perms;
allow hald_t hald_var_run_t:dir rw_dir_perms;
-files_create_pid(hald_t,hald_var_run_t)
+files_filetrans_pid(hald_t,hald_var_run_t)
kernel_read_system_state(hald_t)
kernel_read_network_state(hald_t)
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index d5f16a7..3b3f1a2 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -27,7 +27,7 @@ allow howl_t self:udp_socket create_socket_perms;
allow howl_t howl_var_run_t:file create_file_perms;
allow howl_t howl_var_run_t:dir rw_dir_perms;
-files_create_pid(howl_t,howl_var_run_t)
+files_filetrans_pid(howl_t,howl_var_run_t)
kernel_read_network_state(howl_t)
kernel_read_kernel_sysctl(howl_t)
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index e267a17..433d098 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -30,7 +30,7 @@ allow i18n_input_t self:udp_socket create_socket_perms;
allow i18n_input_t i18n_input_var_run_t:dir create_dir_perms;
allow i18n_input_t i18n_input_var_run_t:file create_file_perms;
allow i18n_input_t i18n_input_var_run_t:sock_file create_file_perms;
-files_create_pid(i18n_input_t,i18n_input_var_run_t)
+files_filetrans_pid(i18n_input_t,i18n_input_var_run_t)
can_exec(i18n_input_t, i18n_input_exec_t)
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index da7052d..32cb8a0 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -43,14 +43,14 @@ allow inetd_t self:tcp_socket create_stream_socket_perms;
allow inetd_t self:udp_socket { connect connected_socket_perms };
allow inetd_t inetd_log_t:file create_file_perms;
-logging_create_log(inetd_t,inetd_log_t)
+logging_filetrans_log(inetd_t,inetd_log_t)
allow inetd_t inetd_tmp_t:dir create_dir_perms;
allow inetd_t inetd_tmp_t:file create_file_perms;
-files_create_tmp_files(inetd_t, inetd_tmp_t, { file dir })
+files_filetrans_tmp(inetd_t, inetd_tmp_t, { file dir })
allow inetd_t inetd_var_run_t:file create_file_perms;
-files_create_pid(inetd_t,inetd_var_run_t)
+files_filetrans_pid(inetd_t,inetd_var_run_t)
kernel_read_kernel_sysctl(inetd_t)
kernel_list_proc(inetd_t)
@@ -175,11 +175,11 @@ files_search_home(inetd_child_t)
allow inetd_child_t inetd_child_tmp_t:dir create_dir_perms;
allow inetd_child_t inetd_child_tmp_t:file create_file_perms;
-files_create_tmp_files(inetd_child_t, inetd_child_tmp_t, { file dir })
+files_filetrans_tmp(inetd_child_t, inetd_child_tmp_t, { file dir })
allow inetd_child_t inetd_child_var_run_t:file create_file_perms;
allow inetd_child_t inetd_child_var_run_t:dir rw_dir_perms;
-files_create_pid(inetd_child_t,inetd_child_var_run_t)
+files_filetrans_pid(inetd_child_t,inetd_child_var_run_t)
kernel_read_kernel_sysctl(inetd_child_t)
kernel_read_system_state(inetd_child_t)
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index de8cab0..0fa2227 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -45,16 +45,16 @@ can_exec(innd_t, innd_exec_t)
allow innd_t innd_log_t:file manage_file_perms;
allow innd_t innd_log_t:dir { setattr rw_dir_perms };
-logging_create_log(innd_t,innd_log_t)
+logging_filetrans_log(innd_t,innd_log_t)
allow innd_t innd_var_lib_t:dir create_dir_perms;
allow innd_t innd_var_lib_t:file create_file_perms;
-files_create_var_lib(innd_t,innd_var_lib_t)
+files_filetrans_var_lib(innd_t,innd_var_lib_t)
allow innd_t innd_var_run_t:dir create_dir_perms;
allow innd_t innd_var_run_t:file create_file_perms;
allow innd_t innd_var_run_t:sock_file create_file_perms;
-files_create_pid(innd_t,innd_var_run_t)
+files_filetrans_pid(innd_t,innd_var_run_t)
allow innd_t news_spool_t:dir create_dir_perms;
allow innd_t news_spool_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/services/irqbalance.te b/refpolicy/policy/modules/services/irqbalance.te
index 6dd863b..8118845 100644
--- a/refpolicy/policy/modules/services/irqbalance.te
+++ b/refpolicy/policy/modules/services/irqbalance.te
@@ -23,7 +23,7 @@ allow irqbalance_t self:process signal_perms;
allow irqbalance_t irqbalance_var_run_t:file create_file_perms;
allow irqbalance_t irqbalance_var_run_t:dir rw_dir_perms;
-files_create_pid(irqbalance_t,irqbalance_var_run_t)
+files_filetrans_pid(irqbalance_t,irqbalance_var_run_t)
kernel_read_system_state(irqbalance_t)
kernel_read_kernel_sysctl(irqbalance_t)
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 760bb04..dd8042a 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -62,7 +62,7 @@ allow kadmind_t self:tcp_socket connected_stream_socket_perms;
allow kadmind_t self:udp_socket create_socket_perms;
allow kadmind_t kadmind_log_t:file create_file_perms;
-logging_create_log(kadmind_t,kadmind_log_t)
+logging_filetrans_log(kadmind_t,kadmind_log_t)
allow kadmind_t krb5_conf_t:file r_file_perms;
dontaudit kadmind_t krb5_conf_t:file write;
@@ -77,11 +77,11 @@ can_exec(kadmind_t, kadmind_exec_t)
allow kadmind_t kadmind_tmp_t:dir create_dir_perms;
allow kadmind_t kadmind_tmp_t:file create_file_perms;
-files_create_tmp_files(kadmind_t, kadmind_tmp_t, { file dir })
+files_filetrans_tmp(kadmind_t, kadmind_tmp_t, { file dir })
allow kadmind_t kadmind_var_run_t:file create_file_perms;
allow kadmind_t kadmind_var_run_t:dir rw_dir_perms;
-files_create_pid(kadmind_t,kadmind_var_run_t)
+files_filetrans_pid(kadmind_t,kadmind_var_run_t)
kernel_read_kernel_sysctl(kadmind_t)
kernel_list_proc(kadmind_t)
@@ -172,18 +172,18 @@ allow krb5kdc_t krb5kdc_conf_t:file r_file_perms;
dontaudit krb5kdc_t krb5kdc_conf_t:file write;
allow krb5kdc_t krb5kdc_log_t:file create_file_perms;
-logging_create_log(krb5kdc_t,krb5kdc_log_t)
+logging_filetrans_log(krb5kdc_t,krb5kdc_log_t)
allow krb5kdc_t krb5kdc_principal_t:file r_file_perms;
dontaudit krb5kdc_t krb5kdc_principal_t:file write;
allow krb5kdc_t krb5kdc_tmp_t:dir create_dir_perms;
allow krb5kdc_t krb5kdc_tmp_t:file create_file_perms;
-files_create_tmp_files(krb5kdc_t, krb5kdc_tmp_t, { file dir })
+files_filetrans_tmp(krb5kdc_t, krb5kdc_tmp_t, { file dir })
allow krb5kdc_t krb5kdc_var_run_t:file create_file_perms;
allow krb5kdc_t krb5kdc_var_run_t:dir rw_dir_perms;
-files_create_pid(krb5kdc_t,krb5kdc_var_run_t)
+files_filetrans_pid(krb5kdc_t,krb5kdc_var_run_t)
kernel_read_system_state(krb5kdc_t)
kernel_read_kernel_sysctl(krb5kdc_t)
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
index df77c78..00167ed 100644
--- a/refpolicy/policy/modules/services/ktalk.te
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -40,11 +40,11 @@ optional_policy(`kerberos',`
allow ktalkd_t ktalkd_tmp_t:dir create_dir_perms;
allow ktalkd_t ktalkd_tmp_t:file create_file_perms;
-files_create_tmp_files(ktalkd_t, ktalkd_tmp_t, { file dir })
+files_filetrans_tmp(ktalkd_t, ktalkd_tmp_t, { file dir })
allow ktalkd_t ktalkd_var_run_t:file create_file_perms;
allow ktalkd_t ktalkd_var_run_t:dir rw_dir_perms;
-files_create_pid(ktalkd_t,ktalkd_var_run_t)
+files_filetrans_pid(ktalkd_t,ktalkd_var_run_t)
kernel_read_kernel_sysctl(ktalkd_t)
kernel_read_system_state(ktalkd_t)
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index 2010674..975aa5d 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -59,7 +59,7 @@ allow slapd_t slapd_db_t:lnk_file create_lnk_perms;
allow slapd_t slapd_etc_t:file { getattr read };
allow slapd_t slapd_lock_t:file create_file_perms;
-files_create_lock(slapd_t,slapd_lock_t)
+files_filetrans_lock(slapd_t,slapd_lock_t)
# Allow access to write the replication log (should tighten this)
allow slapd_t slapd_replog_t:dir create_dir_perms;
@@ -68,11 +68,11 @@ allow slapd_t slapd_replog_t:lnk_file create_lnk_perms;
allow slapd_t slapd_tmp_t:dir create_dir_perms;
allow slapd_t slapd_tmp_t:file create_file_perms;
-files_create_tmp_files(slapd_t, slapd_tmp_t, { file dir })
+files_filetrans_tmp(slapd_t, slapd_tmp_t, { file dir })
allow slapd_t slapd_var_run_t:file create_file_perms;
allow slapd_t slapd_var_run_t:dir rw_dir_perms;
-files_create_pid(slapd_t,slapd_var_run_t)
+files_filetrans_pid(slapd_t,slapd_var_run_t)
kernel_read_system_state(slapd_t)
kernel_read_kernel_sysctl(slapd_t)
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index 08cd0a2..d4d916a 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -46,7 +46,7 @@ allow checkpc_t self:process { fork signal_perms };
allow checkpc_t self:unix_stream_socket create_socket_perms;
allow checkpc_t checkpc_log_t:file create_file_perms;
-logging_create_log(checkpc_t,checkpc_log_t)
+logging_filetrans_log(checkpc_t,checkpc_log_t)
allow checkpc_t lpd_var_run_t:dir { search getattr };
files_search_pids(checkpc_t)
@@ -127,12 +127,12 @@ allow lpd_t self:unix_dgram_socket create_socket_perms;
allow lpd_t lpd_tmp_t:dir create_dir_perms;
allow lpd_t lpd_tmp_t:file create_file_perms;
-files_create_tmp_files(lpd_t, lpd_tmp_t, { file dir })
+files_filetrans_tmp(lpd_t, lpd_tmp_t, { file dir })
allow lpd_t lpd_var_run_t:dir rw_dir_perms;
allow lpd_t lpd_var_run_t:file create_file_perms;
allow lpd_t lpd_var_run_t:sock_file create_file_perms;
-files_create_pid(lpd_t,lpd_var_run_t)
+files_filetrans_pid(lpd_t,lpd_var_run_t)
# Write to /var/spool/lpd.
allow lpd_t print_spool_t:dir rw_dir_perms;
@@ -146,7 +146,7 @@ can_exec(lpd_t, printconf_t)
