Chris PeBenito f267df
## <module name="filesystem" layer="kernel">
Chris PeBenito e32d52
## <summary>Policy for filesystems.</summary>
Chris PeBenito e181fe
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_make_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Transform specified type into a filesystem type.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the process performing this action.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_make_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	typeattribute $1 fs_type;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_make_fs_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito 0fd9dc
## <interface name="fs_make_noxattr_fs">
Chris PeBenito 0fd9dc
##	<description>
Chris PeBenito 0fd9dc
##		Transform specified type into a filesystem
Chris PeBenito 0fd9dc
##		type which does not have extended attribute
Chris PeBenito 0fd9dc
##		support.
Chris PeBenito 0fd9dc
##	</description>
Chris PeBenito 0fd9dc
##	<parameter name="domain">
Chris PeBenito 0fd9dc
##		The type of the process performing this action.
Chris PeBenito 0fd9dc
##	</parameter>
Chris PeBenito 0fd9dc
## </interface>
Chris PeBenito 0fd9dc
#
Chris PeBenito 0fd9dc
define(`fs_make_noxattr_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0fd9dc
Chris PeBenito 0fd9dc
	fs_make_fs($1)
Chris PeBenito 0fd9dc
Chris PeBenito 0fd9dc
	typeattribute $1 noxattrfs;
Chris PeBenito 0fd9dc
')
Chris PeBenito 0fd9dc
Chris PeBenito 0fd9dc
define(`fs_make_noxattr_fs_depend',`
Chris PeBenito 0fd9dc
	attribute noxattrfs;
Chris PeBenito 0fd9dc
')
Chris PeBenito 0fd9dc
Chris PeBenito 0fd9dc
########################################
Chris PeBenito fe040c
## <interface name="fs_associate">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Associate the specified file type to persistent
Chris PeBenito fe040c
##		filesystems with extended attributes.  This
Chris PeBenito fe040c
##		allows a file of this type to be created on
Chris PeBenito fe040c
##		a filesystem such as ext3, JFS, and XFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="file_type">
Chris PeBenito fe040c
##		The type of the to be associated.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito 5d7812
#
Chris PeBenito 763c44
define(`fs_associate',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem associate;
Chris PeBenito 5d7812
')
Chris PeBenito 5d7812
Chris PeBenito 763c44
define(`fs_associate_depend',`
Chris PeBenito 0c73cd
	type fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem associate;
Chris PeBenito 5d7812
')
Chris PeBenito 5d7812
Chris PeBenito 5d7812
########################################
Chris PeBenito fe040c
## <interface name="fs_associate_noxattr">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Associate the specified file type to
Chris PeBenito fe040c
##		filesystems which lack extended attributes
Chris PeBenito fe040c
##		support.  This allows a file of this type
Chris PeBenito fe040c
##		to be created on a filesystem such as
Chris PeBenito fe040c
##		FAT32, and NFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="file_type">
Chris PeBenito fe040c
##		The type of the to be associated.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito 5d7812
#
Chris PeBenito fe040c
define(`fs_associate_noxattr',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito fe040c
	allow $1 noxattrfs:filesystem associate;
Chris PeBenito 5d7812
')
Chris PeBenito 5d7812
Chris PeBenito fe040c
define(`fs_associate_noxattr_depend',`
Chris PeBenito fe040c
	attribute noxattrfs;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem associate;
Chris PeBenito 5d7812
')
Chris PeBenito 5d7812
Chris PeBenito 5d7812
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_xattr_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a persistent filesystem which
Chris PeBenito fe040c
##		has extended attributes, such as
Chris PeBenito fe040c
##		ext3, JFS, or XFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito 5d7812
#
Chris PeBenito fe040c
define(`fs_mount_xattr_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_mount_xattr_fs_depend',`
Chris PeBenito 0c73cd
	type fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_xattr_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a persistent filesystem which
Chris PeBenito fe040c
##		has extended attributes, such as
Chris PeBenito fe040c
##		ext3, JFS, or XFS.  This allows
Chris PeBenito fe040c
##		some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito fe040c
define(`fs_remount_xattr_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_remount_xattr_fs_depend',`
Chris PeBenito 0c73cd
	type fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_xattr_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a persistent filesystem which
Chris PeBenito fe040c
##		has extended attributes, such as
Chris PeBenito fe040c
##		ext3, JFS, or XFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito fe040c
define(`fs_unmount_xattr_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_unmount_xattr_fs_depend',`
Chris PeBenito 0c73cd
	type fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_xattr_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a persistent
Chris PeBenito fe040c
##		filesystem which has extended
Chris PeBenito fe040c
##		attributes, such as ext3, JFS, or XFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito fe040c
define(`fs_getattr_xattr_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_getattr_xattr_fs_depend',`
