diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te index cdff63f..8445136 100644 --- a/refpolicy/policy/modules/admin/netutils.te +++ b/refpolicy/policy/modules/admin/netutils.te @@ -13,7 +13,7 @@ domain_make_system_domain(netutils_t,netutils_exec_t) role system_r types netutils_t; type netutils_tmp_t; -files_make_file(netutils_tmp_t) +files_make_temporary_file(netutils_tmp_t) type ping_t; #, nscd_client_domain; type ping_exec_t; diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te index 33b8504..6b95a66 100644 --- a/refpolicy/policy/modules/admin/usermanage.te +++ b/refpolicy/policy/modules/admin/usermanage.te @@ -28,7 +28,7 @@ type crack_db_t; #, usercanread; files_make_file(crack_db_t) type crack_tmp_t; -files_make_file(crack_tmp_t) +files_make_temporary_file(crack_tmp_t) type groupadd_t; #, nscd_client_domain; type groupadd_exec_t; diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if index 2fc096d..ca83e74 100644 --- a/refpolicy/policy/modules/apps/gpg.if +++ b/refpolicy/policy/modules/apps/gpg.if @@ -25,7 +25,7 @@ domain_make_entrypoint_file($1_gpg_agent_t,gpg_agent_exec_t) role $1_r types $1_gpg_agent_t; type $1_gpg_agent_tmp_t; -files_make_file($1_gpg_agent_tmp_t) +files_make_temporary_file($1_gpg_agent_tmp_t) type $1_gpg_secret_t; #, $1_file_type; files_make_file($1_gpg_secret_t) diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te index 4577903..94ed02d 100644 --- a/refpolicy/policy/modules/kernel/bootloader.te +++ b/refpolicy/policy/modules/kernel/bootloader.te @@ -43,7 +43,7 @@ files_make_file(bootloader_etc_t) # it consists of files and device nodes # type bootloader_tmp_t; -files_make_file(bootloader_tmp_t) +files_make_temporary_file(bootloader_tmp_t) devices_make_device_node(bootloader_tmp_t) # kernel modules diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index a34b524..6d49187 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -28,7 +28,7 @@ type crond_log_t; logging_make_log_file(crond_log_t) type crond_tmp_t; -files_make_file(crond_tmp_t) +files_make_temporary_file(crond_tmp_t) type crond_var_run_t; files_make_file(crond_var_run_t) @@ -43,7 +43,7 @@ corecommands_make_shell_entrypoint(system_crond_t) role system_r types system_crond_t; type system_crond_tmp_t; -files_make_file(system_crond_tmp_t) +files_make_temporary_file(system_crond_tmp_t) ######################################## # diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if index 6b41ebb..8ead83e 100644 --- a/refpolicy/policy/modules/services/mta.if +++ b/refpolicy/policy/modules/services/mta.if @@ -13,7 +13,7 @@ type $1_mail_t; domain_make_domain($1_mail_t) type $1_mail_tmp_t; -files_make_file($1_mail_tmp_t) +files_make_temporary_file($1_mail_tmp_t) logging_send_system_log_message($1_mail_t) diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te index cd0054f..14cbadc 100644 --- a/refpolicy/policy/modules/services/remotelogin.te +++ b/refpolicy/policy/modules/services/remotelogin.te @@ -17,7 +17,7 @@ authlogin_make_login_program_entrypoint(remote_login_t) role system_r types remote_login_t; type remote_login_tmp_t; -files_make_file(remote_login_tmp_t) +files_make_temporary_file(remote_login_tmp_t) ######################################## # diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te index dacadde..5e6b50a 100644 --- a/refpolicy/policy/modules/system/authlogin.te +++ b/refpolicy/policy/modules/system/authlogin.te @@ -33,7 +33,7 @@ type pam_exec_t; domain_make_entrypoint_file(pam_t,pam_exec_t) type pam_tmp_t; -files_make_file(pam_tmp_t) +files_make_temporary_file(pam_tmp_t) type pam_var_console_t; #, nscd_client_domain files_make_file(pam_var_console_t) diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if index c334694..17ebea4 100644 --- a/refpolicy/policy/modules/system/files.if +++ b/refpolicy/policy/modules/system/files.if @@ -17,6 +17,20 @@ attribute