# Create and bind to /dev/printer.
allow lpd_t printer_t:lnk_file create_lnk_perms;
-dev_create_dev_node(lpd_t,printer_t,lnk_file)
+dev_filetrans_dev_node(lpd_t,printer_t,lnk_file)
# cjp: I believe these have no effect:
allow lpd_t printer_t:unix_stream_socket name_bind;
allow lpd_t printer_t:unix_dgram_socket name_bind;
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index cd4e1a5..753d7f1 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -35,15 +35,15 @@ template(`mailman_domain_template', `
allow mailman_$1_t mailman_lock_t:dir rw_dir_perms;
allow mailman_$1_t mailman_lock_t:file create_file_perms;
- files_create_lock(mailman_$1_t,mailman_lock_t)
+ files_filetrans_lock(mailman_$1_t,mailman_lock_t)
allow mailman_$1_t mailman_log_t:dir rw_dir_perms;
allow mailman_$1_t mailman_log_t:file create_file_perms;
- logging_create_log(mailman_$1_t,mailman_log_t)
+ logging_filetrans_log(mailman_$1_t,mailman_log_t)
allow mailman_$1_t mailman_$1_tmp_t:dir create_dir_perms;
allow mailman_$1_t mailman_$1_tmp_t:file create_file_perms;
- files_create_tmp_files(mailman_$1_t, mailman_$1_tmp_t, { file dir })
+ files_filetrans_tmp(mailman_$1_t, mailman_$1_tmp_t, { file dir })
kernel_read_kernel_sysctl(mailman_$1_t)
kernel_read_system_state(mailman_$1_t)
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index c4ec347..e16be43 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -119,7 +119,7 @@ template(`mta_base_mail_template',`
allow $1_mail_t $1_mail_tmp_t:dir create_dir_perms;
allow $1_mail_t $1_mail_tmp_t:file create_file_perms;
- files_create_tmp_files($1_mail_t, $1_mail_tmp_t, { file dir })
+ files_filetrans_tmp($1_mail_t, $1_mail_tmp_t, { file dir })
allow $1_mail_t etc_mail_t:dir { getattr search };
@@ -280,7 +280,7 @@ template(`mta_admin_template',`
allow $1_mail_t etc_aliases_t:lnk_file create_lnk_perms;
allow $1_mail_t etc_aliases_t:sock_file create_file_perms;
allow $1_mail_t etc_aliases_t:fifo_file create_file_perms;
- files_create_etc_config($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
+ files_filetrans_etc($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
# postfix needs this for newaliases
files_getattr_tmp_dir($1_mail_t)
@@ -289,7 +289,7 @@ template(`mta_admin_template',`
ifdef(`distro_redhat',`
# compatability for old default main.cf
- postfix_create_config($1_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
+ postfix_filetrans_config($1_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
')
')
')
@@ -596,7 +596,7 @@ interface(`mta_getattr_spool',`
## no class is specified, file will be used.
## </param>
#
-interface(`mta_create_spool',`
+interface(`mta_filetrans_spool',`
gen_require(`
type mail_spool_t;
')
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 85139a9..ef67ac1 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -130,7 +130,7 @@ optional_policy(`logwatch',`
')
optional_policy(`sendmail',`
- files_create_etc_config(sendmail_t,etc_aliases_t, file)
+ files_filetrans_etc(sendmail_t,etc_aliases_t, file)
')
optional_policy(`postfix',`
@@ -139,7 +139,7 @@ optional_policy(`postfix',`
allow system_mail_t etc_aliases_t:lnk_file create_lnk_perms;
allow system_mail_t etc_aliases_t:sock_file create_file_perms;
allow system_mail_t etc_aliases_t:fifo_file create_file_perms;
- files_create_etc_config(system_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
+ files_filetrans_etc(system_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
domain_use_wide_inherit_fd(system_mail_t)
@@ -150,7 +150,7 @@ optional_policy(`postfix',`
ifdef(`distro_redhat',`
# compatability for old default main.cf
- postfix_create_config(system_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
+ postfix_filetrans_config(system_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
')
optional_policy(`cron',`
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 91c18b9..bbfa13d 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -42,23 +42,23 @@ allow mysqld_t self:udp_socket create_socket_perms;
allow mysqld_t mysqld_db_t:dir create_dir_perms;
allow mysqld_t mysqld_db_t:file create_file_perms;
allow mysqld_t mysqld_db_t:lnk_file create_lnk_perms;
-files_create_var_lib(mysqld_t,mysqld_db_t,{ dir file })
+files_filetrans_var_lib(mysqld_t,mysqld_db_t,{ dir file })
allow mysqld_t mysqld_etc_t:file { getattr read };
allow mysqld_t mysqld_etc_t:lnk_file { getattr read };
allow mysqld_t mysqld_etc_t:dir list_dir_perms;
allow mysqld_t mysqld_log_t:file create_file_perms;
-logging_create_log(mysqld_t,mysqld_log_t)
+logging_filetrans_log(mysqld_t,mysqld_log_t)
allow mysqld_t mysqld_tmp_t:dir create_dir_perms;
allow mysqld_t mysqld_tmp_t:file create_file_perms;
-files_create_tmp_files(mysqld_t, mysqld_tmp_t, { file dir })
+files_filetrans_tmp(mysqld_t, mysqld_tmp_t, { file dir })
allow mysqld_t mysqld_var_run_t:dir rw_dir_perms;
allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
allow mysqld_t mysqld_var_run_t:file create_file_perms;
-files_create_pid(mysqld_t,mysqld_var_run_t)
+files_filetrans_pid(mysqld_t,mysqld_var_run_t)
kernel_list_proc(mysqld_t)
kernel_read_kernel_sysctl(mysqld_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 0ada346..9d88a85 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -31,7 +31,7 @@ allow NetworkManager_t self:packet_socket create_socket_perms;
allow NetworkManager_t NetworkManager_var_run_t:file create_file_perms;
allow NetworkManager_t NetworkManager_var_run_t:dir rw_dir_perms;
-files_create_pid(NetworkManager_t,NetworkManager_var_run_t)
+files_filetrans_pid(NetworkManager_t,NetworkManager_var_run_t)
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
@@ -102,7 +102,7 @@ sysnet_delete_dhcpc_pid(NetworkManager_t)
sysnet_search_dhcp_state(NetworkManager_t)
# in /etc created by NetworkManager will be labelled net_conf_t.
sysnet_manage_config(NetworkManager_t)
-sysnet_create_config(NetworkManager_t)
+sysnet_filetrans_config(NetworkManager_t)
userdom_dontaudit_use_unpriv_user_fd(NetworkManager_t)
userdom_dontaudit_search_sysadm_home_dir(NetworkManager_t)
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 8fd2656..2ae303f 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -54,11 +54,11 @@ allow ypbind_t self:udp_socket create_socket_perms;
allow ypbind_t ypbind_tmp_t:dir create_dir_perms;
allow ypbind_t ypbind_tmp_t:file create_file_perms;
-files_create_tmp_files(ypbind_t, ypbind_tmp_t, { file dir })
+files_filetrans_tmp(ypbind_t, ypbind_tmp_t, { file dir })
allow ypbind_t ypbind_var_run_t:file manage_file_perms;
allow ypbind_t ypbind_var_run_t:dir rw_dir_perms;
-files_create_pid(ypbind_t,ypbind_var_run_t)
+files_filetrans_pid(ypbind_t,ypbind_var_run_t)
allow ypbind_t var_yp_t:dir rw_dir_perms;
allow ypbind_t var_yp_t:file create_file_perms;
@@ -151,7 +151,7 @@ allow yppasswdd_t self:udp_socket create_socket_perms;
allow yppasswdd_t yppasswdd_var_run_t:file create_file_perms;
allow yppasswdd_t yppasswdd_var_run_t:dir rw_dir_perms;
-files_create_pid(yppasswdd_t,yppasswdd_var_run_t)
+files_filetrans_pid(yppasswdd_t,yppasswdd_var_run_t)
allow yppasswdd_t var_yp_t:dir rw_dir_perms;
allow yppasswdd_t var_yp_t:file create_file_perms;
@@ -256,11 +256,11 @@ allow ypserv_t ypserv_conf_t:file { getattr read };
allow ypserv_t ypserv_tmp_t:dir create_dir_perms;
allow ypserv_t ypserv_tmp_t:file create_file_perms;
-files_create_tmp_files(ypserv_t, ypserv_tmp_t, { file dir })
+files_filetrans_tmp(ypserv_t, ypserv_tmp_t, { file dir })
allow ypserv_t ypserv_var_run_t:dir rw_dir_perms;
allow ypserv_t ypserv_var_run_t:file manage_file_perms;
-files_create_pid(ypserv_t,ypserv_var_run_t)
+files_filetrans_pid(ypserv_t,ypserv_var_run_t)
kernel_read_kernel_sysctl(ypserv_t)
kernel_list_proc(ypserv_t)
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index dd79db2..1659ece 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -45,12 +45,12 @@ allow nscd_t self:udp_socket create_socket_perms;
allow nscd_t self:nscd { admin getstat };
allow nscd_t nscd_log_t:file create_file_perms;
-logging_create_log(nscd_t,nscd_log_t)
+logging_filetrans_log(nscd_t,nscd_log_t)
allow nscd_t nscd_var_run_t:file create_file_perms;
allow nscd_t nscd_var_run_t:sock_file create_file_perms;
allow nscd_t nscd_var_run_t:dir rw_dir_perms;
-files_create_pid(nscd_t,nscd_var_run_t,{ file sock_file })
+files_filetrans_pid(nscd_t,nscd_var_run_t,{ file sock_file })
kernel_read_kernel_sysctl(nscd_t)
kernel_list_proc(nscd_t)
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index df17f67..530dfe7 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -49,16 +49,16 @@ can_exec(ntpd_t,ntpd_exec_t)
allow ntpd_t ntpd_log_t:file create_file_perms;
allow ntpd_t ntpd_log_t:dir { rw_dir_perms setattr };
-logging_create_log(ntpd_t,ntpd_log_t,{ file dir })
+logging_filetrans_log(ntpd_t,ntpd_log_t,{ file dir })
# for some reason it creates a file in /tmp
allow ntpd_t ntpd_tmp_t:dir create_dir_perms;
allow ntpd_t ntpd_tmp_t:file create_file_perms;
-files_create_tmp_files(ntpd_t, ntpd_tmp_t, { file dir })
+files_filetrans_tmp(ntpd_t, ntpd_tmp_t, { file dir })
allow ntpd_t ntpd_var_run_t:file create_file_perms;
allow ntpd_t ntpd_var_run_t:dir rw_dir_perms;
-files_create_pid(ntpd_t,ntpd_var_run_t)
+files_filetrans_pid(ntpd_t,ntpd_var_run_t)
kernel_read_kernel_sysctl(ntpd_t)
kernel_read_system_state(ntpd_t)
diff --git a/refpolicy/policy/modules/services/openct.te b/refpolicy/policy/modules/services/openct.te
index 964efb5..b36f450 100644
--- a/refpolicy/policy/modules/services/openct.te
+++ b/refpolicy/policy/modules/services/openct.te
@@ -23,7 +23,7 @@ allow openct_t self:process signal_perms;
allow openct_t openct_var_run_t:file create_file_perms;
allow openct_t openct_var_run_t:dir rw_dir_perms;
-files_create_pid(openct_t,openct_var_run_t)
+files_filetrans_pid(openct_t,openct_var_run_t)
kernel_read_kernel_sysctl(openct_t)
kernel_list_proc(openct_t)
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index 96b0472..daa26b2 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -54,12 +54,12 @@ allow pegasus_t pegasus_mof_t:lnk_file { getattr read };
allow pegasus_t pegasus_tmp_t:dir create_dir_perms;
allow pegasus_t pegasus_tmp_t:file create_file_perms;
-files_create_tmp_files(pegasus_t, pegasus_tmp_t, { file dir })
+files_filetrans_tmp(pegasus_t, pegasus_tmp_t, { file dir })
allow pegasus_t pegasus_var_run_t:file create_file_perms;
allow pegasus_t pegasus_var_run_t:sock_file { create setattr unlink };
allow pegasus_t pegasus_var_run_t:dir rw_dir_perms;
-files_create_pid(pegasus_t,pegasus_var_run_t)
+files_filetrans_pid(pegasus_t,pegasus_var_run_t)
kernel_read_kernel_sysctl(pegasus_t)
kernel_read_fs_sysctl(pegasus_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 77dce07..87f6ba5 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -36,11 +36,11 @@ allow portmap_t self:udp_socket create_socket_perms;
allow portmap_t portmap_tmp_t:dir create_dir_perms;
allow portmap_t portmap_tmp_t:file create_file_perms;
-files_create_tmp_files(portmap_t, portmap_tmp_t, { file dir })
+files_filetrans_tmp(portmap_t, portmap_tmp_t, { file dir })
allow portmap_t portmap_var_run_t:file create_file_perms;
allow portmap_t portmap_var_run_t:dir rw_dir_perms;
-files_create_pid(portmap_t,portmap_var_run_t)
+files_filetrans_pid(portmap_t,portmap_var_run_t)
kernel_read_kernel_sysctl(portmap_t)
kernel_list_proc(portmap_t)
@@ -163,7 +163,7 @@ allow portmap_helper_t self:tcp_socket create_stream_socket_perms;
allow portmap_helper_t self:udp_socket create_socket_perms;
allow portmap_helper_t portmap_var_run_t:file create_file_perms;
-files_create_pid(portmap_helper_t,portmap_var_run_t)
+files_filetrans_pid(portmap_helper_t,portmap_var_run_t)
corenet_tcp_sendrecv_all_if(portmap_helper_t)
corenet_udp_sendrecv_all_if(portmap_helper_t)
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index 3c4f403..a749e8e 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -43,7 +43,7 @@ template(`postfix_domain_template',`
allow postfix_$1_t postfix_spool_t:dir r_dir_perms;
allow postfix_$1_t postfix_var_run_t:file manage_file_perms;
- files_create_pid(postfix_$1_t,postfix_var_run_t)
+ files_filetrans_pid(postfix_$1_t,postfix_var_run_t)
kernel_read_system_state(postfix_$1_t)
kernel_read_network_state(postfix_$1_t)
