diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 4beb272..b14be0a 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -238,9 +238,9 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES)
done
$(QUIET) $(SETTUN) $(TUNABLES) >> $@
-tmp/all_interfaces.conf: $(ALL_INTERFACES)
+tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
@test -d tmp || mkdir -p tmp
- $(QUIET) cat $^ > $@
+ $(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
tmp/all_te_files.conf: $(ALL_TE_FILES)
@test -d tmp || mkdir -p tmp
diff --git a/refpolicy/policy/modules/admin/consoletype.if b/refpolicy/policy/modules/admin/consoletype.if
index afb9df7..c4499cd 100644
--- a/refpolicy/policy/modules/admin/consoletype.if
+++ b/refpolicy/policy/modules/admin/consoletype.if
@@ -3,7 +3,7 @@
#
# consoletype_domtrans(domain)
#
-define(`consoletype_domtrans',`
+interface(`consoletype_domtrans',`
gen_require(`
type consoletype_t, consoletype_exec_t;
class process sigchld;
@@ -24,7 +24,7 @@ define(`consoletype_domtrans',`
#
# consoletype_exec(domain)
#
-define(`consoletype_exec',`
+interface(`consoletype_exec',`
gen_require(`
type consoletype_exec_t;
')
diff --git a/refpolicy/policy/modules/admin/dmesg.if b/refpolicy/policy/modules/admin/dmesg.if
index 3e55cac..189fc5e 100644
--- a/refpolicy/policy/modules/admin/dmesg.if
+++ b/refpolicy/policy/modules/admin/dmesg.if
@@ -11,7 +11,7 @@
##
##
#
-define(`dmesg_domtrans',`
+interface(`dmesg_domtrans',`
gen_require(`
type dmesg_t, dmesg_exec_t;
class process sigchld;
@@ -38,7 +38,7 @@ define(`dmesg_domtrans',`
##
##
#
-define(`dmesg_exec',`
+interface(`dmesg_exec',`
gen_require(`
type dmesg_exec_t;
')
diff --git a/refpolicy/policy/modules/admin/netutils.if b/refpolicy/policy/modules/admin/netutils.if
index dd833fa..a6ba8dd 100644
--- a/refpolicy/policy/modules/admin/netutils.if
+++ b/refpolicy/policy/modules/admin/netutils.if
@@ -3,7 +3,7 @@
#
# netutils_domtrans(domain)
#
-define(`netutils_domtrans',`
+interface(`netutils_domtrans',`
gen_require(`
type netutils_t, netutils_exec_t;
class process sigchld;
@@ -23,7 +23,7 @@ define(`netutils_domtrans',`
#
# netutils_exec(domain)
#
-define(`netutils_exec',`
+interface(`netutils_exec',`
gen_require(`
type netutils_exec_t;
')
diff --git a/refpolicy/policy/modules/admin/rpm.if b/refpolicy/policy/modules/admin/rpm.if
index c0d2e30..b7791a7 100644
--- a/refpolicy/policy/modules/admin/rpm.if
+++ b/refpolicy/policy/modules/admin/rpm.if
@@ -11,7 +11,7 @@
##
##
#
-define(`rpm_domtrans',`
+interface(`rpm_domtrans',`
gen_require(`
type rpm_t, rpm_exec_t;
class process sigchld;
@@ -45,7 +45,7 @@ define(`rpm_domtrans',`
##
##
#
-define(`rpm_run',`
+interface(`rpm_run',`
gen_require(`
type rpm_t, rpm_script_t;
class chr_file rw_term_perms;
@@ -67,7 +67,7 @@ define(`rpm_run',`
##
##
#
-define(`rpm_use_fd',`
+interface(`rpm_use_fd',`
gen_require(`
type rpm_t;
class fd use;
@@ -86,7 +86,7 @@ define(`rpm_use_fd',`
##
##
#
-define(`rpm_read_pipe',`
+interface(`rpm_read_pipe',`
gen_require(`
type rpm_t;
class fifo_file r_file_perms;
@@ -105,7 +105,7 @@ define(`rpm_read_pipe',`
##
##
#
-define(`rpm_read_db',`
+interface(`rpm_read_db',`
gen_require(`
type rpm_var_lib_t_t;
class dir r_dir_perms;
@@ -122,7 +122,7 @@ define(`rpm_read_db',`
#
# rpm_manage_db(domain)
#
-define(`rpm_manage_db',`
+interface(`rpm_manage_db',`
gen_require(`
type rpm_var_lib_t_t;
class dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/admin/usermanage.if b/refpolicy/policy/modules/admin/usermanage.if
index 625aaff..34131a4 100644
--- a/refpolicy/policy/modules/admin/usermanage.if
+++ b/refpolicy/policy/modules/admin/usermanage.if
@@ -11,7 +11,7 @@
##
##
#
-define(`usermanage_domtrans_chfn',`
+interface(`usermanage_domtrans_chfn',`
gen_require(`
type chfn_t, chfn_exec_t;
class process sigchld;
@@ -46,7 +46,7 @@ define(`usermanage_domtrans_chfn',`
##
##
#
-define(`usermanage_run_chfn',`
+interface(`usermanage_run_chfn',`
gen_require(`
type chfn_t;
class chr_file rw_term_perms;
@@ -67,7 +67,7 @@ define(`usermanage_run_chfn',`
##
##
#
-define(`usermanage_domtrans_groupadd',`
+interface(`usermanage_domtrans_groupadd',`
gen_require(`
type groupadd_t, groupadd_exec_t;
class process sigchld;
@@ -102,7 +102,7 @@ define(`usermanage_domtrans_groupadd',`
##
##
#
-define(`usermanage_run_groupadd',`
+interface(`usermanage_run_groupadd',`
gen_require(`
type groupadd_t;
class chr_file rw_term_perms;
@@ -123,7 +123,7 @@ define(`usermanage_run_groupadd',`
##
##
#
-define(`usermanage_domtrans_passwd',`
+interface(`usermanage_domtrans_passwd',`
gen_require(`
type passwd_t, passwd_exec_t;
class process sigchld;
@@ -158,7 +158,7 @@ define(`usermanage_domtrans_passwd',`
##
##
#
-define(`usermanage_run_passwd',`
+interface(`usermanage_run_passwd',`
gen_require(`
type passwd_t;
class chr_file rw_term_perms;
@@ -179,7 +179,7 @@ define(`usermanage_run_passwd',`
##
##
#
-define(`usermanage_domtrans_useradd',`
+interface(`usermanage_domtrans_useradd',`
gen_require(`
type useradd_t, useradd_exec_t;
class process sigchld;
@@ -214,7 +214,7 @@ define(`usermanage_domtrans_useradd',`
##
##
#
-define(`usermanage_run_useradd',`
+interface(`usermanage_run_useradd',`
gen_require(`
type useradd_t;
class chr_file rw_term_perms;
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 9f42521..7ccb56f 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -24,7 +24,7 @@
## is the prefix for user_t).
##
#
-define(`gpg_per_userdomain_template',`
+template(`gpg_per_userdomain_template',`
gen_require(`$0'_depend)
########################################
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index ee0b515..6e1597f 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -11,7 +11,7 @@
##
##
#
-define(`bootloader_domtrans',`
+interface(`bootloader_domtrans',`
gen_require(`
type bootloader_t;
class process sigchld;
@@ -44,7 +44,7 @@ define(`bootloader_domtrans',`
##
##
#
-define(`bootloader_run',`
+interface(`bootloader_run',`
gen_require(`
type bootloader_t;
class chr_file rw_file_perms;
@@ -66,7 +66,7 @@ define(`bootloader_run',`
##
##
#
-define(`bootloader_search_boot_dir',`
+interface(`bootloader_search_boot_dir',`
gen_require(`
type boot_t;
class dir search;
@@ -85,7 +85,7 @@ define(`bootloader_search_boot_dir',`
##
##
#
-define(`bootloader_dontaudit_search_boot',`
+interface(`bootloader_dontaudit_search_boot',`
gen_require(`
type boot_t;
class dir search;
@@ -105,7 +105,7 @@ define(`bootloader_dontaudit_search_boot',`
##
##
#
-define(`bootloader_rw_boot_symlinks',`
+interface(`bootloader_rw_boot_symlinks',`
gen_require(`
type boot_t;
class dir r_dir_perms;
@@ -126,7 +126,7 @@ define(`bootloader_rw_boot_symlinks',`
##
##
#
-define(`bootloader_create_kernel',`
+interface(`bootloader_create_kernel',`
gen_require(`
type boot_t;
class dir ra_dir_perms;
@@ -149,7 +149,7 @@ define(`bootloader_create_kernel',`
##
##
#
-define(`bootloader_create_kernel_symbol_table',`
+interface(`bootloader_create_kernel_symbol_table',`
gen_require(`
type boot_t, system_map_t;
class dir ra_dir_perms;
@@ -170,7 +170,7 @@ define(`bootloader_create_kernel_symbol_table',`
##
##
#
-define(`bootloader_read_kernel_symbol_table',`
+interface(`bootloader_read_kernel_symbol_table',`
gen_require(`
type boot_t, system_map_t;
class dir r_dir_perms;
@@ -191,7 +191,7 @@ define(`bootloader_read_kernel_symbol_table',`
##
##
#
-define(`bootloader_delete_kernel',`
+interface(`bootloader_delete_kernel',`
gen_require(`
type boot_t;
class dir { r_dir_perms write remove_name };
@@ -212,7 +212,7 @@ define(`bootloader_delete_kernel',`
##
##
#
-define(`bootloader_delete_kernel_symbol_table',`
+interface(`bootloader_delete_kernel_symbol_table',`
gen_require(`
type boot_t, system_map_t;
class dir { r_dir_perms write remove_name };
@@ -233,7 +233,7 @@ define(`bootloader_delete_kernel_symbol_table',`
##
##
#
-define(`bootloader_read_config',`
+interface(`bootloader_read_config',`
gen_require(`
type bootloader_etc_t;
class file r_file_perms;
@@ -253,7 +253,7 @@ define(`bootloader_read_config',`
##
##
#
-define(`bootloader_rw_config',`
+interface(`bootloader_rw_config',`
gen_require(`
type bootloader_etc_t;
class file rw_file_perms;
@@ -273,7 +273,7 @@ define(`bootloader_rw_config',`
##
##
#
-define(`bootloader_rw_tmp_file',`
+interface(`bootloader_rw_tmp_file',`
gen_require(`
type bootloader_tmp_t;
class file rw_file_perms;
@@ -294,7 +294,7 @@ define(`bootloader_rw_tmp_file',`
##
##
#
-define(`bootloader_create_runtime_file',`
+interface(`bootloader_create_runtime_file',`
gen_require(`
type boot_t, boot_runtime_t;
class dir rw_dir_perms;
@@ -316,7 +316,7 @@ define(`bootloader_create_runtime_file',`
##
##
#
-define(`bootloader_list_kernel_modules',`
+interface(`bootloader_list_kernel_modules',`
gen_require(`
type modules_object_t;
class dir r_dir_perms;
@@ -335,7 +335,7 @@ define(`bootloader_list_kernel_modules',`
##
##
#
-define(`bootloader_read_kernel_modules',`
+interface(`bootloader_read_kernel_modules',`
gen_require(`
type modules_object_t;
class dir r_dir_perms;
@@ -358,7 +358,7 @@ define(`bootloader_read_kernel_modules',`
##
##
#
-define(`bootloader_write_kernel_modules',`
+interface(`bootloader_write_kernel_modules',`
gen_require(`
attribute rw_kern_modules;
type modules_object_t;
@@ -383,7 +383,7 @@ define(`bootloader_write_kernel_modules',`
##
##
#
-define(`bootloader_manage_kernel_modules',`
+interface(`bootloader_manage_kernel_modules',`
gen_require(`
attribute rw_kern_modules;
type modules_object_t;
@@ -401,7 +401,7 @@ define(`bootloader_manage_kernel_modules',`
#
# bootloader_create_private_module_dir_entry(domain,privatetype,[class(es)])
#
-define(`bootloader_create_private_module_dir_entry',`
+interface(`bootloader_create_private_module_dir_entry',`
gen_require(`
type modules_object_t;
class dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 9430836..9f3ab47 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -12,7 +12,7 @@
##
##
#
-define(`corenet_tcp_sendrecv_generic_if',`
+interface(`corenet_tcp_sendrecv_generic_if',`
gen_require(`
type netif_t;
class netif { tcp_send tcp_recv };
@@ -25,7 +25,7 @@ define(`corenet_tcp_sendrecv_generic_if',`
#
# corenet_udp_send_generic_if(domain)
#
-define(`corenet_udp_send_generic_if',`
+interface(`corenet_udp_send_generic_if',`
gen_require(`
type netif_t;
class netif udp_send;
@@ -38,7 +38,7 @@ define(`corenet_udp_send_generic_if',`
#
# corenet_udp_receive_generic_if(domain)
#
-define(`corenet_udp_receive_generic_if',`
+interface(`corenet_udp_receive_generic_if',`
gen_require(`
type netif_t;
class netif udp_recv;
@@ -51,7 +51,7 @@ define(`corenet_udp_receive_generic_if',`
#
# corenet_udp_sendrecv_generic_if(domain)
#
-define(`corenet_udp_sendrecv_generic_if',`
+interface(`corenet_udp_sendrecv_generic_if',`
corenet_udp_send_generic_if($1)
corenet_udp_receive_generic_if($1)
')
@@ -60,7 +60,7 @@ define(`corenet_udp_sendrecv_generic_if',`
#
# corenet_raw_send_generic_if(domain)
#
-define(`corenet_raw_send_generic_if',`
+interface(`corenet_raw_send_generic_if',`
gen_require(`
type netif_t;
class netif rawip_send;
@@ -75,7 +75,7 @@ define(`corenet_raw_send_generic_if',`
#
# corenet_raw_receive_generic_if(domain)
#
-define(`corenet_raw_receive_generic_if',`
+interface(`corenet_raw_receive_generic_if',`
gen_require(`
type netif_t;
class netif rawip_recv;
@@ -88,7 +88,7 @@ define(`corenet_raw_receive_generic_if',`
#
# corenet_raw_sendrecv_generic_if(domain)
#
-define(`corenet_raw_sendrecv_generic_if',`
+interface(`corenet_raw_sendrecv_generic_if',`
corenet_raw_send_generic_if($1)
corenet_raw_receive_generic_if($1)
')
@@ -97,7 +97,7 @@ define(`corenet_raw_sendrecv_generic_if',`
#
# corenet_tcp_sendrecv_all_if(domain)
#
-define(`corenet_tcp_sendrecv_all_if',`
+interface(`corenet_tcp_sendrecv_all_if',`
gen_require(`
attribute netif_type;
class netif { tcp_send tcp_recv };
@@ -110,7 +110,7 @@ define(`corenet_tcp_sendrecv_all_if',`
#
# corenet_udp_send_all_if(domain)
#
-define(`corenet_udp_send_all_if',`
+interface(`corenet_udp_send_all_if',`
gen_require(`
attribute netif_type;
class netif udp_send;
@@ -123,7 +123,7 @@ define(`corenet_udp_send_all_if',`
#
# corenet_udp_receive_all_if(domain)
#
-define(`corenet_udp_receive_all_if',`
+interface(`corenet_udp_receive_all_if',`
gen_require(`
attribute netif_type;
class netif udp_recv;
@@ -136,7 +136,7 @@ define(`corenet_udp_receive_all_if',`
#
# corenet_udp_sendrecv_all_if(domain)
#
-define(`corenet_udp_sendrecv_all_if',`
+interface(`corenet_udp_sendrecv_all_if',`
corenet_udp_send_all_if($1)
corenet_udp_receive_all_if($1)
')
@@ -145,7 +145,7 @@ define(`corenet_udp_sendrecv_all_if',`
#
# corenet_raw_send_all_if(domain)
#
-define(`corenet_raw_send_all_if',`
+interface(`corenet_raw_send_all_if',`
gen_require(`
attribute netif_type;
class netif rawip_send;
@@ -160,7 +160,7 @@ define(`corenet_raw_send_all_if',`
#
# corenet_raw_receive_all_if(domain)
#
-define(`corenet_raw_receive_all_if',`
+interface(`corenet_raw_receive_all_if',`
gen_require(`
attribute netif_type;
class netif rawip_recv;
@@ -173,7 +173,7 @@ define(`corenet_raw_receive_all_if',`
#
# corenet_raw_sendrecv_all_if(domain)
#
-define(`corenet_raw_sendrecv_all_if',`
+interface(`corenet_raw_sendrecv_all_if',`
corenet_raw_send_all_if($1)
corenet_raw_receive_all_if($1)
')
@@ -182,7 +182,7 @@ define(`corenet_raw_sendrecv_all_if',`
#
# corenet_tcp_sendrecv_generic_node(domain)
#
-define(`corenet_tcp_sendrecv_generic_node',`
+interface(`corenet_tcp_sendrecv_generic_node',`
gen_require(`
type node_t;
class node { tcp_send tcp_recv };
@@ -195,7 +195,7 @@ define(`corenet_tcp_sendrecv_generic_node',`
#
# corenet_udp_send_generic_node(domain)
#
-define(`corenet_udp_send_generic_node',`
+interface(`corenet_udp_send_generic_node',`
gen_require(`
type node_t;
class node udp_send;
@@ -208,7 +208,7 @@ define(`corenet_udp_send_generic_node',`
#
# corenet_udp_receive_generic_node(domain)
#
-define(`corenet_udp_receive_generic_node',`
+interface(`corenet_udp_receive_generic_node',`
gen_require(`
type node_t;
class node udp_recv;
@@ -221,7 +221,7 @@ define(`corenet_udp_receive_generic_node',`
#
# corenet_udp_sendrecv_generic_node(domain)
#
-define(`corenet_udp_sendrecv_generic_node',`
+interface(`corenet_udp_sendrecv_generic_node',`
corenet_udp_send_generic_node($1)
corenet_udp_receive_generic_node($1)
')
@@ -230,7 +230,7 @@ define(`corenet_udp_sendrecv_generic_node',`
#
# corenet_raw_send_generic_node(domain)
#
-define(`corenet_raw_send_generic_node',`
+interface(`corenet_raw_send_generic_node',`
gen_require(`
type node_t;
class node rawip_send;
@@ -243,7 +243,7 @@ define(`corenet_raw_send_generic_node',`
#
# corenet_raw_receive_generic_node(domain)
#
-define(`corenet_raw_receive_generic_node',`
+interface(`corenet_raw_receive_generic_node',`
gen_require(`
type node_t;
class node rawip_recv;
@@ -256,7 +256,7 @@ define(`corenet_raw_receive_generic_node',`
#
# corenet_raw_sendrecv_generic_node(domain)
#
-define(`corenet_raw_sendrecv_generic_node',`
+interface(`corenet_raw_sendrecv_generic_node',`
corenet_raw_send_generic_node($1)
corenet_raw_receive_generic_node($1)
')
@@ -265,7 +265,7 @@ define(`corenet_raw_sendrecv_generic_node',`
#
# corenet_tcp_bind_generic_node(domain)
#
-define(`corenet_tcp_bind_generic_node',`
+interface(`corenet_tcp_bind_generic_node',`
gen_require(`
type node_t;
class tcp_socket node_bind;
@@ -278,7 +278,7 @@ define(`corenet_tcp_bind_generic_node',`
#
# corenet_udp_bind_generic_node(domain)
#
-define(`corenet_udp_bind_generic_node',`
+interface(`corenet_udp_bind_generic_node',`
gen_require(`
type node_t;
class udp_socket node_bind;
@@ -291,7 +291,7 @@ define(`corenet_udp_bind_generic_node',`
#
# corenet_tcp_sendrecv_all_nodes(domain)
#
-define(`corenet_tcp_sendrecv_all_nodes',`
+interface(`corenet_tcp_sendrecv_all_nodes',`
gen_require(`
attribute node_type;
class node { tcp_send tcp_recv };
@@ -304,7 +304,7 @@ define(`corenet_tcp_sendrecv_all_nodes',`
#
# corenet_udp_send_all_nodes(domain)
#
-define(`corenet_udp_send_all_nodes',`
+interface(`corenet_udp_send_all_nodes',`
gen_require(`
attribute node_type;
class node udp_send;
@@ -317,7 +317,7 @@ define(`corenet_udp_send_all_nodes',`
#
# corenet_udp_receive_all_nodes(domain)
#
-define(`corenet_udp_receive_all_nodes',`
+interface(`corenet_udp_receive_all_nodes',`
gen_require(`
attribute node_type;
class node udp_recv;
@@ -330,7 +330,7 @@ define(`corenet_udp_receive_all_nodes',`
#
# corenet_udp_sendrecv_all_nodes(domain)
#
-define(`corenet_udp_sendrecv_all_nodes',`
+interface(`corenet_udp_sendrecv_all_nodes',`
corenet_udp_send_all_nodes($1)
corenet_udp_receive_all_nodes($1)
')
@@ -339,7 +339,7 @@ define(`corenet_udp_sendrecv_all_nodes',`
#
# corenet_raw_send_all_nodes(domain)
#
-define(`corenet_raw_send_all_nodes',`
+interface(`corenet_raw_send_all_nodes',`
gen_require(`
attribute node_type;
class node rawip_send;
@@ -352,7 +352,7 @@ define(`corenet_raw_send_all_nodes',`
#
# corenet_raw_receive_all_nodes(domain)
#
-define(`corenet_raw_receive_all_nodes',`
+interface(`corenet_raw_receive_all_nodes',`
gen_require(`
attribute node_type;
class node rawip_recv;
@@ -365,7 +365,7 @@ define(`corenet_raw_receive_all_nodes',`
#
# corenet_raw_sendrecv_all_nodes(domain)
#
-define(`corenet_raw_sendrecv_all_nodes',`
+interface(`corenet_raw_sendrecv_all_nodes',`
corenet_raw_send_all_nodes($1)
corenet_raw_receive_all_nodes($1)
')
@@ -374,7 +374,7 @@ define(`corenet_raw_sendrecv_all_nodes',`
#
# corenet_tcp_bind_all_nodes(domain)
#
-define(`corenet_tcp_bind_all_nodes',`
+interface(`corenet_tcp_bind_all_nodes',`
gen_require(`
attribute node_type;
class tcp_socket node_bind;
@@ -387,7 +387,7 @@ define(`corenet_tcp_bind_all_nodes',`
#
# corenet_udp_bind_all_nodes(domain)
#
-define(`corenet_udp_bind_all_nodes',`
+interface(`corenet_udp_bind_all_nodes',`
gen_require(`
attribute node_type;
class udp_socket node_bind;
@@ -400,7 +400,7 @@ define(`corenet_udp_bind_all_nodes',`
#
# corenet_tcp_sendrecv_generic_port(domain)
#
-define(`corenet_tcp_sendrecv_generic_port',`
+interface(`corenet_tcp_sendrecv_generic_port',`
gen_require(`
type port_t;
class tcp_socket { send_msg recv_msg };
@@ -413,7 +413,7 @@ define(`corenet_tcp_sendrecv_generic_port',`
#
# corenet_udp_send_generic_port(domain)
#
-define(`corenet_udp_send_generic_port',`
+interface(`corenet_udp_send_generic_port',`
gen_require(`
type port_t;
class udp_socket send_msg;
@@ -426,7 +426,7 @@ define(`corenet_udp_send_generic_port',`
#
# corenet_udp_receive_generic_port(domain)
#
-define(`corenet_udp_receive_generic_port',`
+interface(`corenet_udp_receive_generic_port',`
gen_require(`
type port_t;
class udp_socket recv_msg;
@@ -439,7 +439,7 @@ define(`corenet_udp_receive_generic_port',`
#
# corenet_udp_sendrecv_generic_port(domain)
#
-define(`corenet_udp_sendrecv_generic_port',`
