Chris PeBenito e32d52
## <summary>Policy for filesystems.</summary>
Chris PeBenito 274547
## <required val="true">
Chris PeBenito 274547
##	Contains the initial SID for the filesystems.
Chris PeBenito 274547
## </required>
Chris PeBenito e181fe
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Transform specified type into a filesystem type.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito cbca03
interface(`fs_type',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito cbca03
	typeattribute $1 filesystem_type;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Transform specified type into a filesystem
Chris PeBenito 414e41
##	type which does not have extended attribute
Chris PeBenito 414e41
##	support.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 0fd9dc
#
Chris PeBenito 4d851f
interface(`fs_noxattr_type',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		attribute noxattrfs;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0fd9dc
Chris PeBenito cbca03
	fs_type($1)
Chris PeBenito 0fd9dc
Chris PeBenito 0fd9dc
	typeattribute $1 noxattrfs;
Chris PeBenito 0fd9dc
')
Chris PeBenito 0fd9dc
Chris PeBenito 0fd9dc
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Associate the specified file type to persistent
Chris PeBenito 414e41
##	filesystems with extended attributes.  This
Chris PeBenito 414e41
##	allows a file of this type to be created on
Chris PeBenito 414e41
##	a filesystem such as ext3, JFS, and XFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="file_type">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 414e41
##	The type of the to be associated.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 5d7812
#
Chris PeBenito 199895
interface(`fs_associate',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem associate;
Chris PeBenito 5d7812
')
Chris PeBenito 5d7812
Chris PeBenito 5d7812
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Associate the specified file type to
Chris PeBenito 414e41
##	filesystems which lack extended attributes
Chris PeBenito 414e41
##	support.  This allows a file of this type
Chris PeBenito 414e41
##	to be created on a filesystem such as
Chris PeBenito 414e41
##	FAT32, and NFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="file_type">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 414e41
##	The type of the to be associated.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 5d7812
#
Chris PeBenito 199895
interface(`fs_associate_noxattr',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		attribute noxattrfs;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito fe040c
	allow $1 noxattrfs:filesystem associate;
Chris PeBenito 5d7812
')
Chris PeBenito 5d7812
Chris PeBenito 5d7812
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 2ec4c9
##	Execute files on a filesystem that does
Chris PeBenito 2ec4c9
##	not support extended attributes.
Chris PeBenito 2ec4c9
## </summary>
Chris PeBenito 2ec4c9
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 2ec4c9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 2ec4c9
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito 2ec4c9
#
Chris PeBenito 2ec4c9
interface(`fs_exec_noxattr',`
Chris PeBenito 2ec4c9
	gen_require(`
Chris PeBenito 2ec4c9
		attribute noxattrfs;
Chris PeBenito 2ec4c9
	')
Chris PeBenito 2ec4c9
Chris PeBenito 2ec4c9
	can_exec($1,noxattrfs)
Chris PeBenito 2ec4c9
')
Chris PeBenito 2ec4c9
Chris PeBenito 2ec4c9
########################################
Chris PeBenito 2ec4c9
## <summary>
Chris PeBenito 414e41
##	Mount a persistent filesystem which
Chris PeBenito 414e41
##	has extended attributes, such as
Chris PeBenito 414e41
##	ext3, JFS, or XFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 5d7812
#
Chris PeBenito 199895
interface(`fs_mount_xattr_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a persistent filesystem which
Chris PeBenito 414e41
##	has extended attributes, such as
Chris PeBenito 414e41
##	ext3, JFS, or XFS.  This allows
Chris PeBenito 414e41
##	some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_xattr_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a persistent filesystem which
Chris PeBenito 414e41
##	has extended attributes, such as
Chris PeBenito 414e41
##	ext3, JFS, or XFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_xattr_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 fs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a persistent
Chris PeBenito 414e41
##	filesystem which has extended
Chris PeBenito 414e41
##	attributes, such as ext3, JFS, or XFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_xattr_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Do not audit attempts to
Chris PeBenito 414e41
##	get the attributes of a persistent
Chris PeBenito 414e41
##	filesystem which has extended
Chris PeBenito 414e41
##	attributes, such as ext3, JFS, or XFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_dontaudit_getattr_xattr_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 fs_t:filesystem getattr;
Chris PeBenito 053f6a
')
Chris PeBenito 053f6a
Chris PeBenito 053f6a
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Allow changing of the label of a
Chris PeBenito 414e41
##	filesystem with extended attributes
Chris PeBenito 414e41
##	using the context= mount option.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 053f6a
#
Chris PeBenito 199895
interface(`fs_relabelfrom_xattr_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem relabelfrom;
Chris PeBenito dc771f
')
Chris PeBenito dc771f
Chris PeBenito dc771f
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 052c95
##	Get the filesystem quotas of a filesystem
Chris PeBenito 052c95
##	with extended attributes.
Chris PeBenito 052c95
## </summary>
Chris PeBenito 052c95
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 052c95
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito 052c95
#
Chris PeBenito 4d851f
interface(`fs_get_xattr_fs_quotas',`
Chris PeBenito 052c95
	gen_require(`
Chris PeBenito 052c95
		type fs_t;
Chris PeBenito 052c95
	')
Chris PeBenito 052c95
Chris PeBenito 052c95
	allow $1 fs_t:filesystem quotaget;
Chris PeBenito 052c95
')
Chris PeBenito 052c95
Chris PeBenito 052c95
########################################
Chris PeBenito 052c95
## <summary>
Chris PeBenito 052c95
##	Set the filesystem quotas of a filesystem
Chris PeBenito 052c95
##	with extended attributes.
Chris PeBenito 052c95
## </summary>
Chris PeBenito 052c95
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 052c95
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito 052c95
#
Chris PeBenito 4d851f
interface(`fs_set_xattr_fs_quotas',`
Chris PeBenito 052c95
	gen_require(`
Chris PeBenito 052c95
		type fs_t;
Chris PeBenito 052c95
	')
Chris PeBenito 052c95
Chris PeBenito 052c95
	allow $1 fs_t:filesystem quotamod;
Chris PeBenito 052c95
')
Chris PeBenito 052c95
Chris PeBenito 052c95
########################################
Chris PeBenito 052c95
## <summary>
Chris PeBenito 3d6e96
##	Read files on anon_inodefs file systems.
Chris PeBenito 3d6e96
## </summary>
Chris PeBenito 3d6e96
## <param name="domain">
Chris PeBenito 3d6e96
##	<summary>
Chris PeBenito 3d6e96
##	Domain allowed access.
Chris PeBenito 3d6e96
##	</summary>
Chris PeBenito 3d6e96
## </param>
Chris PeBenito 3d6e96
#
Chris PeBenito 3d6e96
interface(`fs_read_anon_inodefs_files',`
Chris PeBenito 3d6e96
	gen_require(`
Chris PeBenito 3d6e96
		type anon_inodefs_t;
Chris PeBenito 3d6e96
Chris PeBenito 3d6e96
	')
Chris PeBenito 3d6e96
Chris PeBenito 0bfccd
	read_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
Chris PeBenito 3d6e96
')
Chris PeBenito 3d6e96
Chris PeBenito 3d6e96
########################################
Chris PeBenito 3d6e96
## <summary>
Chris PeBenito 3d6e96
##	Read and write files on anon_inodefs
Chris PeBenito 3d6e96
##	file systems.
Chris PeBenito 3d6e96
## </summary>
Chris PeBenito 3d6e96
## <param name="domain">
Chris PeBenito 3d6e96
##	<summary>
Chris PeBenito 3d6e96
##	Domain allowed access.
Chris PeBenito 3d6e96
##	</summary>
Chris PeBenito 3d6e96
## </param>
Chris PeBenito 3d6e96
#
Chris PeBenito 3d6e96
interface(`fs_rw_anon_inodefs_files',`
Chris PeBenito 3d6e96
	gen_require(`
Chris PeBenito 3d6e96
		type anon_inodefs_t;
Chris PeBenito 3d6e96
Chris PeBenito 3d6e96
	')
Chris PeBenito 3d6e96
Chris PeBenito 0bfccd
	rw_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
Chris PeBenito 3d6e96
')
Chris PeBenito 3d6e96
Chris PeBenito 3d6e96
########################################
Chris PeBenito 3d6e96
## <summary>
Chris PeBenito 414e41
##	Mount an automount pseudo filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_autofs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type autofs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 autofs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount an automount pseudo filesystem
Chris PeBenito 414e41
##	This allows some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_autofs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type autofs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 autofs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount an automount pseudo filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_autofs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type autofs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 autofs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of an automount
Chris PeBenito 414e41
##	pseudo filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_autofs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type autofs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 autofs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito ab940a
## <summary>
Chris PeBenito ab940a
##	Search automount filesystem to use automatically
Chris PeBenito ab940a
##	mounted filesystems.
Chris PeBenito ab940a
## </summary>
Chris PeBenito ab940a
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ab940a
## </param>
Chris PeBenito ab940a
#
Chris PeBenito ab940a
interface(`fs_search_auto_mountpoints',`
Chris PeBenito ab940a
	gen_require(`
Chris PeBenito ab940a
		type autofs_t;
Chris PeBenito ab940a
	')
Chris PeBenito ab940a
Chris PeBenito c0868a
	allow $1 autofs_t:dir search_dir_perms;
Chris PeBenito ab940a
')
Chris PeBenito ab940a
Chris PeBenito ab940a
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 7576fa
##	Read directories of automatically
Chris PeBenito 7576fa
##	mounted filesystems.
Chris PeBenito 7576fa
## </summary>
Chris PeBenito 7576fa
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 7576fa
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito 7576fa
#
Chris PeBenito 7576fa
interface(`fs_list_auto_mountpoints',`
Chris PeBenito 7576fa
	gen_require(`
Chris PeBenito 7576fa
		type autofs_t;
Chris PeBenito 7576fa
	')
Chris PeBenito 7576fa
Chris PeBenito c0868a
	allow $1 autofs_t:dir list_dir_perms;
Chris PeBenito 7576fa
')
Chris PeBenito 7576fa
Chris PeBenito 7576fa
########################################
Chris PeBenito 7576fa
## <summary>
Chris PeBenito 4ec694
##	Do not audit attempts to list directories of automatically
Chris PeBenito 4ec694
##	mounted filesystems.
Chris PeBenito 4ec694
## </summary>
Chris PeBenito 4ec694
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4ec694
## </param>
Chris PeBenito 4ec694
#
Chris PeBenito 4ec694
interface(`fs_dontaudit_list_auto_mountpoints',`
Chris PeBenito 4ec694
	gen_require(`
Chris PeBenito 4ec694
		type autofs_t;
Chris PeBenito 4ec694
	')
Chris PeBenito 4ec694
Chris PeBenito c0868a
	dontaudit $1 autofs_t:dir list_dir_perms;
Chris PeBenito 4ec694
')
Chris PeBenito 4ec694
Chris PeBenito 4ec694
########################################
Chris PeBenito 4ec694
## <summary>
Chris PeBenito d9845a
##	Create, read, write, and delete symbolic links
Chris PeBenito d9845a
##	on an autofs filesystem.
Chris PeBenito d9845a
## </summary>
Chris PeBenito d9845a
## <param name="domain">
Chris PeBenito d9845a
##	<summary>
Chris PeBenito d9845a
##	Domain allowed access.
Chris PeBenito d9845a
##	</summary>
Chris PeBenito d9845a
## </param>
Chris PeBenito d9845a
#
Chris PeBenito d9845a
interface(`fs_manage_autofs_symlinks',`
Chris PeBenito d9845a
	gen_require(`
Chris PeBenito d9845a
		type autofs_t;
Chris PeBenito d9845a
	')
Chris PeBenito d9845a
Chris PeBenito 0bfccd
	manage_lnk_files_pattern($1, autofs_t, autofs_t)
Chris PeBenito d9845a
')