Chris PeBenito 0c73cd
	type fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_dontaudit_getattr_xattr_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Do not audit attempts to
Chris PeBenito fe040c
##		get the attributes of a persistent
Chris PeBenito fe040c
##		filesystem which has extended
Chris PeBenito fe040c
##		attributes, such as ext3, JFS, or XFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain to not audit.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 0fd9dc
define(`fs_dontaudit_getattr_xattr_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	dontaudit $1 fs_t:filesystem getattr;
Chris PeBenito 053f6a
')
Chris PeBenito 053f6a
Chris PeBenito 0fd9dc
define(`fs_dontaudit_getattr_xattr_fs_depend',`
Chris PeBenito 0c73cd
	type fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito 053f6a
')
Chris PeBenito 053f6a
Chris PeBenito 053f6a
########################################
Chris PeBenito fe040c
## <interface name="fs_relabelfrom_xattr_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Allow changing of the label of a
Chris PeBenito fe040c
##		filesystem with extended attributes
Chris PeBenito fe040c
##		using the context= mount option.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito 053f6a
#
Chris PeBenito fe040c
define(`fs_relabelfrom_xattr_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_t:filesystem relabelfrom;
Chris PeBenito dc771f
')
Chris PeBenito dc771f
Chris PeBenito fe040c
define(`fs_relabelfrom_xattr_fs_depend',`
Chris PeBenito 0c73cd
	type fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem relabelfrom;
Chris PeBenito dc771f
')
Chris PeBenito dc771f
Chris PeBenito dc771f
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_autofs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount an automount pseudo filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_mount_autofs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 autofs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_mount_autofs_depend',`
Chris PeBenito 0c73cd
	type autofs_t;
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_autofs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount an automount pseudo filesystem
Chris PeBenito fe040c
##		This allows some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_remount_autofs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 autofs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_remount_autofs_depend',`
Chris PeBenito 0c73cd
	type autofs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_autofs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount an automount pseudo filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_unmount_autofs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 autofs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_unmount_autofs_depend',`
Chris PeBenito 0c73cd
	type autofs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_autofs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of an automount
Chris PeBenito fe040c
##		pseudo filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_autofs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 autofs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_autofs_depend',`
Chris PeBenito 0c73cd
	type autofs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_register_binary_executable_type">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Register an interpreter for new binary
Chris PeBenito fe040c
##		file types, using the kernel binfmt_misc
Chris PeBenito fe040c
##		support.  A common use for this is to
Chris PeBenito fe040c
##		register a JVM as an interpreter for
Chris PeBenito fe040c
##		Java byte code.  Registered binaries
Chris PeBenito fe040c
##		can be directly executed on a command line
Chris PeBenito fe040c
##		without specifying the interpreter.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain registering
Chris PeBenito fe040c
##		the interpreter.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_register_binary_executable_type',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 binfmt_misc_fs_t:dir { getattr search };
Chris PeBenito 0c73cd
	allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_register_binary_executable_type_depend',`
Chris PeBenito 0c73cd
	type binfmt_misc_fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir { getattr search };
Chris PeBenito 0c73cd
	class file { getattr ioctl write };
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_cifs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_mount_cifs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_mount_cifs_depend',`
Chris PeBenito 0c73cd
	type cifs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_cifs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##		This allows some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_remount_cifs',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
		class filesystem remount;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_cifs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_unmount_cifs',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
		class filesystem unmount;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_cifs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a CIFS or
Chris PeBenito fe040c
##		SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_cifs',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
		class filesystem getattr;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito d35c62