+interface(`corenet_udp_sendrecv_generic_port',`
corenet_udp_send_generic_port($1)
corenet_udp_receive_generic_port($1)
')
@@ -448,7 +448,7 @@ define(`corenet_udp_sendrecv_generic_port',`
#
# corenet_tcp_bind_generic_port(domain)
#
-define(`corenet_tcp_bind_generic_port',`
+interface(`corenet_tcp_bind_generic_port',`
gen_require(`
type port_t;
class tcp_socket name_bind;
@@ -461,7 +461,7 @@ define(`corenet_tcp_bind_generic_port',`
#
# corenet_udp_bind_generic_port(domain)
#
-define(`corenet_udp_bind_generic_port',`
+interface(`corenet_udp_bind_generic_port',`
gen_require(`
type port_t;
class udp_socket name_bind;
@@ -474,7 +474,7 @@ define(`corenet_udp_bind_generic_port',`
#
# corenet_tcp_sendrecv_all_ports(domain)
#
-define(`corenet_tcp_sendrecv_all_ports',`
+interface(`corenet_tcp_sendrecv_all_ports',`
gen_require(`
attribute port_type;
class tcp_socket { send_msg recv_msg };
@@ -487,7 +487,7 @@ define(`corenet_tcp_sendrecv_all_ports',`
#
# corenet_udp_send_all_ports(domain)
#
-define(`corenet_udp_send_all_ports',`
+interface(`corenet_udp_send_all_ports',`
gen_require(`
attribute port_type;
class udp_socket send_msg;
@@ -500,7 +500,7 @@ define(`corenet_udp_send_all_ports',`
#
# corenet_udp_receive_all_ports(domain)
#
-define(`corenet_udp_receive_all_ports',`
+interface(`corenet_udp_receive_all_ports',`
gen_require(`
attribute port_type;
class udp_socket recv_msg;
@@ -513,7 +513,7 @@ define(`corenet_udp_receive_all_ports',`
#
# corenet_udp_sendrecv_all_ports(domain)
#
-define(`corenet_udp_sendrecv_all_ports',`
+interface(`corenet_udp_sendrecv_all_ports',`
corenet_udp_send_all_ports($1)
corenet_udp_receive_all_ports($1)
')
@@ -522,7 +522,7 @@ define(`corenet_udp_sendrecv_all_ports',`
#
# corenet_tcp_bind_all_ports(domain)
#
-define(`corenet_tcp_bind_all_ports',`
+interface(`corenet_tcp_bind_all_ports',`
gen_require(`
attribute port_type;
class tcp_socket name_bind;
@@ -535,7 +535,7 @@ define(`corenet_tcp_bind_all_ports',`
#
# corenet_udp_bind_all_ports(domain)
#
-define(`corenet_udp_bind_all_ports',`
+interface(`corenet_udp_bind_all_ports',`
gen_require(`
attribute port_type;
class udp_socket name_bind;
@@ -548,7 +548,7 @@ define(`corenet_udp_bind_all_ports',`
#
# corenet_tcp_sendrecv_reserved_port(domain)
#
-define(`corenet_tcp_sendrecv_reserved_port',`
+interface(`corenet_tcp_sendrecv_reserved_port',`
gen_require(`
type reserved_port_t;
class tcp_socket { send_msg recv_msg };
@@ -561,7 +561,7 @@ define(`corenet_tcp_sendrecv_reserved_port',`
#
# corenet_udp_send_reserved_port(domain)
#
-define(`corenet_udp_send_reserved_port',`
+interface(`corenet_udp_send_reserved_port',`
gen_require(`
type reserved_port_t;
class udp_socket send_msg;
@@ -574,7 +574,7 @@ define(`corenet_udp_send_reserved_port',`
#
# corenet_udp_receive_reserved_port(domain)
#
-define(`corenet_udp_receive_reserved_port',`
+interface(`corenet_udp_receive_reserved_port',`
gen_require(`
type reserved_port_t;
class udp_socket recv_msg;
@@ -587,7 +587,7 @@ define(`corenet_udp_receive_reserved_port',`
#
# corenet_udp_sendrecv_reserved_port(domain)
#
-define(`corenet_udp_sendrecv_reserved_port',`
+interface(`corenet_udp_sendrecv_reserved_port',`
corenet_udp_send_reserved_port($1)
corenet_udp_receive_reserved_port($1)
')
@@ -596,7 +596,7 @@ define(`corenet_udp_sendrecv_reserved_port',`
#
# corenet_tcp_bind_reserved_port(domain)
#
-define(`corenet_tcp_bind_reserved_port',`
+interface(`corenet_tcp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
class tcp_socket name_bind;
@@ -611,7 +611,7 @@ define(`corenet_tcp_bind_reserved_port',`
#
# corenet_udp_bind_reserved_port(domain)
#
-define(`corenet_udp_bind_reserved_port',`
+interface(`corenet_udp_bind_reserved_port',`
gen_require(`
type reserved_port_t;
class udp_socket name_bind;
@@ -626,7 +626,7 @@ define(`corenet_udp_bind_reserved_port',`
#
# corenet_tcp_sendrecv_all_reserved_ports(domain)
#
-define(`corenet_tcp_sendrecv_all_reserved_ports',`
+interface(`corenet_tcp_sendrecv_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class tcp_socket { send_msg recv_msg };
@@ -639,7 +639,7 @@ define(`corenet_tcp_sendrecv_all_reserved_ports',`
#
# corenet_udp_send_all_reserved_ports(domain)
#
-define(`corenet_udp_send_all_reserved_ports',`
+interface(`corenet_udp_send_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket send_msg;
@@ -652,7 +652,7 @@ define(`corenet_udp_send_all_reserved_ports',`
#
# corenet_udp_receive_all_reserved_ports(domain)
#
-define(`corenet_udp_receive_all_reserved_ports',`
+interface(`corenet_udp_receive_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket recv_msg;
@@ -665,7 +665,7 @@ define(`corenet_udp_receive_all_reserved_ports',`
#
# corenet_udp_sendrecv_all_reserved_ports(domain)
#
-define(`corenet_udp_sendrecv_all_reserved_ports',`
+interface(`corenet_udp_sendrecv_all_reserved_ports',`
corenet_udp_send_all_reserved_ports($1)
corenet_udp_receive_all_reserved_ports($1)
')
@@ -674,7 +674,7 @@ define(`corenet_udp_sendrecv_all_reserved_ports',`
#
# corenet_tcp_bind_all_reserved_ports(domain)
#
-define(`corenet_tcp_bind_all_reserved_ports',`
+interface(`corenet_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class tcp_socket name_bind;
@@ -689,7 +689,7 @@ define(`corenet_tcp_bind_all_reserved_ports',`
#
# corenet_dontaudit_tcp_bind_all_reserved_ports(domain)
#
-define(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
+interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class tcp_socket name_bind;
@@ -702,7 +702,7 @@ define(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
#
# corenet_udp_bind_all_reserved_ports(domain)
#
-define(`corenet_udp_bind_all_reserved_ports',`
+interface(`corenet_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket name_bind;
@@ -717,7 +717,7 @@ define(`corenet_udp_bind_all_reserved_ports',`
#
# corenet_dontaudit_udp_bind_all_reserved_ports(domain)
#
-define(`corenet_dontaudit_udp_bind_all_reserved_ports',`
+interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
gen_require(`
attribute reserved_port_type;
class udp_socket name_bind;
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4
index 682f22c..fea2b84 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4
@@ -16,7 +16,7 @@ define(`create_netif_interfaces',``
##
##
#
-define(`corenet_tcp_sendrecv_$1',`
+interface(`corenet_tcp_sendrecv_$1',`
gen_require(`
type $1_netif_t;
class netif { tcp_send tcp_recv };
@@ -36,7 +36,7 @@ define(`corenet_tcp_sendrecv_$1',`
##
##
#
-define(`corenet_udp_send_$1',`
+interface(`corenet_udp_send_$1',`
gen_require(`
type $1_netif_t;
class netif udp_send;
@@ -56,7 +56,7 @@ define(`corenet_udp_send_$1',`
##
##
#
-define(`corenet_udp_receive_$1',`
+interface(`corenet_udp_receive_$1',`
gen_require(`
type $1_netif_t;
class netif udp_recv;
@@ -76,7 +76,7 @@ define(`corenet_udp_receive_$1',`
##
##
#
-define(`corenet_udp_sendrecv_$1',`
+interface(`corenet_udp_sendrecv_$1',`
corenet_udp_send_$1(dollarsone)
corenet_udp_receive_$1(dollarsone)
')
@@ -92,7 +92,7 @@ define(`corenet_udp_sendrecv_$1',`
##
##
#
-define(`corenet_raw_send_$1',`
+interface(`corenet_raw_send_$1',`
gen_require(`
type $1_netif_t;
class netif rawip_send;
@@ -114,7 +114,7 @@ define(`corenet_raw_send_$1',`
##
##
#
-define(`corenet_raw_receive_$1',`
+interface(`corenet_raw_receive_$1',`
gen_require(`
type $1_netif_t;
class netif rawip_recv;
@@ -134,7 +134,7 @@ define(`corenet_raw_receive_$1',`
##
##
#
-define(`corenet_raw_sendrecv_$1',`
+interface(`corenet_raw_sendrecv_$1',`
corenet_raw_send_$1(dollarsone)
corenet_raw_receive_$1(dollarsone)
')
@@ -158,7 +158,7 @@ define(`create_node_interfaces',``
##
##
#
-define(`corenet_tcp_sendrecv_$1_node',`
+interface(`corenet_tcp_sendrecv_$1_node',`
gen_require(`
type $1_node_t;
class node { tcp_send tcp_recv };
@@ -178,7 +178,7 @@ define(`corenet_tcp_sendrecv_$1_node',`
##
##
#
-define(`corenet_udp_send_$1_node',`
+interface(`corenet_udp_send_$1_node',`
gen_require(`
type $1_node_t;
class node udp_send;
@@ -198,7 +198,7 @@ define(`corenet_udp_send_$1_node',`
##
##
#
-define(`corenet_udp_receive_$1_node',`
+interface(`corenet_udp_receive_$1_node',`
gen_require(`
type $1_node_t;
class node udp_recv;
@@ -218,7 +218,7 @@ define(`corenet_udp_receive_$1_node',`
##
##
#
-define(`corenet_udp_sendrecv_$1_node',`
+interface(`corenet_udp_sendrecv_$1_node',`
corenet_udp_send_$1_node(dollarsone)
corenet_udp_receive_$1_node(dollarsone)
')
@@ -234,7 +234,7 @@ define(`corenet_udp_sendrecv_$1_node',`
##
##
#
-define(`corenet_raw_send_$1_node',`
+interface(`corenet_raw_send_$1_node',`
gen_require(`
type $1_node_t;
class node rawip_send;
@@ -254,7 +254,7 @@ define(`corenet_raw_send_$1_node',`
##
##
#
-define(`corenet_raw_receive_$1_node',`
+interface(`corenet_raw_receive_$1_node',`
gen_require(`
type $1_node_t;
class node rawip_recv;
@@ -274,7 +274,7 @@ define(`corenet_raw_receive_$1_node',`
##
##
#
-define(`corenet_raw_sendrecv_$1_node',`
+interface(`corenet_raw_sendrecv_$1_node',`
corenet_raw_send_$1_node(dollarsone)
corenet_raw_receive_$1_node(dollarsone)
')
@@ -290,7 +290,7 @@ define(`corenet_raw_sendrecv_$1_node',`
##
##
#
-define(`corenet_tcp_bind_$1_node',`
+interface(`corenet_tcp_bind_$1_node',`
gen_require(`
type $1_node_t;
class tcp_socket node_bind;
@@ -310,7 +310,7 @@ define(`corenet_tcp_bind_$1_node',`
##
##
#
-define(`corenet_udp_bind_$1_node',`
+interface(`corenet_udp_bind_$1_node',`
gen_require(`
type $1_node_t;
class udp_socket node_bind;
@@ -338,7 +338,7 @@ define(`create_port_interfaces',``
##
##
#
-define(`corenet_tcp_sendrecv_$1_port',`
+interface(`corenet_tcp_sendrecv_$1_port',`
gen_require(`
type $1_port_t;
class tcp_socket { send_msg recv_msg };
@@ -358,7 +358,7 @@ define(`corenet_tcp_sendrecv_$1_port',`
##
##
#
-define(`corenet_udp_send_$1_port',`
+interface(`corenet_udp_send_$1_port',`
gen_require(`
type $1_port_t;
class udp_socket send_msg;
@@ -378,7 +378,7 @@ define(`corenet_udp_send_$1_port',`
##
##
#
-define(`corenet_udp_receive_$1_port',`
+interface(`corenet_udp_receive_$1_port',`
gen_require(`
type $1_port_t;
class udp_socket recv_msg;
@@ -398,7 +398,7 @@ define(`corenet_udp_receive_$1_port',`
##
##
#
-define(`corenet_udp_sendrecv_$1_port',`
+interface(`corenet_udp_sendrecv_$1_port',`
corenet_udp_send_$1_port(dollarsone)
corenet_udp_receive_$1_port(dollarsone)
')
@@ -414,7 +414,7 @@ define(`corenet_udp_sendrecv_$1_port',`
##
##
#
-define(`corenet_tcp_bind_$1_port',`
+interface(`corenet_tcp_bind_$1_port',`
gen_require(`
type $1_port_t;
class tcp_socket name_bind;
@@ -435,7 +435,7 @@ define(`corenet_tcp_bind_$1_port',`
##
##
#
-define(`corenet_udp_bind_$1_port',`
+interface(`corenet_udp_bind_$1_port',`
gen_require(`
type $1_port_t;
class udp_socket name_bind;
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 326c70c..8d7e753 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -36,7 +36,7 @@
##
##
#
-define(`dev_node',`
+interface(`dev_node',`
gen_require(`
attribute device_node;
')
@@ -60,7 +60,7 @@ define(`dev_node',`
##
##
#
-define(`dev_relabel_all_dev_nodes',`
+interface(`dev_relabel_all_dev_nodes',`
gen_require(`
attribute device_node;
type device_t;
@@ -92,7 +92,7 @@ define(`dev_relabel_all_dev_nodes',`
##
##
#
-define(`dev_list_all_dev_nodes',`
+interface(`dev_list_all_dev_nodes',`
gen_require(`
type device_t;
class dir r_dir_perms;
@@ -113,7 +113,7 @@ define(`dev_list_all_dev_nodes',`
##
##
#
-define(`dev_dontaudit_list_all_dev_nodes',`
+interface(`dev_dontaudit_list_all_dev_nodes',`
gen_require(`
type device_t;
class dir r_dir_perms;
@@ -132,7 +132,7 @@ define(`dev_dontaudit_list_all_dev_nodes',`
##
##
#
-define(`dev_create_dir',`
+interface(`dev_create_dir',`
gen_require(`
type device_t;
class dir { ra_dir_perms create };
@@ -151,7 +151,7 @@ define(`dev_create_dir',`
##
##
#
-define(`dev_relabel_dev_dirs',`
+interface(`dev_relabel_dev_dirs',`
gen_require(`
type device_t;
class dir { r_dir_perms relabelfrom relabelto };
@@ -170,7 +170,7 @@ define(`dev_relabel_dev_dirs',`
##
##
#
-define(`dev_dontaudit_getattr_generic_pipe',`
+interface(`dev_dontaudit_getattr_generic_pipe',`
gen_require(`
type device_t;
class fifo_file getattr;
@@ -189,7 +189,7 @@ define(`dev_dontaudit_getattr_generic_pipe',`
##
##
#
-define(`dev_getattr_generic_blk_file',`
+interface(`dev_getattr_generic_blk_file',`
gen_require(`
type device_t;
class dir r_dir_perms;
@@ -210,7 +210,7 @@ define(`dev_getattr_generic_blk_file',`
##
##
#
-define(`dev_dontaudit_getattr_generic_blk_file',`
+interface(`dev_dontaudit_getattr_generic_blk_file',`
gen_require(`
type device_t;
class blk_file getattr;
@@ -229,7 +229,7 @@ define(`dev_dontaudit_getattr_generic_blk_file',`
##
##
#
-define(`dev_dontaudit_setattr_generic_blk_file',`
+interface(`dev_dontaudit_setattr_generic_blk_file',`
gen_require(`
type device_t;
class blk_file setattr;
@@ -249,7 +249,7 @@ define(`dev_dontaudit_setattr_generic_blk_file',`
##
##
#
-define(`dev_manage_generic_blk_file',`
+interface(`dev_manage_generic_blk_file',`
gen_require(`
type device_t;
class blk_file create_file_perms;
@@ -269,7 +269,7 @@ define(`dev_manage_generic_blk_file',`
##
##
#
-define(`dev_create_generic_chr_file',`
+interface(`dev_create_generic_chr_file',`
gen_require(`
type device_t;
class dir ra_dir_perms;
@@ -293,7 +293,7 @@ define(`dev_create_generic_chr_file',`
##
##
#
-define(`dev_getattr_generic_chr_file',`
+interface(`dev_getattr_generic_chr_file',`
gen_require(`
type device_t;
class dir r_dir_perms;
@@ -314,7 +314,7 @@ define(`dev_getattr_generic_chr_file',`
##
##
#
-define(`dev_dontaudit_getattr_generic_chr_file',`
+interface(`dev_dontaudit_getattr_generic_chr_file',`
gen_require(`
type device_t;
class chr_file getattr;
@@ -333,7 +333,7 @@ define(`dev_dontaudit_getattr_generic_chr_file',`
##
##
#
-define(`dev_dontaudit_setattr_generic_chr_file',`
+interface(`dev_dontaudit_setattr_generic_chr_file',`
gen_require(`
type device_t;
class chr_file setattr;
@@ -352,7 +352,7 @@ define(`dev_dontaudit_setattr_generic_chr_file',`
##
##
#
-define(`dev_del_generic_symlinks',`
+interface(`dev_del_generic_symlinks',`
gen_require(`
type device_t;
class dir { getattr read write remove_name };
@@ -373,7 +373,7 @@ define(`dev_del_generic_symlinks',`
##
##
#
-define(`dev_manage_generic_symlinks',`
+interface(`dev_manage_generic_symlinks',`
gen_require(`
type device_t;
class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir relabelfrom relabelto };
@@ -394,7 +394,7 @@ define(`dev_manage_generic_symlinks',`
##
##
#
-define(`dev_manage_dev_nodes',`
+interface(`dev_manage_dev_nodes',`
gen_require(`
attribute device_node, memory_raw_read, memory_raw_write;
type device_t;
@@ -432,7 +432,7 @@ define(`dev_manage_dev_nodes',`
##
##
#
-define(`dev_dontaudit_rw_generic_dev_nodes',`
+interface(`dev_dontaudit_rw_generic_dev_nodes',`
gen_require(`
type device_t;
class chr_file { getattr read write ioctl };
@@ -452,7 +452,7 @@ define(`dev_dontaudit_rw_generic_dev_nodes',`
##
##
#
-define(`dev_manage_generic_blk_file',`
+interface(`dev_manage_generic_blk_file',`
gen_require(`
type device_t;
class dir rw_dir_perms;
@@ -473,7 +473,7 @@ define(`dev_manage_generic_blk_file',`
##
##
#
-define(`dev_manage_generic_chr_file',`
+interface(`dev_manage_generic_chr_file',`
gen_require(`
type device_t;
class dir rw_dir_perms;
@@ -502,7 +502,7 @@ define(`dev_manage_generic_chr_file',`
##
##
#
-define(`dev_create_dev_node',`
+interface(`dev_create_dev_node',`
gen_require(`
type device_t;
class dir rw_dir_perms;
@@ -526,7 +526,7 @@ define(`dev_create_dev_node',`
##
##
#
-define(`dev_getattr_all_blk_files',`
+interface(`dev_getattr_all_blk_files',`
gen_require(`
attribute device_node;
class blk_file getattr;
@@ -547,7 +547,7 @@ define(`dev_getattr_all_blk_files',`
##
##
#
-define(`dev_dontaudit_getattr_all_blk_files',`
+interface(`dev_dontaudit_getattr_all_blk_files',`
gen_require(`
attribute device_node;
class blk_file getattr;
@@ -566,7 +566,7 @@ define(`dev_dontaudit_getattr_all_blk_files',`
##
##
#
-define(`dev_getattr_all_chr_files',`
+interface(`dev_getattr_all_chr_files',`
gen_require(`
attribute device_node;
class chr_file getattr;
@@ -587,7 +587,7 @@ define(`dev_getattr_all_chr_files',`
##
##
#
-define(`dev_dontaudit_getattr_all_chr_files',`
+interface(`dev_dontaudit_getattr_all_chr_files',`
gen_require(`
attribute device_node;
class chr_file getattr;
@@ -606,7 +606,7 @@ define(`dev_dontaudit_getattr_all_chr_files',`
##
##
#
-define(`dev_setattr_all_blk_files',`
+interface(`dev_setattr_all_blk_files',`
gen_require(`
attribute device_node;
class dir r_dir_perms;
@@ -627,7 +627,7 @@ define(`dev_setattr_all_blk_files',`
##
##
#
-define(`dev_setattr_all_chr_files',`
+interface(`dev_setattr_all_chr_files',`
gen_require(`
attribute device_node;
class dir r_dir_perms;
@@ -648,7 +648,7 @@ define(`dev_setattr_all_chr_files',`
##
##
#
-define(`dev_manage_all_blk_files',`
+interface(`dev_manage_all_blk_files',`
gen_require(`
attribute device_node;
class dir rw_dir_perms;
@@ -675,7 +675,7 @@ define(`dev_manage_all_blk_files',`
##
##
#
-define(`dev_manage_all_chr_files',`
+interface(`dev_manage_all_chr_files',`
gen_require(`
attribute device_node, memory_raw_read, memory_raw_write;
class dir rw_dir_perms;
@@ -698,7 +698,7 @@ define(`dev_manage_all_chr_files',`
##
##
#
-define(`dev_read_raw_memory',`
+interface(`dev_read_raw_memory',`
gen_require(`
type device_t, memory_device_t;
attribute memory_raw_read;
@@ -724,7 +724,7 @@ define(`dev_read_raw_memory',`
##
##
#
-define(`dev_write_raw_memory',`
+interface(`dev_write_raw_memory',`
gen_require(`
type device_t, memory_device_t;
attribute memory_raw_write;
@@ -750,7 +750,7 @@ define(`dev_write_raw_memory',`
##
##
#
-define(`dev_rx_raw_memory',`
+interface(`dev_rx_raw_memory',`
gen_require(`
type device_t, memory_device_t;
class chr_file execute;
@@ -770,7 +770,7 @@ define(`dev_rx_raw_memory',`
##
##
#
-define(`dev_wx_raw_memory',`
+interface(`dev_wx_raw_memory',`
gen_require(`
type device_t, memory_device_t;
class chr_file execute;
@@ -790,7 +790,7 @@ define(`dev_wx_raw_memory',`
##
##
#
-define(`dev_read_rand',`
+interface(`dev_read_rand',`
gen_require(`
type device_t, random_device_t;
class dir r_dir_perms;
@@ -811,7 +811,7 @@ define(`dev_read_rand',`
##
##
#
-define(`dev_read_urand',`
+interface(`dev_read_urand',`
gen_require(`
type device_t, urandom_device_t;
class dir r_dir_perms;
@@ -834,7 +834,7 @@ define(`dev_read_urand',`
##
##
#
-define(`dev_write_rand',`
+interface(`dev_write_rand',`
gen_require(`
type device_t, random_device_t;
class dir r_dir_perms;
@@ -856,7 +856,7 @@ define(`dev_write_rand',`
##
##
#
-define(`dev_write_urand',`
+interface(`dev_write_urand',`
gen_require(`
type device_t, urandom_device_t;
class dir r_dir_perms;
@@ -877,7 +877,7 @@ define(`dev_write_urand',`