Chris PeBenito d9845a
Chris PeBenito d9845a
########################################
Chris PeBenito d9845a
## <summary>
Chris PeBenito 522b59
##	Get the attributes of directories on
Chris PeBenito 522b59
##	binfmt_misc filesystems. 
Chris PeBenito 522b59
## </summary>
Chris PeBenito 522b59
## <param name="domain">
Chris PeBenito 522b59
##	<summary>
Chris PeBenito 522b59
##	Domain allowed access.
Chris PeBenito 522b59
##	</summary>
Chris PeBenito 522b59
## </param>
Chris PeBenito 522b59
#
Chris PeBenito 522b59
interface(`fs_getattr_binfmt_misc_dirs',`
Chris PeBenito 522b59
	gen_require(`
Chris PeBenito b34db7
		type binfmt_misc_fs_t;
Chris PeBenito 522b59
	')
Chris PeBenito 522b59
Chris PeBenito e6fdb5
	allow $1 binfmt_misc_fs_t:dir getattr;
Chris PeBenito 522b59
Chris PeBenito 522b59
')
Chris PeBenito 522b59
Chris PeBenito 522b59
########################################
Chris PeBenito 522b59
## <summary>
Chris PeBenito 414e41
##	Register an interpreter for new binary
Chris PeBenito 414e41
##	file types, using the kernel binfmt_misc
Chris PeBenito ac9db9
##	support.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <desc>
Chris PeBenito ac9db9
##	

Chris PeBenito ac9db9
##	Register an interpreter for new binary
Chris PeBenito ac9db9
##	file types, using the kernel binfmt_misc
Chris PeBenito ac9db9
##	support.
Chris PeBenito ac9db9
##	

Chris PeBenito ac9db9
##	

Chris PeBenito ac9db9
##	A common use for this is to
Chris PeBenito 414e41
##	register a JVM as an interpreter for
Chris PeBenito 414e41
##	Java byte code.  Registered binaries
Chris PeBenito 414e41
##	can be directly executed on a command line
Chris PeBenito 414e41
##	without specifying the interpreter.
Chris PeBenito ac9db9
##	

Chris PeBenito ac9db9
## </desc>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_register_binary_executable_type',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type binfmt_misc_fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Mount a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_cifs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type cifs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a CIFS or SMB network filesystem.
Chris PeBenito 414e41
##	This allows some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_cifs',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_cifs',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 6af06c
	allow $1 cifs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a CIFS or
Chris PeBenito 414e41
##	SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_cifs',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito d35c62
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 948914
##	Search directories on a CIFS or SMB filesystem.
Chris PeBenito 948914
## </summary>
Chris PeBenito 948914
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 948914
## </param>
Chris PeBenito 948914
#
Chris PeBenito 948914
interface(`fs_search_cifs',`
Chris PeBenito 948914
	gen_require(`
Chris PeBenito 948914
		type cifs_t;
Chris PeBenito 948914
	')
Chris PeBenito 948914
Chris PeBenito c0868a
	allow $1 cifs_t:dir search_dir_perms;
Chris PeBenito 948914
')
Chris PeBenito 948914
Chris PeBenito 948914
########################################
Chris PeBenito 948914
## <summary>
Chris PeBenito 84c922
##	List the contents of directories on a
Chris PeBenito 84c922
##	CIFS or SMB filesystem.
Chris PeBenito 84c922
## </summary>
Chris PeBenito 84c922
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 84c922
## </param>
Chris PeBenito 84c922
#
Chris PeBenito 84c922
interface(`fs_list_cifs',`
Chris PeBenito 84c922
	gen_require(`
Chris PeBenito 84c922
		type cifs_t;
Chris PeBenito 84c922
	')
Chris PeBenito 84c922
Chris PeBenito c0868a
	allow $1 cifs_t:dir list_dir_perms;
Chris PeBenito 84c922
')
Chris PeBenito 84c922
Chris PeBenito 84c922
########################################
Chris PeBenito 84c922
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to list the contents
Chris PeBenito a1fcff
##	of directories on a CIFS or SMB filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a1fcff
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_list_cifs',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type cifs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 cifs_t:dir list_dir_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito 414e41
##	Read files on a CIFS or SMB filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito d35c62
#
Chris PeBenito 199895
interface(`fs_read_cifs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 cifs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	read_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito ed38ca
##	Get the attributes of filesystems that
Chris PeBenito ed38ca
##	do not have extended attribute support.
Chris PeBenito ed38ca
## </summary>
Chris PeBenito ed38ca
## <param name="domain">
Chris PeBenito ed38ca
##	<summary>
Chris PeBenito ed38ca
##	Domain allowed access.
Chris PeBenito ed38ca
##	</summary>
Chris PeBenito ed38ca
## </param>
Chris PeBenito ed38ca
## <rolecap/>
Chris PeBenito ed38ca
#
Chris PeBenito ed38ca
interface(`fs_getattr_noxattr_fs',`
Chris PeBenito ed38ca
	gen_require(`
Chris PeBenito ed38ca
		attribute noxattrfs;
Chris PeBenito ed38ca
	')
Chris PeBenito ed38ca
Chris PeBenito ed38ca
	allow $1 noxattrfs:filesystem getattr;
Chris PeBenito ed38ca
')
Chris PeBenito ed38ca
Chris PeBenito ed38ca
########################################
Chris PeBenito ed38ca
## <summary>
Chris PeBenito 43989f
##	Read all noxattrfs directories.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 43989f
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_list_noxattr_fs',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		attribute noxattrfs;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito c0868a
	allow $1 noxattrfs:dir list_dir_perms;
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito bbcd3c
##	Create, read, write, and delete all noxattrfs directories.
Chris PeBenito bbcd3c
## </summary>
Chris PeBenito bbcd3c
## <param name="domain">
Chris PeBenito bbcd3c
##	<summary>
Chris PeBenito bbcd3c
##	Domain allowed access.
Chris PeBenito bbcd3c
##	</summary>
Chris PeBenito bbcd3c
## </param>
Chris PeBenito bbcd3c
#
Chris PeBenito bbcd3c
interface(`fs_manage_noxattr_fs_dirs',`
Chris PeBenito bbcd3c
	gen_require(`
Chris PeBenito bbcd3c
		attribute noxattrfs;
Chris PeBenito bbcd3c
	')
Chris PeBenito bbcd3c
Chris PeBenito bbcd3c
	allow $1 noxattrfs:dir manage_dir_perms;
Chris PeBenito bbcd3c
')
Chris PeBenito bbcd3c
Chris PeBenito bbcd3c
########################################
Chris PeBenito bbcd3c
## <summary>
Chris PeBenito 43989f
##	Read all noxattrfs files.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 43989f
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_read_noxattr_fs_files',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		attribute noxattrfs;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito 0bfccd
	read_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito bbcd3c
##	Create, read, write, and delete all noxattrfs files.
Chris PeBenito bbcd3c
## </summary>
Chris PeBenito bbcd3c
## <param name="domain">
Chris PeBenito bbcd3c
##	<summary>
Chris PeBenito bbcd3c
##	Domain allowed access.
Chris PeBenito bbcd3c
##	</summary>
Chris PeBenito bbcd3c
## </param>
Chris PeBenito bbcd3c
#
Chris PeBenito bbcd3c
interface(`fs_manage_noxattr_fs_files',`
Chris PeBenito bbcd3c
	gen_require(`
Chris PeBenito bbcd3c
		attribute noxattrfs;
Chris PeBenito bbcd3c
	')
Chris PeBenito bbcd3c
Chris PeBenito 0bfccd
	manage_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito bbcd3c
')
Chris PeBenito bbcd3c
Chris PeBenito bbcd3c
########################################
Chris PeBenito bbcd3c
## <summary>
Chris PeBenito 43989f
##	Read all noxattrfs symbolic links.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 43989f
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_read_noxattr_fs_symlinks',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		attribute noxattrfs;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to read
Chris PeBenito a1fcff
##	files on a CIFS or SMB filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_read_cifs_files',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type cifs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 cifs_t:file read_file_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito 414e41
##	Do not audit attempts to read or
Chris PeBenito 414e41
##	write files on a CIFS or SMB filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito d35c62
#
Chris PeBenito 199895
interface(`fs_dontaudit_rw_cifs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito d35c62
	dontaudit $1 cifs_t:file { read write };
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Read symbolic links on a CIFS or SMB filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito d35c62
#
Chris PeBenito 199895
interface(`fs_read_cifs_symlinks',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito c0868a
	allow $1 cifs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 8f3a0a
##	Read named pipes
Chris PeBenito 8f3a0a
##	on a CIFS or SMB network filesystem.
Chris PeBenito 8f3a0a
## </summary>
Chris PeBenito 8f3a0a
## <param name="domain">
Chris PeBenito 8f3a0a
##	<summary>
Chris PeBenito 8f3a0a
##	Domain allowed access.
Chris PeBenito 8f3a0a
##	</summary>
Chris PeBenito 8f3a0a
## </param>
Chris PeBenito 8f3a0a
#
Chris PeBenito 8f3a0a
interface(`fs_read_cifs_named_pipes',`
Chris PeBenito 8f3a0a
	gen_require(`
Chris PeBenito 8f3a0a
		type cifs_t;
Chris PeBenito 8f3a0a
	')
Chris PeBenito 8f3a0a
Chris PeBenito 0bfccd
	read_fifo_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito 8f3a0a
')
Chris PeBenito 8f3a0a
Chris PeBenito 8f3a0a
########################################
Chris PeBenito 8f3a0a
## <summary>
Chris PeBenito 8f3a0a
##	Read named pipes
Chris PeBenito 8f3a0a
##	on a CIFS or SMB network filesystem.
Chris PeBenito 8f3a0a
## </summary>
Chris PeBenito 8f3a0a
## <param name="domain">
Chris PeBenito 8f3a0a
##	<summary>
Chris PeBenito 8f3a0a
##	Domain allowed access.
Chris PeBenito 8f3a0a
##	</summary>
Chris PeBenito 8f3a0a
## </param>
Chris PeBenito 8f3a0a
#
Chris PeBenito 8f3a0a
interface(`fs_read_cifs_named_sockets',`
Chris PeBenito 8f3a0a
	gen_require(`
Chris PeBenito 8f3a0a
		type cifs_t;
Chris PeBenito 8f3a0a
	')
Chris PeBenito 8f3a0a
Chris PeBenito 0bfccd
	read_sock_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito 8f3a0a
')
Chris PeBenito 8f3a0a
Chris PeBenito 8f3a0a
########################################
Chris PeBenito 8f3a0a
## <summary>
Chris PeBenito 414e41
##	Execute files on a CIFS or SMB
Chris PeBenito 414e41
##	network filesystem, in the caller
Chris PeBenito 414e41
##	domain.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 4d851f
interface(`fs_exec_cifs_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type cifs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 cifs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	exec_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete directories
Chris PeBenito 414e41
##	on a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_cifs_dirs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type cifs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 cifs_t:dir manage_dir_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to create, read,
Chris PeBenito a1fcff
##	write, and delete directories
Chris PeBenito a1fcff
##	on a CIFS or SMB network filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_manage_cifs_dirs',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type cifs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 cifs_t:dir manage_dir_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete files
Chris PeBenito 414e41
##	on a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_cifs_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type cifs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to create, read,
Chris PeBenito a1fcff
##	write, and delete files
Chris PeBenito a1fcff
##	on a CIFS or SMB network filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a1fcff
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_manage_cifs_files',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type cifs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 cifs_t:file manage_file_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete symbolic links
Chris PeBenito 414e41
##	on a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_cifs_symlinks',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type cifs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_lnk_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete named pipes
Chris PeBenito 414e41
##	on a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_cifs_named_pipes',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type cifs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_fifo_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete named sockets
Chris PeBenito 414e41
##	on a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_cifs_named_sockets',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type cifs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_sock_files_pattern($1, cifs_t, cifs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito df00b2