@@ -207,7 +207,7 @@ interface(`postfix_read_config',`
## no class is specified, file will be used.
## </param>
#
-interface(`postfix_create_config',`
+interface(`postfix_filetrans_config',`
gen_require(`
type postfix_etc_t;
')
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index 3510a35..4c85ccb 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -257,7 +257,7 @@ allow postfix_local_t self:process { setsched setrlimit };
allow postfix_local_t postfix_local_tmp_t:dir create_dir_perms;
allow postfix_local_t postfix_local_tmp_t:file create_file_perms;
-files_create_tmp_files(postfix_local_t, postfix_local_tmp_t, { file dir })
+files_filetrans_tmp(postfix_local_t, postfix_local_tmp_t, { file dir })
# connect to master process
allow postfix_local_t postfix_master_t:unix_stream_socket connectto;
@@ -299,7 +299,7 @@ allow postfix_map_t postfix_etc_t:lnk_file create_lnk_perms;
allow postfix_map_t postfix_map_tmp_t:dir create_dir_perms;
allow postfix_map_t postfix_map_tmp_t:file create_file_perms;
-files_create_tmp_files(postfix_map_t, postfix_map_tmp_t, { file dir })
+files_filetrans_tmp(postfix_map_t, postfix_map_tmp_t, { file dir })
kernel_read_kernel_sysctl(postfix_map_t)
kernel_dontaudit_list_proc(postfix_map_t)
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index 9a53560..ca0f3cc 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -48,7 +48,7 @@ allow postgresql_t postgresql_db_t:fifo_file create_file_perms;
allow postgresql_t postgresql_db_t:file create_file_perms;
allow postgresql_t postgresql_db_t:lnk_file create_lnk_perms;
allow postgresql_t postgresql_db_t:sock_file create_file_perms;
-files_create_var_lib(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })
+files_filetrans_var_lib(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })
allow postgresql_t postgresql_etc_t:dir r_dir_perms;
allow postgresql_t postgresql_etc_t:file r_file_perms;
@@ -58,24 +58,24 @@ allow postgresql_t postgresql_exec_t:lnk_file { getattr read };
can_exec(postgresql_t, postgresql_exec_t )
allow postgresql_t postgresql_lock_t:file create_file_perms;
-files_create_lock(postgresql_t,postgresql_lock_t)
+files_filetrans_lock(postgresql_t,postgresql_lock_t)
allow postgresql_t postgresql_log_t:dir rw_dir_perms;
allow postgresql_t postgresql_log_t:file create_file_perms;
-logging_create_log(postgresql_t,postgresql_log_t,{ file dir })
+logging_filetrans_log(postgresql_t,postgresql_log_t,{ file dir })
allow postgresql_t postgresql_tmp_t:dir create_dir_perms;
allow postgresql_t postgresql_tmp_t:fifo_file create_file_perms;
allow postgresql_t postgresql_tmp_t:file create_file_perms;
allow postgresql_t postgresql_tmp_t:lnk_file create_lnk_perms;
allow postgresql_t postgresql_tmp_t:sock_file create_file_perms;
-files_create_tmp_files(postgresql_t, postgresql_tmp_t, { dir file sock_file })
-fs_create_tmpfs_data(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
+files_filetrans_tmp(postgresql_t, postgresql_tmp_t, { dir file sock_file })
+fs_filetrans_tmpfs(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
allow postgresql_t postgresql_var_run_t:dir rw_dir_perms;
allow postgresql_t postgresql_var_run_t:file create_file_perms;
allow postgresql_t postgresql_var_run_t:sock_file create_file_perms;
-files_create_pid(postgresql_t,postgresql_var_run_t)
+files_filetrans_pid(postgresql_t,postgresql_var_run_t)
kernel_read_kernel_sysctl(postgresql_t)
kernel_read_system_state(postgresql_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 8e3e8dd..6b82f71 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -80,23 +80,23 @@ allow pppd_t pppd_devpts_t:chr_file { rw_file_perms setattr };
allow pppd_t pppd_etc_t:dir rw_dir_perms;
allow pppd_t pppd_etc_t:file r_file_perms;
allow pppd_t pppd_etc_t:lnk_file { getattr read };
-files_create_etc_config(pppd_t,pppd_etc_t)
+files_filetrans_etc(pppd_t,pppd_etc_t)
allow pppd_t pppd_etc_rw_t:file create_file_perms;
allow pppd_t pppd_lock_t:file create_file_perms;
-files_create_lock(pppd_t,pppd_lock_t)
+files_filetrans_lock(pppd_t,pppd_lock_t)
allow pppd_t pppd_log_t:file create_file_perms;
-logging_create_log(pppd_t,pppd_log_t)
+logging_filetrans_log(pppd_t,pppd_log_t)
allow pppd_t pppd_tmp_t:dir create_dir_perms;
allow pppd_t pppd_tmp_t:file create_file_perms;
-files_create_tmp_files(pppd_t, pppd_tmp_t, { file dir })
+files_filetrans_tmp(pppd_t, pppd_tmp_t, { file dir })
allow pppd_t pppd_var_run_t:dir rw_dir_perms;
allow pppd_t pppd_var_run_t:file create_file_perms;
-files_create_pid(pppd_t,pppd_var_run_t)
+files_filetrans_pid(pppd_t,pppd_var_run_t)
allow pppd_t pptp_t:process signal;
@@ -248,12 +248,12 @@ can_exec(pptp_t, pppd_etc_rw_t)
allow pptp_t pppd_log_t:file append;
allow pptp_t pptp_log_t:file create_file_perms;
-logging_create_log(pptp_t,pptp_log_t)
+logging_filetrans_log(pptp_t,pptp_log_t)
allow pptp_t pptp_var_run_t:file create_file_perms;
allow pptp_t pptp_var_run_t:dir rw_dir_perms;
allow pptp_t pptp_var_run_t:sock_file create_file_perms;
-files_create_pid(pptp_t,pptp_var_run_t)
+files_filetrans_pid(pptp_t,pptp_var_run_t)
kernel_list_proc(pptp_t)
kernel_read_kernel_sysctl(pptp_t)
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index d9a487b..ea69c43 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -32,11 +32,11 @@ allow privoxy_t privoxy_etc_rw_t:file rw_file_perms;
allow privoxy_t privoxy_log_t:file create_file_perms;
allow privoxy_t privoxy_log_t:dir rw_dir_perms;
-logging_create_log(privoxy_t,privoxy_log_t)
+logging_filetrans_log(privoxy_t,privoxy_log_t)
allow privoxy_t privoxy_var_run_t:file create_file_perms;
allow privoxy_t privoxy_var_run_t:dir rw_dir_perms;
-files_create_pid(privoxy_t,privoxy_var_run_t)
+files_filetrans_pid(privoxy_t,privoxy_var_run_t)
kernel_read_kernel_sysctl(privoxy_t)
kernel_list_proc(privoxy_t)
diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te
index 5f0b812..0b49f23 100644
--- a/refpolicy/policy/modules/services/radius.te
+++ b/refpolicy/policy/modules/services/radius.te
@@ -41,11 +41,11 @@ files_search_etc(radiusd_t)
allow radiusd_t radiusd_log_t:file create_file_perms;
allow radiusd_t radiusd_log_t:dir create_dir_perms;
-logging_create_log(radiusd_t,radiusd_log_t,{ file dir })
+logging_filetrans_log(radiusd_t,radiusd_log_t,{ file dir })
allow radiusd_t radiusd_var_run_t:file create_file_perms;
allow radiusd_t radiusd_var_run_t:dir rw_dir_perms;
-files_create_pid(radiusd_t,radiusd_var_run_t)
+files_filetrans_pid(radiusd_t,radiusd_var_run_t)
kernel_read_kernel_sysctl(radiusd_t)
kernel_read_system_state(radiusd_t)
diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te
index c368f8e..0cb9893 100644
--- a/refpolicy/policy/modules/services/radvd.te
+++ b/refpolicy/policy/modules/services/radvd.te
@@ -32,7 +32,7 @@ allow radvd_t radvd_etc_t:file { getattr read };
allow radvd_t radvd_var_run_t:file create_file_perms;
allow radvd_t radvd_var_run_t:dir rw_dir_perms;
-files_create_pid(radvd_t,radvd_var_run_t)
+files_filetrans_pid(radvd_t,radvd_var_run_t)
kernel_read_kernel_sysctl(radvd_t)
kernel_read_net_sysctl(radvd_t)
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index 7dfb861..ebc250d 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -40,7 +40,7 @@ allow remote_login_t self:msg { send receive };
allow remote_login_t remote_login_tmp_t:dir create_dir_perms;
allow remote_login_t remote_login_tmp_t:file create_file_perms;
-files_create_tmp_files(remote_login_t, remote_login_tmp_t, { file dir })
+files_filetrans_tmp(remote_login_t, remote_login_tmp_t, { file dir })
kernel_read_system_state(remote_login_t)
kernel_read_kernel_sysctl(remote_login_t)
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index 8cfe7a5..d019255 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -41,11 +41,11 @@ can_exec(rlogind_t, rlogind_exec_t)
allow rlogind_t rlogind_tmp_t:dir create_dir_perms;
allow rlogind_t rlogind_tmp_t:file create_file_perms;
-files_create_tmp_files(rlogind_t, rlogind_tmp_t, { file dir })
+files_filetrans_tmp(rlogind_t, rlogind_tmp_t, { file dir })
allow rlogind_t rlogind_var_run_t:file create_file_perms;
allow rlogind_t rlogind_var_run_t:dir rw_dir_perms;
-files_create_pid(rlogind_t,rlogind_var_run_t)
+files_filetrans_pid(rlogind_t,rlogind_var_run_t)
kernel_read_kernel_sysctl(rlogind_t)
kernel_read_system_state(rlogind_t)
diff --git a/refpolicy/policy/modules/services/roundup.te b/refpolicy/policy/modules/services/roundup.te
index ce126ea..a7cedb4 100644
--- a/refpolicy/policy/modules/services/roundup.te
+++ b/refpolicy/policy/modules/services/roundup.te
@@ -30,11 +30,11 @@ allow roundup_t self:udp_socket create_socket_perms;