##
##
#
-define(`dev_rw_null_dev',`
+interface(`dev_rw_null_dev',`
gen_require(`
type device_t, null_device_t;
class device_t:dir r_dir_perms;
@@ -898,7 +898,7 @@ define(`dev_rw_null_dev',`
##
##
#
-define(`dev_rw_zero_dev',`
+interface(`dev_rw_zero_dev',`
gen_require(`
type device_t, zero_device_t;
class device_t:dir r_dir_perms;
@@ -919,7 +919,7 @@ define(`dev_rw_zero_dev',`
##
##
#
-define(`dev_rwx_zero_dev',`
+interface(`dev_rwx_zero_dev',`
gen_require(`
type zero_device_t;
class chr_file execute;
@@ -939,7 +939,7 @@ define(`dev_rwx_zero_dev',`
##
##
#
-define(`dev_read_realtime_clock',`
+interface(`dev_read_realtime_clock',`
gen_require(`
type device_t, clock_device_t;
class dir r_dir_perms;
@@ -960,7 +960,7 @@ define(`dev_read_realtime_clock',`
##
##
#
-define(`dev_write_realtime_clock',`
+interface(`dev_write_realtime_clock',`
gen_require(`
type device_t, clock_device_t;
class dir r_dir_perms;
@@ -981,7 +981,7 @@ define(`dev_write_realtime_clock',`
##
##
#
-define(`dev_rw_realtime_clock',`
+interface(`dev_rw_realtime_clock',`
dev_read_realtime_clock($1)
dev_write_realtime_clock($1)
')
@@ -996,7 +996,7 @@ define(`dev_rw_realtime_clock',`
##
##
#
-define(`dev_getattr_snd_dev',`
+interface(`dev_getattr_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@@ -1017,7 +1017,7 @@ define(`dev_getattr_snd_dev',`
##
##
#
-define(`dev_setattr_snd_dev',`
+interface(`dev_setattr_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@@ -1038,7 +1038,7 @@ define(`dev_setattr_snd_dev',`
##
##
#
-define(`dev_read_snd_dev',`
+interface(`dev_read_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@@ -1059,7 +1059,7 @@ define(`dev_read_snd_dev',`
##
##
#
-define(`dev_write_snd_dev',`
+interface(`dev_write_snd_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@@ -1080,7 +1080,7 @@ define(`dev_write_snd_dev',`
##
##
#
-define(`dev_read_snd_mixer_dev',`
+interface(`dev_read_snd_mixer_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@@ -1101,7 +1101,7 @@ define(`dev_read_snd_mixer_dev',`
##
##
#
-define(`dev_write_snd_mixer_dev',`
+interface(`dev_write_snd_mixer_dev',`
gen_require(`
type device_t, sound_device_t;
class dir r_dir_perms;
@@ -1122,7 +1122,7 @@ define(`dev_write_snd_mixer_dev',`
##
##
#
-define(`dev_rw_agp_dev',`
+interface(`dev_rw_agp_dev',`
gen_require(`
type device_t, agp_device_t;
class dir r_dir_perms;
@@ -1143,7 +1143,7 @@ define(`dev_rw_agp_dev',`
##
##
#
-define(`dev_getattr_agp_dev',`
+interface(`dev_getattr_agp_dev',`
gen_require(`
type device_t, dri_device_t;
class dir r_dir_perms;
@@ -1164,7 +1164,7 @@ define(`dev_getattr_agp_dev',`
##
##
#
-define(`dev_rw_dri_dev',`
+interface(`dev_rw_dri_dev',`
gen_require(`
type device_t, dri_device_t;
class dir r_dir_perms;
@@ -1185,7 +1185,7 @@ define(`dev_rw_dri_dev',`
##
##
#
-define(`dev_dontaudit_rw_dri_dev',`
+interface(`dev_dontaudit_rw_dri_dev',`
gen_require(`
type dri_device_t;
class chr_file { getattr read write ioctl };
@@ -1204,7 +1204,7 @@ define(`dev_dontaudit_rw_dri_dev',`
##
##
#
-define(`dev_read_mtrr',`
+interface(`dev_read_mtrr',`
gen_require(`
type device_t, mtrr_device_t;
class dir r_dir_perms;
@@ -1225,7 +1225,7 @@ define(`dev_read_mtrr',`
##
##
#
-define(`dev_write_mtrr',`
+interface(`dev_write_mtrr',`
gen_require(`
type device_t, mtrr_device_t;
class dir r_dir_perms;
@@ -1246,7 +1246,7 @@ define(`dev_write_mtrr',`
##
##
#
-define(`dev_getattr_framebuffer',`
+interface(`dev_getattr_framebuffer',`
gen_require(`
type framebuf_device_t;
class dir r_dir_perms;
@@ -1267,7 +1267,7 @@ define(`dev_getattr_framebuffer',`
##
##
#
-define(`dev_setattr_framebuffer',`
+interface(`dev_setattr_framebuffer',`
gen_require(`
type framebuf_device_t;
class dir r_dir_perms;
@@ -1288,7 +1288,7 @@ define(`dev_setattr_framebuffer',`
##
##
#
-define(`dev_read_framebuffer',`
+interface(`dev_read_framebuffer',`
gen_require(`
type framebuf_device_t;
class dir r_dir_perms;
@@ -1309,7 +1309,7 @@ define(`dev_read_framebuffer',`
##
##
#
-define(`dev_write_framebuffer',`
+interface(`dev_write_framebuffer',`
gen_require(`
type device_t, framebuf_device_t;
class dir r_dir_perms;
@@ -1330,7 +1330,7 @@ define(`dev_write_framebuffer',`
##
##
#
-define(`dev_read_lvm_control',`
+interface(`dev_read_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
class dir r_dir_perms;
@@ -1351,7 +1351,7 @@ define(`dev_read_lvm_control',`
##
##
#
-define(`dev_rw_lvm_control',`
+interface(`dev_rw_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
class dir r_dir_perms;
@@ -1372,7 +1372,7 @@ define(`dev_rw_lvm_control',`
##
##
#
-define(`dev_delete_lvm_control',`
+interface(`dev_delete_lvm_control',`
gen_require(`
type device_t, lvm_control_t;
class dir { getattr search read write remove_name };
@@ -1393,7 +1393,7 @@ define(`dev_delete_lvm_control',`
##
##
#
-define(`dev_getattr_misc',`
+interface(`dev_getattr_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@@ -1415,7 +1415,7 @@ define(`dev_getattr_misc',`
##
##
#
-define(`dev_dontaudit_getattr_misc',`
+interface(`dev_dontaudit_getattr_misc',`
gen_require(`
type misc_device_t;
class chr_file getattr;
@@ -1434,7 +1434,7 @@ define(`dev_dontaudit_getattr_misc',`
##
##
#
-define(`dev_setattr_misc',`
+interface(`dev_setattr_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@@ -1456,7 +1456,7 @@ define(`dev_setattr_misc',`
##
##
#
-define(`dev_dontaudit_setattr_misc',`
+interface(`dev_dontaudit_setattr_misc',`
gen_require(`
type misc_device_t;
class chr_file setattr;
@@ -1475,7 +1475,7 @@ define(`dev_dontaudit_setattr_misc',`
##
##
#
-define(`dev_read_misc',`
+interface(`dev_read_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@@ -1496,7 +1496,7 @@ define(`dev_read_misc',`
##
##
#
-define(`dev_write_misc',`
+interface(`dev_write_misc',`
gen_require(`
type device_t, misc_device_t;
class dir r_dir_perms;
@@ -1517,7 +1517,7 @@ define(`dev_write_misc',`
##
##
#
-define(`dev_getattr_mouse',`
+interface(`dev_getattr_mouse',`
gen_require(`
type device_t, mouse_device_t;
class dir r_dir_perms;
@@ -1538,7 +1538,7 @@ define(`dev_getattr_mouse',`
##
##
#
-define(`dev_setattr_mouse',`
+interface(`dev_setattr_mouse',`
gen_require(`
type device_t, mouse_device_t;
class dir r_dir_perms;
@@ -1559,7 +1559,7 @@ define(`dev_setattr_mouse',`
##
##
#
-define(`dev_read_mouse',`
+interface(`dev_read_mouse',`
gen_require(`
type device_t, mouse_device_t;
class dir r_dir_perms;
@@ -1580,7 +1580,7 @@ define(`dev_read_mouse',`
##
##
#
-define(`dev_read_input',`
+interface(`dev_read_input',`
gen_require(`
type device_t, event_device_t;
class dir r_dir_perms;
@@ -1601,7 +1601,7 @@ define(`dev_read_input',`
##
##
#
-define(`dev_read_cpuid',`
+interface(`dev_read_cpuid',`
gen_require(`
type device_t, cpu_device_t;
class dir r_dir_perms;
@@ -1623,7 +1623,7 @@ define(`dev_read_cpuid',`
##
##
#
-define(`dev_rw_cpu_microcode',`
+interface(`dev_rw_cpu_microcode',`
gen_require(`
type device_t, cpu_device_t;
class dir r_dir_perms;
@@ -1644,7 +1644,7 @@ define(`dev_rw_cpu_microcode',`
##
##
#
-define(`dev_getattr_scanner',`
+interface(`dev_getattr_scanner',`
gen_require(`
type device_t, scanner_device_t;
class dir r_dir_perms;
@@ -1666,7 +1666,7 @@ define(`dev_getattr_scanner',`
##
##
#
-define(`dev_dontaudit_getattr_scanner',`
+interface(`dev_dontaudit_getattr_scanner',`
gen_require(`
type scanner_device_t;
class chr_file getattr;
@@ -1685,7 +1685,7 @@ define(`dev_dontaudit_getattr_scanner',`
##
##
#
-define(`dev_setattr_scanner',`
+interface(`dev_setattr_scanner',`
gen_require(`
type device_t, scanner_device_t;
class dir r_dir_perms;
@@ -1707,7 +1707,7 @@ define(`dev_setattr_scanner',`
##
##
#
-define(`dev_dontaudit_setattr_scanner',`
+interface(`dev_dontaudit_setattr_scanner',`
gen_require(`
type scanner_device_t;
class chr_file getattr;
@@ -1726,7 +1726,7 @@ define(`dev_dontaudit_setattr_scanner',`
##
##
#
-define(`dev_rw_scanner',`
+interface(`dev_rw_scanner',`
gen_require(`
type device_t, scanner_device_t;
class dir r_dir_perms;
@@ -1747,7 +1747,7 @@ define(`dev_rw_scanner',`
##
##
#
-define(`dev_getattr_power_management',`
+interface(`dev_getattr_power_management',`
gen_require(`
type device_t, power_device_t;
class dir r_dir_perms;
@@ -1768,7 +1768,7 @@ define(`dev_getattr_power_management',`
##
##
#
-define(`dev_setattr_power_management',`
+interface(`dev_setattr_power_management',`
gen_require(`
type device_t, power_device_t;
class dir r_dir_perms;
@@ -1789,7 +1789,7 @@ define(`dev_setattr_power_management',`
##
##
#
-define(`dev_rw_power_management',`
+interface(`dev_rw_power_management',`
gen_require(`
type device_t, power_device_t;
class dir r_dir_perms;
@@ -1810,7 +1810,7 @@ define(`dev_rw_power_management',`
##
##
#
-define(`dev_getattr_sysfs_dir',`
+interface(`dev_getattr_sysfs_dir',`
gen_require(`
type sysfs_t;
class dir getattr;
@@ -1829,7 +1829,7 @@ define(`dev_getattr_sysfs_dir',`
##
##
#
-define(`dev_search_sysfs',`
+interface(`dev_search_sysfs',`
gen_require(`
type sysfs_t;
class dir search;
@@ -1848,7 +1848,7 @@ define(`dev_search_sysfs',`
##
##
#
-define(`dev_read_sysfs',`
+interface(`dev_read_sysfs',`
gen_require(`
type sysfs_t;
class dir r_dir_perms;
@@ -1870,7 +1870,7 @@ define(`dev_read_sysfs',`
##
##
#
-define(`dev_rw_sysfs',`
+interface(`dev_rw_sysfs',`
gen_require(`
type sysfs_t;
class dir r_dir_perms;
@@ -1893,7 +1893,7 @@ define(`dev_rw_sysfs',`
##
##
#
-define(`dev_search_usbfs',`
+interface(`dev_search_usbfs',`
gen_require(`
type usbfs_t;
class dir search;
@@ -1912,7 +1912,7 @@ define(`dev_search_usbfs',`
##
##
#
-define(`dev_list_usbfs',`
+interface(`dev_list_usbfs',`
gen_require(`
type usbfs_t;
class dir r_dir_perms;
@@ -1936,7 +1936,7 @@ define(`dev_list_usbfs',`
##
##
#
-define(`dev_read_usbfs',`
+interface(`dev_read_usbfs',`
gen_require(`
type usbfs_t;
class dir r_dir_perms;
@@ -1958,7 +1958,7 @@ define(`dev_read_usbfs',`
##
##
#
-define(`dev_rw_usbfs',`
+interface(`dev_rw_usbfs',`
gen_require(`
type usbfs_t;
class dir r_dir_perms;
@@ -1981,7 +1981,7 @@ define(`dev_rw_usbfs',`
##
##
#
-define(`dev_getattr_video_dev',`
+interface(`dev_getattr_video_dev',`
gen_require(`
type device_t, v4l_device_t;
class dir r_dir_perms;
@@ -2002,7 +2002,7 @@ define(`dev_getattr_video_dev',`
##
##
#
-define(`dev_setattr_video_dev',`
+interface(`dev_setattr_video_dev',`
gen_require(`
type device_t, v4l_device_t;
class dir r_dir_perms;
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 8bdc175..e3e5442 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -11,7 +11,7 @@
##
##
#
-define(`fs_make_fs',`
+interface(`fs_make_fs',`
gen_require(`
attribute fs_type;
')
@@ -31,7 +31,7 @@ define(`fs_make_fs',`
##
##
#
-define(`fs_make_noxattr_fs',`
+interface(`fs_make_noxattr_fs',`
gen_require(`
attribute noxattrfs;
')
@@ -54,7 +54,7 @@ define(`fs_make_noxattr_fs',`
##
##
#
-define(`fs_associate',`
+interface(`fs_associate',`
gen_require(`
type fs_t;
class filesystem associate;
@@ -77,7 +77,7 @@ define(`fs_associate',`
##
##
#
-define(`fs_associate_noxattr',`
+interface(`fs_associate_noxattr',`
gen_require(`
attribute noxattrfs;
class filesystem associate;
@@ -98,7 +98,7 @@ define(`fs_associate_noxattr',`
##
##
#
-define(`fs_mount_xattr_fs',`
+interface(`fs_mount_xattr_fs',`
gen_require(`
type fs_t;
class filesystem mount;
@@ -120,7 +120,7 @@ define(`fs_mount_xattr_fs',`
##
##
#
-define(`fs_remount_xattr_fs',`
+interface(`fs_remount_xattr_fs',`
gen_require(`
type fs_t;
class filesystem remount;
@@ -141,7 +141,7 @@ define(`fs_remount_xattr_fs',`
##
##
#
-define(`fs_unmount_xattr_fs',`
+interface(`fs_unmount_xattr_fs',`
gen_require(`
type fs_t;
class filesystem unmount;
@@ -163,7 +163,7 @@ define(`fs_unmount_xattr_fs',`
##
##
#
-define(`fs_getattr_xattr_fs',`
+interface(`fs_getattr_xattr_fs',`
gen_require(`
type fs_t;
class filesystem getattr;
@@ -185,7 +185,7 @@ define(`fs_getattr_xattr_fs',`
##
##
#
-define(`fs_dontaudit_getattr_xattr_fs',`
+interface(`fs_dontaudit_getattr_xattr_fs',`
gen_require(`
type fs_t;
class filesystem getattr;
@@ -206,7 +206,7 @@ define(`fs_dontaudit_getattr_xattr_fs',`
##
##
#
-define(`fs_relabelfrom_xattr_fs',`
+interface(`fs_relabelfrom_xattr_fs',`
gen_require(`
type fs_t;
class filesystem relabelfrom;
@@ -225,7 +225,7 @@ define(`fs_relabelfrom_xattr_fs',`
##
##
#
-define(`fs_mount_autofs',`
+interface(`fs_mount_autofs',`
gen_require(`
type autofs_t;
class filesystem mount;
@@ -246,7 +246,7 @@ define(`fs_mount_autofs',`
##
##
#
-define(`fs_remount_autofs',`
+interface(`fs_remount_autofs',`
gen_require(`
type autofs_t;
class filesystem remount;
@@ -265,7 +265,7 @@ define(`fs_remount_autofs',`
##
##
#
-define(`fs_unmount_autofs',`
+interface(`fs_unmount_autofs',`
gen_require(`
type autofs_t;
class filesystem unmount;
@@ -286,7 +286,7 @@ define(`fs_unmount_autofs',`
##
##
#
-define(`fs_getattr_autofs',`
+interface(`fs_getattr_autofs',`
gen_require(`
type autofs_t;
class filesystem getattr;
@@ -312,7 +312,7 @@ define(`fs_getattr_autofs',`
##
##
#
-define(`fs_register_binary_executable_type',`
+interface(`fs_register_binary_executable_type',`
gen_require(`
type binfmt_misc_fs_t;
class dir { getattr search };
@@ -333,7 +333,7 @@ define(`fs_register_binary_executable_type',`
##
##
#
-define(`fs_mount_cifs',`
+interface(`fs_mount_cifs',`
gen_require(`
type cifs_t;
class filesystem mount;
@@ -353,7 +353,7 @@ define(`fs_mount_cifs',`
##
##
#
-define(`fs_remount_cifs',`
+interface(`fs_remount_cifs',`
gen_require(`
type cifs_t;
class filesystem remount;
@@ -372,7 +372,7 @@ define(`fs_remount_cifs',`
##
##
#
-define(`fs_unmount_cifs',`
+interface(`fs_unmount_cifs',`
gen_require(`
type cifs_t;
class filesystem unmount;
@@ -393,7 +393,7 @@ define(`fs_unmount_cifs',`
##
##
#
-define(`fs_getattr_cifs',`
+interface(`fs_getattr_cifs',`
gen_require(`
type cifs_t;
class filesystem getattr;
@@ -412,7 +412,7 @@ define(`fs_getattr_cifs',`
##
##
#
-define(`fs_read_cifs_files',`
+interface(`fs_read_cifs_files',`
gen_require(`
type cifs_t;
class dir r_dir_perms;
@@ -434,7 +434,7 @@ define(`fs_read_cifs_files',`
##
##
#
-define(`fs_dontaudit_rw_cifs_files',`
+interface(`fs_dontaudit_rw_cifs_files',`
gen_require(`
type cifs_t;
class file { read write };
@@ -453,7 +453,7 @@ define(`fs_dontaudit_rw_cifs_files',`
##
##
#
-define(`fs_read_cifs_symlinks',`
+interface(`fs_read_cifs_symlinks',`
gen_require(`
type cifs_t;
class dir r_dir_perms;
@@ -476,7 +476,7 @@ define(`fs_read_cifs_symlinks',`
##
##
#
-define(`fs_execute_cifs_files',`
+interface(`fs_execute_cifs_files',`
gen_require(`
type cifs_t;
class dir r_dir_perms;
@@ -497,7 +497,7 @@ define(`fs_execute_cifs_files',`
##
##
#
-define(`fs_read_cifs_files',`
+interface(`fs_read_cifs_files',`
gen_require(`
type cifs_t;
class file { read write };
@@ -517,7 +517,7 @@ define(`fs_read_cifs_files',`
##
##
#
-define(`fs_manage_cifs_dirs',`
+interface(`fs_manage_cifs_dirs',`
gen_require(`
type cifs_t;
class dir create_dir_perms;
@@ -537,7 +537,7 @@ define(`fs_manage_cifs_dirs',`
##
##
#
-define(`fs_manage_cifs_files',`
+interface(`fs_manage_cifs_files',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@@ -559,7 +559,7 @@ define(`fs_manage_cifs_files',`
##
##
#
-define(`fs_manage_cifs_symlinks',`
+interface(`fs_manage_cifs_symlinks',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@@ -581,7 +581,7 @@ define(`fs_manage_cifs_symlinks',`
##
##
#
-define(`fs_manage_cifs_named_pipes',`
+interface(`fs_manage_cifs_named_pipes',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@@ -603,7 +603,7 @@ define(`fs_manage_cifs_named_pipes',`
##
##
#
-define(`fs_manage_cifs_named_sockets',`
+interface(`fs_manage_cifs_named_sockets',`
gen_require(`
type cifs_t;
class dir rw_dir_perms;
@@ -625,7 +625,7 @@ define(`fs_manage_cifs_named_sockets',`
##
##
#
-define(`fs_mount_dos_fs',`
+interface(`fs_mount_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem mount;
@@ -646,7 +646,7 @@ define(`fs_mount_dos_fs',`
##
##
#
-define(`fs_remount_dos_fs',`
+interface(`fs_remount_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem remount;
@@ -666,7 +666,7 @@ define(`fs_remount_dos_fs',`
##
##
#
-define(`fs_unmount_dos_fs',`
+interface(`fs_unmount_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem unmount;
@@ -687,7 +687,7 @@ define(`fs_unmount_dos_fs',`
##
##
#
-define(`fs_getattr_dos_fs',`
+interface(`fs_getattr_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem getattr;
@@ -707,7 +707,7 @@ define(`fs_getattr_dos_fs',`
##
##
#
-define(`fs_relabelfrom_dos_fs',`
+interface(`fs_relabelfrom_dos_fs',`
gen_require(`
type dosfs_t;
class filesystem relabelfrom;
@@ -727,7 +727,7 @@ define(`fs_relabelfrom_dos_fs',`
##
##
#
-define(`fs_mount_iso9660_fs',`
+interface(`fs_mount_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem mount;
@@ -748,7 +748,7 @@ define(`fs_mount_iso9660_fs',`
##
##
#
-define(`fs_remount_iso9660_fs',`
+interface(`fs_remount_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem remount;
@@ -768,7 +768,7 @@ define(`fs_remount_iso9660_fs',`
##
##
#
-define(`fs_unmount_iso9660_fs',`
+interface(`fs_unmount_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem unmount;
@@ -789,7 +789,7 @@ define(`fs_unmount_iso9660_fs',`
##
##
#
-define(`fs_getattr_iso9660_fs',`
+interface(`fs_getattr_iso9660_fs',`
gen_require(`
type iso9660_t;
class filesystem getattr;
@@ -808,7 +808,7 @@ define(`fs_getattr_iso9660_fs',`
##
##
#
-define(`fs_mount_nfs',`
+interface(`fs_mount_nfs',`
gen_require(`
type nfs_t;
class filesystem mount;
@@ -828,7 +828,7 @@ define(`fs_mount_nfs',`
##
##
#
-define(`fs_remount_nfs',`
+interface(`fs_remount_nfs',`
gen_require(`
type nfs_t;
class filesystem remount;
@@ -847,7 +847,7 @@ define(`fs_remount_nfs',`
##
##
#
-define(`fs_unmount_nfs',`
+interface(`fs_unmount_nfs',`
gen_require(`
type nfs_t;
class filesystem unmount;
@@ -867,7 +867,7 @@ define(`fs_unmount_nfs',`
##
##
#
-define(`fs_getattr_nfs',`
+interface(`fs_getattr_nfs',`
gen_require(`
type nfs_t;
class filesystem getattr;
@@ -886,7 +886,7 @@ define(`fs_getattr_nfs',`
##
##
#
-define(`fs_read_nfs_files',`
+interface(`fs_read_nfs_files',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@@ -907,7 +907,7 @@ define(`fs_read_nfs_files',`
##
##
#
-define(`fs_execute_nfs_files',`
+interface(`fs_execute_nfs_files',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@@ -928,7 +928,7 @@ define(`fs_execute_nfs_files',`
##
##
#
-define(`fs_dontaudit_rw_nfs_files',`
+interface(`fs_dontaudit_rw_nfs_files',`
gen_require(`
type nfs_t;
class file { read write };
@@ -947,7 +947,7 @@ define(`fs_dontaudit_rw_nfs_files',`
##
##
#
-define(`fs_read_nfs_symlinks',`
+interface(`fs_read_nfs_symlinks',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@@ -969,7 +969,7 @@ define(`fs_read_nfs_symlinks',`
##
##
#
-define(`fs_manage_nfs_dirs',`
+interface(`fs_manage_nfs_dirs',`