##	Execute a file on a CIFS or SMB filesystem
Chris PeBenito df00b2
##	in the specified domain.
Chris PeBenito df00b2
## </summary>
Chris PeBenito df00b2
## <desc>
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	Execute a file on a CIFS or SMB filesystem
Chris PeBenito df00b2
##	in the specified domain.  This allows
Chris PeBenito df00b2
##	the specified domain to execute any file
Chris PeBenito df00b2
##	on these filesystems in the specified
Chris PeBenito df00b2
##	domain.  This is not suggested.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	No interprocess communication (signals, pipes,
Chris PeBenito df00b2
##	etc.) is provided by this interface since
Chris PeBenito df00b2
##	the domains are not owned by this module.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	This interface was added to handle
Chris PeBenito df00b2
##	home directories on CIFS/SMB filesystems,
Chris PeBenito df00b2
##	in particular used by the ssh-agent policy.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
## </desc>
Chris PeBenito df00b2
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito df00b2
## </param>
Chris PeBenito df00b2
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito df00b2
##	The type of the new process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito df00b2
## </param>
Chris PeBenito df00b2
#
Chris PeBenito df00b2
interface(`fs_cifs_domtrans',`
Chris PeBenito df00b2
	gen_require(`
Chris PeBenito df00b2
		type cifs_t;
Chris PeBenito df00b2
	')
Chris PeBenito df00b2
Chris PeBenito c0868a
	allow $1 cifs_t:dir search_dir_perms;
Chris PeBenito 0bfccd
	domain_auto_transition_pattern($1, cifs_t, $2)
Chris PeBenito df00b2
')
Chris PeBenito df00b2
Chris PeBenito df00b2
########################################
Chris PeBenito df00b2
## <summary>
Chris PeBenito 414e41
##	Mount a DOS filesystem, such as
Chris PeBenito 414e41
##	FAT32 or NTFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_dos_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type dosfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a DOS filesystem, such as
Chris PeBenito 414e41
##	FAT32 or NTFS.  This allows
Chris PeBenito 414e41
##	some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_dos_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type dosfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a DOS filesystem, such as
Chris PeBenito 414e41
##	FAT32 or NTFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_dos_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type dosfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 dosfs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a DOS
Chris PeBenito 414e41
##	filesystem, such as FAT32 or NTFS.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_dos_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type dosfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Allow changing of the label of a
Chris PeBenito 414e41
##	DOS filesystem using the context= mount option.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito dc771f
#
Chris PeBenito 199895
interface(`fs_relabelfrom_dos_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type dosfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem relabelfrom;
Chris PeBenito dc771f
')
Chris PeBenito dc771f
Chris PeBenito dc771f
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 5bf9de
##	Search dosfs filesystem. 
Chris PeBenito 5bf9de
## </summary>
Chris PeBenito 5bf9de
## <param name="domain">
Chris PeBenito 5bf9de
##	<summary>
Chris PeBenito 5bf9de
##	Domain allowed access.
Chris PeBenito 5bf9de
##	</summary>
Chris PeBenito 5bf9de
## </param>
Chris PeBenito 5bf9de
#
Chris PeBenito 5bf9de
interface(`fs_search_dos',`
Chris PeBenito 5bf9de
	gen_require(`
Chris PeBenito 5bf9de
		type dosfs_t;
Chris PeBenito 5bf9de
	')
Chris PeBenito 5bf9de
Chris PeBenito 5bf9de
	allow $1 dosfs_t:dir search_dir_perms;
Chris PeBenito 5bf9de
')
Chris PeBenito 5bf9de
Chris PeBenito 5bf9de
########################################
Chris PeBenito 5bf9de
## <summary>
Chris PeBenito 9e8f65
##	Read files on a DOS filesystem.
Chris PeBenito 9e8f65
## </summary>
Chris PeBenito 9e8f65
## <param name="domain">
Chris PeBenito 9e8f65
##	<summary>
Chris PeBenito 9e8f65
##	Domain allowed access.
Chris PeBenito 9e8f65
##	</summary>
Chris PeBenito 9e8f65
## </param>
Chris PeBenito 9e8f65
#
Chris PeBenito 9e8f65
interface(`fs_read_dos_files',`
Chris PeBenito 9e8f65
	gen_require(`
Chris PeBenito 9e8f65
		type dosfs_t;
Chris PeBenito 9e8f65
	')
Chris PeBenito 9e8f65
Chris PeBenito 0bfccd
	read_files_pattern($1, dosfs_t, dosfs_t)
Chris PeBenito 9e8f65
')
Chris PeBenito 9e8f65
Chris PeBenito 9e8f65
########################################
Chris PeBenito 9e8f65
## <summary>
Chris PeBenito 465510
##	Create, read, write, and delete files
Chris PeBenito 465510
##	on a DOS filesystem.
Chris PeBenito 465510
## </summary>
Chris PeBenito 465510
## <param name="domain">
Chris PeBenito 465510
##	<summary>
Chris PeBenito 465510
##	Domain allowed access.
Chris PeBenito 465510
##	</summary>
Chris PeBenito 465510
## </param>
Chris PeBenito 465510
#
Chris PeBenito 465510
interface(`fs_manage_dos_files',`
Chris PeBenito 465510
	gen_require(`
Chris PeBenito 465510
		type dosfs_t;
Chris PeBenito 465510
	')
Chris PeBenito 465510
Chris PeBenito 0bfccd
	manage_files_pattern($1, dosfs_t, dosfs_t)
Chris PeBenito 465510
')
Chris PeBenito 465510
Chris PeBenito 465510
########################################
Chris PeBenito 465510
## <summary>
Chris PeBenito 81a016
##	Read eventpollfs files.
Chris PeBenito 93727e
## </summary>
Chris PeBenito 81a016
## <desc>
Chris PeBenito 81a016
##	

Chris PeBenito 81a016
##	Read eventpollfs files
Chris PeBenito 81a016
##	

Chris PeBenito 81a016
##	

Chris PeBenito 81a016
##	This interface has been deprecated, and will
Chris PeBenito 81a016
##	be removed in the future.
Chris PeBenito 81a016
##	

Chris PeBenito 81a016
## </desc>
Chris PeBenito 93727e
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 93727e
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 93727e
## </param>
Chris PeBenito 93727e
#
Chris PeBenito 93727e
interface(`fs_read_eventpollfs',`
Chris PeBenito ea3c1f
	refpolicywarn(`$0($*) has been deprecated.')
Chris PeBenito 93727e
')
Chris PeBenito 93727e
Chris PeBenito 93727e
########################################
Chris PeBenito 93727e
## <summary>
Chris PeBenito ff8f0a
##	Mount a FUSE filesystem.
Chris PeBenito 5bf9de
## </summary>
Chris PeBenito 5bf9de
## <param name="domain">
Chris PeBenito ff8f0a
##	<summary>
Chris PeBenito ff8f0a
##	Domain allowed access.
Chris PeBenito ff8f0a
##	</summary>
Chris PeBenito 5bf9de
## </param>
Chris PeBenito 5bf9de
#
Chris PeBenito 5bf9de
interface(`fs_mount_fusefs',`
Chris PeBenito 6073ea
	gen_require(`
Chris PeBenito 6073ea
		type fusefs_t;
Chris PeBenito 6073ea
	')
Chris PeBenito 5bf9de
Chris PeBenito 6073ea
	allow $1 fusefs_t:filesystem mount;
Chris PeBenito 5bf9de
')
Chris PeBenito 5bf9de
Chris PeBenito 5bf9de
########################################
Chris PeBenito 5bf9de
## <summary>
Chris PeBenito ff8f0a
##	Unmount a FUSE filesystem.
Chris PeBenito 3d6e96
## </summary>
Chris PeBenito 3d6e96
## <param name="domain">
Chris PeBenito ff8f0a
##	<summary>
Chris PeBenito ff8f0a
##	Domain allowed access.
Chris PeBenito ff8f0a
##	</summary>
Chris PeBenito 3d6e96
## </param>
Chris PeBenito 3d6e96
#
Chris PeBenito 3d6e96
interface(`fs_unmount_fusefs',`
Chris PeBenito 6073ea
	gen_require(`
Chris PeBenito 6073ea
		type fusefs_t;
Chris PeBenito 6073ea
	')
Chris PeBenito 3d6e96
Chris PeBenito 6073ea
	allow $1 fusefs_t:filesystem unmount;
Chris PeBenito 3d6e96
')
Chris PeBenito 3d6e96
Chris PeBenito 3d6e96
########################################
Chris PeBenito 3d6e96
## <summary>
Chris PeBenito 770c01
##	Read and write hugetlbfs files.
Chris PeBenito 770c01
## </summary>
Chris PeBenito 770c01
## <param name="domain">
Chris PeBenito 770c01
##	<summary>
Chris PeBenito 770c01
##	Domain allowed access.
Chris PeBenito 770c01
##	</summary>
Chris PeBenito 770c01
## </param>
Chris PeBenito 770c01
#
Chris PeBenito 770c01
interface(`fs_rw_hugetlbfs_files',`
Chris PeBenito 770c01
	gen_require(`
Chris PeBenito 770c01
		type hugetlbfs_t;
Chris PeBenito 770c01
	')
Chris PeBenito 770c01
Chris PeBenito 770c01
	rw_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
Chris PeBenito 770c01
')
Chris PeBenito 770c01
Chris PeBenito 770c01
########################################
Chris PeBenito 770c01
## <summary>
Chris PeBenito 51a89c
##	Search inotifyfs filesystem. 
Chris PeBenito 51a89c
## </summary>
Chris PeBenito 51a89c
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 51a89c
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 51a89c
## </param>
Chris PeBenito 51a89c
#
Chris PeBenito 51a89c
interface(`fs_search_inotifyfs',`
Chris PeBenito 51a89c
	gen_require(`
Chris PeBenito 51a89c
		type inotifyfs_t;
Chris PeBenito 51a89c
	')
Chris PeBenito 51a89c
Chris PeBenito 51a89c
	allow $1 inotifyfs_t:dir search_dir_perms;
Chris PeBenito 51a89c
')
Chris PeBenito 51a89c
Chris PeBenito 51a89c
########################################
Chris PeBenito 51a89c
## <summary>
Chris PeBenito b0d224
##	List inotifyfs filesystem. 
Chris PeBenito b0d224
## </summary>
Chris PeBenito b0d224
## <param name="domain">
Chris PeBenito b0d224
##	<summary>
Chris PeBenito b0d224
##	Domain allowed access.
Chris PeBenito b0d224
##	</summary>
Chris PeBenito b0d224
## </param>
Chris PeBenito b0d224
#
Chris PeBenito b0d224
interface(`fs_list_inotifyfs',`
Chris PeBenito b0d224
	gen_require(`
Chris PeBenito b0d224
		type inotifyfs_t;
Chris PeBenito b0d224
	')
Chris PeBenito b0d224
Chris PeBenito c0868a
	allow $1 inotifyfs_t:dir list_dir_perms;
Chris PeBenito b0d224
')
Chris PeBenito b0d224
Chris PeBenito b0d224
########################################
Chris PeBenito b0d224
## <summary>
Chris PeBenito 414e41
##	Mount an iso9660 filesystem, which
Chris PeBenito 414e41
##	is usually used on CDs.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito dc771f
#
Chris PeBenito 199895
interface(`fs_mount_iso9660_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type iso9660_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 iso9660_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount an iso9660 filesystem, which
Chris PeBenito 414e41
##	is usually used on CDs.  This allows
Chris PeBenito 414e41
##	some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_iso9660_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type iso9660_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 iso9660_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount an iso9660 filesystem, which
Chris PeBenito 414e41
##	is usually used on CDs.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_iso9660_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type iso9660_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 iso9660_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of an iso9660
Chris PeBenito 414e41
##	filesystem, which is usually used on CDs.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_iso9660_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type iso9660_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 iso9660_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito f30e6e
