2005-06-01 17:27:39 +00:00
|
|
|
## <module name="filesystem" layer="kernel">
|
2005-06-01 14:17:43 +00:00
|
|
|
## <summary>Policy for filesystems.</summary>
|
2005-04-20 19:07:16 +00:00
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_make_fs(type)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_make_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
typeattribute $1 fs_type;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_make_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-16 17:20:59 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_associate(type)
|
2005-04-16 17:20:59 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_associate',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_t:filesystem associate;
|
2005-04-16 17:20:59 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_associate_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem associate;
|
2005-04-16 17:20:59 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_noxattr_associate(type)
|
2005-04-16 17:20:59 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_noxattr_associate',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 autofs_t:filesystem associate;
|
|
|
|
|
allow $1 cifs_t:filesystem associate;
|
|
|
|
|
allow $1 dosfs_t:filesystem associate;
|
|
|
|
|
allow $1 iso9660_t:filesystem associate;
|
|
|
|
|
allow $1 nfs_t:filesystem associate;
|
|
|
|
|
allow $1 removable_t:filesystem associate;
|
|
|
|
|
allow $1 usbfs_t:filesystem associate;
|
2005-04-16 17:20:59 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_noxattr_associate_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t, nfs_t, cifs_t, dosfs_t, iso9660_t, autofs_t, usbfs_t, removable_t;
|
|
|
|
|
|
|
|
|
|
class filesystem associate;
|
2005-04-16 17:20:59 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_persistent_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_persistent_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_persistent_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_persistent_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_persistent_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_persistent_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_persistent_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_persistent_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_persistent_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_persistent_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_persistent_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_persistent_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-19 18:56:47 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_ignore_get_persistent_fs_attributes(domain)
|
2005-04-19 18:56:47 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_ignore_get_persistent_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
dontaudit $1 fs_t:filesystem getattr;
|
2005-04-19 18:56:47 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_ignore_get_persistent_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-19 18:56:47 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-24 15:55:57 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_relabelfrom_persistent_fs(domain)
|
2005-05-24 15:55:57 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_relabelfrom_persistent_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_t:filesystem relabelfrom;
|
2005-05-24 15:55:57 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_relabelfrom_persistent_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem relabelfrom;
|
2005-05-24 15:55:57 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_automount_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_automount_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 autofs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_automount_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type autofs_t;
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_automount_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_automount_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 autofs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_automount_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type autofs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_automount_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_automount_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 autofs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_automount_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type autofs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_automount_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_automount_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 autofs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_automount_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type autofs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_register_binary_executable_type(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_register_binary_executable_type',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 binfmt_misc_fs_t:dir { getattr search };
|
|
|
|
|
allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_register_binary_executable_type_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type binfmt_misc_fs_t;
|
|
|
|
|
|
|
|
|
|
class dir { getattr search };
|
|
|
|
|
class file { getattr ioctl write };
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_windows_network_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_windows_network_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_windows_network_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_windows_network_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_windows_network_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_windows_network_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_windows_network_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_windows_network_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_windows_network_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_windows_network_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_windows_network_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_windows_network_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-16 21:10:33 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_execute_windows_network_files(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_execute_windows_network_files',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:dir r_dir_perms;
|
|
|
|
|
allow $1 cifs_t:file { getattr read execute execute_no_trans };
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_execute_windows_network_files_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class dir r_dir_perms;
|
|
|
|
|
class file { getattr read execute execute_no_trans };
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_windows_network_directories(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_directories',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:dir create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_directories_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class dir create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_windows_network_files(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_files',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 cifs_t:file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_files_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_windows_network_symbolic_links(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_symbolic_links',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 cifs_t:lnk_file create_lnk_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_symbolic_links_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class lnk_file create_lnk_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_windows_network_named_pipes(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_named_pipes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 cifs_t:fifo_file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_named_pipes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class fifo_file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_windows_network_named_sockets(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_named_sockets',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 cifs_t:dir rw_file_perms;
|
|
|
|
|
allow $1 cifs_t:sock_file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_windows_network_named_sockets_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type cifs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class sock_file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_dos_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_dos_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 dosfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_dos_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type dosfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_dos_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_dos_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 dosfs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_dos_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type dosfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_dos_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_dos_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 dosfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_dos_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type dosfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_dos_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_dos_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 dosfs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_dos_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type dosfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-24 15:55:57 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_relabelfrom_dos_fs(domain)
|
2005-05-24 15:55:57 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_relabelfrom_dos_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 dosfs_t:filesystem relabelfrom;
|
2005-05-24 15:55:57 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_relabelfrom_dos_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type dosfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem relabelfrom;
|