########################################
Chris PeBenito d35c62
## <interface name="fs_read_cifs_files">
Chris PeBenito d35c62
##	<description>
Chris PeBenito d35c62
##		Read files on a CIFS or SMB filesystem.
Chris PeBenito d35c62
##	</description>
Chris PeBenito d35c62
##	<parameter name="domain">
Chris PeBenito d35c62
##		The type of the domain reading the files.
Chris PeBenito d35c62
##	</parameter>
Chris PeBenito d35c62
## </interface>
Chris PeBenito d35c62
#
Chris PeBenito d35c62
define(`fs_read_cifs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
		class dir r_dir_perms;
Chris PeBenito d35c62
		class file r_file_perms;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito d35c62
	allow $1 cifs_t:dir r_dir_perms;
Chris PeBenito d35c62
	allow $1 cifs_t:file r_file_perms;
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito d35c62
## <interface name="fs_dontaudit_rw_cifs_files">
Chris PeBenito d35c62
##	<description>
Chris PeBenito d35c62
##		Do not audit attempts to read or
Chris PeBenito d35c62
##		write files on a CIFS or SMB filesystem.
Chris PeBenito d35c62
##	</description>
Chris PeBenito d35c62
##	<parameter name="domain">
Chris PeBenito d35c62
##		The type of the domain to not audit.
Chris PeBenito d35c62
##	</parameter>
Chris PeBenito d35c62
## </interface>
Chris PeBenito d35c62
#
Chris PeBenito d35c62
define(`fs_dontaudit_rw_cifs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
		class file { read write };
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito d35c62
	dontaudit $1 cifs_t:file { read write };
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito d35c62
## <interface name="fs_read_cifs_symlinks">
Chris PeBenito d35c62
##	<description>
Chris PeBenito d35c62
##		Read symbolic links on a CIFS or SMB filesystem.
Chris PeBenito d35c62
##	</description>
Chris PeBenito d35c62
##	<parameter name="domain">
Chris PeBenito d35c62
##		The type of the domain reading the symbolic links.
Chris PeBenito d35c62
##	</parameter>
Chris PeBenito d35c62
## </interface>
Chris PeBenito d35c62
#
Chris PeBenito d35c62
define(`fs_read_cifs_symlinks',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
		class dir r_dir_perms;
Chris PeBenito d35c62
		class lnk_file r_file_perms;
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito d35c62
	allow $1 cifs_t:dir r_dir_perms;
Chris PeBenito d35c62
	allow $1 cifs_t:lnk_file r_file_perms;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_execute_cifs_files">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Execute files on a CIFS or SMB
Chris PeBenito fe040c
##		network filesystem, in the caller
Chris PeBenito fe040c
##		domain.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain executing the files.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 1694de
define(`fs_execute_cifs_files',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:dir r_dir_perms;
Chris PeBenito c2c00b
	can_exec($1, cifs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 1694de
define(`fs_execute_cifs_files_depend',`
Chris PeBenito 0c73cd
	type cifs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito 0c73cd
	class file { getattr read execute execute_no_trans };
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito d35c62
## <interface name="fs_dontaudit_rw_cifs_files">
Chris PeBenito d35c62
##	<description>
Chris PeBenito d35c62
##		Do not audit attempts to read or
Chris PeBenito d35c62
##		write files on a CIFS or SMB filesystems.
Chris PeBenito d35c62
##	</description>
Chris PeBenito d35c62
##	<parameter name="domain">
Chris PeBenito d35c62
##		The type of the domain to not audit.
Chris PeBenito d35c62
##	</parameter>
Chris PeBenito d35c62
## </interface>
Chris PeBenito d35c62
#
Chris PeBenito d35c62
define(`fs_read_cifs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type cifs_t;
Chris PeBenito d35c62
		class file { read write };
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito d35c62
	dontaudit $1 cifs_t:file { read write };
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito fe040c
## <interface name="fs_manage_cifs_dirs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete directories
Chris PeBenito fe040c
##		on a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the directories.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito fe040c
define(`fs_manage_cifs_dirs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:dir create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
define(`fs_manage_cifs_dirs_depend',`
Chris PeBenito 0c73cd
	type cifs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_manage_cifs_files">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete files
Chris PeBenito fe040c
##		on a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the files.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 1694de
define(`fs_manage_cifs_files',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 cifs_t:file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 1694de
define(`fs_manage_cifs_files_depend',`
Chris PeBenito 0c73cd
	type cifs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_manage_cifs_symlinks">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete symbolic links
Chris PeBenito fe040c
##		on a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the symbolic links.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito fe040c
define(`fs_manage_cifs_symlinks',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 cifs_t:lnk_file create_lnk_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
define(`fs_manage_cifs_symlinks_depend',`
Chris PeBenito 0c73cd
	type cifs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class lnk_file create_lnk_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_manage_cifs_named_pipes">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete named pipes
Chris PeBenito fe040c