allow roundup_t roundup_var_run_t:file create_file_perms;
allow roundup_t roundup_var_run_t:dir rw_dir_perms;
-files_create_pid(roundup_t,roundup_var_run_t)
+files_filetrans_pid(roundup_t,roundup_var_run_t)
allow roundup_t roundup_var_lib_t:file create_file_perms;
allow roundup_t roundup_var_lib_t:dir rw_dir_perms;
-files_create_var_lib(roundup_t,roundup_var_lib_t)
+files_filetrans_var_lib(roundup_t,roundup_var_lib_t)
kernel_read_kernel_sysctl(roundup_t)
kernel_list_proc(roundup_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index 67a1c7d..db9be79 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -43,7 +43,7 @@ allow rpcd_t self:file { getattr read };
allow rpcd_t rpcd_var_run_t:file manage_file_perms;
allow rpcd_t rpcd_var_run_t:dir { rw_dir_perms setattr };
-files_create_pid(rpcd_t,rpcd_var_run_t)
+files_filetrans_pid(rpcd_t,rpcd_var_run_t)
kernel_search_network_state(rpcd_t)
# for rpc.rquotad
@@ -124,7 +124,7 @@ allow gssd_t self:fifo_file { read write };
allow gssd_t gssd_tmp_t:dir create_dir_perms;
allow gssd_t gssd_tmp_t:file create_file_perms;
-files_create_tmp_files(gssd_t, gssd_tmp_t, { file dir })
+files_filetrans_tmp(gssd_t, gssd_tmp_t, { file dir })
kernel_read_network_state(gssd_t)
kernel_read_network_state_symlinks(gssd_t)
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index ac9af2a..d439016 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -44,11 +44,11 @@ allow rsync_t rsync_data_t:lnk_file r_file_perms;
allow rsync_t rsync_tmp_t:dir create_dir_perms;
allow rsync_t rsync_tmp_t:file create_file_perms;
-files_create_tmp_files(rsync_t, rsync_tmp_t, { file dir })
+files_filetrans_tmp(rsync_t, rsync_tmp_t, { file dir })
allow rsync_t rsync_var_run_t:file create_file_perms;
allow rsync_t rsync_var_run_t:dir rw_dir_perms;
-files_create_pid(rsync_t,rsync_var_run_t)
+files_filetrans_pid(rsync_t,rsync_var_run_t)
kernel_read_kernel_sysctl(rsync_t)
kernel_read_system_state(rsync_t)
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 60f8c10..cef316c 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -103,7 +103,7 @@ type_transition samba_net_t samba_etc_t:file samba_secrets_t;
allow samba_net_t samba_net_tmp_t:dir create_dir_perms;
allow samba_net_t samba_net_tmp_t:file create_file_perms;
-files_create_tmp_files(samba_net_t, samba_net_tmp_t, { file dir })
+files_filetrans_tmp(samba_net_t, samba_net_tmp_t, { file dir })
allow samba_net_t samba_var_t:dir rw_dir_perms;
allow samba_net_t samba_var_t:lnk_file create_lnk_perms;
@@ -212,14 +212,14 @@ allow smbd_t samba_var_t:sock_file create_file_perms;
allow smbd_t smbd_tmp_t:dir create_dir_perms;
allow smbd_t smbd_tmp_t:file create_file_perms;
-files_create_tmp_files(smbd_t, smbd_tmp_t, { file dir })
+files_filetrans_tmp(smbd_t, smbd_tmp_t, { file dir })
allow smbd_t nmbd_var_run_t:file rw_file_perms;
allow smbd_t smbd_var_run_t:dir create_dir_perms;
allow smbd_t smbd_var_run_t:file create_file_perms;
allow smbd_t smbd_var_run_t:sock_file create_file_perms;
-files_create_pid(smbd_t,smbd_var_run_t)
+files_filetrans_pid(smbd_t,smbd_var_run_t)
allow smbd_t winbind_var_run_t:sock_file { read write getattr };
@@ -356,7 +356,7 @@ allow nmbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow nmbd_t nmbd_var_run_t:file create_file_perms;
allow nmbd_t nmbd_var_run_t:dir rw_dir_perms;
-files_create_pid(nmbd_t,nmbd_var_run_t)
+files_filetrans_pid(nmbd_t,nmbd_var_run_t)
allow nmbd_t samba_etc_t:dir { search getattr };
allow nmbd_t samba_etc_t:file { getattr read };
@@ -559,11 +559,11 @@ allow swat_t smbd_var_run_t:file read;
allow swat_t swat_tmp_t:dir create_dir_perms;
allow swat_t swat_tmp_t:file create_file_perms;
-files_create_tmp_files(swat_t, swat_tmp_t, { file dir })
+files_filetrans_tmp(swat_t, swat_tmp_t, { file dir })
allow swat_t swat_var_run_t:file create_file_perms;
allow swat_t swat_var_run_t:dir rw_dir_perms;
-files_create_pid(swat_t,swat_var_run_t)
+files_filetrans_pid(swat_t,swat_var_run_t)
allow swat_t winbind_exec_t:file execute;
@@ -652,16 +652,16 @@ allow winbind_t samba_var_t:file create_file_perms;
allow winbind_t samba_var_t:lnk_file create_lnk_perms;
allow winbind_t winbind_log_t:file create_file_perms;
-logging_create_log(winbind_t,winbind_log_t)
+logging_filetrans_log(winbind_t,winbind_log_t)
allow winbind_t winbind_tmp_t:dir create_dir_perms;
allow winbind_t winbind_tmp_t:file create_file_perms;
-files_create_tmp_files(winbind_t, winbind_tmp_t, { file dir })
+files_filetrans_tmp(winbind_t, winbind_tmp_t, { file dir })
allow winbind_t winbind_var_run_t:file create_file_perms;
allow winbind_t winbind_var_run_t:sock_file create_file_perms;
allow winbind_t winbind_var_run_t:dir rw_dir_perms;
-files_create_pid(winbind_t,winbind_var_run_t)
+files_filetrans_pid(winbind_t,winbind_var_run_t)
kernel_read_kernel_sysctl(winbind_t)
kernel_list_proc(winbind_t)
diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te
index 39745b7..f802e41 100644
--- a/refpolicy/policy/modules/services/sasl.te
+++ b/refpolicy/policy/modules/services/sasl.te
@@ -29,7 +29,7 @@ allow saslauthd_t self:tcp_socket create_socket_perms;
allow saslauthd_t saslauthd_var_run_t:file create_file_perms;
allow saslauthd_t saslauthd_var_run_t:sock_file create_file_perms;
allow saslauthd_t saslauthd_var_run_t:dir rw_dir_perms;
-files_create_pid(saslauthd_t,saslauthd_var_run_t)
+files_filetrans_pid(saslauthd_t,saslauthd_var_run_t)
kernel_read_kernel_sysctl(saslauthd_t)
kernel_read_system_state(saslauthd_t)
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index 51d2e28..0ab0a34 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -83,5 +83,5 @@ interface(`sendmail_create_log',`
type sendmail_log_t;
')
- logging_create_log($1,sendmail_log_t,file)
+ logging_filetrans_log($1,sendmail_log_t,file)
')
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index c207b54..d406396 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -34,7 +34,7 @@ allow sendmail_t self:tcp_socket create_stream_socket_perms;
allow sendmail_t sendmail_log_t:file create_file_perms;
allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
-logging_create_log(sendmail_t,sendmail_log_t,{ file dir })
+logging_filetrans_log(sendmail_t,sendmail_log_t,{ file dir })
kernel_read_kernel_sysctl(sendmail_t)
# for piping mail to a command
@@ -106,10 +106,10 @@ ifdef(`targeted_policy',`
',`
allow sendmail_t sendmail_tmp_t:dir create_dir_perms;
allow sendmail_t sendmail_tmp_t:file create_file_perms;
- files_create_tmp_files(sendmail_t, sendmail_tmp_t, { file dir })
+ files_filetrans_tmp(sendmail_t, sendmail_tmp_t, { file dir })
allow sendmail_t sendmail_var_run_t:file { getattr create read write append setattr unlink lock };
- files_create_pid(sendmail_t,sendmail_var_run_t)
+ files_filetrans_pid(sendmail_t,sendmail_var_run_t)
')
optional_policy(`nis',`
diff --git a/refpolicy/policy/modules/services/slrnpull.te b/refpolicy/policy/modules/services/slrnpull.te
index f1e84d8..f27268d 100644
--- a/refpolicy/policy/modules/services/slrnpull.te
+++ b/refpolicy/policy/modules/services/slrnpull.te
@@ -28,7 +28,7 @@ dontaudit slrnpull_t self:capability sys_tty_config;
allow slrnpull_t self:process signal_perms;
allow slrnpull_t slrnpull_log_t:file create_file_perms;
-logging_create_log(slrnpull_t,slrnpull_log_t)
+logging_filetrans_log(slrnpull_t,slrnpull_log_t)
allow slrnpull_t slrnpull_spool_t:dir rw_dir_perms;
allow slrnpull_t slrnpull_spool_t:dir create_dir_perms;
@@ -38,7 +38,7 @@ files_search_spool(slrnpull_t)
allow slrnpull_t slrnpull_var_run_t:file create_file_perms;
allow slrnpull_t slrnpull_var_run_t:dir rw_dir_perms;
-files_create_pid(slrnpull_t,slrnpull_var_run_t)
+files_filetrans_pid(slrnpull_t,slrnpull_var_run_t)
kernel_list_proc(slrnpull_t)
kernel_read_kernel_sysctl(slrnpull_t)
diff --git a/refpolicy/policy/modules/services/smartmon.te b/refpolicy/policy/modules/services/smartmon.te
index 11a8215..321fc97 100644
--- a/refpolicy/policy/modules/services/smartmon.te
+++ b/refpolicy/policy/modules/services/smartmon.te
@@ -31,11 +31,11 @@ allow fsdaemon_t self:udp_socket create_socket_perms;
allow fsdaemon_t fsdaemon_tmp_t:dir create_dir_perms;
allow fsdaemon_t fsdaemon_tmp_t:file create_file_perms;
-files_create_tmp_files(fsdaemon_t, fsdaemon_tmp_t, { file dir })
+files_filetrans_tmp(fsdaemon_t, fsdaemon_tmp_t, { file dir })
allow fsdaemon_t fsdaemon_var_run_t:file create_file_perms;
allow fsdaemon_t fsdaemon_var_run_t:dir rw_dir_perms;
-files_create_pid(fsdaemon_t,fsdaemon_var_run_t)
+files_filetrans_pid(fsdaemon_t,fsdaemon_var_run_t)
kernel_read_kernel_sysctl(fsdaemon_t)