gen_require(`
type nfs_t;
class dir create_dir_perms;
@@ -989,7 +989,7 @@ define(`fs_manage_nfs_dirs',`
##
##
#
-define(`fs_manage_nfs_files',`
+interface(`fs_manage_nfs_files',`
gen_require(`
type nfs_t;
class dir rw_dir_perms;
@@ -1011,7 +1011,7 @@ define(`fs_manage_nfs_files',`
##
##
#
-define(`fs_manage_nfs_symlinks',`
+interface(`fs_manage_nfs_symlinks',`
gen_require(`
type nfs_t;
class dir r_dir_perms;
@@ -1033,7 +1033,7 @@ define(`fs_manage_nfs_symlinks',`
##
##
#
-define(`fs_manage_nfs_named_pipes',`
+interface(`fs_manage_nfs_named_pipes',`
gen_require(`
type nfs_t;
class dir rw_dir_perms;
@@ -1055,7 +1055,7 @@ define(`fs_manage_nfs_named_pipes',`
##
##
#
-define(`fs_manage_nfs_named_sockets',`
+interface(`fs_manage_nfs_named_sockets',`
gen_require(`
type nfs_t;
class dir rw_dir_perms;
@@ -1076,7 +1076,7 @@ define(`fs_manage_nfs_named_sockets',`
##
##
#
-define(`fs_mount_nfsd_fs',`
+interface(`fs_mount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem mount;
@@ -1096,7 +1096,7 @@ define(`fs_mount_nfsd_fs',`
##
##
#
-define(`fs_remount_nfsd_fs',`
+interface(`fs_remount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem remount;
@@ -1115,7 +1115,7 @@ define(`fs_remount_nfsd_fs',`
##
##
#
-define(`fs_unmount_nfsd_fs',`
+interface(`fs_unmount_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem unmount;
@@ -1136,7 +1136,7 @@ define(`fs_unmount_nfsd_fs',`
##
##
#
-define(`fs_getattr_nfsd_fs',`
+interface(`fs_getattr_nfsd_fs',`
gen_require(`
type nfsd_fs_t;
class filesystem getattr;
@@ -1155,7 +1155,7 @@ define(`fs_getattr_nfsd_fs',`
##
##
#
-define(`fs_mount_ramfs',`
+interface(`fs_mount_ramfs',`
gen_require(`
type ramfs_t;
class filesystem mount;
@@ -1175,7 +1175,7 @@ define(`fs_mount_ramfs',`
##
##
#
-define(`fs_remount_ramfs',`
+interface(`fs_remount_ramfs',`
gen_require(`
type ramfs_t;
class filesystem remount;
@@ -1194,7 +1194,7 @@ define(`fs_remount_ramfs',`
##
##
#
-define(`fs_unmount_ramfs',`
+interface(`fs_unmount_ramfs',`
gen_require(`
type ramfs_t;
class filesystem unmount;
@@ -1214,7 +1214,7 @@ define(`fs_unmount_ramfs',`
##
##
#
-define(`fs_getattr_ramfs',`
+interface(`fs_getattr_ramfs',`
gen_require(`
type ramfs_t;
class filesystem getattr;
@@ -1233,7 +1233,7 @@ define(`fs_getattr_ramfs',`
##
##
#
-define(`fs_mount_romfs',`
+interface(`fs_mount_romfs',`
gen_require(`
type romfs_t;
class filesystem mount;
@@ -1253,7 +1253,7 @@ define(`fs_mount_romfs',`
##
##
#
-define(`fs_remount_romfs',`
+interface(`fs_remount_romfs',`
gen_require(`
type romfs_t;
class filesystem remount;
@@ -1272,7 +1272,7 @@ define(`fs_remount_romfs',`
##
##
#
-define(`fs_unmount_romfs',`
+interface(`fs_unmount_romfs',`
gen_require(`
type romfs_t;
class filesystem unmount;
@@ -1293,7 +1293,7 @@ define(`fs_unmount_romfs',`
##
##
#
-define(`fs_getattr_romfs',`
+interface(`fs_getattr_romfs',`
gen_require(`
type romfs_t;
class filesystem getattr;
@@ -1312,7 +1312,7 @@ define(`fs_getattr_romfs',`
##
##
#
-define(`fs_mount_rpc_pipefs',`
+interface(`fs_mount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem mount;
@@ -1332,7 +1332,7 @@ define(`fs_mount_rpc_pipefs',`
##
##
#
-define(`fs_remount_rpc_pipefs',`
+interface(`fs_remount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem remount;
@@ -1351,7 +1351,7 @@ define(`fs_remount_rpc_pipefs',`
##
##
#
-define(`fs_unmount_rpc_pipefs',`
+interface(`fs_unmount_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem unmount;
@@ -1372,7 +1372,7 @@ define(`fs_unmount_rpc_pipefs',`
##
##
#
-define(`fs_getattr_rpc_pipefs',`
+interface(`fs_getattr_rpc_pipefs',`
gen_require(`
type rpc_pipefs_t;
class filesystem getattr;
@@ -1391,7 +1391,7 @@ define(`fs_getattr_rpc_pipefs',`
##
##
#
-define(`fs_mount_tmpfs',`
+interface(`fs_mount_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem mount;
@@ -1410,7 +1410,7 @@ define(`fs_mount_tmpfs',`
##
##
#
-define(`fs_remount_tmpfs',`
+interface(`fs_remount_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem remount;
@@ -1429,7 +1429,7 @@ define(`fs_remount_tmpfs',`
##
##
#
-define(`fs_unmount_tmpfs',`
+interface(`fs_unmount_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem unmount;
@@ -1450,7 +1450,7 @@ define(`fs_unmount_tmpfs',`
##
##
#
-define(`fs_getattr_tmpfs',`
+interface(`fs_getattr_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem getattr;
@@ -1469,7 +1469,7 @@ define(`fs_getattr_tmpfs',`
##
##
#
-define(`fs_associate_tmpfs',`
+interface(`fs_associate_tmpfs',`
gen_require(`
type tmpfs_t;
class filesystem associate;
@@ -1482,7 +1482,7 @@ define(`fs_associate_tmpfs',`
#
# fs_create_tmpfs_data(domain,derivedtype,[class])
#
-define(`fs_create_tmpfs_data',`
+interface(`fs_create_tmpfs_data',`
gen_require(`
type tmpfs_t;
class filesystem associate;
@@ -1509,7 +1509,7 @@ define(`fs_create_tmpfs_data',`
##
##
#
-define(`fs_use_tmpfs_character_devices',`
+interface(`fs_use_tmpfs_character_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@@ -1530,7 +1530,7 @@ define(`fs_use_tmpfs_character_devices',`
##
##
#
-define(`fs_relabel_tmpfs_character_devices',`
+interface(`fs_relabel_tmpfs_character_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@@ -1551,7 +1551,7 @@ define(`fs_relabel_tmpfs_character_devices',`
##
##
#
-define(`fs_use_tmpfs_block_devices',`
+interface(`fs_use_tmpfs_block_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@@ -1572,7 +1572,7 @@ define(`fs_use_tmpfs_block_devices',`
##
##
#
-define(`fs_relabel_tmpfs_block_devices',`
+interface(`fs_relabel_tmpfs_block_devices',`
gen_require(`
type tmpfs_t;
class dir r_dir_perms;
@@ -1594,7 +1594,7 @@ define(`fs_relabel_tmpfs_block_devices',`
##
##
#
-define(`fs_manage_tmpfs_character_devices',`
+interface(`fs_manage_tmpfs_character_devices',`
gen_require(`
type tmpfs_t;
class dir rw_dir_perms;
@@ -1616,7 +1616,7 @@ define(`fs_manage_tmpfs_character_devices',`
##
##
#
-define(`fs_manage_tmpfs_block_devices',`
+interface(`fs_manage_tmpfs_block_devices',`
gen_require(`
type tmpfs_t;
class dir rw_dir_perms;
@@ -1637,7 +1637,7 @@ define(`fs_manage_tmpfs_block_devices',`
##
##
#
-define(`fs_mount_all_fs',`
+interface(`fs_mount_all_fs',`
gen_require(`
attribute fs_type;
class filesystem mount;
@@ -1657,7 +1657,7 @@ define(`fs_mount_all_fs',`
##
##
#
-define(`fs_remount_all_fs',`
+interface(`fs_remount_all_fs',`
gen_require(`
attribute fs_type;
class filesystem remount;
@@ -1676,7 +1676,7 @@ define(`fs_remount_all_fs',`
##
##
#
-define(`fs_unmount_all_fs',`
+interface(`fs_unmount_all_fs',`
gen_require(`
attribute fs_type;
class filesystem unmount;
@@ -1697,7 +1697,7 @@ define(`fs_unmount_all_fs',`
##
##
#
-define(`fs_getattr_all_fs',`
+interface(`fs_getattr_all_fs',`
gen_require(`
attribute fs_type;
class filesystem getattr;
@@ -1716,7 +1716,7 @@ define(`fs_getattr_all_fs',`
##
##
#
-define(`fs_get_all_fs_quotas',`
+interface(`fs_get_all_fs_quotas',`
gen_require(`
attribute fs_type;
class filesystem quotaget;
@@ -1735,7 +1735,7 @@ define(`fs_get_all_fs_quotas',`
##
##
#
-define(`fs_set_all_quotas',`
+interface(`fs_set_all_quotas',`
gen_require(`
attribute fs_type;
class filesystem quotamod;
@@ -1748,7 +1748,7 @@ define(`fs_set_all_quotas',`
#
# fs_getattr_all_files(type)
#
-define(`fs_getattr_all_files',`
+interface(`fs_getattr_all_files',`
gen_require(`
attribute fs_type;
class dir { search getattr };
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index e9183db..8c13fdf 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -18,7 +18,7 @@
##
##
#
-define(`kernel_userland_entry',`
+interface(`kernel_userland_entry',`
gen_require(`
type kernel_t;
class process sigchld;
@@ -45,7 +45,7 @@ define(`kernel_userland_entry',`
##
##
#
-define(`kernel_rootfs_mountpoint',`
+interface(`kernel_rootfs_mountpoint',`
gen_require(`
type kernel_t;
class dir mounton;
@@ -64,7 +64,7 @@ define(`kernel_rootfs_mountpoint',`
##
##
#
-define(`kernel_sigchld',`
+interface(`kernel_sigchld',`
gen_require(`
type kernel_t;
class process sigchld;
@@ -84,7 +84,7 @@ define(`kernel_sigchld',`
##
##
#
-define(`kernel_share_state',`
+interface(`kernel_share_state',`
gen_require(`
type kernel_t;
class process share;
@@ -103,7 +103,7 @@ define(`kernel_share_state',`
##
##
#
-define(`kernel_use_fd',`
+interface(`kernel_use_fd',`
gen_require(`
type kernel_t;
class fd use;
@@ -123,7 +123,7 @@ define(`kernel_use_fd',`
##
##
#
-define(`kernel_dontaudit_use_fd',`
+interface(`kernel_dontaudit_use_fd',`
gen_require(`
type kernel_t;
class fd use;
@@ -142,7 +142,7 @@ define(`kernel_dontaudit_use_fd',`
##
##
#
-define(`kernel_load_module',`
+interface(`kernel_load_module',`
gen_require(`
attribute can_load_kernmodule;
class capability sys_module;
@@ -162,7 +162,7 @@ define(`kernel_load_module',`
##
##
#
-define(`kernel_read_ring_buffer',`
+interface(`kernel_read_ring_buffer',`
gen_require(`
type kernel_t;
class system syslog_read;
@@ -181,7 +181,7 @@ define(`kernel_read_ring_buffer',`
##
##
#
-define(`kernel_dontaudit_read_ring_buffer',`
+interface(`kernel_dontaudit_read_ring_buffer',`
gen_require(`
type kernel_t;
class system syslog_read;
@@ -200,7 +200,7 @@ define(`kernel_dontaudit_read_ring_buffer',`
##
##
#
-define(`kernel_change_ring_buffer_level',`
+interface(`kernel_change_ring_buffer_level',`
gen_require(`
type kernel_t;
class system syslog_console;
@@ -219,7 +219,7 @@ define(`kernel_change_ring_buffer_level',`
##
##
#
-define(`kernel_clear_ring_buffer',`
+interface(`kernel_clear_ring_buffer',`
gen_require(`
type kernel_t;
class system syslog_mod;
@@ -238,7 +238,7 @@ define(`kernel_clear_ring_buffer',`
##
##
#
-define(`kernel_get_sysvipc_info',`
+interface(`kernel_get_sysvipc_info',`
gen_require(`
type kernel_t;
class system ipc_info;
@@ -257,7 +257,7 @@ define(`kernel_get_sysvipc_info',`
##
##
#
-define(`kernel_read_system_state',`
+interface(`kernel_read_system_state',`
gen_require(`
type proc_t;
class dir r_dir_perms;
@@ -281,7 +281,7 @@ define(`kernel_read_system_state',`
##
##
#
-define(`kernel_dontaudit_read_system_state',`
+interface(`kernel_dontaudit_read_system_state',`
gen_require(`
type proc_t;
class file read;
@@ -300,7 +300,7 @@ define(`kernel_dontaudit_read_system_state',`
##
##
#
-define(`kernel_read_software_raid_state',`
+interface(`kernel_read_software_raid_state',`
gen_require(`
type proc_t, proc_mdstat_t;
class dir r_dir_perms;
@@ -321,7 +321,7 @@ define(`kernel_read_software_raid_state',`
##
##
#
-define(`kernel_getattr_core',`
+interface(`kernel_getattr_core',`
gen_require(`
type proc_t, proc_kcore_t;
class dir { search getattr read };
@@ -343,7 +343,7 @@ define(`kernel_getattr_core',`
##
##
#
-define(`kernel_dontaudit_getattr_core',`
+interface(`kernel_dontaudit_getattr_core',`
gen_require(`
type proc_kcore_t;
class file getattr;
@@ -363,7 +363,7 @@ define(`kernel_dontaudit_getattr_core',`
##
##
#
-define(`kernel_read_messages',`
+interface(`kernel_read_messages',`
gen_require(`
attribute can_receive_kernel_messages;
type proc_kmsg_t, proc_t;
@@ -387,7 +387,7 @@ define(`kernel_read_messages',`
##
##
#
-define(`kernel_getattr_message_if',`
+interface(`kernel_getattr_message_if',`
gen_require(`
type proc_kmsg_t, proc_t;
class dir search;
@@ -409,7 +409,7 @@ define(`kernel_getattr_message_if',`
##
##
#
-define(`kernel_dontaudit_getattr_message_if',`
+interface(`kernel_dontaudit_getattr_message_if',`
gen_require(`
type proc_kmsg_t, proc_t;
class file getattr;
@@ -429,7 +429,7 @@ define(`kernel_dontaudit_getattr_message_if',`
##
##
#
-define(`kernel_read_network_state',`
+interface(`kernel_read_network_state',`
gen_require(`
type proc_t, proc_net_t;
class dir r_dir_perms;
@@ -452,7 +452,7 @@ define(`kernel_read_network_state',`
##
##
#
-define(`kernel_dontaudit_search_sysctl_dir',`
+interface(`kernel_dontaudit_search_sysctl_dir',`
gen_require(`
type sysctl_t;
class dir search;
@@ -471,7 +471,7 @@ define(`kernel_dontaudit_search_sysctl_dir',`
##
##
#
-define(`kernel_read_device_sysctl',`
+interface(`kernel_read_device_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
class dir r_dir_perms;
@@ -494,7 +494,7 @@ define(`kernel_read_device_sysctl',`
##
##
#
-define(`kernel_rw_device_sysctl',`
+interface(`kernel_rw_device_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
class dir r_dir_perms;
@@ -517,7 +517,7 @@ define(`kernel_rw_device_sysctl',`
##
##
#
-define(`kernel_read_vm_sysctl',`
+interface(`kernel_read_vm_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
class dir r_dir_perms;
@@ -539,7 +539,7 @@ define(`kernel_read_vm_sysctl',`
##
##
#
-define(`kernel_rw_vm_sysctl',`
+interface(`kernel_rw_vm_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
class dir r_dir_perms;
@@ -561,7 +561,7 @@ define(`kernel_rw_vm_sysctl',`
##
##
#
-define(`kernel_dontaudit_search_network_sysctl_dir',`
+interface(`kernel_dontaudit_search_network_sysctl_dir',`
gen_require(`
type sysctl_net_t;
class dir search;
@@ -581,7 +581,7 @@ define(`kernel_dontaudit_search_network_sysctl_dir',`
##
##
#
-define(`kernel_read_net_sysctl',`
+interface(`kernel_read_net_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
class dir r_dir_perms;
@@ -604,7 +604,7 @@ define(`kernel_read_net_sysctl',`
##
##
#
-define(`kernel_rw_net_sysctl',`
+interface(`kernel_rw_net_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
class dir r_dir_perms;
@@ -628,7 +628,7 @@ define(`kernel_rw_net_sysctl',`
##
##
#
-define(`kernel_read_unix_sysctl',`
+interface(`kernel_read_unix_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
class dir r_dir_perms;
@@ -652,7 +652,7 @@ define(`kernel_read_unix_sysctl',`
##
##
#
-define(`kernel_rw_unix_sysctl',`
+interface(`kernel_rw_unix_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
class dir r_dir_perms;
@@ -675,7 +675,7 @@ define(`kernel_rw_unix_sysctl',`
##
##
#
-define(`kernel_read_hotplug_sysctl',`
+interface(`kernel_read_hotplug_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
class dir r_dir_perms;
@@ -698,7 +698,7 @@ define(`kernel_read_hotplug_sysctl',`
##
##
#
-define(`kernel_rw_hotplug_sysctl',`
+interface(`kernel_rw_hotplug_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
class dir r_dir_perms;
@@ -721,7 +721,7 @@ define(`kernel_rw_hotplug_sysctl',`
##
##
#
-define(`kernel_read_modprobe_sysctl',`
+interface(`kernel_read_modprobe_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
class dir r_dir_perms;
@@ -744,7 +744,7 @@ define(`kernel_read_modprobe_sysctl',`
##
##
#
-define(`kernel_rw_modprobe_sysctl',`
+interface(`kernel_rw_modprobe_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
class dir r_dir_perms;
@@ -767,7 +767,7 @@ define(`kernel_rw_modprobe_sysctl',`
##
##
#
-define(`kernel_read_kernel_sysctl',`
+interface(`kernel_read_kernel_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
class dir r_dir_perms;
@@ -790,7 +790,7 @@ define(`kernel_read_kernel_sysctl',`
##
##
#
-define(`kernel_rw_kernel_sysctl',`
+interface(`kernel_rw_kernel_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
class dir r_dir_perms;
@@ -813,7 +813,7 @@ define(`kernel_rw_kernel_sysctl',`
##
##
#
-define(`kernel_read_fs_sysctl',`
+interface(`kernel_read_fs_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
class dir r_dir_perms;
@@ -836,7 +836,7 @@ define(`kernel_read_fs_sysctl',`
##
##
#
-define(`kernel_rw_fs_sysctl',`
+interface(`kernel_rw_fs_sysctl',`
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
class dir r_dir_perms;
@@ -859,7 +859,7 @@ define(`kernel_rw_fs_sysctl',`
##
##
#
-define(`kernel_read_irq_sysctl',`
+interface(`kernel_read_irq_sysctl',`
gen_require(`
type proc_t, sysctl_irq_t;
class dir r_dir_perms;
@@ -882,7 +882,7 @@ define(`kernel_read_irq_sysctl',`
##
##
#
-define(`kernel_rw_irq_sysctl',`
+interface(`kernel_rw_irq_sysctl',`
gen_require(`
type proc_t, sysctl_irq_t;
class dir r_dir_perms;
@@ -898,7 +898,7 @@ define(`kernel_rw_irq_sysctl',`
#
# kernel_read_rpc_sysctl(domain)
#
-define(`kernel_read_rpc_sysctl',`
+interface(`kernel_read_rpc_sysctl',`
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
class dir r_dir_perms;
@@ -915,7 +915,7 @@ define(`kernel_read_rpc_sysctl',`
#
# kernel_rw_rpc_sysctl(domain)
#
-define(`kernel_rw_rpc_sysctl',`
+interface(`kernel_rw_rpc_sysctl',`
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
class dir r_dir_perms;
@@ -938,7 +938,7 @@ define(`kernel_rw_rpc_sysctl',`
##
##
#
-define(`kernel_read_all_sysctl',`
+interface(`kernel_read_all_sysctl',`
kernel_read_device_sysctl($1)
kernel_read_vm_sysctl($1)
kernel_read_net_sysctl($1)
@@ -961,7 +961,7 @@ define(`kernel_read_all_sysctl',`
##
##
#
-define(`kernel_rw_all_sysctl',`
+interface(`kernel_rw_all_sysctl',`
kernel_rw_device_sysctl($1)
kernel_rw_vm_sysctl($1)
kernel_rw_net_sysctl($1)
@@ -984,7 +984,7 @@ define(`kernel_rw_all_sysctl',`
##
##
#
-define(`kernel_kill_unlabeled',`
+interface(`kernel_kill_unlabeled',`
gen_require(`
type unlabeled_t;
class process sigkill;
@@ -1003,7 +1003,7 @@ define(`kernel_kill_unlabeled',`
##
##
#
-define(`kernel_signal_unlabeled',`
+interface(`kernel_signal_unlabeled',`
gen_require(`
type unlabeled_t;
class process signal;
@@ -1022,7 +1022,7 @@ define(`kernel_signal_unlabeled',`
##
##
#
-define(`kernel_signull_unlabeled',`
+interface(`kernel_signull_unlabeled',`
gen_require(`
type unlabeled_t;
class process signull;
@@ -1041,7 +1041,7 @@ define(`kernel_signull_unlabeled',`
##
##
#
-define(`kernel_sigstop_unlabeled',`
+interface(`kernel_sigstop_unlabeled',`
gen_require(`
type unlabeled_t;
class process sigstop;
@@ -1060,7 +1060,7 @@ define(`kernel_sigstop_unlabeled',`
##
##
#
-define(`kernel_sigchld_unlabeled',`
+interface(`kernel_sigchld_unlabeled',`
gen_require(`
type unlabeled_t;
class process sigchld;
@@ -1080,7 +1080,7 @@ define(`kernel_sigchld_unlabeled',`
##
##
#
-define(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
+interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
gen_require(`
type unlabeled_t;
class process getattr;
@@ -1099,7 +1099,7 @@ define(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
##
##
#
-define(`kernel_relabel_unlabeled',`
+interface(`kernel_relabel_unlabeled',`
gen_require(`
type unlabeled_t;
class dir { getattr relabelfrom };
diff --git a/refpolicy/policy/modules/kernel/selinux.if b/refpolicy/policy/modules/kernel/selinux.if
index 9ca08fd..52e5c8d 100644
--- a/refpolicy/policy/modules/kernel/selinux.if
+++ b/refpolicy/policy/modules/kernel/selinux.if
@@ -13,7 +13,7 @@
##
##
#
-define(`selinux_get_fs_mount',`
+interface(`selinux_get_fs_mount',`
# read /proc/filesystems to see if selinuxfs is supported
# then read /proc/self/mount to see where selinuxfs is mounted
kernel_read_system_state($1)
@@ -30,7 +30,7 @@ define(`selinux_get_fs_mount',`
##
##
#
-define(`selinux_get_enforce_mode',`
+interface(`selinux_get_enforce_mode',`
gen_require(`
type security_t;