##		on a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the pipes.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 1694de
define(`fs_manage_cifs_named_pipes',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 cifs_t:fifo_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 1694de
define(`fs_manage_cifs_named_pipes_depend',`
Chris PeBenito 0c73cd
	type cifs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class fifo_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_manage_cifs_named_sockets">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete named sockets
Chris PeBenito fe040c
##		on a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the sockets.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 1694de
define(`fs_manage_cifs_named_sockets',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 cifs_t:dir rw_file_perms;
Chris PeBenito 0c73cd
	allow $1 cifs_t:sock_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 1694de
define(`fs_manage_cifs_named_sockets_depend',`
Chris PeBenito 0c73cd
	type cifs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class sock_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_dos_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a DOS filesystem, such as
Chris PeBenito fe040c
##		FAT32 or NTFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_mount_dos_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_mount_dos_fs_depend',`
Chris PeBenito 0c73cd
	type dosfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_dos_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a DOS filesystem, such as
Chris PeBenito fe040c
##		FAT32 or NTFS.  This allows
Chris PeBenito fe040c
##		some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_remount_dos_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_remount_dos_fs_depend',`
Chris PeBenito 0c73cd
	type dosfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_dos_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a DOS filesystem, such as
Chris PeBenito fe040c
##		FAT32 or NTFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_unmount_dos_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_unmount_dos_fs_depend',`
Chris PeBenito 0c73cd
	type dosfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_dos_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a DOS
Chris PeBenito fe040c
##		filesystem, such as FAT32 or NTFS.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_dos_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_dos_fs_depend',`
Chris PeBenito 0c73cd
	type dosfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_relabelfrom_dos_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Allow changing of the label of a
Chris PeBenito fe040c
##		DOS filesystem using the context= mount option.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito dc771f
#
Chris PeBenito 763c44
define(`fs_relabelfrom_dos_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 dosfs_t:filesystem relabelfrom;
Chris PeBenito dc771f
')
Chris PeBenito dc771f
Chris PeBenito 763c44
define(`fs_relabelfrom_dos_fs_depend',`
Chris PeBenito 0c73cd
	type dosfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem relabelfrom;
Chris PeBenito dc771f
')
Chris PeBenito dc771f
Chris PeBenito dc771f
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_iso9660_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount an iso9660 filesystem, which
Chris PeBenito fe040c
##		is usually used on CDs.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito dc771f
#
Chris PeBenito fe040c
define(`fs_mount_iso9660_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 iso9660_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_mount_iso9660_fs_depend',`
Chris PeBenito 0c73cd
	type iso9660_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_iso9660_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount an iso9660 filesystem, which
Chris PeBenito fe040c
##		is usually used on CDs.  This allows
Chris PeBenito fe040c
##		some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito fe040c
define(`fs_remount_iso9660_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 iso9660_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_remount_iso9660_fs_depend',`
Chris PeBenito 0c73cd
	type iso9660_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_iso9660_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount an iso9660 filesystem, which
Chris PeBenito fe040c
##		is usually used on CDs.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito fe040c
define(`fs_unmount_iso9660_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 iso9660_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_unmount_iso9660_fs_depend',`
Chris PeBenito 0c73cd
	type iso9660_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_iso9660_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of an iso9660
Chris PeBenito fe040c
##		filesystem, which is usually used on CDs.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito fe040c
define(`fs_getattr_iso9660_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 iso9660_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_getattr_iso9660_fs_depend',`
Chris PeBenito 0c73cd
	type iso9660_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_nfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_mount_nfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_mount_nfs_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_nfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a NFS filesystem.  This allows
Chris PeBenito fe040c
##		some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_remount_nfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_remount_nfs_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_nfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_unmount_nfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_unmount_nfs_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_nfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_nfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_nfs_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito d35c62