kernel_read_software_raid_state(fsdaemon_t)
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index 413466f..e27fcbe 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -36,18 +36,18 @@ allow snmpd_t self:udp_socket connected_stream_socket_perms;
allow snmpd_t snmpd_etc_t:file { getattr read };
allow snmpd_t snmpd_log_t:file create_file_perms;
-logging_create_log(snmpd_t,snmpd_log_t)
+logging_filetrans_log(snmpd_t,snmpd_log_t)
allow snmpd_t snmpd_var_lib_t:file create_file_perms;
allow snmpd_t snmpd_var_lib_t:sock_file create_file_perms;
allow snmpd_t snmpd_var_lib_t:dir create_dir_perms;
-files_create_usr(snmpd_t,snmpd_var_lib_t)
-files_create_var(snmpd_t,snmpd_var_lib_t,{ file dir sock_file })
-files_create_var_lib(snmpd_t,snmpd_var_lib_t)
+files_filetrans_usr(snmpd_t,snmpd_var_lib_t)
+files_filetrans_var(snmpd_t,snmpd_var_lib_t,{ file dir sock_file })
+files_filetrans_var_lib(snmpd_t,snmpd_var_lib_t)
allow snmpd_t snmpd_var_run_t:file create_file_perms;
allow snmpd_t snmpd_var_run_t:dir rw_dir_perms;
-files_create_pid(snmpd_t,snmpd_var_run_t)
+files_filetrans_pid(snmpd_t,snmpd_var_run_t)
kernel_read_kernel_sysctl(snmpd_t)
kernel_read_net_sysctl(snmpd_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if
index 589ae52..0046187 100644
--- a/refpolicy/policy/modules/services/spamassassin.if
+++ b/refpolicy/policy/modules/services/spamassassin.if
@@ -75,7 +75,7 @@ template(`spamassassin_per_userdomain_template',`
allow $1_spamc_t $1_spamc_tmp_t:dir create_dir_perms;
allow $1_spamc_t $1_spamc_tmp_t:file create_file_perms;
- files_create_tmp_files($1_spamc_t, $1_spamc_tmp_t, { file dir })
+ files_filetrans_tmp($1_spamc_t, $1_spamc_tmp_t, { file dir })
# Allow connecting to a local spamd
allow $1_spamc_t spamd_t:tcp_socket { connectto recvfrom };
@@ -198,7 +198,7 @@ template(`spamassassin_per_userdomain_template',`
allow $1_spamassassin_t $1_spamassassin_tmp_t:dir create_dir_perms;
allow $1_spamassassin_t $1_spamassassin_tmp_t:file create_file_perms;
- files_create_tmp_files($1_spamassassin_t, $1_spamassassin_tmp_t, { file dir })
+ files_filetrans_tmp($1_spamassassin_t, $1_spamassassin_tmp_t, { file dir })
allow $2 $1_spamassassin_home_t:dir { create_dir_perms relabelfrom relabelto };
allow $2 $1_spamassassin_home_t:file { create_file_perms relabelfrom relabelto };
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index 7773c99..db4955f 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -51,11 +51,11 @@ allow spamd_t self:udp_socket create_socket_perms;
allow spamd_t spamd_tmp_t:dir create_dir_perms;
allow spamd_t spamd_tmp_t:file create_file_perms;
-files_create_tmp_files(spamd_t, spamd_tmp_t, { file dir })
+files_filetrans_tmp(spamd_t, spamd_tmp_t, { file dir })
allow spamd_t spamd_var_run_t:file create_file_perms;
allow spamd_t spamd_var_run_t:dir rw_dir_perms;
-files_create_pid(spamd_t,spamd_var_run_t)
+files_filetrans_pid(spamd_t,spamd_var_run_t)
kernel_read_all_sysctl(spamd_t)
kernel_read_system_state(spamd_t)
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index 6f63dda..60f6bc4 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -58,11 +58,11 @@ can_exec(squid_t,squid_exec_t)
allow squid_t squid_log_t:file create_file_perms;
allow squid_t squid_log_t:dir rw_dir_perms;
-logging_create_log(squid_t,squid_log_t,{ file dir })
+logging_filetrans_log(squid_t,squid_log_t,{ file dir })
allow squid_t squid_var_run_t:file create_file_perms;
allow squid_t squid_var_run_t:dir rw_dir_perms;
-files_create_pid(squid_t,squid_var_run_t)
+files_filetrans_pid(squid_t,squid_var_run_t)
kernel_read_kernel_sysctl(squid_t)
kernel_read_system_state(squid_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index f804d88..0da952e 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -89,7 +89,7 @@ template(`ssh_per_userdomain_template',`
# Access the ssh temporary files.
allow $1_ssh_t sshd_tmp_t:dir create_dir_perms;
allow $1_ssh_t sshd_tmp_t:file create_file_perms;
- files_create_tmp_files($1_ssh_t, sshd_tmp_t, { file dir })
+ files_filetrans_tmp($1_ssh_t, sshd_tmp_t, { file dir })
# for rsync
allow $1_ssh_t $2:unix_stream_socket rw_socket_perms;
@@ -421,7 +421,7 @@ template(`ssh_server_template', `
term_create_pty($1_t,$1_devpts_t)
allow $1_t $1_var_run_t:file create_file_perms;
- files_create_pid($1_t,$1_var_run_t,file)
+ files_filetrans_pid($1_t,$1_var_run_t,file)
can_exec($1_t, sshd_exec_t)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index 6d48614..e0697b8 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -82,7 +82,7 @@ ifdef(`targeted_policy',`',`
allow sshd_t sshd_tmp_t:dir create_dir_perms;
allow sshd_t sshd_tmp_t:file create_file_perms;
allow sshd_t sshd_tmp_t:sock_file create_file_perms;
- files_create_tmp_files(sshd_t, sshd_tmp_t, { dir file sock_file })
+ files_filetrans_tmp(sshd_t, sshd_tmp_t, { dir file sock_file })
# for X forwarding
corenet_tcp_bind_xserver_port(sshd_t)
@@ -209,7 +209,7 @@ ifdef(`targeted_policy',`',`
allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms;
allow ssh_keygen_t sshd_key_t:file create_file_perms;
- files_create_etc_config(ssh_keygen_t,sshd_key_t,file)
+ files_filetrans_etc(ssh_keygen_t,sshd_key_t,file)
kernel_read_kernel_sysctl(ssh_keygen_t)
diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te
index 7d32a1c..923c05c 100644
--- a/refpolicy/policy/modules/services/stunnel.te
+++ b/refpolicy/policy/modules/services/stunnel.te
@@ -45,11 +45,11 @@ allow stunnel_t stunnel_etc_t:lnk_file { getattr read };
allow stunnel_t stunnel_tmp_t:dir create_dir_perms;
allow stunnel_t stunnel_tmp_t:file create_file_perms;
-files_create_tmp_files(stunnel_t, stunnel_tmp_t, { file dir })
+files_filetrans_tmp(stunnel_t, stunnel_tmp_t, { file dir })
allow stunnel_t stunnel_var_run_t:file create_file_perms;
allow stunnel_t stunnel_var_run_t:dir rw_dir_perms;
-files_create_pid(stunnel_t,stunnel_var_run_t)
+files_filetrans_pid(stunnel_t,stunnel_var_run_t)
kernel_read_kernel_sysctl(stunnel_t)
kernel_read_system_state(stunnel_t)
diff --git a/refpolicy/policy/modules/services/sysstat.te b/refpolicy/policy/modules/services/sysstat.te
index 9ebcf3d..09dbf0b 100644
--- a/refpolicy/policy/modules/services/sysstat.te
+++ b/refpolicy/policy/modules/services/sysstat.te
@@ -27,7 +27,7 @@ can_exec(sysstat_t, sysstat_exec_t)
allow sysstat_t sysstat_log_t:file create_file_perms;
allow sysstat_t sysstat_log_t:dir rw_dir_perms;
-logging_create_log(sysstat_t,sysstat_log_t,{ file dir })
+logging_filetrans_log(sysstat_t,sysstat_log_t,{ file dir })
# get info from /proc
kernel_read_system_state(sysstat_t)
diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te
index 5a27b85..186d25f 100644
--- a/refpolicy/policy/modules/services/tcpd.te
+++ b/refpolicy/policy/modules/services/tcpd.te
@@ -21,7 +21,7 @@ allow tcpd_t self:tcp_socket create_stream_socket_perms;
allow tcpd_t tcpd_tmp_t:dir create_dir_perms;
allow tcpd_t tcpd_tmp_t:file create_file_perms;
-files_create_tmp_files(tcpd_t, tcpd_tmp_t, { file dir })
+files_filetrans_tmp(tcpd_t, tcpd_tmp_t, { file dir })
corenet_raw_sendrecv_all_if(tcpd_t)
corenet_tcp_sendrecv_all_if(tcpd_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index e46462a..30526a8 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -39,11 +39,11 @@ term_create_pty(telnetd_t,telnetd_devpts_t)
allow telnetd_t telnetd_tmp_t:dir create_dir_perms;
allow telnetd_t telnetd_tmp_t:file create_file_perms;
-files_create_tmp_files(telnetd_t, telnetd_tmp_t, { file dir })
+files_filetrans_tmp(telnetd_t, telnetd_tmp_t, { file dir })
allow telnetd_t telnetd_var_run_t:file create_file_perms;
allow telnetd_t telnetd_var_run_t:dir rw_dir_perms;
-files_create_pid(telnetd_t,telnetd_var_run_t)
+files_filetrans_pid(telnetd_t,telnetd_var_run_t)
kernel_read_kernel_sysctl(telnetd_t)
kernel_read_system_state(telnetd_t)
diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te
index 1a8c100..682a604 100644
--- a/refpolicy/policy/modules/services/tftp.te
+++ b/refpolicy/policy/modules/services/tftp.te
@@ -35,7 +35,7 @@ allow tftpd_t tftpdir_t:lnk_file { getattr read };
allow tftpd_t tftpd_var_run_t:file create_file_perms;
allow tftpd_t tftpd_var_run_t:dir rw_dir_perms;
-files_create_pid(tftpd_t,tftpd_var_run_t)
+files_filetrans_pid(tftpd_t,tftpd_var_run_t)
kernel_read_kernel_sysctl(tftpd_t)
kernel_list_proc(tftpd_t)
diff --git a/refpolicy/policy/modules/services/timidity.te b/refpolicy/policy/modules/services/timidity.te
index a4bcec4..0b236cd 100644
--- a/refpolicy/policy/modules/services/timidity.te
+++ b/refpolicy/policy/modules/services/timidity.te
@@ -33,7 +33,7 @@ allow timidity_t timidity_tmpfs_t:file create_file_perms;