class dir { read search getattr };
@@ -52,7 +52,7 @@ define(`selinux_get_enforce_mode',`
##
##
#
-define(`selinux_set_enforce_mode',`
+interface(`selinux_set_enforce_mode',`
gen_require(`
type security_t;
attribute can_setenforce;
@@ -78,7 +78,7 @@ define(`selinux_set_enforce_mode',`
##
##
#
-define(`selinux_load_policy',`
+interface(`selinux_load_policy',`
gen_require(`
type security_t;
attribute can_load_policy;
@@ -108,7 +108,7 @@ define(`selinux_load_policy',`
##
##
#
-define(`selinux_set_boolean',`
+interface(`selinux_set_boolean',`
gen_require(`
type security_t;
class dir { read search getattr };
@@ -139,7 +139,7 @@ define(`selinux_set_boolean',`
##
##
#
-define(`selinux_set_parameters',`
+interface(`selinux_set_parameters',`
gen_require(`
type security_t;
attribute can_setsecparam;
@@ -165,7 +165,7 @@ define(`selinux_set_parameters',`
##
##
#
-define(`selinux_validate_context',`
+interface(`selinux_validate_context',`
gen_require(`
type security_t;
class dir { read search getattr };
@@ -188,7 +188,7 @@ define(`selinux_validate_context',`
##
##
#
-define(`selinux_compute_access_vector',`
+interface(`selinux_compute_access_vector',`
gen_require(`
type security_t;
class dir { read search getattr };
@@ -211,7 +211,7 @@ define(`selinux_compute_access_vector',`
##
##
#
-define(`selinux_compute_create_context',`
+interface(`selinux_compute_create_context',`
gen_require(`
type security_t;
class dir { read search getattr };
@@ -234,7 +234,7 @@ define(`selinux_compute_create_context',`
##
##
#
-define(`selinux_compute_relabel_context',`
+interface(`selinux_compute_relabel_context',`
gen_require(`
type security_t;
class dir { read search getattr };
@@ -257,7 +257,7 @@ define(`selinux_compute_relabel_context',`
##
##
#
-define(`selinux_compute_user_contexts',`
+interface(`selinux_compute_user_contexts',`
gen_require(`
type security_t;
class dir { read search getattr };
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index 854ce59..d6c1a70 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -12,7 +12,7 @@
##
##
#
-define(`storage_getattr_fixed_disk',`
+interface(`storage_getattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file getattr;
@@ -33,7 +33,7 @@ define(`storage_getattr_fixed_disk',`
##
##
#
-define(`storage_dontaudit_getattr_fixed_disk',`
+interface(`storage_dontaudit_getattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file getattr;
@@ -53,7 +53,7 @@ define(`storage_dontaudit_getattr_fixed_disk',`
##
##
#
-define(`storage_setattr_fixed_disk',`
+interface(`storage_setattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file setattr;
@@ -74,7 +74,7 @@ define(`storage_setattr_fixed_disk',`
##
##
#
-define(`storage_dontaudit_setattr_fixed_disk',`
+interface(`storage_dontaudit_setattr_fixed_disk',`
gen_require(`
type fixed_disk_device_t;
class blk_file getattr;
@@ -96,7 +96,7 @@ define(`storage_dontaudit_setattr_fixed_disk',`
##
##
#
-define(`storage_raw_read_fixed_disk',`
+interface(`storage_raw_read_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_read;
type fixed_disk_device_t;
@@ -121,7 +121,7 @@ define(`storage_raw_read_fixed_disk',`
##
##
#
-define(`storage_raw_write_fixed_disk',`
+interface(`storage_raw_write_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_write;
type fixed_disk_device_t;
@@ -143,7 +143,7 @@ define(`storage_raw_write_fixed_disk',`
##
##
#
-define(`storage_create_fixed_disk_dev_entry',`
+interface(`storage_create_fixed_disk_dev_entry',`
gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t;
@@ -165,7 +165,7 @@ define(`storage_create_fixed_disk_dev_entry',`
##
##
#
-define(`storage_manage_fixed_disk',`
+interface(`storage_manage_fixed_disk',`
gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t;
@@ -190,7 +190,7 @@ define(`storage_manage_fixed_disk',`
##
##
#
-define(`storage_raw_read_lvm_volume',`
+interface(`storage_raw_read_lvm_volume',`
gen_require(`
attribute fixed_disk_raw_read;
type lvm_vg_t;
@@ -215,7 +215,7 @@ define(`storage_raw_read_lvm_volume',`
##
##
#
-define(`storage_raw_write_lvm_volume',`
+interface(`storage_raw_write_lvm_volume',`
gen_require(`
attribute fixed_disk_raw_write;
type lvm_vg_t;
@@ -238,7 +238,7 @@ define(`storage_raw_write_lvm_volume',`
##
##
#
-define(`storage_getattr_scsi_generic',`
+interface(`storage_getattr_scsi_generic',`
gen_require(`
type scsi_generic_device_t;
class blk_file getattr;
@@ -259,7 +259,7 @@ define(`storage_getattr_scsi_generic',`
##
##
#
-define(`storage_setattr_scsi_generic',`
+interface(`storage_setattr_scsi_generic',`
gen_require(`
type scsi_generic_device_t;
class blk_file setattr;
@@ -283,7 +283,7 @@ define(`storage_setattr_scsi_generic',`
##
##
#
-define(`storage_read_scsi_generic',`
+interface(`storage_read_scsi_generic',`
gen_require(`
attribute scsi_generic_read;
type scsi_generic_device_t;
@@ -309,7 +309,7 @@ define(`storage_read_scsi_generic',`
##
##
#
-define(`storage_write_scsi_generic',`
+interface(`storage_write_scsi_generic',`
gen_require(`
attribute scsi_generic_write;
type scsi_generic_device_t;
@@ -332,7 +332,7 @@ define(`storage_write_scsi_generic',`
##
##
#
-define(`storage_getattr_scsi_generic',`
+interface(`storage_getattr_scsi_generic',`
gen_require(`
type scsi_generic_device_t;
class blk_file getattr;
@@ -353,7 +353,7 @@ define(`storage_getattr_scsi_generic',`
##
##
#
-define(`storage_set_scsi_generic_attributes',`
+interface(`storage_set_scsi_generic_attributes',`
gen_require(`
type scsi_generic_device_t;
class blk_file setattr;
@@ -374,7 +374,7 @@ define(`storage_set_scsi_generic_attributes',`
##
##
#
-define(`storage_getattr_removable_device',`
+interface(`storage_getattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file getattr;
@@ -395,7 +395,7 @@ define(`storage_getattr_removable_device',`
##
##
#
-define(`storage_dontaudit_getattr_removable_device',`
+interface(`storage_dontaudit_getattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file getattr;
@@ -415,7 +415,7 @@ define(`storage_dontaudit_getattr_removable_device',`
##
##
#
-define(`storage_setattr_removable_device',`
+interface(`storage_setattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file setattr;
@@ -436,7 +436,7 @@ define(`storage_setattr_removable_device',`
##
##
#
-define(`storage_dontaudit_setattr_removable_device',`
+interface(`storage_dontaudit_setattr_removable_device',`
gen_require(`
type removable_device_t;
class blk_file setattr;
@@ -459,7 +459,7 @@ define(`storage_dontaudit_setattr_removable_device',`
##
##
#
-define(`storage_raw_read_removable_device',`
+interface(`storage_raw_read_removable_device',`
gen_require(`
type removable_device_t;
class blk_file r_file_perms;
@@ -483,7 +483,7 @@ define(`storage_raw_read_removable_device',`
##
##
#
-define(`storage_raw_write_removable_device',`
+interface(`storage_raw_write_removable_device',`
gen_require(`
type removable_device_t;
class blk_file { getattr write ioctl };
@@ -504,7 +504,7 @@ define(`storage_raw_write_removable_device',`
##
##
#
-define(`storage_read_tape_device',`
+interface(`storage_read_tape_device',`
gen_require(`
type tape_device_t;
class blk_file r_file_perms;
@@ -525,7 +525,7 @@ define(`storage_read_tape_device',`
##
##
#
-define(`storage_write_tape_device',`
+interface(`storage_write_tape_device',`
gen_require(`
type tape_device_t;
class blk_file { getattr write ioctl };
@@ -546,7 +546,7 @@ define(`storage_write_tape_device',`
##
##
#
-define(`storage_getattr_tape_device',`
+interface(`storage_getattr_tape_device',`
gen_require(`
type tape_device_t;
class blk_file getattr;
@@ -567,7 +567,7 @@ define(`storage_getattr_tape_device',`
##
##
#
-define(`storage_setattr_tape_device',`
+interface(`storage_setattr_tape_device',`
gen_require(`
type tape_device_t;
class blk_file setattr;
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index a9871a0..b18b441 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -11,7 +11,7 @@
##
##
#
-define(`term_pty',`
+interface(`term_pty',`
gen_require(`
attribute ptynode;
type devpts_t;
@@ -38,7 +38,7 @@ define(`term_pty',`
##
##
#
-define(`term_user_pty',`
+interface(`term_user_pty',`
gen_require(`
attribute server_ptynode;
')
@@ -58,7 +58,7 @@ define(`term_user_pty',`
##
##
#
-define(`term_login_pty',`
+interface(`term_login_pty',`
gen_require(`
attribute server_ptynode;
')
@@ -77,7 +77,7 @@ define(`term_login_pty',`
##
##
#
-define(`term_tty',`
+interface(`term_tty',`
gen_require(`
attribute ttynode;
type tty_device_t;
@@ -110,7 +110,7 @@ define(`term_tty',`
##
##
#
-define(`term_create_pty',`
+interface(`term_create_pty',`
gen_require(`
type bsdpty_device_t, devpts_t, ptmx_t;
class filesystem getattr;
@@ -138,7 +138,7 @@ define(`term_create_pty',`
##
##
#
-define(`term_use_all_terms',`
+interface(`term_use_all_terms',`
gen_require(`
attribute ttynode, ptynode;
type console_device_t, devpts_t, tty_device_t;
@@ -161,7 +161,7 @@ define(`term_use_all_terms',`
##
##
#
-define(`term_write_console',`
+interface(`term_write_console',`
gen_require(`
type console_device_t;
class chr_file write;
@@ -181,7 +181,7 @@ define(`term_write_console',`
##
##
#
-define(`term_use_console',`
+interface(`term_use_console',`
gen_require(`
type console_device_t;
class chr_file rw_file_perms;
@@ -202,7 +202,7 @@ define(`term_use_console',`
##
##
#
-define(`term_dontaudit_use_console',`
+interface(`term_dontaudit_use_console',`
gen_require(`
type console_device_t;
class chr_file { read write };
@@ -222,7 +222,7 @@ define(`term_dontaudit_use_console',`
##
##
#
-define(`term_setattr_console',`
+interface(`term_setattr_console',`
gen_require(`
type console_device_t;
class chr_file setattr;
@@ -243,7 +243,7 @@ define(`term_setattr_console',`
##
##
#
-define(`term_list_ptys',`
+interface(`term_list_ptys',`
gen_require(`
type devpts_t;
class dir r_dir_perms;
@@ -264,7 +264,7 @@ define(`term_list_ptys',`
##
##
#
-define(`term_dontaudit_list_ptys',`
+interface(`term_dontaudit_list_ptys',`
gen_require(`
type devpts_t;
class dir { getattr search read };
@@ -285,7 +285,7 @@ define(`term_dontaudit_list_ptys',`
##
##
#
-define(`term_use_generic_pty',`
+interface(`term_use_generic_pty',`
gen_require(`
type devpts_t;
class chr_file { read write };
@@ -307,7 +307,7 @@ define(`term_use_generic_pty',`
##
##
#
-define(`term_dontaudit_use_generic_pty',`
+interface(`term_dontaudit_use_generic_pty',`
gen_require(`
type devpts_t;
class chr_file { read write };
@@ -327,7 +327,7 @@ define(`term_dontaudit_use_generic_pty',`
##
##
#
-define(`term_use_controlling_term',`
+interface(`term_use_controlling_term',`
gen_require(`
type devtty_t;
class chr_file { getattr read write ioctl };
@@ -348,7 +348,7 @@ define(`term_use_controlling_term',`
##
##
#
-define(`term_dontaudit_use_ptmx',`
+interface(`term_dontaudit_use_ptmx',`
gen_require(`
type ptmx_t;
class chr_file { getattr read write };
@@ -368,7 +368,7 @@ define(`term_dontaudit_use_ptmx',`
##
##
#
-define(`term_getattr_all_user_ptys',`
+interface(`term_getattr_all_user_ptys',`
gen_require(`
attribute ptynode;
class dir r_dir_perms;
@@ -390,7 +390,7 @@ define(`term_getattr_all_user_ptys',`
##
##
#
-define(`term_use_all_user_ptys',`
+interface(`term_use_all_user_ptys',`
gen_require(`
attribute ptynode;
class dir r_dir_perms;
@@ -413,7 +413,7 @@ define(`term_use_all_user_ptys',`
##
##
#
-define(`term_dontaudit_use_all_user_ptys',`
+interface(`term_dontaudit_use_all_user_ptys',`
gen_require(`
attribute ptynode;
class chr_file { read write };
@@ -433,7 +433,7 @@ define(`term_dontaudit_use_all_user_ptys',`
##
##
#
-define(`term_relabel_all_user_ptys',`
+interface(`term_relabel_all_user_ptys',`
gen_require(`
attribute ptynode;
class chr_file { relabelfrom relabelto };
@@ -454,7 +454,7 @@ define(`term_relabel_all_user_ptys',`
##
##
#
-define(`term_getattr_unallocated_ttys',`
+interface(`term_getattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file getattr;
@@ -475,7 +475,7 @@ define(`term_getattr_unallocated_ttys',`
##
##
#
-define(`term_setattr_unallocated_ttys',`
+interface(`term_setattr_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file setattr;
@@ -496,7 +496,7 @@ define(`term_setattr_unallocated_ttys',`
##
##
#
-define(`term_relabel_unallocated_ttys',`
+interface(`term_relabel_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file { relabelfrom relabelto };
@@ -517,7 +517,7 @@ define(`term_relabel_unallocated_ttys',`
##
##
#
-define(`term_reset_tty_labels',`
+interface(`term_reset_tty_labels',`
gen_require(`
attribute ttynode;
type tty_device_t;
@@ -539,7 +539,7 @@ define(`term_reset_tty_labels',`
##
##
#
-define(`term_write_unallocated_ttys',`
+interface(`term_write_unallocated_ttys',`
gen_require(`
type tty_device_t;
class chr_file { getattr write };
@@ -559,7 +559,7 @@ define(`term_write_unallocated_ttys',`
##
##
#
-define(`term_use_unallocated_tty',`
+interface(`term_use_unallocated_tty',`
gen_require(`
type tty_device_t;
class chr_file { getattr read write ioctl };
@@ -580,7 +580,7 @@ define(`term_use_unallocated_tty',`
##
##
#
-define(`term_dontaudit_use_unallocated_tty',`
+interface(`term_dontaudit_use_unallocated_tty',`
gen_require(`
type tty_device_t;
class chr_file { read write };
@@ -600,7 +600,7 @@ define(`term_dontaudit_use_unallocated_tty',`
##
##
#
-define(`term_getattr_all_user_ttys',`
+interface(`term_getattr_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file getattr;
@@ -622,7 +622,7 @@ define(`term_getattr_all_user_ttys',`
##
##
#
-define(`term_dontaudit_getattr_all_user_ttys',`
+interface(`term_dontaudit_getattr_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file getattr;
@@ -643,7 +643,7 @@ define(`term_dontaudit_getattr_all_user_ttys',`
##
##
#
-define(`term_setattr_all_user_ttys',`
+interface(`term_setattr_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file setattr;
@@ -664,7 +664,7 @@ define(`term_setattr_all_user_ttys',`
##
##
#
-define(`term_relabel_all_user_ttys',`
+interface(`term_relabel_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { relabelfrom relabelto };
@@ -684,7 +684,7 @@ define(`term_relabel_all_user_ttys',`
##
##
#
-define(`term_write_all_user_ttys',`
+interface(`term_write_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { getattr write };
@@ -704,7 +704,7 @@ define(`term_write_all_user_ttys',`
##
##
#
-define(`term_use_all_user_ttys',`
+interface(`term_use_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { getattr read write ioctl };
@@ -725,7 +725,7 @@ define(`term_use_all_user_ttys',`
##
##
#
-define(`term_dontaudit_use_all_user_ttys',`
+interface(`term_dontaudit_use_all_user_ttys',`
gen_require(`
attribute ttynode;
class chr_file { read write };
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index 52b4980..1b6ef8a 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -4,7 +4,7 @@
# cron_per_userdomain_template(domainprefix)
#
-define(`cron_per_userdomain_template',`
+template(`cron_per_userdomain_template',`
# Type of user crontabs once moved to cron spool.
type $1_cron_spool_t;
@@ -217,7 +217,7 @@ define(`cron_per_userdomain_template',`
# cron_admin_template(domainprefix)
#
-define(`cron_admin_template',`
+template(`cron_admin_template',`
logging_read_generic_logs($1_crond_t)
# Allow our crontab domain to unlink a user cron spool file.
@@ -243,7 +243,7 @@ define(`cron_admin_template',`
#
# cron_rw_log(domain)
#
-define(`cron_rw_log',`
+interface(`cron_rw_log',`
gen_require(`
type crond_log_t;
class file rw_file_perms;
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 6726287..679f6ff 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -7,7 +7,7 @@
#
# mta_per_userdomain_template(userdomain_prefix)
#
-define(`mta_per_userdomain_template',`
+template(`mta_per_userdomain_template',`
type $1_mail_t; # , user_mail_domain, nscd_client_domain;
domain_type($1_mail_t)
role $1_r types $1_mail_t;
@@ -138,7 +138,7 @@ define(`mta_per_userdomain_template',`
#
# mta_mailserver(domain,entrypointtype)
#
-define(`mta_mailserver',`
+interface(`mta_mailserver',`
gen_require(`
attribute mailserver_domain;
')
@@ -151,7 +151,7 @@ define(`mta_mailserver',`
#
# mta_sendmail_mailserver(domain,entrypointtype)
#
-define(`mta_sendmail_mailserver',`
+interface(`mta_sendmail_mailserver',`
gen_require(`
type sendmail_exec_t;
')
@@ -163,7 +163,7 @@ define(`mta_sendmail_mailserver',`
#
# mta_send_mail(domain)
#
-define(`mta_send_mail',`
+interface(`mta_send_mail',`
gen_require(`
type system_mail_t, sendmail_exec_t;
class lnk_file r_file_perms;
@@ -185,7 +185,7 @@ define(`mta_send_mail',`
#
# mta_exec(domain)
#
-define(`mta_exec',`
+interface(`mta_exec',`
gen_require(`
type sendmail_exec_t;
')
@@ -203,7 +203,7 @@ define(`mta_exec',`
##
##
#
-define(`mta_read_aliases',`
+interface(`mta_read_aliases',`
gen_require(`
type etc_aliases_t;
class file r_file_perms;
@@ -217,7 +217,7 @@ define(`mta_read_aliases',`
#
# mta_rw_aliases(domain)
#
-define(`mta_rw_aliases',`
+interface(`mta_rw_aliases',`
gen_require(`
type etc_aliases_t;
class file { rw_file_perms setattr };
@@ -231,7 +231,7 @@ define(`mta_rw_aliases',`
#
# mta_getattr_spool(domain)
#
-define(`mta_getattr_spool',`
+interface(`mta_getattr_spool',`
gen_require(`
type mail_spool_t;
class dir r_dir_perms;
@@ -249,7 +249,7 @@ define(`mta_getattr_spool',`
#
# mta_rw_spool(domain)
#
-define(`mta_rw_spool',`
+interface(`mta_rw_spool',`
gen_require(`
type mail_spool_t;
class dir r_dir_perms;
@@ -265,7 +265,7 @@ define(`mta_rw_spool',`
#
# mta_manage_spool(domain)
#
-define(`mta_manage_spool',`
+interface(`mta_manage_spool',`
gen_require(`
type mail_spool_t;
class dir rw_dir_perms;
@@ -281,7 +281,7 @@ define(`mta_manage_spool',`
#
# mta_manage_queue(domain)
#
-define(`mta_manage_queue',`
+interface(`mta_manage_queue',`
gen_require(`
type mqueue_spool_t;
class dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/remotelogin.if b/refpolicy/policy/modules/services/remotelogin.if
index 5fbe4ca..ed1f2d0 100644
--- a/refpolicy/policy/modules/services/remotelogin.if
+++ b/refpolicy/policy/modules/services/remotelogin.if
@@ -11,7 +11,7 @@
##
##
#
-define(`remotelogin_domtrans',`
+interface(`remotelogin_domtrans',`
gen_require(`
type remote_login_t;
')
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index 99ba008..b69e0a3 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -11,7 +11,7 @@
##
##
#
-define(`sendmail_domtrans',`
+interface(`sendmail_domtrans',`
gen_require(`
type sendmail_exec_t, sendmail_t;
class process sigchld;
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index ad7afd5..132fc81 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -1,4 +1,4 @@
-define(`ssh_per_userdomain_template',`
+template(`ssh_per_userdomain_template',`
# Derived domain based on the calling user domain and the program.
type $1_ssh_t; #, privlog, nscd_client_domain;
domain_type($1_ssh_t)