##	Read files on an iso9660 filesystem, which
Chris PeBenito f30e6e
##	is usually used on CDs.
Chris PeBenito f30e6e
## </summary>
Chris PeBenito f30e6e
## <param name="domain">
Chris PeBenito f30e6e
##	<summary>
Chris PeBenito f30e6e
##	Domain allowed access.
Chris PeBenito f30e6e
##	</summary>
Chris PeBenito f30e6e
## </param>
Chris PeBenito f30e6e
#
Chris PeBenito 5bf9de
interface(`fs_getattr_iso9660_files',`
Chris PeBenito 5bf9de
	gen_require(`
Chris PeBenito 5bf9de
		type iso9660_t;
Chris PeBenito 5bf9de
	')
Chris PeBenito 5bf9de
Chris PeBenito 5bf9de
	allow $1 iso9660_t:dir list_dir_perms;
Chris PeBenito 5bf9de
	allow $1 iso9660_t:file getattr;
Chris PeBenito 5bf9de
')
Chris PeBenito 5bf9de
Chris PeBenito 5bf9de
########################################
Chris PeBenito 5bf9de
## <summary>
Chris PeBenito 5bf9de
##	Read files on an iso9660 filesystem, which
Chris PeBenito 5bf9de
##	is usually used on CDs.
Chris PeBenito 5bf9de
## </summary>
Chris PeBenito 5bf9de
## <param name="domain">
Chris PeBenito 5bf9de
##	<summary>
Chris PeBenito 5bf9de
##	Domain allowed access.
Chris PeBenito 5bf9de
##	</summary>
Chris PeBenito 5bf9de
## </param>
Chris PeBenito 5bf9de
#
Chris PeBenito f30e6e
interface(`fs_read_iso9660_files',`
Chris PeBenito f30e6e
	gen_require(`
Chris PeBenito f30e6e
		type iso9660_t;
Chris PeBenito f30e6e
	')
Chris PeBenito f30e6e
Chris PeBenito f30e6e
	allow $1 iso9660_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	read_files_pattern($1, iso9660_t, iso9660_t)
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, iso9660_t, iso9660_t)
Chris PeBenito f30e6e
')
Chris PeBenito f30e6e
Chris PeBenito f30e6e
########################################
Chris PeBenito f30e6e
## <summary>
Chris PeBenito 414e41
##	Mount a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_nfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a NFS filesystem.  This allows
Chris PeBenito 414e41
##	some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_nfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_nfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 nfs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_nfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 948914
##	Search directories on a NFS filesystem.
Chris PeBenito 948914
## </summary>
Chris PeBenito 948914
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 948914
## </param>
Chris PeBenito 948914
#
Chris PeBenito 948914
interface(`fs_search_nfs',`
Chris PeBenito 948914
	gen_require(`
Chris PeBenito 948914
		type nfs_t;
Chris PeBenito 948914
	')
Chris PeBenito 948914
Chris PeBenito c0868a
	allow $1 nfs_t:dir search_dir_perms;
Chris PeBenito 948914
')
Chris PeBenito 948914
Chris PeBenito 948914
########################################
Chris PeBenito 948914
## <summary>
Chris PeBenito c8ba68
##	List NFS filesystem.
Chris PeBenito c8ba68
## </summary>
Chris PeBenito c8ba68
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito c8ba68
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito c8ba68
## </param>
Chris PeBenito c8ba68
#
Chris PeBenito c8ba68
interface(`fs_list_nfs',`
Chris PeBenito c8ba68
	gen_require(`
Chris PeBenito c8ba68
		type nfs_t;
Chris PeBenito c8ba68
	')
Chris PeBenito c8ba68
Chris PeBenito c0868a
	allow $1 nfs_t:dir list_dir_perms;
Chris PeBenito c8ba68
')
Chris PeBenito c8ba68
Chris PeBenito c8ba68
########################################
Chris PeBenito c8ba68
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to list the contents
Chris PeBenito a1fcff
##	of directories on a NFS filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a1fcff
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_list_nfs',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type nfs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 nfs_t:dir list_dir_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito 414e41
##	Read files on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito d35c62
#
Chris PeBenito 199895
interface(`fs_read_nfs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito c0868a
	allow $1 nfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	read_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to read
Chris PeBenito a1fcff
##	files on a NFS filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_read_nfs_files',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type nfs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 nfs_t:file read_file_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito 725926
## <summary>
Chris PeBenito 725926
##	Read files on a NFS filesystem.
Chris PeBenito 725926
## </summary>
Chris PeBenito 725926
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 725926
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 725926
## </param>
Chris PeBenito 725926
#
Chris PeBenito 725926
interface(`fs_write_nfs_files',`
Chris PeBenito 725926
	gen_require(`
Chris PeBenito 725926
		type nfs_t;
Chris PeBenito 725926
	')
Chris PeBenito 725926
Chris PeBenito c0868a
	allow $1 nfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	write_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito 725926
')
Chris PeBenito 725926
Chris PeBenito 725926
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito 414e41
##	Execute files on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 4d851f
interface(`fs_exec_nfs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 nfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	exec_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito d35c62
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Do not audit attempts to read or
Chris PeBenito 414e41
##	write files on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito d35c62
#
Chris PeBenito 199895
interface(`fs_dontaudit_rw_nfs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito d35c62
	dontaudit $1 nfs_t:file { read write };
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Read symbolic links on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito d35c62
#
Chris PeBenito 199895
interface(`fs_read_nfs_symlinks',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito c0868a
	allow $1 nfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 8f3a0a
#########################################
Chris PeBenito 8f3a0a
## <summary>
Chris PeBenito 8f3a0a
##	Read named sockets on a NFS filesystem.
Chris PeBenito 8f3a0a
## </summary>
Chris PeBenito 8f3a0a
## <param name="domain">
Chris PeBenito 8f3a0a
##	<summary>
Chris PeBenito 8f3a0a
##	Domain allowed access.
Chris PeBenito 8f3a0a
##	</summary>
Chris PeBenito 8f3a0a
## </param>
Chris PeBenito 8f3a0a
#
Chris PeBenito 8f3a0a
interface(`fs_read_nfs_named_sockets',`
Chris PeBenito 8f3a0a
	gen_require(`
Chris PeBenito 8f3a0a
		type nfs_t;
Chris PeBenito 8f3a0a
	')
Chris PeBenito 8f3a0a
Chris PeBenito 0bfccd
	read_sock_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito 8f3a0a
')
Chris PeBenito 8f3a0a
Chris PeBenito 8f3a0a
#########################################
Chris PeBenito 8f3a0a
## <summary>
Chris PeBenito ff8f0a
##	Read named pipes on a NFS network filesystem.
Chris PeBenito 8f3a0a
## </summary>
Chris PeBenito 8f3a0a
## <param name="domain">
Chris PeBenito 8f3a0a
##	<summary>
Chris PeBenito 8f3a0a
##	Domain allowed access.
Chris PeBenito 8f3a0a
##	</summary>
Chris PeBenito 8f3a0a
## </param>
Chris PeBenito 8f3a0a
## <rolecap/>
Chris PeBenito 8f3a0a
#
Chris PeBenito 8f3a0a
interface(`fs_read_nfs_named_pipes',`
Chris PeBenito 8f3a0a
	gen_require(`
Chris PeBenito 8f3a0a
		type nfs_t;
Chris PeBenito 8f3a0a
	')
Chris PeBenito 8f3a0a
Chris PeBenito 0bfccd
	read_fifo_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito 8f3a0a
')
Chris PeBenito 8f3a0a
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 43989f
##	Read directories of RPC file system pipes.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 6f81e1
interface(`fs_getattr_rpc_dirs',`
Chris PeBenito 6f81e1
	gen_require(`
Chris PeBenito 6f81e1
		type rpc_pipefs_t;
Chris PeBenito 6f81e1
	')
Chris PeBenito 6f81e1
Chris PeBenito 6f81e1
	allow $1 rpc_pipefs_t:dir getattr;
Chris PeBenito 6f81e1
Chris PeBenito 6f81e1
')
Chris PeBenito 6f81e1
Chris PeBenito 6f81e1
########################################
Chris PeBenito 6f81e1
## <summary>
Chris PeBenito bb4372
##	Search directories of RPC file system pipes.
Chris PeBenito bb4372
## </summary>
Chris PeBenito bb4372
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito bb4372
## </param>
Chris PeBenito bb4372
#
Chris PeBenito 4d851f
interface(`fs_search_rpc',`
Chris PeBenito bb4372
	gen_require(`
Chris PeBenito bb4372
		type rpc_pipefs_t;
Chris PeBenito bb4372
	')
Chris PeBenito bb4372
Chris PeBenito bb4372
	allow $1 rpc_pipefs_t:dir search_dir_perms;
Chris PeBenito bb4372
')
Chris PeBenito bb4372
Chris PeBenito bb4372
########################################
Chris PeBenito bb4372
## <summary>
Chris PeBenito 4ec694
##	Search removable storage directories.
Chris PeBenito 4ec694
## </summary>
Chris PeBenito 4ec694
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4ec694
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4ec694
## </param>
Chris PeBenito 4ec694
#
Chris PeBenito 4d851f
interface(`fs_search_removable',`
Chris PeBenito 4ec694
	gen_require(`
Chris PeBenito 4ec694
		type removable_t;
Chris PeBenito 4ec694
	')
Chris PeBenito 4ec694
Chris PeBenito c0868a
	allow $1 removable_t:dir search_dir_perms;
Chris PeBenito 4ec694
')
Chris PeBenito 4ec694
Chris PeBenito 4ec694
########################################
Chris PeBenito 4ec694
## <summary>
Chris PeBenito 4ec694
##	Do not audit attempts to list removable storage directories.
Chris PeBenito 4ec694
## </summary>
Chris PeBenito 4ec694
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4ec694
##	Domain not to audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4ec694
## </param>
Chris PeBenito 4ec694
#
Chris PeBenito 4d851f
interface(`fs_dontaudit_list_removable',`
Chris PeBenito 4ec694
	gen_require(`
Chris PeBenito 4ec694
		type removable_t;
Chris PeBenito 4ec694
	')
Chris PeBenito c0868a
Chris PeBenito c0868a
	dontaudit $1 removable_t:dir list_dir_perms;
Chris PeBenito 4ec694
')
Chris PeBenito 4ec694
Chris PeBenito 4ec694
########################################
Chris PeBenito 4ec694
## <summary>
Chris PeBenito 4ec694
##	Read removable storage files.
Chris PeBenito 4ec694
## </summary>
Chris PeBenito 4ec694
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4ec694
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4ec694
## </param>
Chris PeBenito 4ec694
#
Chris PeBenito 4ec694
interface(`fs_read_removable_files',`
Chris PeBenito 4ec694
	gen_require(`
Chris PeBenito 4ec694
		type removable_t;
Chris PeBenito 4ec694
	')
Chris PeBenito 4ec694
Chris PeBenito 0bfccd
	read_files_pattern($1, removable_t, removable_t)
Chris PeBenito 4ec694
')
Chris PeBenito 4ec694
Chris PeBenito 4ec694
########################################
Chris PeBenito 4ec694
## <summary>
Chris PeBenito 4ec694
##	Do not audit attempts to read removable storage files.
Chris PeBenito 4ec694
## </summary>
Chris PeBenito 4ec694
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4ec694
##	Domain not to audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4ec694
## </param>
Chris PeBenito 4ec694
#
Chris PeBenito e99359
interface(`fs_dontaudit_read_removable_files',`
Chris PeBenito 4ec694
	gen_require(`
Chris PeBenito 4ec694
		type removable_t;
Chris PeBenito 4ec694
	')
Chris PeBenito c0868a
Chris PeBenito c0868a
	dontaudit $1 removable_t:file read_file_perms;
Chris PeBenito 4ec694
')