## <interface name="fs_read_nfs_files">
Chris PeBenito d35c62
##	<description>
Chris PeBenito d35c62
##		Read files on a NFS filesystem.
Chris PeBenito d35c62
##	</description>
Chris PeBenito d35c62
##	<parameter name="domain">
Chris PeBenito d35c62
##		The type of the domain reading the files.
Chris PeBenito d35c62
##	</parameter>
Chris PeBenito d35c62
## </interface>
Chris PeBenito d35c62
#
Chris PeBenito d35c62
define(`fs_read_nfs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
		class dir r_dir_perms;
Chris PeBenito d35c62
		class file r_file_perms;
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito d35c62
	allow $1 nfs_t:dir r_dir_perms;
Chris PeBenito d35c62
	allow $1 nfs_t:file r_file_perms;
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito fe040c
## <interface name="fs_execute_nfs_files">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Execute files on a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain executing the files.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 763c44
define(`fs_execute_nfs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
		class dir r_dir_perms;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:dir r_dir_perms;
Chris PeBenito c2c00b
	can_exec($1, nfs_t)
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito d35c62
########################################
Chris PeBenito d35c62
## <interface name="fs_dontaudit_rw_nfs_files">
Chris PeBenito d35c62
##	<description>
Chris PeBenito d35c62
##		Do not audit attempts to read or
Chris PeBenito d35c62
##		write files on a NFS filesystem.
Chris PeBenito d35c62
##	</description>
Chris PeBenito d35c62
##	<parameter name="domain">
Chris PeBenito d35c62
##		The type of the domain to not audit.
Chris PeBenito d35c62
##	</parameter>
Chris PeBenito d35c62
## </interface>
Chris PeBenito d35c62
#
Chris PeBenito d35c62
define(`fs_dontaudit_rw_nfs_files',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
		class file { read write };
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito d35c62
	dontaudit $1 nfs_t:file { read write };
Chris PeBenito d35c62
')
Chris PeBenito d35c62
Chris PeBenito d35c62
########################################
Chris PeBenito d35c62
## <interface name="fs_read_nfs_symlinks">
Chris PeBenito d35c62
##	<description>
Chris PeBenito d35c62
##		Read symbolic links on a NFS filesystem.
Chris PeBenito d35c62
##	</description>
Chris PeBenito d35c62
##	<parameter name="domain">
Chris PeBenito d35c62
##		The type of the domain reading the symbolic links.
Chris PeBenito d35c62
##	</parameter>
Chris PeBenito d35c62
## </interface>
Chris PeBenito d35c62
#
Chris PeBenito d35c62
define(`fs_read_nfs_symlinks',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
		class dir r_dir_perms;
Chris PeBenito d35c62
		class lnk_file r_file_perms;
Chris PeBenito d35c62
	')
Chris PeBenito d35c62
Chris PeBenito d35c62
	allow $1 nfs_t:dir r_dir_perms;
Chris PeBenito d35c62
	allow $1 nfs_t:lnk_file r_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_manage_nfs_dirs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete directories
Chris PeBenito fe040c
##		on a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the directories.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito fe040c
define(`fs_manage_nfs_dirs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:dir create_dir_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
define(`fs_manage_nfs_dirs_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir create_dir_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_manage_nfs_files">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete files
Chris PeBenito fe040c
##		on a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the files.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 763c44
define(`fs_manage_nfs_files',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 nfs_t:file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 763c44
define(`fs_manage_nfs_files_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
#########################################
Chris PeBenito fe040c
## <interface name="fs_manage_nfs_symlinks">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete symbolic links
Chris PeBenito fe040c
##		on a CIFS or SMB network filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the symbolic links.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito fe040c
define(`fs_manage_nfs_symlinks',`
Chris PeBenito d35c62
	gen_require(`
Chris PeBenito d35c62
		type nfs_t;
Chris PeBenito d35c62
		class dir r_dir_perms;
Chris PeBenito d35c62
		class lnk_file create_lnk_perms;
Chris PeBenito d35c62
	')
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 nfs_t:lnk_file create_lnk_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
#########################################
Chris PeBenito fe040c
## <interface name="fs_manage_nfs_named_pipes">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete named pipes
Chris PeBenito fe040c
##		on a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the pipes.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 763c44
define(`fs_manage_nfs_named_pipes',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 nfs_t:fifo_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 763c44
define(`fs_manage_nfs_named_pipes_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito c2c00b
	class dir rw_dir_perms;
Chris PeBenito c2c00b
	class fifo_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito fe040c
#########################################
Chris PeBenito fe040c
## <interface name="fs_manage_nfs_named_sockets">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Create, read, write, and delete named sockets
Chris PeBenito fe040c
##		on a NFS filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain managing the sockets.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 763c44
define(`fs_manage_nfs_named_sockets',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 nfs_t:sock_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 763c44
define(`fs_manage_nfs_named_sockets_depend',`
Chris PeBenito 0c73cd
	type nfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class sock_file create_file_perms;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_nfsd_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a NFS server pseudo filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_mount_nfsd_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfsd_fs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_mount_nfsd_fs_depend',`
Chris PeBenito 0c73cd
	type nfsd_fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_nfsd_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a NFS server pseudo filesystem.