@@ -155,7 +155,7 @@ define(`ssh_per_userdomain_template',`
#
#
#
-define(`sshd_program_domain', `
+template(`sshd_program_domain', `
# auth_chkpwd is for running unix_chkpwd and unix_verify.
type $1_t; #, nscd_client_domain;
role system_r types $1_t;
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 26f39f5..1021d61 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -7,7 +7,7 @@
#
# authlogin_per_userdomain_template(userdomain_prefix)
#
-define(`authlogin_per_userdomain_template',`
+interface(`authlogin_per_userdomain_template',`
gen_require(`
attribute can_read_shadow_passwords;
type chkpwd_exec_t, system_chkpwd_t, shadow_t;
@@ -98,7 +98,7 @@ define(`authlogin_per_userdomain_template',`
##
##
#
-define(`auth_login_entry_type',`
+interface(`auth_login_entry_type',`
gen_require(`
type login_exec_t;
')
@@ -119,7 +119,7 @@ define(`auth_login_entry_type',`
##
##
#
-define(`auth_domtrans_login_program',`
+interface(`auth_domtrans_login_program',`
gen_require(`
type login_exec_t;
class process sigchld;
@@ -146,7 +146,7 @@ define(`auth_domtrans_login_program',`
##
##
#
-define(`auth_domtrans_chk_passwd',`
+interface(`auth_domtrans_chk_passwd',`
gen_require(`
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
class process sigchld;
@@ -190,7 +190,7 @@ define(`auth_domtrans_chk_passwd',`
##
##
#
-define(`auth_dontaudit_getattr_shadow',`
+interface(`auth_dontaudit_getattr_shadow',`
gen_require(`
type shadow_t;
class file stat_file_perms;
@@ -209,7 +209,7 @@ define(`auth_dontaudit_getattr_shadow',`
##
##
#
-define(`auth_read_shadow',`
+interface(`auth_read_shadow',`
gen_require(`
attribute can_read_shadow_passwords;
type shadow_t;
@@ -232,7 +232,7 @@ define(`auth_read_shadow',`
##
##
#
-define(`auth_dontaudit_read_shadow',`
+interface(`auth_dontaudit_read_shadow',`
gen_require(`
type shadow_t;
class file r_file_perms;
@@ -251,7 +251,7 @@ define(`auth_dontaudit_read_shadow',`
##
##
#
-define(`auth_rw_shadow',`
+interface(`auth_rw_shadow',`
gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t;
@@ -267,7 +267,7 @@ define(`auth_rw_shadow',`
#
# auth_manage_shadow(domain)
#
-define(`auth_manage_shadow',`
+interface(`auth_manage_shadow',`
gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t;
@@ -284,7 +284,7 @@ define(`auth_manage_shadow',`
#
# auth_relabelto_shadow(domain)
#
-define(`auth_relabelto_shadow',`
+interface(`auth_relabelto_shadow',`
gen_require(`
attribute can_relabelto_shadow_passwords;
type shadow_t;
@@ -300,7 +300,7 @@ define(`auth_relabelto_shadow',`
#
# auth_rw_faillog(domain)
#
-define(`auth_rw_faillog',`
+interface(`auth_rw_faillog',`
gen_require(`
type faillog_t;
class file rw_file_perms;
@@ -314,7 +314,7 @@ define(`auth_rw_faillog',`
#
# auth_rw_lastlog(domain)
#
-define(`auth_rw_lastlog',`
+interface(`auth_rw_lastlog',`
gen_require(`
type lastlog_t;
class file { getattr read write setattr };
@@ -334,7 +334,7 @@ define(`auth_rw_lastlog',`
##
##
#
-define(`auth_domtrans_pam',`
+interface(`auth_domtrans_pam',`
gen_require(`
type pam_t, pam_exec_t;
class process sigchld;
@@ -366,7 +366,7 @@ define(`auth_domtrans_pam',`
##
##
#
-define(`auth_run_pam',`
+interface(`auth_run_pam',`
gen_require(`
type pam_t;
class chr_file rw_file_perms;
@@ -387,7 +387,7 @@ define(`auth_run_pam',`
##
##
#
-define(`auth_exec_pam',`
+interface(`auth_exec_pam',`
gen_require(`
type pam_exec_t;
')
@@ -399,7 +399,7 @@ define(`auth_exec_pam',`
#
# auth_read_pam_pid(domain)
#
-define(`auth_read_pam_pid',`
+interface(`auth_read_pam_pid',`
gen_require(`
type pam_var_run_t;
class dir r_dir_perms;
@@ -422,7 +422,7 @@ define(`auth_read_pam_pid',`
##
##
#
-define(`auth_delete_pam_pid',`
+interface(`auth_delete_pam_pid',`
gen_require(`
type pam_var_run_t;
class dir { getattr search read write remove_name };
@@ -439,7 +439,7 @@ define(`auth_delete_pam_pid',`
#
# auth_domtrans_pam_console(domain)
#
-define(`auth_domtrans_pam_console',`
+interface(`auth_domtrans_pam_console',`
gen_require(`
type pam_console_t, pam_console_exec_t;
class process sigchld;
@@ -459,7 +459,7 @@ define(`auth_domtrans_pam_console',`
#
# auth_list_pam_console_data(domain)
#
-define(`auth_list_pam_console_data',`
+interface(`auth_list_pam_console_data',`
gen_require(`
type pam_var_console_t;
class dir r_dir_perms;
@@ -474,7 +474,7 @@ define(`auth_list_pam_console_data',`
#
# auth_read_pam_console_data(domain)
#
-define(`auth_read_pam_console_data',`
+interface(`auth_read_pam_console_data',`
gen_require(`
type pam_var_console_t;
class dir r_dir_perms;
@@ -491,7 +491,7 @@ define(`auth_read_pam_console_data',`
#
# auth_manage_pam_console_data(domain)
#
-define(`auth_manage_pam_console_data',`
+interface(`auth_manage_pam_console_data',`
gen_require(`
type pam_var_console_t;
class dir rw_dir_perms;
@@ -522,7 +522,7 @@ define(`auth_manage_pam_console_data',`
##
#
-define(`auth_relabel_all_files_except_shadow',`
+interface(`auth_relabel_all_files_except_shadow',`
gen_require(`
type shadow_t;
')
@@ -546,7 +546,7 @@ define(`auth_relabel_all_files_except_shadow',`
##
#
-define(`auth_manage_all_files_except_shadow',`
+interface(`auth_manage_all_files_except_shadow',`
gen_require(`
type shadow_t;
')
@@ -564,7 +564,7 @@ define(`auth_manage_all_files_except_shadow',`
##
##
#
-define(`auth_domtrans_utempter',`
+interface(`auth_domtrans_utempter',`
gen_require(`
type utempter_t, utempter_exec_t;
class process sigchld;
@@ -596,7 +596,7 @@ define(`auth_domtrans_utempter',`
##
##
#
-define(`auth_run_utempter',`
+interface(`auth_run_utempter',`
gen_require(`
type utempter_t;
class chr_file rw_file_perms;
@@ -611,7 +611,7 @@ define(`auth_run_utempter',`
#
# auth_read_login_records(domain)
#
-define(`auth_read_login_records',`
+interface(`auth_read_login_records',`
gen_require(`
type wtmp_t;
class file r_file_perms;
@@ -625,7 +625,7 @@ define(`auth_read_login_records',`
#
# auth_dontaudit_write_login_records(domain)
#
-define(`auth_dontaudit_write_login_records',`
+interface(`auth_dontaudit_write_login_records',`
gen_require(`
type wtmp_t;
class file write;
@@ -638,7 +638,7 @@ define(`auth_dontaudit_write_login_records',`
#
# auth_rw_login_records(domain)
#
-define(`auth_rw_login_records',`
+interface(`auth_rw_login_records',`
gen_require(`
type wtmp_t;
class file rw_file_perms;
diff --git a/refpolicy/policy/modules/system/clock.if b/refpolicy/policy/modules/system/clock.if
index 42449ca..71fd8ab 100644
--- a/refpolicy/policy/modules/system/clock.if
+++ b/refpolicy/policy/modules/system/clock.if
@@ -11,7 +11,7 @@
##
##
#
-define(`clock_domtrans',`
+interface(`clock_domtrans',`
gen_require(`
type hwclock_t, hwclock_exec_t;
class fd use;
@@ -43,7 +43,7 @@ define(`clock_domtrans',`
##
##
#
-define(`clock_run',`
+interface(`clock_run',`
gen_require(`
type hwclock_t;
class chr_file { getattr read write ioctl };
@@ -64,7 +64,7 @@ define(`clock_run',`
##
##
#
-define(`clock_exec',`
+interface(`clock_exec',`
gen_require(`
type hwclock_exec_t;
')
@@ -82,7 +82,7 @@ define(`clock_exec',`
##
##
#
-define(`clock_rw_adjtime',`
+interface(`clock_rw_adjtime',`
gen_require(`
type adjtime_t;
class file rw_file_perms;
diff --git a/refpolicy/policy/modules/system/corecommands.if b/refpolicy/policy/modules/system/corecommands.if
index fb32f23..77ab469 100644
--- a/refpolicy/policy/modules/system/corecommands.if
+++ b/refpolicy/policy/modules/system/corecommands.if
@@ -8,7 +8,7 @@
#
# corecmd_shell_entry_type(domain)
#
-define(`corecmd_shell_entry_type',`
+interface(`corecmd_shell_entry_type',`
gen_require(`
type shell_exec_t;
')
@@ -20,7 +20,7 @@ define(`corecmd_shell_entry_type',`
#
# corecmd_search_bin(domain)
#
-define(`corecmd_search_bin',`
+interface(`corecmd_search_bin',`
gen_require(`
type bin_t;
class dir search;
@@ -33,7 +33,7 @@ define(`corecmd_search_bin',`
#
# corecmd_list_bin(domain)
#
-define(`corecmd_list_bin',`
+interface(`corecmd_list_bin',`
gen_require(`
type bin_t;
class dir r_dir_perms;
@@ -46,7 +46,7 @@ define(`corecmd_list_bin',`
#
# corecmd_exec_bin(domain)
#
-define(`corecmd_exec_bin',`
+interface(`corecmd_exec_bin',`
gen_require(`
type bin_t;
class dir r_dir_perms;
@@ -63,7 +63,7 @@ define(`corecmd_exec_bin',`
#
# corecmd_search_sbin(domain)
#
-define(`corecmd_search_sbin',`
+interface(`corecmd_search_sbin',`
gen_require(`
type sbin_t;
class dir search;
@@ -76,7 +76,7 @@ define(`corecmd_search_sbin',`
#
# corecmd_list_sbin(domain)
#
-define(`corecmd_list_sbin',`
+interface(`corecmd_list_sbin',`
gen_require(`
type sbin_t;
class dir r_dir_perms;
@@ -89,7 +89,7 @@ define(`corecmd_list_sbin',`
#
# corecmd_dontaudit_getattr_sbin_file(domain)
#
-define(`corecmd_dontaudit_getattr_sbin_file',`
+interface(`corecmd_dontaudit_getattr_sbin_file',`
gen_require(`
type sbin_t;
class file getattr;
@@ -102,7 +102,7 @@ define(`corecmd_dontaudit_getattr_sbin_file',`
#
# corecmd_exec_sbin(domain)
#
-define(`corecmd_exec_sbin',`
+interface(`corecmd_exec_sbin',`
gen_require(`
type sbin_t;
class dir r_dir_perms;
@@ -119,7 +119,7 @@ define(`corecmd_exec_sbin',`
#
# corecmd_exec_shell(domain)
#
-define(`corecmd_exec_shell',`
+interface(`corecmd_exec_shell',`
gen_require(`
type bin_t, shell_exec_t;
class dir r_dir_perms;
@@ -135,7 +135,7 @@ define(`corecmd_exec_shell',`
#
# corecmd_exec_ls(domain)
#
-define(`corecmd_exec_ls',`
+interface(`corecmd_exec_ls',`
gen_require(`
type bin_t, ls_exec_t;
class dir r_dir_perms;
@@ -162,7 +162,7 @@ define(`corecmd_exec_ls',`
##
##
#
-define(`corecmd_shell_spec_domtrans',`
+interface(`corecmd_shell_spec_domtrans',`
gen_require(`
type bin_t, shell_exec_t;
class dir r_dir_perms;
@@ -196,7 +196,7 @@ define(`corecmd_shell_spec_domtrans',`
##
##
#
-define(`corecmd_domtrans_shell',`
+interface(`corecmd_domtrans_shell',`
gen_require(`
type shell_exec_t;
')
@@ -209,7 +209,7 @@ define(`corecmd_domtrans_shell',`
#
# corecmd_chroot_exec_chroot(domain)
#
-define(`corecmd_chroot_exec_chroot',`
+interface(`corecmd_chroot_exec_chroot',`
gen_require(`
type chroot_exec_t;
class capability sys_chroot;
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index 018375e..3cec277 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -5,7 +5,7 @@
#
# domain_base_domain_type(domain)
#
-define(`domain_base_domain_type',`
+interface(`domain_base_domain_type',`
gen_require(`
attribute domain;
class dir r_dir_perms;
@@ -30,7 +30,7 @@ define(`domain_base_domain_type',`
#
# domain_type(domain)
#
-define(`domain_type',`
+interface(`domain_type',`
# start with basic domain
domain_base_domain_type($1)
@@ -56,7 +56,7 @@ define(`domain_type',`
#
# domain_entry_file(domain,entrypointfile)
#
-define(`domain_entry_file',`
+interface(`domain_entry_file',`
gen_require(`
attribute entry_type;
class file entrypoint;
@@ -71,7 +71,7 @@ define(`domain_entry_file',`
#
# domain_wide_inherit_fd(domain)
#
-define(`domain_wide_inherit_fd',`
+interface(`domain_wide_inherit_fd',`
gen_require(`
attribute privfd;
')
@@ -90,7 +90,7 @@ define(`domain_wide_inherit_fd',`
##
##
#
-define(`domain_subj_id_change_exempt',`
+interface(`domain_subj_id_change_exempt',`
gen_require(`
attribute can_change_process_identity;
')
@@ -109,7 +109,7 @@ define(`domain_subj_id_change_exempt',`
##
##
#
-define(`domain_role_change_exempt',`
+interface(`domain_role_change_exempt',`
gen_require(`
attribute can_change_process_role;
')
@@ -128,7 +128,7 @@ define(`domain_role_change_exempt',`
##
##
#
-define(`domain_obj_id_change_exempt',`
+interface(`domain_obj_id_change_exempt',`
gen_require(`
attribute can_change_object_identity;
')
@@ -140,7 +140,7 @@ define(`domain_obj_id_change_exempt',`
#
# domain_use_wide_inherit_fd(domain)
#
-define(`domain_use_wide_inherit_fd',`
+interface(`domain_use_wide_inherit_fd',`
gen_require(`
attribute privfd;
class fd use;
@@ -153,7 +153,7 @@ define(`domain_use_wide_inherit_fd',`
#
# domain_dontaudit_use_wide_inherit_fd(domain)
#
-define(`domain_dontaudit_use_wide_inherit_fd',`
+interface(`domain_dontaudit_use_wide_inherit_fd',`
gen_require(`
attribute privfd;
class fd use;
@@ -166,7 +166,7 @@ define(`domain_dontaudit_use_wide_inherit_fd',`
#
# domain_setpriority_all_domains(domain)
#
-define(`domain_setpriority_all_domains',`
+interface(`domain_setpriority_all_domains',`
gen_require(`
attribute domain;
class process setsched;
@@ -185,7 +185,7 @@ define(`domain_setpriority_all_domains',`
##
##
#
-define(`domain_signal_all_domains',`
+interface(`domain_signal_all_domains',`
gen_require(`
attribute domain;
class process signal;
@@ -204,7 +204,7 @@ define(`domain_signal_all_domains',`
##
##
#
-define(`domain_signull_all_domains',`
+interface(`domain_signull_all_domains',`
gen_require(`
attribute domain;
class process signull;
@@ -223,7 +223,7 @@ define(`domain_signull_all_domains',`
##
##
#
-define(`domain_sigstop_all_domains',`
+interface(`domain_sigstop_all_domains',`
gen_require(`
attribute domain;
class process sigstop;
@@ -242,7 +242,7 @@ define(`domain_sigstop_all_domains',`
##
##
#
-define(`domain_sigchld_all_domains',`
+interface(`domain_sigchld_all_domains',`
gen_require(`
attribute domain;
class process sigchld;
@@ -261,7 +261,7 @@ define(`domain_sigchld_all_domains',`
##
##
#
-define(`domain_kill_all_domains',`
+interface(`domain_kill_all_domains',`
gen_require(`
attribute domain;
class process sigkill;
@@ -282,7 +282,7 @@ define(`domain_kill_all_domains',`
##
##
#
-define(`domain_read_all_domains_state',`
+interface(`domain_read_all_domains_state',`
gen_require(`
attribute domain;
class dir r_dir_perms;
@@ -314,7 +314,7 @@ define(`domain_read_all_domains_state',`
##
##
#
-define(`domain_dontaudit_list_all_domains_proc',`
+interface(`domain_dontaudit_list_all_domains_proc',`
gen_require(`
attribute domain;
class dir r_dir_perms;
@@ -333,7 +333,7 @@ define(`domain_dontaudit_list_all_domains_proc',`
##
##
#
-define(`domain_getsession_all_domains',`
+interface(`domain_getsession_all_domains',`
gen_require(`
attribute domain;
class process getsession;
@@ -353,7 +353,7 @@ define(`domain_getsession_all_domains',`
##
##
#
-define(`domain_dontaudit_getattr_all_udp_sockets',`
+interface(`domain_dontaudit_getattr_all_udp_sockets',`
gen_require(`
attribute domain;
class udp_socket getattr;
@@ -373,7 +373,7 @@ define(`domain_dontaudit_getattr_all_udp_sockets',`
##
##
#
-define(`domain_dontaudit_getattr_all_tcp_sockets',`
+interface(`domain_dontaudit_getattr_all_tcp_sockets',`
gen_require(`
attribute domain;
class tcp_socket getattr;
@@ -393,7 +393,7 @@ define(`domain_dontaudit_getattr_all_tcp_sockets',`
##
##
#
-define(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
+interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
gen_require(`
attribute domain;
class unix_dgram_socket getattr;
@@ -413,7 +413,7 @@ define(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
##
##
#
-define(`domain_dontaudit_getattr_all_unnamed_pipes',`
+interface(`domain_dontaudit_getattr_all_unnamed_pipes',`
gen_require(`
attribute domain;
class fifo_file getattr;
@@ -426,7 +426,7 @@ define(`domain_dontaudit_getattr_all_unnamed_pipes',`
#
# domain_exec_all_entry_files(domain)
#
-define(`domain_exec_all_entry_files',`
+interface(`domain_exec_all_entry_files',`
gen_require(`
attribute entry_type;
')
@@ -438,7 +438,7 @@ define(`domain_exec_all_entry_files',`
#
# domain_read_all_entry_files(domain)
#
-define(`domain_read_all_entry_files',`
+interface(`domain_read_all_entry_files',`
gen_require(`
attribute entry_type;
class file r_file_perms;
@@ -461,7 +461,7 @@ define(`domain_read_all_entry_files',`
#
# domain_trans(source_domain,entrypoint_file,target_domain)
#
-define(`domain_trans',`
+interface(`domain_trans',`
gen_require(`
class file rx_file_perms;
process { transition noatsecure siginh rlimitinh };
@@ -476,7 +476,7 @@ define(`domain_trans',`
#
# domain_auto_trans(source_domain,entrypoint_file,target_domain)
#
-define(`domain_auto_trans',`
+interface(`domain_auto_trans',`
domain_trans($1,$2,$3)
type_transition $1 $2:process $3;
')
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index e99eb53..7510c01 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -20,7 +20,7 @@
#
# files_file_type(type)
#
-define(`files_file_type',`
+interface(`files_file_type',`
gen_require(`
attribute file_type;
')
@@ -34,7 +34,7 @@ define(`files_file_type',`
#
# files_lock_file(type)
#
-define(`files_lock_file',`
+interface(`files_lock_file',`
gen_require(`
attribute lockfile;
')
@@ -47,7 +47,7 @@ define(`files_lock_file',`
#
# files_mountpoint(type)
#
-define(`files_mountpoint',`
+interface(`files_mountpoint',`
gen_require(`
attribute mountpoint;
')
@@ -60,7 +60,7 @@ define(`files_mountpoint',`
#
# files_pid_file(type)
#
-define(`files_pid_file',`
+interface(`files_pid_file',`
gen_require(`
attribute pidfile;
')
@@ -73,7 +73,7 @@ define(`files_pid_file',`
#
# files_tmp_file(type)
#
-define(`files_tmp_file',`
+interface(`files_tmp_file',`
gen_require(`
attribute tmpfile;
')
@@ -93,7 +93,7 @@ define(`files_tmp_file',`
##
##
#
-define(`files_tmpfs_file',`
+interface(`files_tmpfs_file',`
gen_require(`
attribute tmpfsfile;
')
@@ -107,7 +107,7 @@ define(`files_tmpfs_file',`
#
# files_getattr_all_files(domain)
-define(`files_getattr_all_files',`
+interface(`files_getattr_all_files',`
gen_require(`
attribute file_type;
class dir { search getattr };
@@ -139,7 +139,7 @@ define(`files_getattr_all_files',`
##
##
#
-define(`files_relabel_all_files',`
+interface(`files_relabel_all_files',`
gen_require(`
attribute file_type;
class dir { r_dir_perms relabelfrom relabelto };
@@ -178,7 +178,7 @@ define(`files_relabel_all_files',`
##
##
#
-define(`files_manage_all_files',`
+interface(`files_manage_all_files',`
gen_require(`
attribute file_type;
class dir create_dir_perms;
@@ -203,7 +203,7 @@ define(`files_manage_all_files',`
#
# files_search_all_dirs(domain)
#
-define(`files_search_all_dirs',`
+interface(`files_search_all_dirs',`
gen_require(`
attribute file_type;
class dir search;
@@ -216,7 +216,7 @@ define(`files_search_all_dirs',`
#
# files_list_all_dirs(domain)
#
-define(`files_list_all_dirs',`
+interface(`files_list_all_dirs',`
gen_require(`
attribute file_type;
class dir r_dir_perms;
@@ -229,7 +229,7 @@ define(`files_list_all_dirs',`
#
# files_dontaudit_search_all_dirs(domain)
#
-define(`files_dontaudit_search_all_dirs',`
+interface(`files_dontaudit_search_all_dirs',`
gen_require(`
attribute file_type;
class dir search;
@@ -242,7 +242,7 @@ define(`files_dontaudit_search_all_dirs',`
#
# files_relabelto_all_file_type_fs(domain)
#
-define(`files_relabelto_all_file_type_fs',`
+interface(`files_relabelto_all_file_type_fs',`
gen_require(`
attribute file_type;
filesystem relabelto;
@@ -255,7 +255,7 @@ define(`files_relabelto_all_file_type_fs',`
#
# files_mount_all_file_type_fs(domain)
#
-define(`files_mount_all_file_type_fs',`
+interface(`files_mount_all_file_type_fs',`
gen_require(`
attribute file_type;
filesystem mount;
@@ -268,7 +268,7 @@ define(`files_mount_all_file_type_fs',`
#
# files_unmount_all_file_type_fs(domain)
#
-define(`files_unmount_all_file_type_fs',`
+interface(`files_unmount_all_file_type_fs',`
gen_require(`
attribute file_type;
filesystem mount;
@@ -281,7 +281,7 @@ define(`files_unmount_all_file_type_fs',`
#
# files_mounton_all_mountpoints(domain)
#
-define(`files_mounton_all_mountpoints',`
+interface(`files_mounton_all_mountpoints',`
gen_require(`
attribute mountpoint;
class dir { getattr search mounton };
@@ -294,7 +294,7 @@ define(`files_mounton_all_mountpoints',`
#
# files_list_root(domain)
#
-define(`files_list_root',`
+interface(`files_list_root',`
gen_require(`
type root_t;
class dir r_dir_perms;
@@ -326,7 +326,7 @@ define(`files_list_root',`
##
##
#
-define(`files_create_root',`
+interface(`files_create_root',`
gen_require(`
type root_t;
class dir create_dir_perms;
@@ -359,7 +359,7 @@ define(`files_create_root',`
#
# files_dontaudit_read_root_file(domain)
#
-define(`files_dontaudit_read_root_file',`
+interface(`files_dontaudit_read_root_file',`
gen_require(`
type root_t;
class file read;
@@ -372,7 +372,7 @@ define(`files_dontaudit_read_root_file',`
#
# files_dontaudit_rw_root_file(domain)
#
-define(`files_dontaudit_rw_root_file',`
+interface(`files_dontaudit_rw_root_file',`
gen_require(`
type root_t;
class file { read write };
@@ -385,7 +385,7 @@ define(`files_dontaudit_rw_root_file',`
#
# files_dontaudit_rw_root_chr_dev(domain)
#
-define(`files_dontaudit_rw_root_chr_dev',`
+interface(`files_dontaudit_rw_root_chr_dev',`
gen_require(`
type root_t;
class chr_file { read write };
@@ -398,7 +398,7 @@ define(`files_dontaudit_rw_root_chr_dev',`
#
# files_delete_root_dir_entry(domain)
#
-define(`files_delete_root_dir_entry',`
+interface(`files_delete_root_dir_entry',`
gen_require(`
type root_t;
class dir rw_dir_perms;
@@ -411,7 +411,7 @@ define(`files_delete_root_dir_entry',`
#
# files_unmount_rootfs(domain)
#
-define(`files_unmount_rootfs',`
+interface(`files_unmount_rootfs',`
gen_require(`
type root_t;
class filesystem unmount;
@@ -424,7 +424,7 @@ define(`files_unmount_rootfs',`
#
# files_search_etc(domain)
#
-define(`files_search_etc',`
+interface(`files_search_etc',`