Chris PeBenito 4ec694
Chris PeBenito 4ec694
########################################
Chris PeBenito 4ec694
## <summary>
Chris PeBenito 4ec694
##	Read removable storage symbolic links.
Chris PeBenito 4ec694
## </summary>
Chris PeBenito 4ec694
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4ec694
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4ec694
## </param>
Chris PeBenito 4ec694
#
Chris PeBenito 4ec694
interface(`fs_read_removable_symlinks',`
Chris PeBenito 4ec694
	gen_require(`
Chris PeBenito 4ec694
		type removable_t;
Chris PeBenito 4ec694
	')
Chris PeBenito 4ec694
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, removable_t, removable_t)
Chris PeBenito 4ec694
')
Chris PeBenito 4ec694
Chris PeBenito 4ec694
########################################
Chris PeBenito 4ec694
## <summary>
Chris PeBenito 6f81e1
##	Read directories of RPC file system pipes.
Chris PeBenito 6f81e1
## </summary>
Chris PeBenito 6f81e1
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 6f81e1
## </param>
Chris PeBenito 6f81e1
#
Chris PeBenito 4d851f
interface(`fs_list_rpc',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		type rpc_pipefs_t;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito c0868a
	allow $1 rpc_pipefs_t:dir list_dir_perms;
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito 43989f
##	Read files of RPC file system pipes.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_read_rpc_files',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		type rpc_pipefs_t;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito 0bfccd
	read_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito 43989f
##	Read symbolic links of RPC file system pipes.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_read_rpc_symlinks',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		type rpc_pipefs_t;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito 43989f
##	Read sockets of RPC file system pipes.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_read_rpc_sockets',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		type rpc_pipefs_t;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito 43989f
	allow $1 rpc_pipefs_t:sock_file { read write };
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete directories
Chris PeBenito 414e41
##	on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_nfs_dirs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 nfs_t:dir manage_dir_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to create, read,
Chris PeBenito a1fcff
##	write, and delete directories
Chris PeBenito a1fcff
##	on a NFS filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a1fcff
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_manage_nfs_dirs',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type nfs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 nfs_t:dir manage_dir_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete files
Chris PeBenito 414e41
##	on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_nfs_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito a1fcff
##	Do not audit attempts to create,
Chris PeBenito a1fcff
##	read, write, and delete files
Chris PeBenito a1fcff
##	on a NFS filesystem.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a1fcff
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_dontaudit_manage_nfs_files',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		type nfs_t;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito c0868a
	dontaudit $1 nfs_t:file manage_file_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito fe040c
#########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete symbolic links
Chris PeBenito 414e41
##	on a CIFS or SMB network filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_nfs_symlinks',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_lnk_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
#########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete named pipes
Chris PeBenito 414e41
##	on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_nfs_named_pipes',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_fifo_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
#########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Create, read, write, and delete named sockets
Chris PeBenito 414e41
##	on a NFS filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_manage_nfs_named_sockets',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_sock_files_pattern($1, nfs_t, nfs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito df00b2
##	Execute a file on a NFS filesystem
Chris PeBenito df00b2
##	in the specified domain.
Chris PeBenito df00b2
## </summary>
Chris PeBenito df00b2
## <desc>
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	Execute a file on a NFS filesystem
Chris PeBenito df00b2
##	in the specified domain.  This allows
Chris PeBenito df00b2
##	the specified domain to execute any file
Chris PeBenito df00b2
##	on a NFS filesystem in the specified
Chris PeBenito df00b2
##	domain.  This is not suggested.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	No interprocess communication (signals, pipes,
Chris PeBenito df00b2
##	etc.) is provided by this interface since
Chris PeBenito df00b2
##	the domains are not owned by this module.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	

Chris PeBenito df00b2
##	This interface was added to handle
Chris PeBenito df00b2
##	home directories on NFS filesystems,
Chris PeBenito df00b2
##	in particular used by the ssh-agent policy.
Chris PeBenito df00b2
##	

Chris PeBenito df00b2
## </desc>
Chris PeBenito df00b2
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito df00b2
## </param>
Chris PeBenito df00b2
## <param name="target_domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito df00b2
##	The type of the new process.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito df00b2
## </param>
Chris PeBenito df00b2
#
Chris PeBenito df00b2
interface(`fs_nfs_domtrans',`
Chris PeBenito df00b2
	gen_require(`
Chris PeBenito df00b2
		type nfs_t;
Chris PeBenito df00b2
	')
Chris PeBenito df00b2
Chris PeBenito c0868a
	allow $1 nfs_t:dir search_dir_perms;
Chris PeBenito 0bfccd
	domain_auto_transition_pattern($1, nfs_t, $2)
Chris PeBenito df00b2
')
Chris PeBenito df00b2
Chris PeBenito df00b2
########################################
Chris PeBenito df00b2
## <summary>
Chris PeBenito 414e41
##	Mount a NFS server pseudo filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_nfsd_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfsd_fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfsd_fs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Mount a NFS server pseudo filesystem.
Chris PeBenito 414e41
##	This allows some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_nfsd_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfsd_fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfsd_fs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a NFS server pseudo filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_nfsd_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfsd_fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 nfsd_fs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a NFS server
Chris PeBenito 414e41
##	pseudo filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_nfsd_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type nfsd_fs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfsd_fs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 43989f
##	Search NFS server directories.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_search_nfsd_fs',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		type nfsd_fs_t;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito c0868a
	allow $1 nfsd_fs_t:dir search_dir_perms;
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito 43989f
##	Read and write NFS server files.
Chris PeBenito 43989f
## </summary>
Chris PeBenito 43989f
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 43989f
## </param>
Chris PeBenito 43989f
#
Chris PeBenito 43989f
interface(`fs_rw_nfsd_fs',`
Chris PeBenito 43989f
	gen_require(`
Chris PeBenito 43989f
		type nfsd_fs_t;
Chris PeBenito 43989f
	')
Chris PeBenito 43989f
Chris PeBenito 0bfccd
	rw_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
Chris PeBenito 43989f
')
Chris PeBenito 43989f
Chris PeBenito 43989f
########################################
Chris PeBenito 43989f
## <summary>
Chris PeBenito 8e2fb6
##	Allow the type to associate to ramfs filesystems.
Chris PeBenito 8e2fb6
## </summary>
Chris PeBenito 8e2fb6
## <param name="type">
Chris PeBenito 8e2fb6
##	<summary>
Chris PeBenito 8e2fb6
##	The type of the object to be associated.
Chris PeBenito 8e2fb6
##	</summary>
Chris PeBenito 8e2fb6
## </param>
Chris PeBenito 8e2fb6
#
Chris PeBenito 8e2fb6
interface(`fs_associate_ramfs',`
Chris PeBenito 8e2fb6
	gen_require(`
Chris PeBenito 8e2fb6
		type ramfs_t;
Chris PeBenito 8e2fb6
	')
Chris PeBenito 8e2fb6
Chris PeBenito 8e2fb6
	allow $1 ramfs_t:filesystem associate;
Chris PeBenito 8e2fb6
')
Chris PeBenito 8e2fb6
Chris PeBenito 8e2fb6
########################################
Chris PeBenito 8e2fb6
## <summary>
Chris PeBenito 414e41
##	Mount a RAM filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_ramfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type ramfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 ramfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a RAM filesystem.  This allows
Chris PeBenito 414e41
##	some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_ramfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type ramfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 ramfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a RAM filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_ramfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type ramfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 ramfs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a RAM filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_ramfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type ramfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 ramfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 842859
##	Search directories on a ramfs
Chris PeBenito 842859
## </summary>
Chris PeBenito 842859
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 842859
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 842859
## </param>
Chris PeBenito 842859
#
Chris PeBenito 842859
interface(`fs_search_ramfs',`
Chris PeBenito 842859
	gen_require(`
Chris PeBenito 842859
		type ramfs_t;
Chris PeBenito 842859
	')
Chris PeBenito 842859
Chris PeBenito c8d5b3
	allow $1 ramfs_t:dir search_dir_perms;
Chris PeBenito 842859
')
Chris PeBenito 842859
Chris PeBenito 842859
########################################
Chris PeBenito 842859
## <summary>
Chris PeBenito a225f9
##	Dontaudit Search directories on a ramfs
Chris PeBenito a225f9
## </summary>
Chris PeBenito a225f9
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a225f9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a225f9
## </param>
Chris PeBenito a225f9
#
Chris PeBenito a225f9
interface(`fs_dontaudit_search_ramfs',`
Chris PeBenito a225f9
	gen_require(`
Chris PeBenito a225f9
		type ramfs_t;
Chris PeBenito a225f9
	')
Chris PeBenito a225f9
Chris PeBenito c0868a
	dontaudit $1 ramfs_t:dir search_dir_perms;
Chris PeBenito a225f9
')
Chris PeBenito a225f9
Chris PeBenito a225f9
########################################
Chris PeBenito a225f9
## <summary>
Chris PeBenito 75beb9
##	Create, read, write, and delete 
Chris PeBenito 75beb9
##	directories on a ramfs.
Chris PeBenito 75beb9
## </summary>
Chris PeBenito 75beb9
## <param name="domain">
Chris PeBenito 75beb9
##	<summary>
Chris PeBenito 75beb9
##	Domain allowed access.
Chris PeBenito 75beb9
##	</summary>
Chris PeBenito 75beb9
## </param>
Chris PeBenito 75beb9
#
Chris PeBenito 75beb9
interface(`fs_manage_ramfs_dirs',`
Chris PeBenito 75beb9
	gen_require(`
Chris PeBenito 75beb9
		type ramfs_t;
Chris PeBenito 75beb9
	')
Chris PeBenito 75beb9
Chris PeBenito 75beb9
	allow $1 ramfs_t:dir manage_dir_perms;
Chris PeBenito 75beb9
')
Chris PeBenito 75beb9
Chris PeBenito 75beb9
########################################
Chris PeBenito 75beb9
## <summary>
Chris PeBenito b0d224
##	Dontaudit read on a ramfs files.
Chris PeBenito b0d224
## </summary>
Chris PeBenito b0d224
## <param name="domain">
Chris PeBenito b0d224
##	<summary>
Chris PeBenito b0d224
##	Domain allowed access.
Chris PeBenito b0d224
##	</summary>
Chris PeBenito b0d224
## </param>
Chris PeBenito b0d224
#
Chris PeBenito b0d224
interface(`fs_dontaudit_read_ramfs_files',`
Chris PeBenito b0d224
	gen_require(`
Chris PeBenito b0d224
		type ramfs_t;
Chris PeBenito b0d224
	')
Chris PeBenito b0d224
Chris PeBenito b0d224
	dontaudit $1 ramfs_t:file read;
Chris PeBenito b0d224
')
Chris PeBenito b0d224
Chris PeBenito b0d224
########################################
Chris PeBenito b0d224
## <summary>
Chris PeBenito b0d224
##	Dontaudit read on a ramfs fifo_files.
Chris PeBenito b0d224
## </summary>
Chris PeBenito b0d224
## <param name="domain">
Chris PeBenito b0d224
##	<summary>
Chris PeBenito b0d224
##	Domain allowed access.
Chris PeBenito b0d224
##	</summary>
Chris PeBenito b0d224
## </param>
Chris PeBenito b0d224
#
Chris PeBenito b0d224
interface(`fs_dontaudit_read_ramfs_pipes',`
Chris PeBenito b0d224
	gen_require(`
Chris PeBenito b0d224
		type ramfs_t;
Chris PeBenito b0d224
	')
Chris PeBenito b0d224
Chris PeBenito b0d224
	dontaudit $1 ramfs_t:fifo_file read;
Chris PeBenito b0d224
')