2005-05-24 15:55:57 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_cd_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_cd_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 iso9660_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_cd_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type iso9660_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_cd_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_cd_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 iso9660_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_cd_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type iso9660_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_cd_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_cd_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 iso9660_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_cd_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type iso9660_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_cd_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_cd_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 iso9660_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_cd_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type iso9660_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_nfs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_nfs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_nfs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_nfs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_nfs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_nfs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_nfs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_nfs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_nfs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_nfs_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_nfs_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_nfs_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-16 21:10:33 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_execute_nfs_files(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_execute_nfs_files',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:dir r_dir_perms;
|
|
|
|
|
allow $1 nfs_t:file { getattr read execute execute_no_trans };
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_execute_nfs_files_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class dir r_dir_perms;
|
|
|
|
|
class file { getattr read execute execute_no_trans };
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_nfs_directories(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_directories',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:dir create_dir_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_directories_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class dir create_dir_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_nfs_files(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_files',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 nfs_t:file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_files_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_nfs_symbolic_links(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_symbolic_links',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 nfs_t:lnk_file create_lnk_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_symbolic_links_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class dir r_dir_perms;
|
|
|
|
|
class lnk_file create_lnk_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_nfs_named_pipes(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_named_pipes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 nfs_t:fifo_file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_named_pipes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class dir { getattr search read write add_name remove_name };
|
|
|
|
|
class fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_manage_nfs_named_sockets(domain)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_named_sockets',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 nfs_t:sock_file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_nfs_named_sockets_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class sock_file create_file_perms;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_nfsd_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_nfsd_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfsd_fs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_nfsd_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfsd_fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_nfsd_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_nfsd_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfsd_fs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_nfsd_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfsd_fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_nfsd_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_nfsd_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfsd_fs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_nfsd_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfsd_fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_nfsd_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_nfsd_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 nfsd_fs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_nfsd_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type nfsd_fs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_ram_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_ram_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 ramfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_ram_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type ramfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_ram_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_ram_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 ramfs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_ram_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type ramfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_ram_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_ram_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 ramfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_ram_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type ramfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_ram_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_ram_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 ramfs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_ram_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type ramfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_rom_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_rom_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 romfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_rom_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type romfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_rom_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_rom_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 romfs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_rom_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type romfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_rom_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_rom_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 romfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_rom_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type romfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_rom_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_rom_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 romfs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_rom_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type romfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_rpc_pipefs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_rpc_pipefs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 rpc_pipefs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_rpc_pipefs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type rpc_pipefs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_rpc_pipefs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_rpc_pipefs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 rpc_pipefs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_rpc_pipefs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type rpc_pipefs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_rpc_pipefs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_rpc_pipefs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 rpc_pipefs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_rpc_pipefs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type rpc_pipefs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_rpc_pipefs_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_rpc_pipefs_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 rpc_pipefs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_rpc_pipefs_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type rpc_pipefs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_tmpfs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_tmpfs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_tmpfs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_tmpfs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_tmpfs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_tmpfs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_tmpfs_fs(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_tmpfs_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_tmpfs_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_tmpfs_fs_attributes(domain)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_tmpfs_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_tmpfs_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
2005-06-08 13:12:00 +00:00
|
|
|
## <interface name="fs_tmpfs_associate">
|
2005-05-19 21:06:06 +00:00
|
|
|
## <description>
|
|
|
|
|
## Allow the type to associate to tmpfs filesystems.
|
|
|
|
|
## </description>
|
|
|
|
|
## <parameter name="type">
|
|
|
|
|
## The type of the object to be associated.
|
|
|
|
|
## </parameter>
|
2005-05-23 17:56:00 +00:00
|
|
|
## <infoflow type="none"/>
|
2005-05-19 21:06:06 +00:00
|
|
|
## </interface>
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_tmpfs_associate',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:filesystem associate;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_tmpfs_associate_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem associate;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_create_private_tmpfs_data(domain,derivedtype,[class])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_create_private_tmpfs_data',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $2 tmpfs_t:filesystem associate;
|
|
|
|
|
allow $1 tmpfs_t:dir rw_dir_perms;
|
|
|
|
|
|
|
|
|
|
ifelse(`$3',`',`
|
|
|
|
|
type_transition $1 tmpfs_t:file $2;
|
|
|
|
|
',`
|
|
|
|
|
type_transition $1 tmpfs_t:$3 $2;
|
|
|
|
|
')
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_create_private_tmpfs_data_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class filesystem associate;
|
|
|
|
|
class dir rw_dir_perms;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-19 21:06:06 +00:00