gen_require(`
type etc_t;
class dir search;
@@ -437,7 +437,7 @@ define(`files_search_etc',`
#
# files_list_etc(domain)
#
-define(`files_list_etc',`
+interface(`files_list_etc',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@@ -450,7 +450,7 @@ define(`files_list_etc',`
#
# files_read_generic_etc_files(domain)
#
-define(`files_read_generic_etc_files',`
+interface(`files_read_generic_etc_files',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@@ -467,7 +467,7 @@ define(`files_read_generic_etc_files',`
#
# files_rw_generic_etc_files(domain)
#
-define(`files_rw_generic_etc_files',`
+interface(`files_rw_generic_etc_files',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@@ -484,7 +484,7 @@ define(`files_rw_generic_etc_files',`
#
# files_manage_generic_etc_files(domain)
#
-define(`files_manage_generic_etc_files',`
+interface(`files_manage_generic_etc_files',`
gen_require(`
type etc_t;
class dir rw_dir_perms;
@@ -507,7 +507,7 @@ define(`files_manage_generic_etc_files',`
##
##
#
-define(`files_delete_generic_etc_files',`
+interface(`files_delete_generic_etc_files',`
gen_require(`
type etc_t;
class dir rw_dir_perms;
@@ -522,7 +522,7 @@ define(`files_delete_generic_etc_files',`
#
# files_exec_generic_etc_files(domain)
#
-define(`files_exec_generic_etc_files',`
+interface(`files_exec_generic_etc_files',`
gen_require(`
type etc_t;
class dir r_dir_perms;
@@ -541,7 +541,7 @@ define(`files_exec_generic_etc_files',`
#
# /halt, /.autofsck, etc
#
-define(`files_create_boot_flag',`
+interface(`files_create_boot_flag',`
gen_require(`
type root_t, etc_runtime_t;
class dir rw_dir_perms;
@@ -557,7 +557,7 @@ define(`files_create_boot_flag',`
#
# files_manage_etc_runtime_files(type)
#
-define(`files_manage_etc_runtime_files',`
+interface(`files_manage_etc_runtime_files',`
gen_require(`
type etc_t, etc_runtime_t;
class dir rw_dir_perms;
@@ -573,7 +573,7 @@ define(`files_manage_etc_runtime_files',`
#
# files_read_etc_runtime_files(domain)
#
-define(`files_read_etc_runtime_files',`
+interface(`files_read_etc_runtime_files',`
gen_require(`
type etc_t, etc_runtime_t;
class dir r_dir_perms;
@@ -588,7 +588,7 @@ define(`files_read_etc_runtime_files',`
#
# files_create_etc_config(domain,privatetype,[class(es)])
#
-define(`files_create_etc_config',`
+interface(`files_create_etc_config',`
gen_require(`
type etc_t;
class dir rw_dir_perms;
@@ -606,7 +606,7 @@ define(`files_create_etc_config',`
#
# files_rw_isid_type_dir(domain)
#
-define(`files_rw_isid_type_dir',`
+interface(`files_rw_isid_type_dir',`
gen_require(`
type file_t;
class dir rw_dir_perms;
@@ -619,7 +619,7 @@ define(`files_rw_isid_type_dir',`
#
# files_dontaudit_getattr_isid_type_dir(domain)
#
-define(`files_dontaudit_getattr_isid_type_dir',`
+interface(`files_dontaudit_getattr_isid_type_dir',`
gen_require(`
type file_t;
class dir search;
@@ -632,7 +632,7 @@ define(`files_dontaudit_getattr_isid_type_dir',`
#
# files_dontaudit_search_isid_type_dir(domain)
#
-define(`files_dontaudit_search_isid_type_dir',`
+interface(`files_dontaudit_search_isid_type_dir',`
gen_require(`
type file_t;
class dir search;
@@ -651,7 +651,7 @@ define(`files_dontaudit_search_isid_type_dir',`
##
##
#
-define(`files_list_home',`
+interface(`files_list_home',`
gen_require(`
type home_root_t;
class dir r_dir_perms;
@@ -664,7 +664,7 @@ define(`files_list_home',`
#
# files_list_mnt(domain)
#
-define(`files_list_mnt',`
+interface(`files_list_mnt',`
gen_require(`
type mnt_t;
class dir r_dir_perms;
@@ -677,7 +677,7 @@ define(`files_list_mnt',`
#
# files_create_tmp_files(domain,private_type,[object class(es)])
#
-define(`files_create_tmp_files',`
+interface(`files_create_tmp_files',`
gen_require(`
type tmp_t;
class dir rw_dir_perms;
@@ -696,7 +696,7 @@ define(`files_create_tmp_files',`
#
# files_delete_all_tmp_files(domain)
#
-define(`files_delete_all_tmp_files',`
+interface(`files_delete_all_tmp_files',`
gen_require(`
attribute tmpfile;
class dir { getattr search read write add_name remove_name rmdir };
@@ -717,7 +717,7 @@ define(`files_delete_all_tmp_files',`
#
# files_search_usr(domain)
#
-define(`files_search_usr',`
+interface(`files_search_usr',`
gen_require(`
type usr_t;
class dir search;
@@ -730,7 +730,7 @@ define(`files_search_usr',`
#
# files_read_usr_files(domain)
#
-define(`files_read_usr_files',`
+interface(`files_read_usr_files',`
gen_require(`
type usr_t;
class dir r_dir_perms;
@@ -752,7 +752,7 @@ define(`files_read_usr_files',`
##
##
#
-define(`files_exec_usr_files',`
+interface(`files_exec_usr_files',`
gen_require(`
type usr_t, src_t;
class dir r_dir_perms;
@@ -770,7 +770,7 @@ define(`files_exec_usr_files',`
#
# files_read_usr_src(domain)
#
-define(`files_read_usr_src',`
+interface(`files_read_usr_src',`
gen_require(`
type usr_t, src_t;
class dir r_dir_perms;
@@ -787,7 +787,7 @@ define(`files_read_usr_src',`
#
# files_search_var(domain)
#
-define(`files_search_var',`
+interface(`files_search_var',`
gen_require(`
type var_t;
class dir search;
@@ -800,7 +800,7 @@ define(`files_search_var',`
#
# files_dontaudit_search_var(domain)
#
-define(`files_dontaudit_search_var',`
+interface(`files_dontaudit_search_var',`
gen_require(`
type var_t;
class dir search;
@@ -819,7 +819,7 @@ define(`files_dontaudit_search_var',`
##
##
#
-define(`files_search_var_lib',`
+interface(`files_search_var_lib',`
gen_require(`
type var_t, var_lib_t;
class dir search;
@@ -832,7 +832,7 @@ define(`files_search_var_lib',`
#
# files_manage_urandom_seed(domain)
#
-define(`files_manage_urandom_seed',`
+interface(`files_manage_urandom_seed',`
gen_require(`
type var_t, var_lib_t;
class dir rw_file_perms;
@@ -848,7 +848,7 @@ define(`files_manage_urandom_seed',`
#
# files_getattr_generic_lock_files(domain)
#
-define(`files_getattr_generic_lock_files',`
+interface(`files_getattr_generic_lock_files',`
gen_require(`
type var_lock_t;
class dir r_dir_perms;
@@ -863,7 +863,7 @@ define(`files_getattr_generic_lock_files',`
#
# files_manage_generic_lock_files(domain)
#
-define(`files_manage_generic_lock_files',`
+interface(`files_manage_generic_lock_files',`
gen_require(`
type var_lock_t;
class dir { getattr search create read write setattr add_name remove_name rmdir };
@@ -878,7 +878,7 @@ define(`files_manage_generic_lock_files',`
#
# files_delete_all_lock_files(domain)
#
-define(`files_delete_all_lock_files',`
+interface(`files_delete_all_lock_files',`
gen_require(`
attribute lockfile;
class dir rw_dir_perms;
@@ -893,7 +893,7 @@ define(`files_delete_all_lock_files',`
#
# files_create_lock_file(domain,private_type,[object class(es)])
#
-define(`files_create_lock_file',`
+interface(`files_create_lock_file',`
gen_require(`
type var_t, var_lock_t;
class dir rw_dir_perms;
@@ -913,7 +913,7 @@ define(`files_create_lock_file',`
#
# files_search_pids(domain)
#
-define(`files_search_pids',`
+interface(`files_search_pids',`
gen_require(`
type var_t, var_run_t;
class dir search;
@@ -927,7 +927,7 @@ define(`files_search_pids',`
#
# files_dontaudit_search_pids(domain)
#
-define(`files_dontaudit_search_pids',`
+interface(`files_dontaudit_search_pids',`
gen_require(`
type var_run_t;
class dir search;
@@ -940,7 +940,7 @@ define(`files_dontaudit_search_pids',`
#
# files_list_pids(domain)
#
-define(`files_list_pids',`
+interface(`files_list_pids',`
gen_require(`
type var_t, var_run_t;
class dir r_dir_perms;
@@ -954,7 +954,7 @@ define(`files_list_pids',`
#
# files_create_pid(domain,pidfile,[object class(es)])
#
-define(`files_create_pid',`
+interface(`files_create_pid',`
gen_require(`
type var_t, var_run_t;
class dir rw_dir_perms;
@@ -974,7 +974,7 @@ define(`files_create_pid',`
#
# files_rw_generic_pids(domain)
#
-define(`files_rw_generic_pids',`
+interface(`files_rw_generic_pids',`
gen_require(`
type var_t, var_run_t;
class dir r_dir_perms;
@@ -996,7 +996,7 @@ define(`files_rw_generic_pids',`
##
##
#
-define(`files_dontaudit_write_all_pids',`
+interface(`files_dontaudit_write_all_pids',`
gen_require(`
attribute pidfile;
class file write;
@@ -1015,7 +1015,7 @@ define(`files_dontaudit_write_all_pids',`
##
##
#
-define(`files_dontaudit_ioctl_all_pids',`
+interface(`files_dontaudit_ioctl_all_pids',`
gen_require(`
attribute pidfile;
class file ioctl;
@@ -1028,7 +1028,7 @@ define(`files_dontaudit_ioctl_all_pids',`
#
# files_read_all_pids(domain)
#
-define(`files_read_all_pids',`
+interface(`files_read_all_pids',`
gen_require(`
attribute pidfile;
type var_t;
@@ -1045,7 +1045,7 @@ define(`files_read_all_pids',`
#
# files_delete_all_pids(domain)
#
-define(`files_delete_all_pids',`
+interface(`files_delete_all_pids',`
gen_require(`
attribute pidfile;
type var_t, var_run_t;
@@ -1067,7 +1067,7 @@ define(`files_delete_all_pids',`
#
# files_search_spool(domain)
#
-define(`files_search_spool',`
+interface(`files_search_spool',`
gen_require(`
type var_t, var_spool_t;
class dir search;
@@ -1081,7 +1081,7 @@ define(`files_search_spool',`
#
# files_list_spool(domain)
#
-define(`files_list_spool',`
+interface(`files_list_spool',`
gen_require(`
type var_t, var_spool_t;
class dir r_dir_perms;
@@ -1095,7 +1095,7 @@ define(`files_list_spool',`
#
# files_read_spools(domain)
#
-define(`files_read_spools',`
+interface(`files_read_spools',`
gen_require(`
type var_t, var_spool_t;
class dir r_dir_perms;
@@ -1111,7 +1111,7 @@ define(`files_read_spools',`
#
# files_manage_spools(domain)
#
-define(`files_manage_spools',`
+interface(`files_manage_spools',`
gen_require(`
type var_t, var_spool_t;
class dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/system/getty.if b/refpolicy/policy/modules/system/getty.if
index 41850c1..adef284 100644
--- a/refpolicy/policy/modules/system/getty.if
+++ b/refpolicy/policy/modules/system/getty.if
@@ -11,7 +11,7 @@
##
##
#
-define(`getty_domtrans',`
+interface(`getty_domtrans',`
gen_require(`
type getty_t, getty_exec_t;
class process sigchld;
@@ -38,7 +38,7 @@ define(`getty_domtrans',`
##
##
#
-define(`getty_read_log',`
+interface(`getty_read_log',`
gen_require(`
type getty_log_t;
class file { getattr read };
@@ -58,7 +58,7 @@ define(`getty_read_log',`
##
##
#
-define(`getty_read_config',`
+interface(`getty_read_config',`
gen_require(`
type getty_etc_t;
class file { getattr read };
@@ -78,7 +78,7 @@ define(`getty_read_config',`
##
##
#
-define(`getty_modify_config',`
+interface(`getty_modify_config',`
gen_require(`
type getty_etc_t;
class file rw_file_perms;
diff --git a/refpolicy/policy/modules/system/hostname.if b/refpolicy/policy/modules/system/hostname.if
index 28b679d..9d0f67c 100644
--- a/refpolicy/policy/modules/system/hostname.if
+++ b/refpolicy/policy/modules/system/hostname.if
@@ -12,7 +12,7 @@
##
##
#
-define(`hostname_domtrans',`
+interface(`hostname_domtrans',`
gen_require(`
type hostname_t, hostname_exec_t;
class process sigchld;
@@ -47,7 +47,7 @@ define(`hostname_domtrans',`
##
##
#
-define(`hostname_run',`
+interface(`hostname_run',`
gen_require(`
type hostname_t;
class chr_file { getattr read write ioctl };
@@ -69,7 +69,7 @@ define(`hostname_run',`
##
##
#
-define(`hostname_exec',`
+interface(`hostname_exec',`
gen_require(`
type hostname_exec_t;
')
diff --git a/refpolicy/policy/modules/system/hotplug.if b/refpolicy/policy/modules/system/hotplug.if
index 9f6dd58..94ec505 100644
--- a/refpolicy/policy/modules/system/hotplug.if
+++ b/refpolicy/policy/modules/system/hotplug.if
@@ -8,7 +8,7 @@
#
# hotplug_domtrans(domain)
#
-define(`hotplug_domtrans',`
+interface(`hotplug_domtrans',`
gen_require(`
type hotplug_t, hotplug_exec_t;
class process sigchld;
@@ -29,7 +29,7 @@ define(`hotplug_domtrans',`
#
# hotplug_exec(domain)
#
-define(`hotplug_exec',`
+interface(`hotplug_exec',`
gen_require(`
type hotplug_t;
')
@@ -42,7 +42,7 @@ define(`hotplug_exec',`
#
# hotplug_use_fd(domain)
#
-define(`hotplug_use_fd',`
+interface(`hotplug_use_fd',`
gen_require(`
type hotplug_t;
class fd use;
@@ -55,7 +55,7 @@ define(`hotplug_use_fd',`
#
# hotplug_dontaudit_use_fd(domain)
#
-define(`hotplug_dontaudit_use_fd',`
+interface(`hotplug_dontaudit_use_fd',`
gen_require(`
type hotplug_t;
class fd use;
@@ -68,7 +68,7 @@ define(`hotplug_dontaudit_use_fd',`
#
# hotplug_dontaudit_search_config(domain)
#
-define(`hotplug_dontaudit_search_config',`
+interface(`hotplug_dontaudit_search_config',`
gen_require(`
type hotplug_etc_t;
class dir search;
@@ -87,7 +87,7 @@ define(`hotplug_dontaudit_search_config',`
##
##
#
-define(`hotplug_read_config',`
+interface(`hotplug_read_config',`
gen_require(`
type hotplug_etc_t;
class file r_file_perms;
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index ce8b55e..ef2354f 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -5,7 +5,7 @@
#
# init_domain(domain,entrypointfile)
#
-define(`init_domain',`
+interface(`init_domain',`
gen_require(`
type init_t;
role system_r;
@@ -38,7 +38,7 @@ define(`init_domain',`
#
# init_daemon_domain(domain,entrypointfile)
#
-define(`init_daemon_domain',`
+interface(`init_daemon_domain',`
gen_require(`
type initrc_t;
role system_r;
@@ -71,7 +71,7 @@ define(`init_daemon_domain',`
#
# init_system_domain(domain,entrypointfile)
#
-define(`init_system_domain',`
+interface(`init_system_domain',`
gen_require(`
type initrc_t;
role system_r;
@@ -104,7 +104,7 @@ define(`init_system_domain',`
#
# init_domtrans(domain)
#
-define(`init_domtrans',`
+interface(`init_domtrans',`
gen_require(`
type init_t, init_exec_t;
class process sigchld;
@@ -124,7 +124,7 @@ define(`init_domtrans',`
#
# init_get_process_group(domain)
#
-define(`init_get_process_group',`
+interface(`init_get_process_group',`
gen_require(`
type init_t;
class process getpgid;
@@ -137,7 +137,7 @@ define(`init_get_process_group',`
#
# init_getattr_initctl(domain)
#
-define(`init_getattr_initctl',`
+interface(`init_getattr_initctl',`
gen_require(`
type initctl_t;
class fifo_file getattr;
@@ -150,7 +150,7 @@ define(`init_getattr_initctl',`
#
# init_dontaudit_getattr_initctl(domain)
#
-define(`init_dontaudit_getattr_initctl',`
+interface(`init_dontaudit_getattr_initctl',`
gen_require(`
type initctl_t;
class fifo_file getattr;
@@ -163,7 +163,7 @@ define(`init_dontaudit_getattr_initctl',`
#
# init_use_initctl(domain)
#
-define(`init_use_initctl',`
+interface(`init_use_initctl',`
gen_require(`
type initctl_t;
class fifo_file rw_file_perms;
@@ -177,7 +177,7 @@ define(`init_use_initctl',`
#
# init_dontaudit_use_initctl(domain)
#
-define(`init_dontaudit_use_initctl',`
+interface(`init_dontaudit_use_initctl',`
gen_require(`
type initctl_t;
class fifo_file { read write };
@@ -190,7 +190,7 @@ define(`init_dontaudit_use_initctl',`
#
# init_sigchld(domain)
#
-define(`init_sigchld',`
+interface(`init_sigchld',`
gen_require(`
type init_t;
class process sigchld;
@@ -203,7 +203,7 @@ define(`init_sigchld',`
#
# init_use_fd(domain)
#
-define(`init_use_fd',`
+interface(`init_use_fd',`
gen_require(`
type init_t;
class fd use;
@@ -216,7 +216,7 @@ define(`init_use_fd',`
#
# init_dontaudit_use_fd(domain)
#
-define(`init_dontaudit_use_fd',`
+interface(`init_dontaudit_use_fd',`
gen_require(`
type init_t;
class fd use;
@@ -229,7 +229,7 @@ define(`init_dontaudit_use_fd',`
#
# init_domtrans_script(domain)
#
-define(`init_domtrans_script',`
+interface(`init_domtrans_script',`
gen_require(`
type initrc_t, initrc_exec_t;
class process sigchld;
@@ -250,7 +250,7 @@ define(`init_domtrans_script',`
#
# init_exec_script(domain)
#
-define(`init_exec_script',`
+interface(`init_exec_script',`
gen_require(`
type initrc_exec_t;
')
@@ -269,7 +269,7 @@ define(`init_exec_script',`
##
##
#
-define(`init_read_script_process_state',`
+interface(`init_read_script_process_state',`
gen_require(`
type initrc_t;
class dir r_dir_perms;
@@ -294,7 +294,7 @@ define(`init_read_script_process_state',`
#
# init_use_script_fd(domain)
#
-define(`init_use_script_fd',`
+interface(`init_use_script_fd',`
gen_require(`
type initrc_t;
class fd use;
@@ -307,7 +307,7 @@ define(`init_use_script_fd',`
#
# init_dontaudit_use_script_fd(domain)
#
-define(`init_dontaudit_use_script_fd',`
+interface(`init_dontaudit_use_script_fd',`
gen_require(`
type initrc_t;
class fd use;
@@ -320,7 +320,7 @@ define(`init_dontaudit_use_script_fd',`
#
# init_get_script_process_group(domain)
#
-define(`init_get_script_process_group',`
+interface(`init_get_script_process_group',`
gen_require(`
type initrc_t;
class process getpgid;
@@ -339,7 +339,7 @@ define(`init_get_script_process_group',`
##
##
#
-define(`init_rw_script_pipe',`
+interface(`init_rw_script_pipe',`
gen_require(`
type initrc_t;
class chr_file { read write };
@@ -352,7 +352,7 @@ define(`init_rw_script_pipe',`
#
# init_use_script_pty(domain)
#
-define(`init_use_script_pty',`
+interface(`init_use_script_pty',`
gen_require(`
type initrc_devpts_t;
class chr_file rw_term_perms;
@@ -366,7 +366,7 @@ define(`init_use_script_pty',`
#
# init_dontaudit_use_script_pty(domain)
#
-define(`init_dontaudit_use_script_pty',`
+interface(`init_dontaudit_use_script_pty',`
gen_require(`
type initrc_devpts_t;
class chr_file { read write ioctl };
@@ -385,7 +385,7 @@ define(`init_dontaudit_use_script_pty',`
##
##
#
-define(`init_rw_script_tmp_files',`
+interface(`init_rw_script_tmp_files',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;
@@ -399,7 +399,7 @@ define(`init_rw_script_tmp_files',`
#
# init_read_script_pid(domain)
#
-define(`init_read_script_pid',`
+interface(`init_read_script_pid',`
gen_require(`
type initrc_var_run_t;
class file r_file_perms;
@@ -413,7 +413,7 @@ define(`init_read_script_pid',`
#
# init_dontaudit_write_script_pid(domain)
#
-define(`init_dontaudit_write_script_pid',`
+interface(`init_dontaudit_write_script_pid',`
gen_require(`
type initrc_var_run_t;
class file { write lock };
@@ -426,7 +426,7 @@ define(`init_dontaudit_write_script_pid',`
#
# init_rw_script_pid(domain)
#
-define(`init_rw_script_pid',`
+interface(`init_rw_script_pid',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;
@@ -440,7 +440,7 @@ define(`init_rw_script_pid',`
#
# init_dontaudit_rw_script_pid(domain)
#
-define(`init_dontaudit_rw_script_pid',`
+interface(`init_dontaudit_rw_script_pid',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;
diff --git a/refpolicy/policy/modules/system/iptables.if b/refpolicy/policy/modules/system/iptables.if
index c41a5c0..60d4da5 100644
--- a/refpolicy/policy/modules/system/iptables.if
+++ b/refpolicy/policy/modules/system/iptables.if
@@ -11,7 +11,7 @@
##
##
#
-define(`iptables_domtrans',`
+interface(`iptables_domtrans',`
gen_require(`
type iptables_t, iptables_exec_t;
class process sigchld;
@@ -45,7 +45,7 @@ define(`iptables_domtrans',`
##
##
#
-define(`iptables_run',`
+interface(`iptables_run',`
gen_require(`
type iptables_t;
class chr_file rw_term_perms;
@@ -66,7 +66,7 @@ define(`iptables_run',`
##
##
#
-define(`iptables_exec',`
+interface(`iptables_exec',`
gen_require(`
type iptables_exec_t;
')
diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if
index f187806..58b587e 100644
--- a/refpolicy/policy/modules/system/libraries.if
+++ b/refpolicy/policy/modules/system/libraries.if
@@ -11,7 +11,7 @@
##
##
#
-define(`libs_domtrans_ldconfig',`
+interface(`libs_domtrans_ldconfig',`
gen_require(`
type ldconfig_t, ldconfig_exec_t;
class process sigchld;
@@ -44,7 +44,7 @@ define(`libs_domtrans_ldconfig',`
##
##
#
-define(`libs_run_ldconfig',`
+interface(`libs_run_ldconfig',`
gen_require(`
type ldconfig_t;
class chr_file rw_term_perms;
@@ -66,7 +66,7 @@ define(`libs_run_ldconfig',`
##
##
#
-define(`libs_use_ld_so',`
+interface(`libs_use_ld_so',`
gen_require(`
type lib_t, ld_so_t, ld_so_cache_t;
class dir r_dir_perms;
@@ -93,7 +93,7 @@ define(`libs_use_ld_so',`
##
##
#
-define(`libs_legacy_use_ld_so',`
+interface(`libs_legacy_use_ld_so',`
gen_require(`
type ld_so_t, ld_so_cache_t;
class file { execute execmod };
@@ -119,7 +119,7 @@ define(`libs_legacy_use_ld_so',`
##
##
#
-define(`libs_exec_ld_so',`
+interface(`libs_exec_ld_so',`
gen_require(`
type lib_t, ld_so_t;
class dir r_dir_perms;
@@ -143,7 +143,7 @@ define(`libs_exec_ld_so',`
##
##
#
-define(`libs_rw_ld_so_cache',`
+interface(`libs_rw_ld_so_cache',`
gen_require(`
type ld_so_cache_t;
class file rw_file_perms;
@@ -163,7 +163,7 @@ define(`libs_rw_ld_so_cache',`
##
##
#
-define(`libs_search_lib',`
+interface(`libs_search_lib',`
gen_require(`
type lib_t;
class dir search;
@@ -183,7 +183,7 @@ define(`libs_search_lib',`
##
##
#
-define(`libs_read_lib',`
+interface(`libs_read_lib',`
gen_require(`
type lib_t;
class dir r_dir_perms;
@@ -206,7 +206,7 @@ define(`libs_read_lib',`
##
##
#
-define(`libs_exec_lib_files',`
+interface(`libs_exec_lib_files',`
gen_require(`
type lib_t;
class dir r_dir_perms;
@@ -229,7 +229,7 @@ define(`libs_exec_lib_files',`
##
##
#
-define(`libs_use_shared_libs',`
+interface(`libs_use_shared_libs',`
gen_require(`
type lib_t, shlib_t, texrel_shlib_t;
class dir r_dir_perms;
@@ -255,7 +255,7 @@ define(`libs_use_shared_libs',`
##
##
#
-define(`libs_legacy_use_shared_libs',`
+interface(`libs_legacy_use_shared_libs',`
gen_require(`
type shlib_t, texrel_shlib_t;
class file execmod;