Chris PeBenito b0d224
Chris PeBenito b0d224
########################################
Chris PeBenito b0d224
## <summary>
Chris PeBenito c8d5b3
##	Create, read, write, and delete
Chris PeBenito c8d5b3
##	files on a ramfs filesystem.
Chris PeBenito c8d5b3
## </summary>
Chris PeBenito c8d5b3
## <param name="domain">
Chris PeBenito c8d5b3
##	<summary>
Chris PeBenito c8d5b3
##	Domain allowed access.
Chris PeBenito c8d5b3
##	</summary>
Chris PeBenito c8d5b3
## </param>
Chris PeBenito c8d5b3
#
Chris PeBenito c8d5b3
interface(`fs_manage_ramfs_files',`
Chris PeBenito c8d5b3
	gen_require(`
Chris PeBenito c8d5b3
		type ramfs_t;
Chris PeBenito c8d5b3
	')
Chris PeBenito c8d5b3
Chris PeBenito 0bfccd
	manage_files_pattern($1, ramfs_t, ramfs_t)
Chris PeBenito c8d5b3
')
Chris PeBenito c8d5b3
Chris PeBenito c8d5b3
########################################
Chris PeBenito c8d5b3
## <summary>
Chris PeBenito 005a9a
##	Write to named pipe on a ramfs filesystem.
Chris PeBenito 005a9a
## </summary>
Chris PeBenito 005a9a
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 005a9a
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 005a9a
## </param>
Chris PeBenito 005a9a
#
Chris PeBenito 4d851f
interface(`fs_write_ramfs_pipes',`
Chris PeBenito 005a9a
	gen_require(`
Chris PeBenito 005a9a
		type ramfs_t;
Chris PeBenito 005a9a
	')
Chris PeBenito 005a9a
Chris PeBenito 0bfccd
	write_fifo_files_pattern($1, ramfs_t, ramfs_t)
Chris PeBenito 005a9a
')
Chris PeBenito 005a9a
Chris PeBenito 005a9a
########################################
Chris PeBenito 005a9a
## <summary>
Chris PeBenito c8d5b3
##	Do not audit attempts to write to named 
Chris PeBenito c8d5b3
##	pipes on a ramfs filesystem.
Chris PeBenito c8d5b3
## </summary>
Chris PeBenito c8d5b3
## <param name="domain">
Chris PeBenito c8d5b3
##	<summary>
Chris PeBenito c8d5b3
##	Domain allowed access.
Chris PeBenito c8d5b3
##	</summary>
Chris PeBenito c8d5b3
## </param>
Chris PeBenito c8d5b3
#
Chris PeBenito c8d5b3
interface(`fs_dontaudit_write_ramfs_pipes',`
Chris PeBenito c8d5b3
	gen_require(`
Chris PeBenito c8d5b3
		type ramfs_t;
Chris PeBenito c8d5b3
	')
Chris PeBenito c8d5b3
Chris PeBenito c8d5b3
	dontaudit $1 ramfs_t:fifo_file write;
Chris PeBenito c8d5b3
')
Chris PeBenito c8d5b3
Chris PeBenito c8d5b3
########################################
Chris PeBenito c8d5b3
## <summary>
Chris PeBenito 9fd4b8
##	Read and write a named pipe on a ramfs filesystem.
Chris PeBenito 9fd4b8
## </summary>
Chris PeBenito 9fd4b8
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 9fd4b8
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 9fd4b8
## </param>
Chris PeBenito 9fd4b8
#
Chris PeBenito 4d851f
interface(`fs_rw_ramfs_pipes',`
Chris PeBenito 9fd4b8
	gen_require(`
Chris PeBenito 9fd4b8
		type ramfs_t;
Chris PeBenito 9fd4b8
	')
Chris PeBenito 9fd4b8
Chris PeBenito 0bfccd
	rw_fifo_files_pattern($1, ramfs_t, ramfs_t)
Chris PeBenito 9fd4b8
')
Chris PeBenito 9fd4b8
Chris PeBenito 9fd4b8
########################################
Chris PeBenito 9fd4b8
## <summary>
Chris PeBenito c8d5b3
##	Create, read, write, and delete 
Chris PeBenito c8d5b3
##	named pipes on a ramfs filesystem.
Chris PeBenito c8d5b3
## </summary>
Chris PeBenito c8d5b3
## <param name="domain">
Chris PeBenito c8d5b3
##	<summary>
Chris PeBenito c8d5b3
##	Domain allowed access.
Chris PeBenito c8d5b3
##	</summary>
Chris PeBenito c8d5b3
## </param>
Chris PeBenito c8d5b3
#
Chris PeBenito c8d5b3
interface(`fs_manage_ramfs_pipes',`
Chris PeBenito c8d5b3
	gen_require(`
Chris PeBenito c8d5b3
		type ramfs_t;
Chris PeBenito c8d5b3
	')
Chris PeBenito c8d5b3
Chris PeBenito 0bfccd
	manage_fifo_files_pattern($1, ramfs_t, ramfs_t)
Chris PeBenito c8d5b3
')
Chris PeBenito c8d5b3
Chris PeBenito c8d5b3
########################################
Chris PeBenito c8d5b3
## <summary>
Chris PeBenito 842859
##	Write to named socket on a ramfs filesystem.
Chris PeBenito 842859
## </summary>
Chris PeBenito 842859
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 842859
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 842859
## </param>
Chris PeBenito 842859
#
Chris PeBenito 4d851f
interface(`fs_write_ramfs_sockets',`
Chris PeBenito 842859
	gen_require(`
Chris PeBenito 842859
		type ramfs_t;
Chris PeBenito 842859
	')
Chris PeBenito 842859
Chris PeBenito 0bfccd
	write_sock_files_pattern($1, ramfs_t, ramfs_t)
Chris PeBenito 842859
')
Chris PeBenito 842859
Chris PeBenito 842859
########################################
Chris PeBenito 842859
## <summary>
Chris PeBenito c8d5b3
##	Create, read, write, and delete
Chris PeBenito c8d5b3
##	named sockets on a ramfs filesystem.
Chris PeBenito c8d5b3
## </summary>
Chris PeBenito c8d5b3
## <param name="domain">
Chris PeBenito c8d5b3
##	<summary>
Chris PeBenito c8d5b3
##	Domain allowed access.
Chris PeBenito c8d5b3
##	</summary>
Chris PeBenito c8d5b3
## </param>
Chris PeBenito c8d5b3
#
Chris PeBenito c8d5b3
interface(`fs_manage_ramfs_sockets',`
Chris PeBenito c8d5b3
	gen_require(`
Chris PeBenito c8d5b3
		type ramfs_t;
Chris PeBenito c8d5b3
	')
Chris PeBenito c8d5b3
Chris PeBenito 0bfccd
	manage_sock_files_pattern($1, ramfs_t, ramfs_t)
Chris PeBenito c8d5b3
')
Chris PeBenito c8d5b3
Chris PeBenito c8d5b3
########################################
Chris PeBenito c8d5b3
## <summary>
Chris PeBenito 414e41
##	Mount a ROM filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_romfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type romfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 romfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a ROM filesystem.  This allows
Chris PeBenito 414e41
##	some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_romfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type romfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 romfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a ROM filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_romfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type romfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 romfs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a ROM
Chris PeBenito 414e41
##	filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_romfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type romfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 romfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Mount a RPC pipe filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_rpc_pipefs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type rpc_pipefs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 rpc_pipefs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a RPC pipe filesystem.  This
Chris PeBenito 414e41
##	allows some mount option to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_rpc_pipefs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type rpc_pipefs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 rpc_pipefs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a RPC pipe filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_rpc_pipefs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type rpc_pipefs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 rpc_pipefs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a RPC pipe
Chris PeBenito 414e41
##	filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_rpc_pipefs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type rpc_pipefs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 rpc_pipefs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 8708d9
#########################################
Chris PeBenito 8708d9
## <summary>
Chris PeBenito 8708d9
##	Read and write RPC pipe filesystem named pipes.
Chris PeBenito 8708d9
## </summary>
Chris PeBenito 8708d9
## <param name="domain">
Chris PeBenito 8708d9
##	<summary>
Chris PeBenito 8708d9
##	Domain allowed access.
Chris PeBenito 8708d9
##	</summary>
Chris PeBenito 8708d9
## </param>
Chris PeBenito 8708d9
#
Chris PeBenito 8708d9
interface(`fs_rw_rpc_named_pipes',`
Chris PeBenito 8708d9
	gen_require(`
Chris PeBenito 8f3a0a
		type rpc_pipefs_t;
Chris PeBenito 8708d9
	')
Chris PeBenito 8708d9
Chris PeBenito 82d277
	allow $1 rpc_pipefs_t:fifo_file rw_fifo_file_perms;
Chris PeBenito 8708d9
')
Chris PeBenito 8708d9
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Mount a tmpfs filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_tmpfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount a tmpfs filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_tmpfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount a tmpfs filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_tmpfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 955019
	allow $1 tmpfs_t:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of a tmpfs
Chris PeBenito 414e41
##	filesystem.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_getattr_tmpfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Allow the type to associate to tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="type">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 414e41
##	The type of the object to be associated.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_associate_tmpfs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem associate;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito a42ca7
##	Get the attributes of tmpfs directories.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito a42ca7
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a42ca7
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a42ca7
## </param>
Chris PeBenito a42ca7
#
Chris PeBenito 4d851f
interface(`fs_getattr_tmpfs_dirs',`
Chris PeBenito a42ca7
	gen_require(`
Chris PeBenito a42ca7
		type tmpfs_t;
Chris PeBenito a42ca7
	')
Chris PeBenito a42ca7
Chris PeBenito a42ca7
	allow $1 tmpfs_t:dir getattr;
Chris PeBenito a42ca7
')
Chris PeBenito a42ca7
Chris PeBenito a42ca7
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito eeb8ea
##	Do not audit attempts to get the attributes
Chris PeBenito eeb8ea
##	of tmpfs directories.
Chris PeBenito eeb8ea
## </summary>
Chris PeBenito eeb8ea
## <param name="domain">
Chris PeBenito eeb8ea
##	<summary>
Chris PeBenito eeb8ea
##	Domain allowed access.
Chris PeBenito eeb8ea
##	</summary>
Chris PeBenito eeb8ea
## </param>
Chris PeBenito eeb8ea
#
Chris PeBenito eeb8ea
interface(`fs_dontaudit_getattr_tmpfs_dirs',`
Chris PeBenito eeb8ea
	gen_require(`
Chris PeBenito eeb8ea
		type tmpfs_t;
Chris PeBenito eeb8ea
	')
Chris PeBenito eeb8ea
Chris PeBenito eeb8ea
	dontaudit $1 tmpfs_t:dir getattr;
Chris PeBenito eeb8ea
')
Chris PeBenito eeb8ea
Chris PeBenito eeb8ea
########################################
Chris PeBenito eeb8ea
## <summary>
Chris PeBenito a42ca7
##	Set the attributes of tmpfs directories.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito a42ca7
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a42ca7
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a42ca7
## </param>
Chris PeBenito a42ca7
#
Chris PeBenito 4d851f
interface(`fs_setattr_tmpfs_dirs',`
Chris PeBenito a42ca7
	gen_require(`
Chris PeBenito a42ca7
		type tmpfs_t;
Chris PeBenito a42ca7
	')
Chris PeBenito a42ca7
Chris PeBenito a42ca7
	allow $1 tmpfs_t:dir setattr;
Chris PeBenito a42ca7
')
Chris PeBenito a42ca7
Chris PeBenito a42ca7
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito a42ca7
##	Search tmpfs directories.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito a42ca7
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a42ca7
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a42ca7
## </param>
Chris PeBenito a42ca7
#
Chris PeBenito a42ca7
interface(`fs_search_tmpfs',`
Chris PeBenito a42ca7
	gen_require(`
Chris PeBenito a42ca7
		type tmpfs_t;
Chris PeBenito a42ca7
	')
Chris PeBenito a42ca7
Chris PeBenito c0868a
	allow $1 tmpfs_t:dir search_dir_perms;
Chris PeBenito a42ca7
')