|
|
|
########################################
|
2005-06-08 13:12:00 +00:00
|
|
|
## <interface name="fs_use_tmpfs_character_devices">
|
2005-05-19 21:06:06 +00:00
|
|
|
## <description>
|
|
|
|
|
## Read and write character nodes on tmpfs filesystems.
|
|
|
|
|
## </description>
|
|
|
|
|
## <parameter name="domain">
|
|
|
|
|
## The type of the process performing this action.
|
|
|
|
|
## </parameter>
|
|
|
|
|
## <infoflow type="both" weight="10"/>
|
|
|
|
|
## </interface>
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_use_tmpfs_character_devices',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:dir r_dir_perms;
|
|
|
|
|
allow $1 tmpfs_t:chr_file rw_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_use_tmpfs_character_devices_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class dir r_dir_perms;
|
|
|
|
|
class chr_file rw_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-25 20:58:21 +00:00
|
|
|
########################################
|
2005-06-08 13:12:00 +00:00
|
|
|
## <interface name="fs_relabel_tmpfs_character_devices">
|
2005-05-25 20:58:21 +00:00
|
|
|
## <description>
|
|
|
|
|
## Relabel character nodes on tmpfs filesystems.
|
|
|
|
|
## </description>
|
|
|
|
|
## <parameter name="domain">
|
|
|
|
|
## The type of the process performing this action.
|
|
|
|
|
## </parameter>
|
|
|
|
|
## <infoflow type="both" weight="10"/>
|
|
|
|
|
## </interface>
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_relabel_tmpfs_character_devices',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:dir r_dir_perms;
|
|
|
|
|
allow $1 tmpfs_t:chr_file { getattr relabelfrom relabelto };
|
2005-05-25 20:58:21 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_relabel_tmpfs_character_devices_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class dir r_dir_perms;
|
|
|
|
|
class chr_file { getattr relabelfrom relabelto };
|
2005-05-25 20:58:21 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-19 21:06:06 +00:00
|
|
|
########################################
|
2005-06-08 13:12:00 +00:00
|
|
|
## <interface name="fs_use_tmpfs_block_devices">
|
2005-05-19 21:06:06 +00:00
|
|
|
## <description>
|
|
|
|
|
## Read and write block nodes on tmpfs filesystems.
|
|
|
|
|
## </description>
|
|
|
|
|
## <parameter name="domain">
|
|
|
|
|
## The type of the process performing this action.
|
|
|
|
|
## </parameter>
|
|
|
|
|
## <infoflow type="both" weight="10"/>
|
|
|
|
|
## </interface>
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_use_tmpfs_block_devices',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:dir r_dir_perms;
|
|
|
|
|
allow $1 tmpfs_t:blk_file rw_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_use_tmpfs_block_devices_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class dir r_dir_perms;
|
|
|
|
|
class blk_file rw_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
2005-06-08 13:12:00 +00:00
|
|
|
## <interface name="fs_relabel_tmpfs_block_devices">
|
2005-05-25 20:58:21 +00:00
|
|
|
## <description>
|
|
|
|
|
## Relabel block nodes on tmpfs filesystems.
|
|
|
|
|
## </description>
|
|
|
|
|
## <parameter name="domain">
|
|
|
|
|
## The type of the process performing this action.
|
|
|
|
|
## </parameter>
|
|
|
|
|
## <infoflow type="both" weight="10"/>
|
|
|
|
|
## </interface>
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_relabel_tmpfs_block_devices',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:dir r_dir_perms;
|
|
|
|
|
allow $1 tmpfs_t:blk_file { getattr relabelfrom relabelto };
|
2005-05-25 20:58:21 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_use_tmpfs_block_devices_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class dir r_dir_perms;
|
|
|
|
|
class blk_file { getattr relabelfrom relabelto };