Chris PeBenito fe040c
##		This allows some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_remount_nfsd_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfsd_fs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_remount_nfsd_fs_depend',`
Chris PeBenito 0c73cd
	type nfsd_fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_nfsd_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a NFS server pseudo filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_unmount_nfsd_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfsd_fs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_unmount_nfsd_fs_depend',`
Chris PeBenito 0c73cd
	type nfsd_fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_nfsd_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a NFS server
Chris PeBenito fe040c
##		pseudo filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_nfsd_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 nfsd_fs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_nfsd_fs_depend',`
Chris PeBenito 0c73cd
	type nfsd_fs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_ramfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a RAM filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_mount_ramfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 ramfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_mount_ramfs_depend',`
Chris PeBenito 0c73cd
	type ramfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_ramfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a RAM filesystem.  This allows
Chris PeBenito fe040c
##		some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_remount_ramfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 ramfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_remount_ramfs_depend',`
Chris PeBenito 0c73cd
	type ramfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_ramfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a RAM filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_unmount_ramfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 ramfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_unmount_ramfs_depend',`
Chris PeBenito 0c73cd
	type ramfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_ramfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a RAM filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_ramfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 ramfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_ramfs_depend',`
Chris PeBenito 0c73cd
	type ramfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_romfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a ROM filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_mount_romfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 romfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_mount_romfs_depend',`
Chris PeBenito 0c73cd
	type romfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_romfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a ROM filesystem.  This allows
Chris PeBenito fe040c
##		some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_remount_romfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 romfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_remount_romfs_depend',`
Chris PeBenito 0c73cd
	type romfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_romfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a ROM filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_unmount_romfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 romfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_unmount_romfs_depend',`
Chris PeBenito 0c73cd
	type romfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_romfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a ROM
Chris PeBenito fe040c
##		filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_romfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 romfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_romfs_depend',`
Chris PeBenito 0c73cd
	type romfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_rpc_pipefs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a RPC pipe filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_mount_rpc_pipefs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 rpc_pipefs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_mount_rpc_pipefs_depend',`
Chris PeBenito 0c73cd
	type rpc_pipefs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_rpc_pipefs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a RPC pipe filesystem.  This
Chris PeBenito fe040c
##		allows some mount option to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_remount_rpc_pipefs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 rpc_pipefs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_remount_rpc_pipefs_depend',`
Chris PeBenito 0c73cd
	type rpc_pipefs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_rpc_pipefs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a RPC pipe filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_unmount_rpc_pipefs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 rpc_pipefs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_unmount_rpc_pipefs_depend',`
Chris PeBenito 0c73cd
	type rpc_pipefs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_rpc_pipefs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a RPC pipe
Chris PeBenito fe040c
##		filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_rpc_pipefs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 rpc_pipefs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_rpc_pipefs_depend',`
Chris PeBenito 0c73cd
	type rpc_pipefs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_tmpfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount a tmpfs filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_mount_tmpfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_mount_tmpfs_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_tmpfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount a tmpfs filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain remounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_remount_tmpfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_remount_tmpfs_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_tmpfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount a tmpfs filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_unmount_tmpfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_unmount_tmpfs_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_tmpfs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of a tmpfs
Chris PeBenito fe040c
##		filesystem.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_getattr_tmpfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 1694de
define(`fs_getattr_tmpfs_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_associate_tmpfs">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Allow the type to associate to tmpfs filesystems.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="type">
Chris PeBenito daa0e0
##		The type of the object to be associated.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito fe040c
define(`fs_associate_tmpfs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:filesystem associate;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito fe040c
define(`fs_associate_tmpfs_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem associate;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
# fs_create_tmpfs_data(domain,derivedtype,[class])
Chris PeBenito b4cd15
#
Chris PeBenito 1694de
define(`fs_create_tmpfs_data',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $2 tmpfs_t:filesystem associate;
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	ifelse(`$3',`',`
Chris PeBenito 0c73cd
		type_transition $1 tmpfs_t:file $2;
Chris PeBenito 0c73cd
	',`
Chris PeBenito 0c73cd
		type_transition $1 tmpfs_t:$3 $2;
Chris PeBenito 0c73cd
	')
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 0fd9dc
define(`fs_create_tmpfs_data_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem associate;
Chris PeBenito 0c73cd
	class dir rw_dir_perms; 
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito 763c44
## <interface name="fs_use_tmpfs_character_devices">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Read and write character nodes on tmpfs filesystems.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito 763c44
define(`fs_use_tmpfs_character_devices',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:chr_file rw_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito 763c44
define(`fs_use_tmpfs_character_devices_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms; 
Chris PeBenito 0c73cd
	class chr_file rw_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito 763c44