Chris PeBenito a42ca7
Chris PeBenito a42ca7
########################################
Chris PeBenito a5f339
## <summary>
Chris PeBenito a5f339
##	List the contents of generic tmpfs directories.
Chris PeBenito a5f339
## </summary>
Chris PeBenito a5f339
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a5f339
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a5f339
## </param>
Chris PeBenito a5f339
#
Chris PeBenito a5f339
interface(`fs_list_tmpfs',`
Chris PeBenito a5f339
	gen_require(`
Chris PeBenito a5f339
		type tmpfs_t;
Chris PeBenito a5f339
	')
Chris PeBenito a5f339
Chris PeBenito c0868a
	allow $1 tmpfs_t:dir list_dir_perms;
Chris PeBenito a5f339
')
Chris PeBenito a5f339
Chris PeBenito a5f339
########################################
Chris PeBenito a5f339
## <summary>
Chris PeBenito a5f339
##	Do not audit attempts to list the
Chris PeBenito a5f339
##	contents of generic tmpfs directories.
Chris PeBenito a5f339
## </summary>
Chris PeBenito a5f339
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a5f339
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a5f339
## </param>
Chris PeBenito a5f339
#
Chris PeBenito a5f339
interface(`fs_dontaudit_list_tmpfs',`
Chris PeBenito a5f339
	gen_require(`
Chris PeBenito a5f339
		type tmpfs_t;
Chris PeBenito a5f339
	')
Chris PeBenito a5f339
Chris PeBenito c0868a
	dontaudit $1 tmpfs_t:dir list_dir_perms;
Chris PeBenito a5f339
')
Chris PeBenito a5f339
Chris PeBenito a5f339
########################################
Chris PeBenito 98a8ea
## <summary>
Chris PeBenito 98a8ea
##	Create, read, write, and delete
Chris PeBenito 98a8ea
##	tmpfs directories
Chris PeBenito 98a8ea
## </summary>
Chris PeBenito 98a8ea
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 98a8ea
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 98a8ea
## </param>
Chris PeBenito 98a8ea
#
Chris PeBenito 98a8ea
interface(`fs_manage_tmpfs_dirs',`
Chris PeBenito 98a8ea
	gen_require(`
Chris PeBenito 98a8ea
		type tmpfs_t;
Chris PeBenito 98a8ea
	')
Chris PeBenito 98a8ea
Chris PeBenito c0868a
	allow $1 tmpfs_t:dir manage_dir_perms;
Chris PeBenito 98a8ea
')
Chris PeBenito 98a8ea
Chris PeBenito 98a8ea
########################################
Chris PeBenito ac9db9
## <summary>
Chris PeBenito ac9db9
##	Create an object in a tmpfs filesystem, with a private
Chris PeBenito ac9db9
##	type using a type transition.
Chris PeBenito ac9db9
## </summary>
Chris PeBenito ac9db9
## <param name="domain">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito ac9db9
## <param name="private type">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	The type of the object to be created.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito ac9db9
## <param name="object">
Chris PeBenito ac9db9
##	<summary>
Chris PeBenito ac9db9
##	The object class of the object being created.
Chris PeBenito ac9db9
##	</summary>
Chris PeBenito ac9db9
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 103fe2
interface(`fs_tmpfs_filetrans',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $2 tmpfs_t:filesystem associate;
Chris PeBenito 0bfccd
	filetrans_pattern($1, tmpfs_t, $2, $3)
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 6b19be
##	Do not audit attempts to getattr
Chris PeBenito 6b19be
##	generic tmpfs files.
Chris PeBenito 6b19be
## </summary>
Chris PeBenito 6b19be
## <param name="domain">
Chris PeBenito 6b19be
##	<summary>
Chris PeBenito 6b19be
##	Domain to not audit.
Chris PeBenito 6b19be
##	</summary>
Chris PeBenito 6b19be
## </param>
Chris PeBenito 6b19be
#
Chris PeBenito 6b19be
interface(`fs_dontaudit_getattr_tmpfs_files',`
Chris PeBenito 6b19be
	gen_require(`
Chris PeBenito 6b19be
		type tmpfs_t;
Chris PeBenito 6b19be
	')
Chris PeBenito 6b19be
Chris PeBenito 6b19be
	dontaudit $1 tmpfs_t:file getattr;
Chris PeBenito 6b19be
')
Chris PeBenito 6b19be
Chris PeBenito 6b19be
########################################
Chris PeBenito 6b19be
## <summary>
Chris PeBenito 3ffe29
##	Do not audit attempts to read or write
Chris PeBenito 3ffe29
##	generic tmpfs files.
Chris PeBenito 3ffe29
## </summary>
Chris PeBenito 3ffe29
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 3ffe29
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 3ffe29
## </param>
Chris PeBenito 3ffe29
#
Chris PeBenito 3ffe29
interface(`fs_dontaudit_rw_tmpfs_files',`
Chris PeBenito 3ffe29
	gen_require(`
Chris PeBenito 41b25f
		type tmpfs_t;
Chris PeBenito 3ffe29
	')
Chris PeBenito 3ffe29
Chris PeBenito 6b19be
	dontaudit $1 tmpfs_t:file rw_file_perms;
Chris PeBenito 3ffe29
')
Chris PeBenito 3ffe29
Chris PeBenito 3ffe29
########################################
Chris PeBenito 3ffe29
## <summary>
Chris PeBenito 7576fa
##	Create, read, write, and delete
Chris PeBenito 7576fa
##	auto moutpoints.
Chris PeBenito 7576fa
## </summary>
Chris PeBenito 7576fa
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 7576fa
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 7576fa
## </param>
Chris PeBenito 7576fa
#
Chris PeBenito 7576fa
interface(`fs_manage_auto_mountpoints',`
Chris PeBenito 7576fa
	gen_require(`
Chris PeBenito 7576fa
		type autofs_t;
Chris PeBenito 7576fa
	')
Chris PeBenito 7576fa
Chris PeBenito 7576fa
	allow $1 autofs_t:dir manage_dir_perms;
Chris PeBenito 7576fa
')
Chris PeBenito 7576fa
Chris PeBenito 7576fa
########################################
Chris PeBenito 7576fa
## <summary>
Chris PeBenito 9fd4b8
##	Read and write generic tmpfs files.
Chris PeBenito 9fd4b8
## </summary>
Chris PeBenito 9fd4b8
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 9fd4b8
## </param>
Chris PeBenito 9fd4b8
#
Chris PeBenito 4d851f
interface(`fs_rw_tmpfs_files',`
Chris PeBenito 9fd4b8
	gen_require(`
Chris PeBenito 9fd4b8
		type tmpfs_t;
Chris PeBenito 9fd4b8
	')
Chris PeBenito 9fd4b8
Chris PeBenito 0bfccd
	rw_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito 9fd4b8
')
Chris PeBenito 9fd4b8
Chris PeBenito 9fd4b8
########################################
Chris PeBenito 9fd4b8
## <summary>
Chris PeBenito a52492
##	Read tmpfs link files.
Chris PeBenito a52492
## </summary>
Chris PeBenito a52492
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a52492
## </param>
Chris PeBenito a52492
#
Chris PeBenito a52492
interface(`fs_read_tmpfs_symlinks',`
Chris PeBenito a52492
	gen_require(`
Chris PeBenito a52492
		type tmpfs_t;
Chris PeBenito a52492
	')
Chris PeBenito a52492
Chris PeBenito 0bfccd
	read_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito a52492
')
Chris PeBenito a52492
Chris PeBenito a52492
########################################
Chris PeBenito a52492
## <summary>
Chris PeBenito 414e41
##	Read and write character nodes on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito daa0e0
#
Chris PeBenito 4d851f
interface(`fs_rw_tmpfs_chr_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 tmpfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	rw_chr_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 93727e
##	dontaudit Read and write character nodes on tmpfs filesystems.
Chris PeBenito 93727e
## </summary>
Chris PeBenito 93727e
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 93727e
## </param>
Chris PeBenito 93727e
#
Chris PeBenito 93727e
interface(`fs_dontaudit_use_tmpfs_chr_dev',`
Chris PeBenito 93727e
	gen_require(`
Chris PeBenito 93727e
		type tmpfs_t;
Chris PeBenito 93727e
	')
Chris PeBenito 93727e
Chris PeBenito c0868a
	dontaudit $1 tmpfs_t:dir list_dir_perms;
Chris PeBenito c0868a
	dontaudit $1 tmpfs_t:chr_file rw_chr_file_perms;
Chris PeBenito 93727e
')
Chris PeBenito 93727e
Chris PeBenito 93727e
########################################
Chris PeBenito 93727e
## <summary>
Chris PeBenito 414e41
##	Relabel character nodes on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito efd8ed
#
Chris PeBenito 4d851f
interface(`fs_relabel_tmpfs_chr_file',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 tmpfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	relabel_chr_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito efd8ed
')
Chris PeBenito efd8ed
Chris PeBenito efd8ed
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Read and write block nodes on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito daa0e0
#
Chris PeBenito 4d851f
interface(`fs_rw_tmpfs_blk_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 tmpfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	rw_blk_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Relabel block nodes on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito efd8ed
#
Chris PeBenito 4d851f
interface(`fs_relabel_tmpfs_blk_file',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito c0868a
	allow $1 tmpfs_t:dir list_dir_perms;
Chris PeBenito 0bfccd
	relabel_blk_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito efd8ed
')
Chris PeBenito efd8ed
Chris PeBenito efd8ed
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 98a8ea
##	Read and write, create and delete generic
Chris PeBenito 98a8ea
##	files on tmpfs filesystems.
Chris PeBenito 98a8ea
## </summary>
Chris PeBenito 98a8ea
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 98a8ea
## </param>
Chris PeBenito 98a8ea
#
Chris PeBenito 98a8ea
interface(`fs_manage_tmpfs_files',`
Chris PeBenito 98a8ea
	gen_require(`
Chris PeBenito 98a8ea
		type tmpfs_t;
Chris PeBenito 98a8ea
	')
Chris PeBenito 98a8ea
Chris PeBenito 0bfccd
	manage_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito 98a8ea
')
Chris PeBenito 98a8ea
Chris PeBenito 98a8ea
########################################
Chris PeBenito 98a8ea
## <summary>
Chris PeBenito ebdc3b
##	Read and write, create and delete symbolic
Chris PeBenito ebdc3b
##	links on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito ebdc3b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ebdc3b
## </param>
Chris PeBenito ebdc3b
#
Chris PeBenito ebdc3b
interface(`fs_manage_tmpfs_symlinks',`
Chris PeBenito ebdc3b
	gen_require(`
Chris PeBenito ebdc3b
		type tmpfs_t;
Chris PeBenito ebdc3b
	')
Chris PeBenito ebdc3b
Chris PeBenito 0bfccd
	manage_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito ebdc3b
')
Chris PeBenito ebdc3b
Chris PeBenito ebdc3b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito ebdc3b
##	Read and write, create and delete socket
Chris PeBenito ebdc3b
##	files on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito ebdc3b
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ebdc3b
## </param>
Chris PeBenito ebdc3b
#
Chris PeBenito ebdc3b
interface(`fs_manage_tmpfs_sockets',`
Chris PeBenito ebdc3b
	gen_require(`
Chris PeBenito ebdc3b
		type tmpfs_t;
Chris PeBenito ebdc3b
	')
Chris PeBenito ebdc3b
Chris PeBenito 0bfccd
	manage_sock_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito ebdc3b
')
Chris PeBenito ebdc3b
Chris PeBenito ebdc3b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Read and write, create and delete character
Chris PeBenito 414e41
##	nodes on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito daa0e0
#
Chris PeBenito 4d851f
interface(`fs_manage_tmpfs_chr_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_chr_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Read and write, create and delete block nodes
Chris PeBenito 414e41
##	on tmpfs filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito daa0e0
#
Chris PeBenito 4d851f
interface(`fs_manage_tmpfs_blk_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbc9d6
		type tmpfs_t;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	manage_blk_files_pattern($1, tmpfs_t, tmpfs_t)
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Mount all filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_mount_all_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito cbca03
	allow $1 filesystem_type:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Remount all filesystems.  This
Chris PeBenito 414e41
##	allows some mount options to be changed.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_remount_all_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito cbca03
	allow $1 filesystem_type:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Unmount all filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito b4cd15
#
Chris PeBenito 199895
interface(`fs_unmount_all_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito cbca03
	allow $1 filesystem_type:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 219bcf
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the attributes of all persistent
Chris PeBenito 414e41
##	filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito 219bcf
#
Chris PeBenito 199895
interface(`fs_getattr_all_fs',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito cbca03
	allow $1 filesystem_type:filesystem getattr;
Chris PeBenito 219bcf
')
Chris PeBenito 219bcf
Chris PeBenito 075c4f
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Do not audit attempts to get the attributes
Chris PeBenito 414e41
##	all filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain to not audit.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito 9ccd96
#
Chris PeBenito 9ccd96
interface(`fs_dontaudit_getattr_all_fs',`
Chris PeBenito 9ccd96
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito 9ccd96
	')
Chris PeBenito 9ccd96
Chris PeBenito cbca03
	dontaudit $1 filesystem_type:filesystem getattr;
Chris PeBenito 9ccd96
')
Chris PeBenito 9ccd96
Chris PeBenito 9ccd96
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Get the quotas of all filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 414e41
##	The type of the domain getting quotas.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito b16c6b
#
Chris PeBenito 199895
interface(`fs_get_all_fs_quotas',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito cbca03
	allow $1 filesystem_type:filesystem quotaget;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito a42ca7