allow timidity_t timidity_tmpfs_t:lnk_file create_lnk_perms;
allow timidity_t timidity_tmpfs_t:sock_file create_file_perms;
allow timidity_t timidity_tmpfs_t:fifo_file create_file_perms;
-fs_create_tmpfs_data(timidity_t,timidity_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_filetrans_tmpfs(timidity_t,timidity_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctl(timidity_t)
# read /proc/cpuinfo
diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te
index 1da82ca..3e47d75 100644
--- a/refpolicy/policy/modules/services/uucp.te
+++ b/refpolicy/policy/modules/services/uucp.te
@@ -41,7 +41,7 @@ allow uucpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow uucpd_t uucpd_log_t:file create_file_perms;
allow uucpd_t uucpd_log_t:dir { rw_dir_perms setattr };
-logging_create_log(uucpd_t,uucpd_log_t,{ file dir })
+logging_filetrans_log(uucpd_t,uucpd_log_t,{ file dir })
allow uucpd_t uucpd_ro_t:dir r_dir_perms;
allow uucpd_t uucpd_ro_t:file r_file_perms;
@@ -57,11 +57,11 @@ allow uucpd_t uucpd_spool_t:lnk_file create_lnk_perms;
allow uucpd_t uucpd_tmp_t:dir create_dir_perms;
allow uucpd_t uucpd_tmp_t:file create_file_perms;
-files_create_tmp_files(uucpd_t, uucpd_tmp_t, { file dir })
+files_filetrans_tmp(uucpd_t, uucpd_tmp_t, { file dir })
allow uucpd_t uucpd_var_run_t:file create_file_perms;
allow uucpd_t uucpd_var_run_t:dir rw_dir_perms;
-files_create_pid(uucpd_t,uucpd_var_run_t)
+files_filetrans_pid(uucpd_t,uucpd_var_run_t)
kernel_read_kernel_sysctl(uucpd_t)
kernel_read_system_state(uucpd_t)
diff --git a/refpolicy/policy/modules/services/xdm.te b/refpolicy/policy/modules/services/xdm.te
index 62086a6..b27ecd5 100644
--- a/refpolicy/policy/modules/services/xdm.te
+++ b/refpolicy/policy/modules/services/xdm.te
@@ -79,23 +79,23 @@ ifdef(`targeted_policy',`
unconfined_domtrans(xdm_t)
',`
allow xdm_t xdm_lock_t:file create_file_perms;
- files_create_lock(xdm_t,xdm_lock_t)
+ files_filetrans_lock(xdm_t,xdm_lock_t)
allow xdm_t xdm_tmp_t:dir create_dir_perms;
allow xdm_t xdm_tmp_t:file create_file_perms;
allow xdm_t xdm_tmp_t:file create_file_perms;
- files_create_tmp_files(xdm_t, xdm_tmp_t, { file dir sock_file })
+ files_filetrans_tmp(xdm_t, xdm_tmp_t, { file dir sock_file })
allow xdm_t xdm_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow xdm_t xdm_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow xdm_t xdm_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow xdm_t xdm_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow xdm_t xdm_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- fs_create_tmpfs_data(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_filetrans_tmpfs(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
allow xdm_t xdm_var_lib_t:file create_file_perms;
allow xdm_t xdm_var_lib_t:dir create_dir_perms;
- files_create_var_lib(xdm_t,xdm_var_lib_t)
+ files_filetrans_var_lib(xdm_t,xdm_var_lib_t)
')
optional_policy(`locallogin',`
diff --git a/refpolicy/policy/modules/services/xfs.te b/refpolicy/policy/modules/services/xfs.te
index 0ee64e1..b703f3b 100644
--- a/refpolicy/policy/modules/services/xfs.te
+++ b/refpolicy/policy/modules/services/xfs.te
@@ -29,11 +29,11 @@ allow xfs_t self:unix_dgram_socket create_socket_perms;
allow xfs_t xfs_tmp_t:dir create_dir_perms;
allow xfs_t xfs_tmp_t:sock_file create_file_perms;
-files_create_tmp_files(xfs_t, xfs_tmp_t, { sock_file dir })
+files_filetrans_tmp(xfs_t, xfs_tmp_t, { sock_file dir })
allow xfs_t xfs_var_run_t:file create_file_perms;
allow xfs_t xfs_var_run_t:dir rw_dir_perms;
-files_create_pid(xfs_t,xfs_var_run_t)
+files_filetrans_pid(xfs_t,xfs_var_run_t)
# Bind to /tmp/.font-unix/fs-1.
# cjp: I do not believe this has an effect.
@@ -70,7 +70,7 @@ userdom_dontaudit_search_sysadm_home_dir(xfs_t)
ifdef(`distro_debian',`
# for /tmp/.font-unix/fs7100
- init_create_script_tmp(xfs_t,xfs_tmp_t,sock_file)
+ init_filetrans_script_tmp(xfs_t,xfs_tmp_t,sock_file)
')
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index f79adad..3c379fb 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -45,16 +45,16 @@ allow zebra_t zebra_conf_t:lnk_file { getattr read };
allow zebra_t zebra_log_t:file create_file_perms;
allow zebra_t zebra_log_t:sock_file create_file_perms;
allow zebra_t zebra_log_t:dir { rw_dir_perms setattr };
-logging_create_log(zebra_t,zebra_log_t,{ sock_file file dir })
+logging_filetrans_log(zebra_t,zebra_log_t,{ sock_file file dir })
# /tmp/.bgpd is such a bad idea!
allow zebra_t zebra_tmp_t:sock_file create_file_perms;
-files_create_tmp_files(zebra_t,zebra_tmp_t,sock_file)
+files_filetrans_tmp(zebra_t,zebra_tmp_t,sock_file)
allow zebra_t zebra_var_run_t:file manage_file_perms;
allow zebra_t zebra_var_run_t:sock_file manage_file_perms;
allow zebra_t zebra_var_run_t:dir rw_dir_perms;
-files_create_pid(zebra_t,zebra_var_run_t, { file sock_file })
+files_filetrans_pid(zebra_t,zebra_var_run_t, { file sock_file })
kernel_read_system_state(zebra_t)
kernel_read_kernel_sysctl(zebra_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 96307b3..02b91c1 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -396,7 +396,7 @@ interface(`auth_manage_shadow',`
')
allow $1 shadow_t:file create_file_perms;
- files_create_etc_config($1,shadow_t,file)
+ files_filetrans_etc($1,shadow_t,file)
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
')
@@ -993,14 +993,14 @@ interface(`auth_rw_login_records',`
#######################################
#
-# auth_create_login_records(domain)
+# auth_filetrans_login_records(domain)
#
-interface(`auth_create_login_records',`
+interface(`auth_filetrans_login_records',`
gen_require(`
type wtmp_t;
')
- logging_create_log($1,wtmp_t,file)
+ logging_filetrans_log($1,wtmp_t,file)
')
#######################################
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 60b3ee8..920a183 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -96,7 +96,7 @@ allow pam_t pam_var_run_t:file { getattr read unlink };
allow pam_t pam_tmp_t:dir create_dir_perms;
allow pam_t pam_tmp_t:file create_file_perms;
-files_create_tmp_files(pam_t, pam_tmp_t, { file dir })
+files_filetrans_tmp(pam_t, pam_tmp_t, { file dir })
kernel_read_system_state(pam_t)
diff --git a/refpolicy/policy/modules/system/fstools.te b/refpolicy/policy/modules/system/fstools.te
index b7e6a2a..5fb87f0 100644
--- a/refpolicy/policy/modules/system/fstools.te
+++ b/refpolicy/policy/modules/system/fstools.te
@@ -42,7 +42,7 @@ can_exec(fsadm_t, fsadm_exec_t)
allow fsadm_t fsadm_tmp_t:dir create_dir_perms;
allow fsadm_t fsadm_tmp_t:file create_file_perms;
-files_create_tmp_files(fsadm_t, fsadm_tmp_t, { file dir })
+files_filetrans_tmp(fsadm_t, fsadm_tmp_t, { file dir })
# Enable swapping to files
allow fsadm_t swapfile_t:file { getattr swapon };
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index 7eeb20c..2dc83c8 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -44,21 +44,21 @@ allow getty_t self:process { getpgid getsession signal_perms };
allow getty_t getty_etc_t:dir r_dir_perms;
allow getty_t getty_etc_t:file r_file_perms;
allow getty_t getty_etc_t:lnk_file { getattr read };
-files_create_etc_config(getty_t,getty_etc_t,{ file dir })
+files_filetrans_etc(getty_t,getty_etc_t,{ file dir })
allow getty_t getty_lock_t:file create_file_perms;
-files_create_lock(getty_t,getty_lock_t)
+files_filetrans_lock(getty_t,getty_lock_t)
allow getty_t getty_log_t:file create_file_perms;
-logging_create_log(getty_t,getty_log_t)
+logging_filetrans_log(getty_t,getty_log_t)
allow getty_t getty_tmp_t:file create_file_perms;
allow getty_t getty_tmp_t:dir create_dir_perms;
-files_create_tmp_files(getty_t,getty_tmp_t,{ file dir })
+files_filetrans_tmp(getty_t,getty_tmp_t,{ file dir })
allow getty_t getty_var_run_t:file create_file_perms;
allow getty_t getty_var_run_t:dir rw_dir_perms;
-files_create_pid(getty_t,getty_var_run_t)
+files_filetrans_pid(getty_t,getty_var_run_t)
kernel_list_proc(getty_t)
kernel_read_proc_symlinks(getty_t)
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index d01fb75..d767b9e 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -43,7 +43,7 @@ can_exec(hotplug_t,hotplug_exec_t)
allow hotplug_t hotplug_var_run_t:file manage_file_perms;
allow hotplug_t hotplug_var_run_t:dir rw_dir_perms;
-files_create_pid(hotplug_t,hotplug_var_run_t)
+files_filetrans_pid(hotplug_t,hotplug_var_run_t)
kernel_sigchld(hotplug_t)
kernel_setpgid(hotplug_t)
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 0a6f645..ebd5801 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -750,7 +750,7 @@ interface(`init_rw_script_tmp_files',`
