# Copyright (C) 2005 Tresys Technology, LLC

policy_module(filesystem,1.0)

attribute fs_type;

########################################

#

# fs_t is the default type for persistent

# filesystems with extended attributes

#

type fs_t, fs_type;

########################################

#

# Non-persistent/pseudo filesystems

#

type bdev_t, fs_type;

genfscon bdev / context_template(system_u:object_r:bdev_t,s0)

type binfmt_misc_fs_t, fs_type;

genfscon binfmt_misc / context_template(system_u:object_r:binfmt_misc_fs_t,s0)

type eventpollfs_t, fs_type;

genfscon eventpollfs / context_template(system_u:object_r:eventpollfs_t,s0)

type futexfs_t, fs_type;

genfscon futexfs / context_template(system_u:object_r:futexfs_t,s0)

type nfsd_fs_t, fs_type;

genfscon nfsd / context_template(system_u:object_r:nfsd_fs_t,s0)

type ramfs_t, fs_type;

allow ramfs_t self:filesystem associate;

genfscon ramfs / context_template(system_u:object_r:ramfs_t,s0)

type romfs_t, fs_type;

allow romfs_t self:filesystem associate;

genfscon romfs / context_template(system_u:object_r:romfs_t,s0)

genfscon cramfs / context_template(system_u:object_r:romfs_t,s0)

type rpc_pipefs_t, fs_type;

genfscon rpc_pipefs / context_template(system_u:object_r:rpc_pipefs_t,s0)

#

# tmpfs_t is the type for tmpfs filesystems

#

type tmpfs_t, fs_type;

files_make_file(tmpfs_t)

allow tmpfs_t self:filesystem associate;

allow tmpfs_t autofs_t:filesystem associate;

allow tmpfs_t cifs_t:filesystem associate;

allow tmpfs_t dosfs_t:filesystem associate;

allow tmpfs_t iso9660_t:filesystem associate;

allow tmpfs_t nfs_t:filesystem associate;

allow tmpfs_t removable_t:filesystem associate;

allow tmpfs_t usbfs_t:filesystem associate;

########################################

#

# Filesystems without extended attribute support

#

type autofs_t, fs_type;

allow autofs_t self:filesystem associate;

genfscon autofs / context_template(system_u:object_r:autofs_t,s0)

genfscon automount / context_template(system_u:object_r:autofs_t,s0)

#

# cifs_t is the type for filesystems and their

# files shared from Windows servers

#

type cifs_t alias sambafs_t, fs_type;

allow cifs_t self:filesystem associate;

genfscon cifs / context_template(system_u:object_r:cifs_t,s0)

genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)

#

# dosfs_t is the type for fat and vfat

# filesystems and their files.

#

type dosfs_t, fs_type;

allow dosfs_t self:filesystem associate;

genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)

genfscon msdos / context_template(system_u:object_r:dosfs_t,s0)

genfscon fat / context_template(system_u:object_r:dosfs_t,s0)

genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0)

#

# iso9660_t is the type for CD filesystems

# and their files.

#

type iso9660_t, fs_type;

allow iso9660_t self:filesystem associate;

genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0)

genfscon udf / context_template(system_u:object_r:iso9660_t,s0)

#

# removable_t is the default type of all removable media

#

type removable_t, fs_type;

allow removable_t self:filesystem associate;

allow removable_t autofs_t:filesystem associate;

allow removable_t cifs_t:filesystem associate;

allow removable_t dosfs_t:filesystem associate;

allow removable_t iso9660_t:filesystem associate;

allow removable_t nfs_t:filesystem associate;

allow removable_t usbfs_t:filesystem associate;

#

# nfs_t is the default type for NFS file systems

# and their files.

#

type nfs_t, fs_type;

files_make_mountpoint(nfs_t)

allow nfs_t self:filesystem associate;

genfscon nfs / context_template(system_u:object_r:nfs_t,s0)

genfscon nfs4 / context_template(system_u:object_r:nfs_t,s0)

genfscon afs / context_template(system_u:object_r:nfs_t,s0)