|
2005-05-25 20:58:21 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
2005-06-08 13:12:00 +00:00
|
|
|
## <interface name="fs_manage_tmpfs_character_devices">
|
2005-05-19 21:06:06 +00:00
|
|
|
## <description>
|
|
|
|
|
## Read and write, create and delete character
|
|
|
|
|
## nodes on tmpfs filesystems.
|
|
|
|
|
## </description>
|
|
|
|
|
## <parameter name="domain">
|
|
|
|
|
## The type of the process performing this action.
|
|
|
|
|
## </parameter>
|
|
|
|
|
## <infoflow type="both" weight="10"/>
|
|
|
|
|
## </interface>
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_tmpfs_character_devices',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 tmpfs_t:chr_file create_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_tmpfs_character_devices_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class chr_file create_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
2005-06-08 13:12:00 +00:00
|
|
|
## <interface name="fs_manage_tmpfs_block_devices">
|
2005-05-19 21:06:06 +00:00
|
|
|
## <description>
|
|
|
|
|
## Read and write, create and delete block nodes
|
|
|
|
|
## on tmpfs filesystems.
|
|
|
|
|
## </description>
|
|
|
|
|
## <parameter name="domain">
|
|
|
|
|
## The type of the process performing this action.
|
|
|
|
|
## </parameter>
|
|
|
|
|
## <infoflow type="both" weight="10"/>
|
|
|
|
|
## </interface>
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_tmpfs_block_devices',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 tmpfs_t:dir rw_dir_perms;
|
|
|
|
|
allow $1 tmpfs_t:blk_file create_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_manage_tmpfs_block_devices_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
|
|
|
|
|
|
class dir rw_dir_perms;
|
|
|
|
|
class blk_file create_file_perms;
|
2005-05-19 21:06:06 +00:00
|
|
|
')
|
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_mount_all_fs(type)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_all_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_type:filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_all_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
|
|
|
|
|
|
|
|
|
class filesystem mount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_remount_all_fs(type)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_all_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_type:filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_remount_all_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
|
|
|
|
|
|
|
|
|
class filesystem remount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_unmount_all_fs(type)
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_unmount_all_fs',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_type:filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_mount_all_fs_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
|
|
|
|
|
|
|
|
|
class filesystem unmount;
|
2005-04-14 20:18:17 +00:00
|
|
|
')
|
2005-04-25 19:54:27 +00:00
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_all_fs_attributes(type)
|
2005-04-25 19:54:27 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_all_fs_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_type:filesystem getattr;
|
2005-04-25 19:54:27 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_all_fs_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
|
|
|
|
|
|
|
|
|
class filesystem getattr;
|
2005-04-25 19:54:27 +00:00
|
|
|
')
|
2005-05-12 20:50:09 +00:00
|
|
|
|
2005-05-16 21:10:33 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_all_fs_quotas(type)
|
2005-05-16 21:10:33 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_all_fs_quotas',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_type:filesystem quotaget;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_all_fs_quotas_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
|
|
|
|
|
|
|
|
|
class filesystem quotaget;
|
2005-05-16 21:10:33 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-18 13:20:38 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_set_all_fs_quotas(type)
|
2005-05-18 13:20:38 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_set_all_fs_quotas',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_type:filesystem quotamod;
|
2005-05-18 13:20:38 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_set_all_fs_quotas_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
|
|
|
|
|
|
|
|
|
class filesystem quotamod;
|
2005-05-18 13:20:38 +00:00
|
|
|
')
|
|
|
|
|
|
2005-05-12 20:50:09 +00:00
|
|
|
########################################
|
|
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
# fs_get_all_file_attributes(type)
|
2005-05-12 20:50:09 +00:00
|
|
|
#
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_all_file_attributes',`
|
2005-06-03 12:25:14 +00:00
|
|
|
requires_block_template(`$0'_depend)
|
|
|
|
|
|
|
|
|
|
allow $1 fs_type:dir { search getattr };
|
|
|
|
|
allow $1 fs_type:file getattr;
|
|
|
|
|
allow $1 fs_type:lnk_file getattr;
|
|
|
|
|
allow $1 fs_type:fifo_file getattr;
|
|
|
|
|
allow $1 fs_type:sock_file getattr;
|
2005-05-12 20:50:09 +00:00
|
|
|
')
|
|
|
|
|
|
2005-06-08 13:12:00 +00:00
|
|
|
define(`fs_get_all_file_attributes_depend',`
|
2005-06-03 12:25:14 +00:00
|
|
|
attribute fs_type;
|
|
|
|
|
|
|
|
|
|
class dir { search getattr };
|
|
|
|
|
class file getattr;
|
|
|
|
|
class lnk_file getattr;
|
|
|
|
|
class fifo_file getattr;
|
|
|
|
|
class sock_file getattr;
|
2005-05-12 20:50:09 +00:00
|
|
|
')
|
2005-06-01 14:17:43 +00:00
|
|
|
|
|
|
|
|
## </module>
|