## <interface name="fs_relabel_tmpfs_character_devices">
Chris PeBenito efd8ed
##	<description>
Chris PeBenito efd8ed
##		Relabel character nodes on tmpfs filesystems.
Chris PeBenito efd8ed
##	</description>
Chris PeBenito efd8ed
##	<parameter name="domain">
Chris PeBenito efd8ed
##		The type of the process performing this action.
Chris PeBenito efd8ed
##	</parameter>
Chris PeBenito efd8ed
## </interface>
Chris PeBenito efd8ed
#
Chris PeBenito 763c44
define(`fs_relabel_tmpfs_character_devices',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:chr_file { getattr relabelfrom relabelto };
Chris PeBenito efd8ed
')
Chris PeBenito efd8ed
Chris PeBenito 763c44
define(`fs_relabel_tmpfs_character_devices_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito 0c73cd
	class chr_file { getattr relabelfrom relabelto };
Chris PeBenito efd8ed
')
Chris PeBenito efd8ed
Chris PeBenito efd8ed
########################################
Chris PeBenito 763c44
## <interface name="fs_use_tmpfs_block_devices">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Read and write block nodes on tmpfs filesystems.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito 763c44
define(`fs_use_tmpfs_block_devices',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:blk_file rw_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito 763c44
define(`fs_use_tmpfs_block_devices_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms; 
Chris PeBenito 0c73cd
	class blk_file rw_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito 763c44
## <interface name="fs_relabel_tmpfs_block_devices">
Chris PeBenito efd8ed
##	<description>
Chris PeBenito efd8ed
##		Relabel block nodes on tmpfs filesystems.
Chris PeBenito efd8ed
##	</description>
Chris PeBenito efd8ed
##	<parameter name="domain">
Chris PeBenito efd8ed
##		The type of the process performing this action.
Chris PeBenito efd8ed
##	</parameter>
Chris PeBenito efd8ed
## </interface>
Chris PeBenito efd8ed
#
Chris PeBenito 763c44
define(`fs_relabel_tmpfs_block_devices',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:dir r_dir_perms;
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:blk_file { getattr relabelfrom relabelto };
Chris PeBenito efd8ed
')
Chris PeBenito efd8ed
Chris PeBenito 763c44
define(`fs_use_tmpfs_block_devices_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir r_dir_perms;
Chris PeBenito 0c73cd
	class blk_file { getattr relabelfrom relabelto };
Chris PeBenito efd8ed
')
Chris PeBenito efd8ed
Chris PeBenito efd8ed
########################################
Chris PeBenito 763c44
## <interface name="fs_manage_tmpfs_character_devices">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Read and write, create and delete character
Chris PeBenito daa0e0
##		nodes on tmpfs filesystems.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito 763c44
define(`fs_manage_tmpfs_character_devices',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:chr_file create_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito 763c44
define(`fs_manage_tmpfs_character_devices_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class chr_file create_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito 763c44