diff --git a/refpolicy/policy/modules/system/locallogin.if b/refpolicy/policy/modules/system/locallogin.if
index 281da20..f089e62 100644
--- a/refpolicy/policy/modules/system/locallogin.if
+++ b/refpolicy/policy/modules/system/locallogin.if
@@ -11,7 +11,7 @@
##
##
#
-define(`locallogin_domtrans',`
+interface(`locallogin_domtrans',`
gen_require(`
type local_login_t;
')
@@ -29,7 +29,7 @@ define(`locallogin_domtrans',`
##
##
#
-define(`locallogin_use_fd',`
+interface(`locallogin_use_fd',`
gen_require(`
type local_login_t;
class fd use;
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index df1b2c5..b4271bd 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -5,7 +5,7 @@
#
# logging_log_file(domain)
#
-define(`logging_log_file',`
+interface(`logging_log_file',`
gen_require(`
attribute logfile;
')
@@ -18,7 +18,7 @@ define(`logging_log_file',`
#
# logging_create_log(domain,privatetype,[class(es)])
#
-define(`logging_create_log',`
+interface(`logging_create_log',`
gen_require(`
type var_log_t;
class dir rw_dir_perms;
@@ -37,7 +37,7 @@ define(`logging_create_log',`
#
# logging_send_syslog_msg(domain)
#
-define(`logging_send_syslog_msg',`
+interface(`logging_send_syslog_msg',`
gen_require(`
type syslogd_t, devlog_t;
class lnk_file read;
@@ -71,7 +71,7 @@ define(`logging_send_syslog_msg',`
##
##
#
-define(`logging_search_logs',`
+interface(`logging_search_logs',`
gen_require(`
type var_log_t;
class dir search;
@@ -85,7 +85,7 @@ define(`logging_search_logs',`
#
# logging_dontaudit_getattr_all_logs(domain)
#
-define(`logging_dontaudit_getattr_all_logs',`
+interface(`logging_dontaudit_getattr_all_logs',`
gen_require(`
attribute logfile;
class file getattr;
@@ -98,7 +98,7 @@ define(`logging_dontaudit_getattr_all_logs',`
#
# logging_append_all_logs(domain)
#
-define(`logging_append_all_logs',`
+interface(`logging_append_all_logs',`
gen_require(`
attribute logfile;
type var_log_t;
@@ -115,7 +115,7 @@ define(`logging_append_all_logs',`
#
# logging_read_all_logs(domain)
#
-define(`logging_read_all_logs',`
+interface(`logging_read_all_logs',`
gen_require(`
attribute logfile;
type var_log_t;
@@ -132,7 +132,7 @@ define(`logging_read_all_logs',`
#
# logging_read_generic_logs(domain)
#
-define(`logging_read_generic_logs',`
+interface(`logging_read_generic_logs',`
gen_require(`
type var_log_t;
class dir r_dir_perms;
@@ -148,7 +148,7 @@ define(`logging_read_generic_logs',`
#
# logging_write_generic_logs(domain)
#
-define(`logging_write_generic_logs',`
+interface(`logging_write_generic_logs',`
gen_require(`
type var_log_t;
class dir r_dir_perms;
@@ -164,7 +164,7 @@ define(`logging_write_generic_logs',`
#
# logging_rw_generic_logs(domain)
#
-define(`logging_rw_generic_logs',`
+interface(`logging_rw_generic_logs',`
gen_require(`
type var_log_t;
class dir r_dir_perms;
diff --git a/refpolicy/policy/modules/system/lvm.if b/refpolicy/policy/modules/system/lvm.if
index adc7b50..9e90c7d 100644
--- a/refpolicy/policy/modules/system/lvm.if
+++ b/refpolicy/policy/modules/system/lvm.if
@@ -11,7 +11,7 @@
##
##
#
-define(`lvm_domtrans',`
+interface(`lvm_domtrans',`
gen_require(`
type lvm_t, lvm_exec_t;
class process sigchld;
@@ -44,7 +44,7 @@ define(`lvm_domtrans',`
##
##
#
-define(`lvm_run',`
+interface(`lvm_run',`
gen_require(`
type lvm_t;
class chr_file rw_term_perms;
@@ -65,7 +65,7 @@ define(`lvm_run',`
##
##
#
-define(`lvm_read_config',`
+interface(`lvm_read_config',`
gen_require(`
type lvm_t, lvm_exec_t;
class dir r_dir_perms;
diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if
index cef50ff..385af70 100644
--- a/refpolicy/policy/modules/system/miscfiles.if
+++ b/refpolicy/policy/modules/system/miscfiles.if
@@ -12,7 +12,7 @@
##
##
#
-define(`miscfiles_rw_man_cache',`
+interface(`miscfiles_rw_man_cache',`
gen_require(`
type catman_t;
class dir create_dir_perms;
@@ -34,7 +34,7 @@ define(`miscfiles_rw_man_cache',`
##
##
#
-define(`miscfiles_read_fonts',`
+interface(`miscfiles_read_fonts',`
gen_require(`
type fonts_t;
class dir r_dir_perms;
@@ -59,7 +59,7 @@ define(`miscfiles_read_fonts',`
##
##
#
-define(`miscfiles_read_localization',`
+interface(`miscfiles_read_localization',`
gen_require(`
type locale_t;
class dir r_dir_perms;
@@ -88,7 +88,7 @@ define(`miscfiles_read_localization',`
##
##
#
-define(`miscfiles_legacy_read_localization',`
+interface(`miscfiles_legacy_read_localization',`
gen_require(`
type locale_t;
class file execute;
@@ -108,7 +108,7 @@ define(`miscfiles_legacy_read_localization',`
##
##
#
-define(`miscfiles_read_man_pages',`
+interface(`miscfiles_read_man_pages',`
gen_require(`
type man_t;
class dir r_dir_perms;
diff --git a/refpolicy/policy/modules/system/modutils.if b/refpolicy/policy/modules/system/modutils.if
index 2c310cf..46af240 100644
--- a/refpolicy/policy/modules/system/modutils.if
+++ b/refpolicy/policy/modules/system/modutils.if
@@ -11,7 +11,7 @@
##
##
#
-define(`modutils_read_kernel_module_dependencies',`
+interface(`modutils_read_kernel_module_dependencies',`
gen_require(`
type modules_dep_t;
class file r_file_perms;
@@ -32,7 +32,7 @@ define(`modutils_read_kernel_module_dependencies',`
##
##
#
-define(`modutils_read_module_conf',`
+interface(`modutils_read_module_conf',`
gen_require(`
type modules_conf_t;
class file r_file_perms;
@@ -56,7 +56,7 @@ define(`modutils_read_module_conf',`
##
##
#
-define(`modutils_domtrans_insmod',`
+interface(`modutils_domtrans_insmod',`
gen_require(`
type insmod_t, insmod_exec_t;
class process sigchld;
@@ -92,7 +92,7 @@ define(`modutils_domtrans_insmod',`
##
##
#
-define(`modutils_run_insmod',`
+interface(`modutils_run_insmod',`
gen_require(`
type insmod_t;
class chr_file rw_term_perms;
@@ -107,7 +107,7 @@ define(`modutils_run_insmod',`
#
# modutils_exec_insmod(domain)
#
-define(`modutils_exec_insmod',`
+interface(`modutils_exec_insmod',`
gen_require(`
type insmod_t;
')
@@ -126,7 +126,7 @@ define(`modutils_exec_insmod',`
##
##
#
-define(`modutils_domtrans_depmod',`
+interface(`modutils_domtrans_depmod',`
gen_require(`
type depmod_t, depmod_exec_t;
class process sigchld;
@@ -159,7 +159,7 @@ define(`modutils_domtrans_depmod',`
##
##
#
-define(`modutils_run_depmod',`
+interface(`modutils_run_depmod',`
gen_require(`
type depmod_t;
class chr_file rw_term_perms;
@@ -174,7 +174,7 @@ define(`modutils_run_depmod',`
#
# modutils_exec_depmod(domain)
#
-define(`modutils_exec_depmod',`
+interface(`modutils_exec_depmod',`
gen_require(`
type depmod_t;
')
@@ -193,7 +193,7 @@ define(`modutils_exec_depmod',`
##
##
#
-define(`modutils_domtrans_update_mods',`
+interface(`modutils_domtrans_update_mods',`
gen_require(`
type update_modules_t, update_modules_exec_t;
class process signal;
@@ -226,7 +226,7 @@ define(`modutils_domtrans_update_mods',`
##
##
#
-define(`modutils_run_update_mods',`
+interface(`modutils_run_update_mods',`
gen_require(`
type update_modules_t;
class chr_file rw_term_perms;
@@ -241,7 +241,7 @@ define(`modutils_run_update_mods',`
#
# modutils_exec_update_mods(domain)
#
-define(`modutils_exec_update_mods',`
+interface(`modutils_exec_update_mods',`
gen_require(`
type update_modules_t;
')
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index e7cbdc1..3c63e29 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -11,7 +11,7 @@
##
##
#
-define(`mount_domtrans',`
+interface(`mount_domtrans',`
gen_require(`
type mount_t, mount_exec_t;
class process sigchld;
@@ -45,7 +45,7 @@ define(`mount_domtrans',`
##
##
#
-define(`mount_run',`
+interface(`mount_run',`
gen_require(`
type mount_t;
class chr_file rw_file_perms;
@@ -66,7 +66,7 @@ define(`mount_run',`
##
##
#
-define(`mount_use_fd',`
+interface(`mount_use_fd',`
gen_require(`
type mount_t;
class fd use;
@@ -86,7 +86,7 @@ define(`mount_use_fd',`
##
##
#
-define(`mount_send_nfs_client_request',`
+interface(`mount_send_nfs_client_request',`
gen_require(`
type mount_t;
class udp_socket rw_socket_perms;
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index a4108b0..0767bb7 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -11,7 +11,7 @@
##
##
#
-define(`seutil_domtrans_checkpol',`
+interface(`seutil_domtrans_checkpol',`
gen_require(`
type checkpolicy_t, checkpolicy_exec_t;
class process sigchld;
@@ -48,7 +48,7 @@ define(`seutil_domtrans_checkpol',`
##
##
#
-define(`seutil_run_checkpol',`
+interface(`seutil_run_checkpol',`
gen_require(`
type checkpolicy_t;
class chr_file rw_term_perms;
@@ -63,7 +63,7 @@ define(`seutil_run_checkpol',`
#
# seutil_exec_checkpol(domain)
#
-define(`seutil_exec_checkpol',`
+interface(`seutil_exec_checkpol',`
gen_require(`
type checkpolicy_exec_t;
')
@@ -83,7 +83,7 @@ define(`seutil_exec_checkpol',`
##
##
#
-define(`seutil_domtrans_loadpol',`
+interface(`seutil_domtrans_loadpol',`
gen_require(`
type load_policy_t, load_policy_exec_t;
class process sigchld;
@@ -119,7 +119,7 @@ define(`seutil_domtrans_loadpol',`
##
##
#
-define(`seutil_run_loadpol',`
+interface(`seutil_run_loadpol',`
gen_require(`
type load_policy_t;
class chr_file rw_term_perms;
@@ -134,7 +134,7 @@ define(`seutil_run_loadpol',`
#
# seutil_exec_loadpol(domain)
#
-define(`seutil_exec_loadpol',`
+interface(`seutil_exec_loadpol',`
gen_require(`
type load_policy_exec_t;
')
@@ -147,7 +147,7 @@ define(`seutil_exec_loadpol',`
#
# seutil_read_loadpol(domain)
#
-define(`seutil_read_loadpol',`
+interface(`seutil_read_loadpol',`
gen_require(`
type load_policy_exec_t;
class file r_file_perms
@@ -167,7 +167,7 @@ define(`seutil_read_loadpol',`
##
##
#
-define(`seutil_domtrans_newrole',`
+interface(`seutil_domtrans_newrole',`
gen_require(`
type newrole_t, newrole_exec_t;
class process sigchld;
@@ -203,7 +203,7 @@ define(`seutil_domtrans_newrole',`
##
##
#
-define(`seutil_run_newrole',`
+interface(`seutil_run_newrole',`
gen_require(`
type newrole_t;
class chr_file rw_term_perms;
@@ -218,7 +218,7 @@ define(`seutil_run_newrole',`
#
# seutil_exec_newrole(domain)
#
-define(`seutil_exec_newrole',`
+interface(`seutil_exec_newrole',`
gen_require(`
type newrole_t, newrole_exec_t;
')
@@ -239,7 +239,7 @@ define(`seutil_exec_newrole',`
##
##
#
-define(`seutil_dontaudit_newrole_signal',`
+interface(`seutil_dontaudit_newrole_signal',`
gen_require(`
type newrole_t;
class process signal;
@@ -252,7 +252,7 @@ define(`seutil_dontaudit_newrole_signal',`
#
# seutil_newrole_sigchld(domain)
#
-define(`seutil_newrole_sigchld',`
+interface(`seutil_newrole_sigchld',`
gen_require(`
type newrole_t;
class process sigchld;
@@ -265,7 +265,7 @@ define(`seutil_newrole_sigchld',`
#
# seutil_use_newrole_fd(domain)
#
-define(`seutil_use_newrole_fd',`
+interface(`seutil_use_newrole_fd',`
gen_require(`
type newrole_t;
class fd use;
@@ -284,7 +284,7 @@ define(`seutil_use_newrole_fd',`
##
##
#
-define(`seutil_domtrans_restorecon',`
+interface(`seutil_domtrans_restorecon',`
gen_require(`
type restorecon_t, restorecon_exec_t;
class process sigchld;
@@ -319,7 +319,7 @@ define(`seutil_domtrans_restorecon',`
##
##
#
-define(`seutil_run_restorecon',`
+interface(`seutil_run_restorecon',`
gen_require(`
type restorecon_t;
class chr_file rw_term_perms;
@@ -334,7 +334,7 @@ define(`seutil_run_restorecon',`
#
# seutil_exec_restorecon(domain)
#
-define(`seutil_exec_restorecon',`
+interface(`seutil_exec_restorecon',`
gen_require(`
type restorecon_t, restorecon_exec_t;
')
@@ -353,7 +353,7 @@ define(`seutil_exec_restorecon',`
##
##
#
-define(`seutil_domtrans_runinit',`
+interface(`seutil_domtrans_runinit',`
gen_require(`
type run_init_t, run_init_exec_t;
class process sigchld;
@@ -389,7 +389,7 @@ define(`seutil_domtrans_runinit',`
##
##
#
-define(`seutil_run_runinit',`
+interface(`seutil_run_runinit',`
gen_require(`
type run_init_t;
class chr_file rw_term_perms;
@@ -404,7 +404,7 @@ define(`seutil_run_runinit',`
#
# seutil_use_runinit_fd(domain)
#
-define(`seutil_use_runinit_fd',`
+interface(`seutil_use_runinit_fd',`
gen_require(`
type run_init_t;
class fd use;
@@ -423,7 +423,7 @@ define(`seutil_use_runinit_fd',`
##
##
#
-define(`seutil_domtrans_setfiles',`
+interface(`seutil_domtrans_setfiles',`
gen_require(`
type setfiles_t, setfiles_exec_t;
class process sigchld;
@@ -459,7 +459,7 @@ define(`seutil_domtrans_setfiles',`
##
##
#
-define(`seutil_run_setfiles',`
+interface(`seutil_run_setfiles',`
gen_require(`
type setfiles_t;
class chr_file rw_term_perms;
@@ -474,7 +474,7 @@ define(`seutil_run_setfiles',`
#
# seutil_exec_setfiles(domain)
#
-define(`seutil_exec_setfiles',`
+interface(`seutil_exec_setfiles',`
gen_require(`
type setfiles_exec_t;
')
@@ -488,7 +488,7 @@ define(`seutil_exec_setfiles',`
#
# seutil_read_config(domain)
#
-define(`seutil_read_config',`
+interface(`seutil_read_config',`
gen_require(`
type selinux_config_t;
class dir r_dir_perms;
@@ -504,7 +504,7 @@ define(`seutil_read_config',`
#
# seutil_read_default_contexts(domain)
#
-define(`seutil_read_default_contexts',`
+interface(`seutil_read_default_contexts',`
gen_require(`
type selinux_config_t, default_context_t;
class dir r_dir_perms;
@@ -521,7 +521,7 @@ define(`seutil_read_default_contexts',`
#
# seutil_read_file_contexts(domain)
#
-define(`seutil_read_file_contexts',`
+interface(`seutil_read_file_contexts',`
gen_require(`
type selinux_config_t, file_context_t;
class dir r_dir_perms;
@@ -538,7 +538,7 @@ define(`seutil_read_file_contexts',`
#
# seutil_read_binary_pol(domain)
#
-define(`seutil_read_binary_pol',`
+interface(`seutil_read_binary_pol',`
gen_require(`
type selinux_config_t, policy_config_t;
class dir r_dir_perms;
@@ -555,7 +555,7 @@ define(`seutil_read_binary_pol',`
#
# seutil_create_binary_pol(domain)
#
-define(`seutil_create_binary_pol',`
+interface(`seutil_create_binary_pol',`
gen_require(`
attribute can_write_binary_policy;
type selinux_config_t, policy_config_t;
@@ -580,7 +580,7 @@ define(`seutil_create_binary_pol',`
##
##
#
-define(`seutil_relabelto_binary_pol',`
+interface(`seutil_relabelto_binary_pol',`
gen_require(`
attribute can_relabelto_binary_policy;
type policy_config_t;
@@ -595,7 +595,7 @@ define(`seutil_relabelto_binary_pol',`
#
# seutil_manage_binary_pol(domain)
#
-define(`seutil_manage_binary_pol',`
+interface(`seutil_manage_binary_pol',`
gen_require(`
attribute can_write_binary_policy;
type selinux_config_t, policy_config_t;
@@ -614,7 +614,7 @@ define(`seutil_manage_binary_pol',`
#
# seutil_read_src_pol(domain)
#
-define(`seutil_read_src_pol',`
+interface(`seutil_read_src_pol',`
gen_require(`
type selinux_config_t, policy_src_t;
class dir r_dir_perms;
@@ -631,7 +631,7 @@ define(`seutil_read_src_pol',`
#
# seutil_manage_src_pol(domain)
#
-define(`seutil_manage_src_pol',`
+interface(`seutil_manage_src_pol',`
gen_require(`
type selinux_config_t, policy_src_t;
class dir create_dir_perms;
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index ce884dc..d5a0808 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -11,7 +11,7 @@
##
##
#
-define(`sysnet_domtrans_dhcpc',`
+interface(`sysnet_domtrans_dhcpc',`
gen_require(`
type dhcpc_t, dhcpc_exec_t;
class process sigchld;
@@ -38,7 +38,7 @@ define(`sysnet_domtrans_dhcpc',`
##
##
#
-define(`sysnet_domtrans_ifconfig',`
+interface(`sysnet_domtrans_ifconfig',`
gen_require(`
type ifconfig_t, ifconfig_exec_t;
class process sigchld;
@@ -73,7 +73,7 @@ define(`sysnet_domtrans_ifconfig',`
##
##
#
-define(`sysnet_run_ifconfig',`
+interface(`sysnet_run_ifconfig',`
gen_require(`
type ifconfig_t;
class chr_file rw_term_perms;
@@ -95,7 +95,7 @@ define(`sysnet_run_ifconfig',`
##
##
#
-define(`sysnet_read_config',`
+interface(`sysnet_read_config',`
gen_require(`
type net_conf_t;
class file r_file_perms;
diff --git a/refpolicy/policy/modules/system/udev.if b/refpolicy/policy/modules/system/udev.if
index 4b986f5..0dd6da7 100644
--- a/refpolicy/policy/modules/system/udev.if
+++ b/refpolicy/policy/modules/system/udev.if
@@ -11,7 +11,7 @@
##
##
#
-define(`udev_domtrans',`
+interface(`udev_domtrans',`
gen_require(`
type udev_t, udev_exec_t;
class process sigchld;
@@ -37,7 +37,7 @@ define(`udev_domtrans',`
##
##
#
-define(`udev_read_db',`
+interface(`udev_read_db',`
gen_require(`
type udev_tdb_t;
class file r_file_perms;
@@ -57,7 +57,7 @@ define(`udev_read_db',`
##
##
#
-define(`udev_rw_db',`
+interface(`udev_rw_db',`
gen_require(`
type udev_tdb_t;
class file rw_file_perms;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 7b17ad9..22927d5 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -7,7 +7,7 @@
#
# This is common to user and admin domain
-define(`base_user_domain',`
+template(`base_user_domain',`
attribute $1_file_type;
@@ -403,7 +403,7 @@ define(`base_user_domain',`
# User domain template
#
-define(`user_domain_template', `
+template(`user_domain_template', `
##############################
#
# Declarations
@@ -604,7 +604,7 @@ define(`user_domain_template', `
#
# Admin domain template
#
-define(`admin_domain_template',`
+template(`admin_domain_template',`
##############################
#
# Declarations
@@ -820,7 +820,7 @@ define(`admin_domain_template',`
##
##
#
-define(`userdom_spec_domtrans_all_users',`
+interface(`userdom_spec_domtrans_all_users',`
gen_require(`
attribute userdomain;
')
@@ -840,7 +840,7 @@ define(`userdom_spec_domtrans_all_users',`
##
##
#
-define(`userdom_spec_domtrans_unpriv_users',`
+interface(`userdom_spec_domtrans_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
')
@@ -858,7 +858,7 @@ define(`userdom_spec_domtrans_unpriv_users',`
##
##
#
-define(`userdom_shell_domtrans_sysadm',`
+interface(`userdom_shell_domtrans_sysadm',`
gen_require(`
type sysadm_t;
')
@@ -876,7 +876,7 @@ define(`userdom_shell_domtrans_sysadm',`
##
##
#
-define(`userdom_use_sysadm_tty',`
+interface(`userdom_use_sysadm_tty',`
gen_require(`
type sysadm_tty_device_t;
class chr_file { getattr read write ioctl };
@@ -897,7 +897,7 @@ define(`userdom_use_sysadm_tty',`
##
##
#
-define(`userdom_use_sysadm_terms',`
+interface(`userdom_use_sysadm_terms',`
gen_require(`
attribute admin_terminal;
class chr_file { getattr read write ioctl };
@@ -918,7 +918,7 @@ define(`userdom_use_sysadm_terms',`
##
##
#
-define(`userdom_dontaudit_use_sysadm_terms',`
+interface(`userdom_dontaudit_use_sysadm_terms',`
gen_require(`
attribute admin_terminal;
class chr_file { read write };
@@ -937,7 +937,7 @@ define(`userdom_dontaudit_use_sysadm_terms',`
##
##
#
-define(`userdom_search_all_users_home',`
+interface(`userdom_search_all_users_home',`
gen_require(`
attribute home_dir_type, home_type;
class dir search;
@@ -957,7 +957,7 @@ define(`userdom_search_all_users_home',`
##
##
#
-define(`userdom_read_all_user_data',`
+interface(`userdom_read_all_user_data',`
gen_require(`
attribute home_type;
class dir r_dir_perms;
@@ -979,7 +979,7 @@ define(`userdom_read_all_user_data',`
##
##
#
-define(`userdom_use_all_user_fd',`
+interface(`userdom_use_all_user_fd',`
gen_require(`
attribute userdomain;
class fd use;
@@ -998,7 +998,7 @@ define(`userdom_use_all_user_fd',`
##
##
#
-define(`userdom_signal_all_users',`
+interface(`userdom_signal_all_users',`
gen_require(`
attribute userdomain;
class process signal;
@@ -1017,7 +1017,7 @@ define(`userdom_signal_all_users',`
##
##
#
-define(`userdom_signal_unpriv_users',`
+interface(`userdom_signal_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
class process signal;
@@ -1036,7 +1036,7 @@ define(`userdom_signal_unpriv_users',`
##
##
#
-define(`userdom_use_unpriv_users_fd',`
+interface(`userdom_use_unpriv_users_fd',`
gen_require(`
attribute unpriv_userdomain;
class fd use;
@@ -1056,7 +1056,7 @@ define(`userdom_use_unpriv_users_fd',`
##
##
#
-define(`userdom_dontaudit_use_unpriv_user_fd',`
+interface(`userdom_dontaudit_use_unpriv_user_fd',`
gen_require(`
attribute unpriv_userdomain;
class fd use;
diff --git a/refpolicy/policy/support/loadable_module.spt b/refpolicy/policy/support/loadable_module.spt
index be921cc..0faaff7 100644
--- a/refpolicy/policy/support/loadable_module.spt
+++ b/refpolicy/policy/support/loadable_module.spt
@@ -28,17 +28,52 @@ define(`gen_require',`
##############################
#
-# In the future interfaces could be in loadable modules
+# In the future interfaces should be in loadable modules
#
-# module_interface(name,rules)
+# template(name,rules)
#
-define(`module_interface',`
- define(`$1',`
- gen_require(`$1'_depend)
+define(`template',`
+ `define(`$1',`
+###### begin $1(dollarsstar)
$2
- ')
+###### end $1(dollarsstar)
+ '')
')
+# helper function, since m4 wont expand macros
+# if a line is a comment (#):
+define(`policy_m4_comment',`dnl
+##### $2 depth: $1
+')dnl
+
+##############################
+#
+# In the future interfaces should be in loadable modules
+#
+# interface(name,rules)
+#
+define(`interface',`
+ `define(`$1',`
+
+ define(`policy_temp',incr(policy_call_depth))
+ pushdef(`policy_call_depth',policy_temp)
+ undefine(`policy_temp')
+
+ policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar))
+
+ $2
+
+ define(`policy_temp',decr(policy_call_depth))
+ pushdef(`policy_call_depth',policy_temp)
+ undefine(`policy_temp')
+
+ policy_m4_comment(policy_call_depth,end `$1'(dollarsstar))
+
+ '')
+')
+
+define(`policy_call_depth',0)
+
##############################
#
# Optional policy handling