## <summary>
Chris PeBenito 414e41
##	Set the quotas of all filesystems.
Chris PeBenito a42ca7
## </summary>
Chris PeBenito 414e41
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 414e41
##	The type of the domain setting quotas.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 414e41
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito 759ba0
#
Chris PeBenito 199895
interface(`fs_set_all_quotas',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito cbca03
	allow $1 filesystem_type:filesystem quotamod;
Chris PeBenito 759ba0
')
Chris PeBenito 759ba0
Chris PeBenito 759ba0
########################################
Chris PeBenito ae9e27
## <summary>
Chris PeBenito cf6a7d
##	Relabelfrom all filesystems.
Chris PeBenito cf6a7d
## </summary>
Chris PeBenito cf6a7d
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9db9
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito cf6a7d
## </param>
Chris PeBenito cf6a7d
#
Chris PeBenito cf6a7d
interface(`fs_relabelfrom_all_fs',`
Chris PeBenito cf6a7d
	gen_require(`
Chris PeBenito cf6a7d
		attribute filesystem_type;
Chris PeBenito cf6a7d
	')
Chris PeBenito cf6a7d
Chris PeBenito cf6a7d
	allow $1 filesystem_type:filesystem relabelfrom;
Chris PeBenito cf6a7d
')
Chris PeBenito cf6a7d
Chris PeBenito cf6a7d
########################################
Chris PeBenito cf6a7d
## <summary>
Chris PeBenito ac9aa2
##	Get the attributes of all directories
Chris PeBenito ac9aa2
##	with a filesystem type.
Chris PeBenito ac9aa2
## </summary>
Chris PeBenito ac9aa2
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ac9aa2
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ac9aa2
## </param>
Chris PeBenito ac9aa2
#
Chris PeBenito ac9aa2
interface(`fs_getattr_all_dirs',`
Chris PeBenito ac9aa2
	gen_require(`
Chris PeBenito ac9aa2
		attribute filesystem_type;
Chris PeBenito ac9aa2
	')
Chris PeBenito ac9aa2
Chris PeBenito cbe327
	allow $1 filesystem_type:dir getattr;
Chris PeBenito ac9aa2
')
Chris PeBenito ac9aa2
Chris PeBenito ac9aa2
########################################
Chris PeBenito ac9aa2
## <summary>
Chris PeBenito a1fcff
##	Search all directories with a filesystem type.
Chris PeBenito a1fcff
## </summary>
Chris PeBenito a1fcff
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito a1fcff
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito a1fcff
## </param>
Chris PeBenito a1fcff
#
Chris PeBenito a1fcff
interface(`fs_search_all',`
Chris PeBenito a1fcff
	gen_require(`
Chris PeBenito a1fcff
		attribute filesystem_type;
Chris PeBenito a1fcff
	')
Chris PeBenito a1fcff
Chris PeBenito ac9aa2
	allow $1 filesystem_type:dir search_dir_perms;
Chris PeBenito a1fcff
')
Chris PeBenito a1fcff
Chris PeBenito a1fcff
########################################
Chris PeBenito a1fcff
## <summary>
Chris PeBenito ae9e27
##	List all directories with a filesystem type.
Chris PeBenito ae9e27
## </summary>
Chris PeBenito ae9e27
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito ae9e27
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito ae9e27
## </param>
Chris PeBenito ae9e27
#
Chris PeBenito ae9e27
interface(`fs_list_all',`
Chris PeBenito ae9e27
	gen_require(`
Chris PeBenito ae9e27
		attribute filesystem_type;
Chris PeBenito ae9e27
	')
Chris PeBenito ae9e27
Chris PeBenito c0868a
	allow $1 filesystem_type:dir list_dir_perms;
Chris PeBenito ae9e27
')
Chris PeBenito ae9e27
Chris PeBenito ae9e27
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 4483ee
##	Get the attributes of all files with
Chris PeBenito 4483ee
##	a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 075c4f
#
Chris PeBenito 199895
interface(`fs_getattr_all_files',`
Chris PeBenito cbc9d6
	gen_require(`
Chris PeBenito cbca03
		attribute filesystem_type;
Chris PeBenito cbc9d6
	')
Chris PeBenito 0c73cd
Chris PeBenito 0bfccd
	getattr_files_pattern($1, filesystem_type, filesystem_type)
Chris PeBenito 4483ee
')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 4483ee
##	Get the attributes of all symbolic links with
Chris PeBenito 4483ee
##	a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 4483ee
#
Chris PeBenito 4483ee
interface(`fs_getattr_all_symlinks',`
Chris PeBenito 4483ee
	gen_require(`
Chris PeBenito 4483ee
		attribute filesystem_type;
Chris PeBenito 4483ee
	')
Chris PeBenito 4483ee
Chris PeBenito 0bfccd
	getattr_lnk_files_pattern($1, filesystem_type, filesystem_type)
Chris PeBenito 4483ee
')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 4483ee
##	Get the attributes of all named pipes with
Chris PeBenito 4483ee
##	a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 4483ee
#
Chris PeBenito 4483ee
interface(`fs_getattr_all_pipes',`
Chris PeBenito 4483ee
	gen_require(`
Chris PeBenito 4483ee
		attribute filesystem_type;
Chris PeBenito 4483ee
	')
Chris PeBenito 4483ee
Chris PeBenito 0bfccd
	getattr_fifo_files_pattern($1, filesystem_type, filesystem_type)
Chris PeBenito 4483ee
')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 4483ee
##	Get the attributes of all named sockets with
Chris PeBenito 4483ee
##	a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 4483ee
#
Chris PeBenito 4483ee
interface(`fs_getattr_all_sockets',`
Chris PeBenito 4483ee
	gen_require(`
Chris PeBenito 4483ee
		attribute filesystem_type;
Chris PeBenito 4483ee
	')
Chris PeBenito 4483ee
Chris PeBenito 0bfccd
	getattr_sock_files_pattern($1, filesystem_type, filesystem_type)
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 9726b3
########################################
Chris PeBenito 9726b3
## <summary>
Chris PeBenito 4483ee
##	Do not audit attempts to get the attributes
Chris PeBenito 4483ee
##	of all files with a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 4483ee
#
Chris PeBenito 4483ee
interface(`fs_dontaudit_getattr_all_files',`
Chris PeBenito 4483ee
	gen_require(`
Chris PeBenito 4483ee
		attribute filesystem_type;
Chris PeBenito 4483ee
	')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
	dontaudit $1 filesystem_type:file getattr;
Chris PeBenito 4483ee
')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 4483ee
##	Do not audit attempts to get the attributes
Chris PeBenito 4483ee
##	of all symbolic links with a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 4483ee
#
Chris PeBenito 4483ee
interface(`fs_dontaudit_getattr_all_symlinks',`
Chris PeBenito 4483ee
	gen_require(`
Chris PeBenito 4483ee
		attribute filesystem_type;
Chris PeBenito 4483ee
	')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
	dontaudit $1 filesystem_type:lnk_file getattr;
Chris PeBenito 4483ee
')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 4483ee
##	Do not audit attempts to get the attributes
Chris PeBenito 4483ee
##	of all named pipes with a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 4483ee
#
Chris PeBenito 4483ee
interface(`fs_dontaudit_getattr_all_pipes',`
Chris PeBenito 4483ee
	gen_require(`
Chris PeBenito 4483ee
		attribute filesystem_type;
Chris PeBenito 4483ee
	')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
	dontaudit $1 filesystem_type:fifo_file getattr;
Chris PeBenito 4483ee
')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 4483ee
##	Do not audit attempts to get the attributes
Chris PeBenito 4483ee
##	of all named sockets with a filesystem type.
Chris PeBenito 4483ee
## </summary>
Chris PeBenito 4483ee
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 4483ee
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 4483ee
## </param>
Chris PeBenito 4483ee
#
Chris PeBenito 4483ee
interface(`fs_dontaudit_getattr_all_sockets',`
Chris PeBenito 4483ee
	gen_require(`
Chris PeBenito 4483ee
		attribute filesystem_type;
Chris PeBenito 4483ee
	')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
	dontaudit $1 filesystem_type:sock_file getattr;
Chris PeBenito 4483ee
')
Chris PeBenito 4483ee
Chris PeBenito 4483ee
########################################
Chris PeBenito 4483ee
## <summary>
Chris PeBenito 9726b3
##	Unconfined access to filesystems
Chris PeBenito 9726b3
## </summary>
Chris PeBenito 9726b3
## <param name="domain">
Chris PeBenito 885b83
##	<summary>
Chris PeBenito 9726b3
##	Domain allowed access.
Chris PeBenito 885b83
##	</summary>
Chris PeBenito 9726b3
## </param>
Chris PeBenito 9726b3
#
Chris PeBenito 9726b3
interface(`fs_unconfined',`
Chris PeBenito 9726b3
	gen_require(`
Chris PeBenito b518fc
		attribute filesystem_unconfined_type;
Chris PeBenito 9726b3
	')
Chris PeBenito 9726b3
Chris PeBenito b518fc
	typeattribute $1 filesystem_unconfined_type;
Chris PeBenito 9726b3
')
Chris PeBenito e99359
Chris PeBenito e99359
########################################
Chris PeBenito e99359
## <summary>
Chris PeBenito e99359
##	Relabel all objets from filesystems that
Chris PeBenito e99359
##	do not support extended attributes.
Chris PeBenito e99359
## </summary>
Chris PeBenito e99359
## <param name="domain">
Chris PeBenito e99359
##	<summary>
Chris PeBenito e99359
##	Domain allowed access.
Chris PeBenito e99359
##	</summary>
Chris PeBenito e99359
## </param>
Chris PeBenito e99359
#
Chris PeBenito e99359
interface(`fs_relabelfrom_noxattr_fs',`
Chris PeBenito e99359
	gen_require(`
Chris PeBenito e99359
		attribute noxattrfs;
Chris PeBenito e99359
	')
Chris PeBenito e99359
Chris PeBenito c0868a
	allow $1 noxattrfs:dir list_dir_perms;
Chris PeBenito 0bfccd
	relabelfrom_dirs_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 0bfccd
	relabelfrom_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 0bfccd
	relabelfrom_lnk_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 0bfccd
	relabelfrom_fifo_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 0bfccd
	relabelfrom_sock_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 0bfccd
	relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito 0bfccd
	relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
Chris PeBenito e99359
')