## <interface name="fs_manage_tmpfs_block_devices">
Chris PeBenito daa0e0
##	<description>
Chris PeBenito daa0e0
##		Read and write, create and delete block nodes
Chris PeBenito daa0e0
##		on tmpfs filesystems.
Chris PeBenito daa0e0
##	</description>
Chris PeBenito daa0e0
##	<parameter name="domain">
Chris PeBenito daa0e0
##		The type of the process performing this action.
Chris PeBenito daa0e0
##	</parameter>
Chris PeBenito daa0e0
## </interface>
Chris PeBenito daa0e0
#
Chris PeBenito 763c44
define(`fs_manage_tmpfs_block_devices',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:dir rw_dir_perms;
Chris PeBenito 0c73cd
	allow $1 tmpfs_t:blk_file create_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito 763c44
define(`fs_manage_tmpfs_block_devices_depend',`
Chris PeBenito 0c73cd
	type tmpfs_t;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir rw_dir_perms;
Chris PeBenito 0c73cd
	class blk_file create_file_perms;
Chris PeBenito daa0e0
')
Chris PeBenito daa0e0
Chris PeBenito daa0e0
########################################
Chris PeBenito fe040c
## <interface name="fs_mount_all_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Mount all filesystems.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_mount_all_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_type:filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_mount_all_fs_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem mount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_remount_all_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Remount all filesystems.  This
Chris PeBenito fe040c
##		allows some mount options to be changed.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain mounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_remount_all_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_type:filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_remount_all_fs_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem remount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito b4cd15
########################################
Chris PeBenito fe040c
## <interface name="fs_unmount_all_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Unmount all filesystems.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain unmounting the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b4cd15
#
Chris PeBenito 763c44
define(`fs_unmount_all_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_type:filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito b4cd15
Chris PeBenito 763c44
define(`fs_mount_all_fs_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem unmount;
Chris PeBenito b4cd15
')
Chris PeBenito 219bcf
Chris PeBenito 219bcf
########################################
Chris PeBenito fe040c
## <interface name="fs_getattr_all_fs">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the attributes of all persistent
Chris PeBenito fe040c
##		filesystems.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain doing the
Chris PeBenito fe040c
##		getattr on the filesystem.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito 219bcf
#
Chris PeBenito 1694de
define(`fs_getattr_all_fs',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_type:filesystem getattr;
Chris PeBenito 219bcf
')
Chris PeBenito 219bcf
Chris PeBenito 1694de
define(`fs_getattr_all_fs_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem getattr;
Chris PeBenito 219bcf
')
Chris PeBenito 075c4f
Chris PeBenito 075c4f
########################################
Chris PeBenito fe040c
## <interface name="fs_get_all_fs_quotas">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Get the quotas of all filesystems.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain getting quotas.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito b16c6b
#
Chris PeBenito 763c44
define(`fs_get_all_fs_quotas',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_type:filesystem quotaget;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito 763c44
define(`fs_get_all_fs_quotas_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem quotaget;
Chris PeBenito b16c6b
')
Chris PeBenito b16c6b
Chris PeBenito b16c6b
########################################
Chris PeBenito 0fd9dc
## <interface name="fs_set_all_quotas">
Chris PeBenito fe040c
##	<description>
Chris PeBenito fe040c
##		Set the quotas of all filesystems.
Chris PeBenito fe040c
##	</description>
Chris PeBenito fe040c
##	<parameter name="domain">
Chris PeBenito fe040c
##		The type of the domain setting quotas.
Chris PeBenito fe040c
##	</parameter>
Chris PeBenito fe040c
## </interface>
Chris PeBenito 759ba0
#
Chris PeBenito 1694de
define(`fs_set_all_quotas',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_type:filesystem quotamod;
Chris PeBenito 759ba0
')
Chris PeBenito 759ba0
Chris PeBenito 1694de
define(`fs_set_all_quotas_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class filesystem quotamod;
Chris PeBenito 759ba0
')
Chris PeBenito 759ba0
Chris PeBenito 759ba0
########################################
Chris PeBenito 759ba0
#
Chris PeBenito 1694de
# fs_getattr_all_files(type)
Chris PeBenito 075c4f
#
Chris PeBenito 1694de
define(`fs_getattr_all_files',`
Chris PeBenito fa7bea
	gen_require(`$0'_depend)
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	allow $1 fs_type:dir { search getattr };
Chris PeBenito 0c73cd
	allow $1 fs_type:file getattr;
Chris PeBenito 0c73cd
	allow $1 fs_type:lnk_file getattr;
Chris PeBenito 0c73cd
	allow $1 fs_type:fifo_file getattr;
Chris PeBenito 0c73cd
	allow $1 fs_type:sock_file getattr;
Chris PeBenito 075c4f
')
Chris PeBenito 075c4f
Chris PeBenito 1694de
define(`fs_getattr_all_files_depend',`
Chris PeBenito 0c73cd
	attribute fs_type;
Chris PeBenito 0c73cd
Chris PeBenito 0c73cd
	class dir { search getattr };
Chris PeBenito 0c73cd
	class file getattr;
Chris PeBenito 0c73cd
	class lnk_file getattr;
Chris PeBenito 0c73cd
	class fifo_file getattr;
Chris PeBenito 0c73cd
	class sock_file getattr;
Chris PeBenito 075c4f
')
Chris PeBenito e32d52
Chris PeBenito e32d52
## </module>