## The object class. If not specified, file is used.
## </param>
#
-interface(`init_create_script_tmp',`
+interface(`init_filetrans_script_tmp',`
gen_require(`
type initrc_tmp_t;
')
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 75c1fff..308a0b8 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -104,11 +104,11 @@ allow init_t initrc_t:unix_stream_socket connectto;
# For /var/run/shutdown.pid.
allow init_t init_var_run_t:file { create getattr read append write setattr unlink };
-files_create_pid(init_t,init_var_run_t)
+files_filetrans_pid(init_t,init_var_run_t)
allow init_t initctl_t:fifo_file { create getattr read append write setattr unlink };
fs_associate_tmpfs(initctl_t)
-dev_create_dev_node(init_t,initctl_t,fifo_file)
+dev_filetrans_dev_node(init_t,initctl_t,fifo_file)
# Modify utmp.
allow init_t initrc_var_run_t:file { rw_file_perms setattr };
@@ -171,7 +171,7 @@ miscfiles_read_localization(init_t)
ifdef(`distro_redhat',`
fs_use_tmpfs_chr_dev(init_t)
- fs_create_tmpfs_data(init_t,initctl_t,fifo_file)
+ fs_filetrans_tmpfs(init_t,initctl_t,fifo_file)
')
ifdef(`targeted_policy',`
@@ -228,12 +228,12 @@ allow initrc_t initrc_state_t:file create_file_perms;
allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
allow initrc_t initrc_var_run_t:file create_file_perms;
-files_create_pid(initrc_t,initrc_var_run_t)
+files_filetrans_pid(initrc_t,initrc_var_run_t)
can_exec(initrc_t,initrc_tmp_t)
allow initrc_t initrc_tmp_t:file create_file_perms;
allow initrc_t initrc_tmp_t:dir create_dir_perms;
-files_create_tmp_files(initrc_t,initrc_tmp_t, { file dir })
+files_filetrans_tmp(initrc_t,initrc_tmp_t, { file dir })
kernel_read_system_state(initrc_t)
kernel_read_software_raid_state(initrc_t)
@@ -389,7 +389,7 @@ userdom_use_sysadm_terms(initrc_t)
ifdef(`distro_debian', `
dev_setattr_dev_dir(initrc_t)
- fs_create_tmpfs_data(initrc_t,initrc_var_run_t,dir)
+ fs_filetrans_tmpfs(initrc_t,initrc_var_run_t,dir)
# for storing state under /dev/shm
fs_setattr_tmpfs_dir(initrc_t)
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index 9faed4e..acdcab8 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -57,7 +57,7 @@ allow ipsec_t ipsec_key_file_t:lnk_file r_file_perms;
allow ipsec_t ipsec_var_run_t:file create_file_perms;
allow ipsec_t ipsec_var_run_t:sock_file create_file_perms;
-files_create_pid(ipsec_t,ipsec_var_run_t,{ file sock_file })
+files_filetrans_pid(ipsec_t,ipsec_var_run_t,{ file sock_file })
can_exec(ipsec_t, ipsec_mgmt_exec_t)
@@ -156,17 +156,17 @@ allow ipsec_mgmt_t self:key_socket { create setopt };
allow ipsec_mgmt_t self:fifo_file rw_file_perms;
allow ipsec_mgmt_t ipsec_mgmt_lock_t:file create_file_perms;
-files_create_lock(ipsec_mgmt_t,ipsec_mgmt_lock_t)
+files_filetrans_lock(ipsec_mgmt_t,ipsec_mgmt_lock_t)
allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file create_file_perms;
-files_create_pid(ipsec_mgmt_t,ipsec_mgmt_var_run_t)
+files_filetrans_pid(ipsec_mgmt_t,ipsec_mgmt_var_run_t)
allow ipsec_mgmt_t ipsec_var_run_t:dir rw_dir_perms;
allow ipsec_mgmt_t ipsec_var_run_t:file create_file_perms;
allow ipsec_mgmt_t ipsec_var_run_t:lnk_file create_lnk_perms;
allow ipsec_mgmt_t ipsec_var_run_t:sock_file create_file_perms;
-files_create_pid(ipsec_mgmt_t,ipsec_var_run_t,sock_file)
+files_filetrans_pid(ipsec_mgmt_t,ipsec_var_run_t,sock_file)
# _realsetup needs to be able to cat /var/run/pluto.pid,
# run ps on that pid, and delete the file
@@ -182,7 +182,7 @@ allow ipsec_mgmt_t ipsec_key_file_t:dir rw_dir_perms;
allow ipsec_mgmt_t ipsec_key_file_t:lnk_file create_lnk_perms;
# cjp: combo of file_type_auto_trans and rw_dir_create_file
allow ipsec_mgmt_t ipsec_key_file_t:file create_file_perms;
-files_create_etc_config(ipsec_mgmt_t,ipsec_key_file_t)
+files_filetrans_etc(ipsec_mgmt_t,ipsec_key_file_t)
# whack needs to connect to pluto
allow ipsec_mgmt_t ipsec_var_run_t:sock_file { read write };
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index d2bb830..83a49ab 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -27,13 +27,13 @@ dontaudit iptables_t self:capability sys_tty_config;
allow iptables_t self:process { sigchld sigkill sigstop signull signal };
allow iptables_t iptables_var_run_t:dir rw_dir_perms;
-files_create_pid(iptables_t,iptables_var_run_t)
+files_filetrans_pid(iptables_t,iptables_var_run_t)
can_exec(iptables_t,iptables_exec_t)
allow iptables_t iptables_tmp_t:dir create_dir_perms;
allow iptables_t iptables_tmp_t:file create_file_perms;
-files_create_tmp_files(iptables_t, iptables_tmp_t, { file dir })
+files_filetrans_tmp(iptables_t, iptables_tmp_t, { file dir })
allow iptables_t self:rawip_socket create_socket_perms;
diff --git a/refpolicy/policy/modules/system/libraries.te b/refpolicy/policy/modules/system/libraries.te
index e5b3020..dd5d7b8 100644
--- a/refpolicy/policy/modules/system/libraries.te
+++ b/refpolicy/policy/modules/system/libraries.te
@@ -55,7 +55,7 @@ init_system_domain(ldconfig_t,ldconfig_exec_t)
role system_r types ldconfig_t;
allow ldconfig_t ld_so_cache_t:file create_file_perms;
-files_create_etc_config(ldconfig_t,ld_so_cache_t,file)
+files_filetrans_etc(ldconfig_t,ld_so_cache_t,file)
allow ldconfig_t lib_t:dir rw_dir_perms;
allow ldconfig_t lib_t:lnk_file { getattr create read unlink };
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index d4aac08..2f7d3fb 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -52,11 +52,11 @@ allow local_login_t self:msgq create_msgq_perms;
allow local_login_t self:msg { send receive };
allow local_login_t local_login_lock_t:file create_file_perms;
-files_create_lock(local_login_t,local_login_lock_t)
+files_filetrans_lock(local_login_t,local_login_lock_t)
allow local_login_t local_login_tmp_t:dir create_dir_perms;
allow local_login_t local_login_tmp_t:file create_file_perms;
-files_create_tmp_files(local_login_t, local_login_tmp_t, { file dir })
+files_filetrans_tmp(local_login_t, local_login_tmp_t, { file dir })
kernel_read_system_state(local_login_t)
kernel_read_kernel_sysctl(local_login_t)
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index f99a955..bb1f079 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -86,9 +86,9 @@ interface(`logging_domtrans_syslog',`
########################################
#
-# logging_create_log(domain,privatetype,[class(es)])
+# logging_filetrans_log(domain,privatetype,[class(es)])
#
-interface(`logging_create_log',`
+interface(`logging_filetrans_log',`
gen_require(`
type var_log_t;
class dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 64625b2..fc66ecf 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -123,7 +123,7 @@ allow auditd_t var_log_t:dir search;
allow auditd_t auditd_var_run_t:file create_file_perms;
allow auditd_t auditd_var_run_t:dir rw_dir_perms;
-files_create_pid(auditd_t,auditd_var_run_t)
+files_filetrans_pid(auditd_t,auditd_var_run_t)
kernel_read_kernel_sysctl(auditd_t)
kernel_list_proc(auditd_t)
@@ -191,11 +191,11 @@ allow klogd_t self:process signal_perms;
allow klogd_t klogd_tmp_t:file create_file_perms;
allow klogd_t klogd_tmp_t:dir create_dir_perms;
-files_create_tmp_files(klogd_t,klogd_tmp_t,{ file dir })
+files_filetrans_tmp(klogd_t,klogd_tmp_t,{ file dir })
allow klogd_t klogd_var_run_t:file create_file_perms;
allow klogd_t klogd_var_run_t:dir rw_dir_perms;
-files_create_pid(klogd_t,klogd_var_run_t)
+files_filetrans_pid(klogd_t,klogd_var_run_t)
kernel_read_system_state(klogd_t)
kernel_read_messages(klogd_t)
@@ -267,7 +267,7 @@ allow syslogd_t self:udp_socket { connected_socket_perms connect };