file_type; ######################################## # +# files_make_temporary_file(type) +# +define(`files_make_temporary_file',` +requires_block_template(`$0'_depend) +files_make_file($1) +typeattribute $1 tmpfile; +') + +define(`files_make_temporary_file_depend',` +attribute tmpfile; +') + +######################################## +# # files_make_mountpoint(type) # define(`files_make_mountpoint',` @@ -462,11 +476,9 @@ type_transition $1 tmp_t:file $2; ',` type_transition $1 tmp_t:$3 $2; ') -typeattribute $1 tmpfile; ') define(`files_create_private_tmp_data_depend',` -attribute tmpfile; type tmp_t; class dir { getattr search read write add_name }; ') diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te index 54abb19..ca2feb1 100644 --- a/refpolicy/policy/modules/system/getty.te +++ b/refpolicy/policy/modules/system/getty.te @@ -10,12 +10,12 @@ domain_make_file_descriptors_widely_inheritable(getty_t) type getty_etc_t; typealias getty_etc_t alias etc_getty_t; -type getty_tmp_t; -files_make_file(getty_tmp_t) - type getty_log_t; logging_make_log_file(getty_log_t) +type getty_tmp_t; +files_make_temporary_file(getty_tmp_t) + ######################################## # # Getty local policy diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index 832bcf0..bad47ae 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -56,7 +56,7 @@ type initrc_state_t; files_make_file(initrc_state_t) type initrc_tmp_t; -files_make_file(initrc_tmp_t) +files_make_temporary_file(initrc_tmp_t) type run_init_t; domain_make_domain(run_init_t) diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te index a805952..dbdb78a 100644 --- a/refpolicy/policy/modules/system/iptables.te +++ b/refpolicy/policy/modules/system/iptables.te @@ -13,7 +13,7 @@ domain_make_system_domain(iptables_t,iptables_exec_t) role system_r types iptables_t; type iptables_tmp_t; -files_make_file(iptables_tmp_t) +files_make_temporary_file(iptables_tmp_t) type iptables_var_run_t; #, pidfile; files_make_file(iptables_var_run_t) diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te index a15471d..7753793 100644 --- a/refpolicy/policy/modules/system/logging.te +++ b/refpolicy/policy/modules/system/logging.te @@ -12,7 +12,7 @@ type klogd_exec_t; domain_make_daemon_domain(klogd_t,klogd_exec_t) type klogd_tmp_t; -files_make_file(klogd_tmp_t) +files_make_temporary_file(klogd_tmp_t) type klogd_var_run_t; files_make_file(klogd_var_run_t) @@ -22,7 +22,7 @@ type syslogd_exec_t; domain_make_daemon_domain(syslogd_t,syslogd_exec_t) type syslogd_tmp_t; -files_make_file(syslogd_tmp_t) +files_make_temporary_file(syslogd_tmp_t) type syslogd_var_run_t; files_make_file(syslogd_var_run_t) diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te index 62854b9..c09291b 100644 --- a/refpolicy/policy/modules/system/modutils.te +++ b/refpolicy/policy/modules/system/modutils.te @@ -31,7 +31,7 @@ domain_make_system_domain(update_modules_t,update_modules_exec_t) role system_r types update_modules_t; type update_modules_tmp_t; -files_make_file(update_modules_tmp_t) +files_make_temporary_file(update_modules_tmp_t) ######################################## # diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te index a999b3d..e8f256f 100644 --- a/refpolicy/policy/modules/system/mount.te +++ b/refpolicy/policy/modules/system/mount.te @@ -6,7 +6,7 @@ domain_make_system_domain(mount_t,mount_exec_t) role system_r types mount_t; type mount_tmp_t; -files_make_file(mount_tmp_t) +files_make_temporary_file(mount_tmp_t) ######################################## # diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te index b95984d..eeae74f 100644 --- a/refpolicy/policy/modules/system/sysnetwork.te +++ b/refpolicy/policy/modules/system/sysnetwork.te @@ -16,7 +16,7 @@ type dhcpc_state_t; files_make_file(dhcpc_state_t) type dhcpc_tmp_t; -files_make_file(dhcpc_tmp_t) +files_make_temporary_file(dhcpc_tmp_t) type dhcpc_var_run_t; files_make_file(dhcpc_var_run_t)