# Create and bind to /dev/log or /var/run/log.
allow syslogd_t devlog_t:sock_file create_file_perms;
-files_create_pid(syslogd_t,devlog_t,sock_file)
+files_filetrans_pid(syslogd_t,devlog_t,sock_file)
# cjp: I belive these are not needed:
allow syslogd_t devlog_t:unix_stream_socket name_bind;
allow syslogd_t devlog_t:unix_dgram_socket name_bind;
@@ -281,15 +281,15 @@ allow syslogd_t var_log_t:dir { create setattr };
# manage temporary files
allow syslogd_t syslogd_tmp_t:file create_file_perms;
allow syslogd_t syslogd_tmp_t:dir create_dir_perms;
-files_create_tmp_files(syslogd_t,syslogd_tmp_t,{ dir file })
+files_filetrans_tmp(syslogd_t,syslogd_tmp_t,{ dir file })
allow syslogd_t syslogd_var_run_t:file create_file_perms;
-files_create_pid(syslogd_t,syslogd_var_run_t,file)
+files_filetrans_pid(syslogd_t,syslogd_var_run_t,file)
# manage pid file
allow syslogd_t syslogd_var_run_t:file create_file_perms;
allow syslogd_t syslogd_var_run_t:dir rw_dir_perms;
-files_create_pid(syslogd_t,syslogd_var_run_t)
+files_filetrans_pid(syslogd_t,syslogd_var_run_t)
kernel_read_kernel_sysctl(syslogd_t)
kernel_read_proc_symlinks(syslogd_t)
@@ -299,7 +299,7 @@ kernel_read_messages(syslogd_t)
kernel_clear_ring_buffer(syslogd_t)
kernel_change_ring_buffer_level(syslogd_t)
-dev_create_dev_node(syslogd_t,devlog_t,sock_file)
+dev_filetrans_dev_node(syslogd_t,devlog_t,sock_file)
dev_read_sysfs(syslogd_t)
fs_search_auto_mountpoints(syslogd_t)
@@ -351,7 +351,7 @@ userdom_dontaudit_search_sysadm_home_dir(syslogd_t)
ifdef(`distro_suse',`
# suse creates a /dev/log under /var/lib/stunnel for chrooted stunnel
- files_create_var_lib(syslogd_t,devlog_t,sock_file)
+ files_filetrans_var_lib(syslogd_t,devlog_t,sock_file)
')
ifdef(`targeted_policy',`
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 67d1916..6bf2646 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -51,7 +51,7 @@ allow clvmd_t self:udp_socket create_socket_perms;
allow clvmd_t clvmd_var_run_t:file create_file_perms;
allow clvmd_t clvmd_var_run_t:dir rw_dir_perms;
-files_create_pid(clvmd_t,clvmd_var_run_t)
+files_filetrans_pid(clvmd_t,clvmd_var_run_t)
kernel_read_kernel_sysctl(clvmd_t)
kernel_list_proc(clvmd_t)
@@ -135,7 +135,7 @@ allow lvm_t self:unix_dgram_socket create_socket_perms;
allow lvm_t lvm_tmp_t:dir create_dir_perms;
allow lvm_t lvm_tmp_t:file create_file_perms;
-files_create_tmp_files(lvm_t, lvm_tmp_t, { file dir })
+files_filetrans_tmp(lvm_t, lvm_tmp_t, { file dir })
# /lib/lvm-<version> holds the actual LVM binaries (and symlinks)
allow lvm_t lvm_exec_t:dir search;
@@ -147,11 +147,11 @@ can_exec(lvm_t, lvm_exec_t)
# Creating lock files
allow lvm_t lvm_lock_t:dir rw_dir_perms;
allow lvm_t lvm_lock_t:file create_file_perms;
-files_create_lock(lvm_t,lvm_lock_t)
+files_filetrans_lock(lvm_t,lvm_lock_t)
allow lvm_t lvm_var_run_t:file create_file_perms;
allow lvm_t lvm_var_run_t:dir create_dir_perms;
-files_create_pid(lvm_t,lvm_var_run_t)
+files_filetrans_pid(lvm_t,lvm_var_run_t)
allow lvm_t lvm_etc_t:file r_file_perms;
allow lvm_t lvm_etc_t:lnk_file r_file_perms;
@@ -160,7 +160,7 @@ allow lvm_t lvm_etc_t:dir rw_dir_perms;
allow lvm_t lvm_metadata_t:file create_file_perms;
allow lvm_t lvm_metadata_t:dir rw_dir_perms;
type_transition lvm_t lvm_etc_t:file lvm_metadata_t;
-files_create_etc_config(lvm_t,lvm_metadata_t,file)
+files_filetrans_etc(lvm_t,lvm_metadata_t,file)
kernel_read_system_state(lvm_t)
kernel_read_kernel_sysctl(lvm_t)
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index c6f5368..d840f88 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -164,7 +164,7 @@ can_exec(depmod_t, depmod_exec_t)
allow depmod_t modules_conf_t:file r_file_perms;
allow depmod_t modules_dep_t:file create_file_perms;
-bootloader_create_modules(depmod_t,modules_dep_t)
+bootloader_filetrans_modules(depmod_t,modules_dep_t)
kernel_read_system_state(depmod_t)
@@ -226,8 +226,8 @@ can_exec(update_modules_t, update_modules_exec_t)
# manage module loading configuration
allow update_modules_t modules_conf_t:file create_file_perms;
-bootloader_create_modules(update_modules_t,modules_conf_t)
-files_create_etc_config(update_modules_t,modules_conf_t)
+bootloader_filetrans_modules(update_modules_t,modules_conf_t)
+files_filetrans_etc(update_modules_t,modules_conf_t)
# transition to depmod
domain_auto_trans(update_modules_t, depmod_exec_t, depmod_t)
@@ -238,7 +238,7 @@ allow depmod_t update_modules_t:process sigchld;
allow update_modules_t update_modules_tmp_t:dir create_dir_perms;
allow update_modules_t update_modules_tmp_t:file create_file_perms;
-files_create_tmp_files(update_modules_t, update_modules_tmp_t, { file dir })
+files_filetrans_tmp(update_modules_t, update_modules_tmp_t, { file dir })
kernel_read_kernel_sysctl(update_modules_t)
kernel_read_system_state(update_modules_t)
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 90d55d1..2197e82 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -23,7 +23,7 @@ allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown
allow mount_t mount_tmp_t:file create_file_perms;
allow mount_t mount_tmp_t:dir create_dir_perms;
-files_create_tmp_files(mount_t,mount_tmp_t,{ file dir })
+files_filetrans_tmp(mount_t,mount_tmp_t,{ file dir })
kernel_read_system_state(mount_t)
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 8510a92..e13d742 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -38,15 +38,15 @@ allow cardmgr_t self:unix_dgram_socket create_socket_perms;
allow cardmgr_t self:unix_stream_socket create_socket_perms;
allow cardmgr_t cardmgr_lnk_t:lnk_file create_lnk_perms;
-dev_create_dev_node(cardmgr_t,cardmgr_lnk_t,lnk_file)
+dev_filetrans_dev_node(cardmgr_t,cardmgr_lnk_t,lnk_file)
# Create stab file
allow cardmgr_t cardmgr_var_lib_t:file create_file_perms;
allow cardmgr_t cardmgr_var_lib_t:dir rw_dir_perms;
-files_create_var_lib(cardmgr_t,cardmgr_var_lib_t)
+files_filetrans_var_lib(cardmgr_t,cardmgr_var_lib_t)
allow cardmgr_t cardmgr_var_run_t:file create_file_perms;
-files_create_pid(cardmgr_t,cardmgr_var_run_t)
+files_filetrans_pid(cardmgr_t,cardmgr_var_run_t)
kernel_read_system_state(cardmgr_t)
kernel_read_kernel_sysctl(cardmgr_t)
@@ -114,7 +114,7 @@ modutils_domtrans_insmod(cardmgr_t)
sysnet_domtrans_ifconfig(cardmgr_t)
# for /etc/resolv.conf
-sysnet_create_config(cardmgr_t)
+sysnet_filetrans_config(cardmgr_t)
sysnet_manage_config(cardmgr_t)
userdom_dontaudit_use_unpriv_user_fd(cardmgr_t)
diff --git a/refpolicy/policy/modules/system/raid.te b/refpolicy/policy/modules/system/raid.te
index 7faa6b9..cd1841c 100644
--- a/refpolicy/policy/modules/system/raid.te
+++ b/refpolicy/policy/modules/system/raid.te
@@ -24,7 +24,7 @@ dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
allow mdadm_t mdadm_var_run_t:file create_file_perms;
-files_create_pid(mdadm_t,mdadm_var_run_t)
+files_filetrans_pid(mdadm_t,mdadm_var_run_t)
kernel_read_system_state(mdadm_t)
kernel_read_kernel_sysctl(mdadm_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 9b0a234..f2b5996 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -221,12 +221,12 @@ interface(`sysnet_dontaudit_read_config',`
## The type of the process performing this action.
## </param>
#
-interface(`sysnet_create_config',`
+interface(`sysnet_filetrans_config',`
gen_require(`
type net_conf_t;
')
- files_create_etc_config($1,net_conf_t,file)
+ files_filetrans_etc($1,net_conf_t,file)
')
#######################################
@@ -403,13 +403,14 @@ interface(`sysnet_search_dhcp_state',`
## The object class. If not specified, file is used.
## </param>
#
-interface(`sysnet_create_dhcp_state',`
+interface(`sysnet_filetrans_dhcp_state',`
gen_require(`
type dhcp_state_t;
')
files_search_var_lib($1)
allow $1 dhcp_state_t:dir rw_dir_perms;
+
ifelse(`$3',`',`
type_transition $1 dhcp_state_t:file $2;
',`
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 477e0dc..7189997 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -65,17 +65,17 @@ type_transition dhcpc_t dhcp_state_t:file dhcpc_state_t;
# create pid file
allow dhcpc_t dhcpc_var_run_t:file create_file_perms;
allow dhcpc_t dhcpc_var_run_t:dir rw_dir_perms;
-files_create_pid(dhcpc_t,dhcpc_var_run_t)
+files_filetrans_pid(dhcpc_t,dhcpc_var_run_t)
# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
# in /etc created by dhcpcd will be labelled net_conf_t.
allow dhcpc_t net_conf_t:file create_file_perms;
-files_create_etc_config(dhcpc_t,net_conf_t,file)
+files_filetrans_etc(dhcpc_t,net_conf_t,file)
# create temp files
allow dhcpc_t dhcpc_tmp_t:dir create_dir_perms;
allow dhcpc_t dhcpc_tmp_t:file create_file_perms;
-files_create_tmp_files(dhcpc_t, dhcpc_tmp_t, { file dir })
+files_filetrans_tmp(dhcpc_t, dhcpc_tmp_t, { file dir })
can_exec(dhcpc_t, dhcpc_exec_t)
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 9cbbc99..20c89c2 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -66,11 +66,11 @@ allow udev_t udev_etc_t:file r_file_perms;
# create udev database in /dev/.udevdb
allow udev_t udev_tbl_t:file create_file_perms;
-dev_create_dev_node(udev_t,udev_tbl_t,file)
+dev_filetrans_dev_node(udev_t,udev_tbl_t,file)
allow udev_t udev_var_run_t:file create_file_perms;
allow udev_t udev_var_run_t:dir rw_dir_perms;
-files_create_pid(udev_t,udev_var_run_t)
+files_filetrans_pid(udev_t,udev_var_run_t)
kernel_read_system_state(udev_t)
kernel_getattr_core(udev_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 9efc0d5..ada44f4 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -120,7 +120,7 @@ template(`base_user_template',`
allow $1_t $1_tmp_t:dir create_dir_perms;
allow $1_t $1_tmp_t:sock_file create_file_perms;
allow $1_t $1_tmp_t:fifo_file create_file_perms;
- files_create_tmp_files($1_t, $1_tmp_t, { dir notdevfile_class_set })
+ files_filetrans_tmp($1_t, $1_tmp_t, { dir notdevfile_class_set })
# Bind to a Unix domain socket in /tmp.
# cjp: this is combination is not checked and should be removed
@@ -131,7 +131,7 @@ template(`base_user_template',`
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
allow $1_t $1_tmpfs_t:sock_file create_file_perms;
allow $1_t $1_tmpfs_t:fifo_file create_file_perms;
- fs_create_tmpfs_data($1_t,$1_tmpfs_t, { dir notdevfile_class_set } )
+ fs_filetrans_tmpfs($1_t,$1_tmpfs_t, { dir notdevfile_class_set } )
allow $1_t $1_tty_device_t:chr_file { setattr rw_file_perms };
@@ -3039,12 +3039,12 @@ interface(`userdom_dontaudit_use_unpriv_user_fd',`
## Domain allowed access.
## </param>
#
-interface(`userdom_create_generic_user_home_dir',`
+interface(`userdom_filetrans_generic_user_home_dir',`
gen_require(`
type user_home_dir_t;
')
- files_create_home_dirs($1,user_home_dir_t)
+ files_filetrans_home($1,user_home_dir_t)
')
########################################
@@ -3093,7 +3093,7 @@ interface(`userdom_manage_generic_user_home_dir',`
## If not specified, file is used.
## </param>
#
-interface(`userdom_create_generic_user_home',`
+interface(`userdom_filetrans_generic_user_home',`
gen_require(`
type user_home_dir_t, user_home_t;
')
@@ -3534,5 +3534,5 @@ interface(`userdom_unconfined',`
')
allow $1 user_home_dir_t:dir create_dir_perms;
- files_create_home_dirs($1,user_home_dir_t)
+ files_filetrans_home($1,user_home_dir_t)
')
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 321064d..a4a0801 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -140,7 +140,7 @@ ifdef(`targeted_policy',`
# Add/remove user home directories
allow sysadm_t user_home_dir_t:dir create_dir_perms;
- files_create_home_dirs(sysadm_t,user_home_dir_t)
+ files_filetrans_home(sysadm_t,user_home_dir_t)
mls_process_read_up(sysadm_t)
More information about the scm-commits
mailing list