2005-04-20 19:07:16 +00:00
|
|
|
# Copyright (C) 2005 Tresys Technology, LLC
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_make_filesystem(type,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_make_filesystem',`
|
|
|
|
requires_block_template(filesystem_make_filesystem_depend,$2)
|
|
|
|
typeattribute $1 fs_type;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_make_filesystem_depend',`
|
|
|
|
attribute fs_type;
|
|
|
|
')
|
|
|
|
|
2005-04-16 17:20:59 +00:00
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_associate(type,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_associate',`
|
|
|
|
requires_block_template(filesystem_associate_depend,$2)
|
|
|
|
allow $1 fs_t:filesystem associate;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_associate_depend',`
|
|
|
|
type fs_t;
|
|
|
|
class filesystem associate;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-21 22:46:49 +00:00
|
|
|
# filesystem_noxattr_associate(type,[`optional'])
|
2005-04-16 17:20:59 +00:00
|
|
|
#
|
2005-04-21 22:46:49 +00:00
|
|
|
define(`filesystem_noxattr_associate',`
|
|
|
|
requires_block_template(filesystem_noxattr_associate_depend,$2)
|
2005-04-16 17:20:59 +00:00
|
|
|
allow $1 autofs_t:filesystem associate;
|
|
|
|
allow $1 cifs_t:filesystem associate;
|
|
|
|
allow $1 dosfs_t:filesystem associate;
|
|
|
|
allow $1 iso9660_t:filesystem associate;
|
|
|
|
allow $1 nfs_t:filesystem associate;
|
2005-04-21 22:46:49 +00:00
|
|
|
allow $1 removable_t:filesystem associate;
|
|
|
|
allow $1 usbfs_t:filesystem associate;
|
2005-04-16 17:20:59 +00:00
|
|
|
')
|
|
|
|
|
2005-04-21 22:46:49 +00:00
|
|
|
define(`filesystem_noxattr_associate_depend',`
|
|
|
|
type fs_t, nfs_t, cifs_t, dosfs_t, iso9660_t, autofs_t, usbfs_t, removable_t;
|
2005-04-16 17:20:59 +00:00
|
|
|
class filesystem associate;
|
|
|
|
')
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_persistent_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_persistent_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_persistent_filesystem_depend,$2)
|
|
|
|
allow $1 fs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_persistent_filesystem_depend',`
|
|
|
|
type fs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_persistent_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_persistent_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_persistent_filesystem_depend,$2)
|
|
|
|
allow $1 fs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_persistent_filesystem_depend',`
|
|
|
|
type fs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_persistent_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_persistent_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_persistent_filesystem_depend,$2)
|
|
|
|
allow $1 fs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_persistent_filesystem_depend',`
|
|
|
|
type fs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_persistent_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_persistent_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_persistent_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 fs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_persistent_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type fs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-19 18:56:47 +00:00
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_ignore_read_persistent_filesystem_attributes(domain,[`optional'])
|
2005-04-19 18:56:47 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_ignore_read_persistent_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_ignore_read_persistent_filesystem_attributes_depend,$2)
|
2005-04-19 18:56:47 +00:00
|
|
|
dontaudit $1 fs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_ignore_read_persistent_filesystem_attributes_depend',`
|
2005-04-19 18:56:47 +00:00
|
|
|
type fs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_automount_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_automount_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_automount_filesystem_depend,$2)
|
|
|
|
allow $1 autofs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_automount_filesystem_depend',`
|
|
|
|
type autofs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_automount_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_automount_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_automount_filesystem_depend,$2)
|
|
|
|
allow $1 autofs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_automount_filesystem_depend',`
|
|
|
|
type autofs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_automount_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_automount_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_automount_filesystem_depend,$2)
|
|
|
|
allow $1 autofs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_automount_filesystem_depend',`
|
|
|
|
type autofs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_automount_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_automount_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_automount_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 autofs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_automount_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type autofs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_register_binary_executable_type(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_register_binary_executable_type',`
|
|
|
|
requires_block_template(filesystem_register_binary_executable_type_depend,$2)
|
|
|
|
allow $1 binfmt_misc_fs_t:dir { getattr search };
|
|
|
|
allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_register_binary_executable_type_depend',`
|
|
|
|
type binfmt_misc_fs_t;
|
|
|
|
class dir { getattr search };
|
|
|
|
class file { getattr ioctl write };
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_windows_network_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_windows_network_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_windows_network_filesystem_depend,$2)
|
|
|
|
allow $1 cifs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_windows_network_filesystem_depend',`
|
|
|
|
type cifs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_windows_network_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_windows_network_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_windows_network_filesystem_depend,$2)
|
|
|
|
allow $1 cifs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_windows_network_filesystem_depend',`
|
|
|
|
type cifs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_windows_network_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_windows_network_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_windows_network_filesystem_depend,$2)
|
|
|
|
allow $1 cifs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_windows_network_filesystem_depend',`
|
|
|
|
type cifs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_windows_network_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_windows_network_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_windows_network_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 cifs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_windows_network_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type cifs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_dos_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_dos_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_dos_filesystem_depend,$2)
|
|
|
|
allow $1 dosfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_dos_filesystem_depend',`
|
|
|
|
type dosfs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_dos_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_dos_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_dos_filesystem_depend,$2)
|
|
|
|
allow $1 dosfs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_dos_filesystem_depend',`
|
|
|
|
type dosfs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_dos_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_dos_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_dos_filesystem_depend,$2)
|
|
|
|
allow $1 dosfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_dos_filesystem_depend',`
|
|
|
|
type dosfs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_dos_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_dos_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_dos_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 dosfs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_dos_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type dosfs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_cd_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_cd_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_cd_filesystem_depend,$2)
|
|
|
|
allow $1 iso9660_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_cd_filesystem_depend',`
|
|
|
|
type iso9660_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_cd_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_cd_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_cd_filesystem_depend,$2)
|
|
|
|
allow $1 iso9660_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_cd_filesystem_depend',`
|
|
|
|
type iso9660_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_cd_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_cd_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_cd_filesystem_depend,$2)
|
|
|
|
allow $1 iso9660_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_cd_filesystem_depend',`
|
|
|
|
type iso9660_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_cd_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_cd_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_cd_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 iso9660_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_cd_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type iso9660_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_nfs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_nfs_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_nfs_filesystem_depend,$2)
|
|
|
|
allow $1 nfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_nfs_filesystem_depend',`
|
|
|
|
type nfs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_nfs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_nfs_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_nfs_filesystem_depend,$2)
|
|
|
|
allow $1 nfs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_nfs_filesystem_depend',`
|
|
|
|
type nfs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_nfs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_nfs_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_nfs_filesystem_depend,$2)
|
|
|
|
allow $1 nfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_nfs_filesystem_depend',`
|
|
|
|
type nfs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_nfs_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_nfs_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_nfs_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 nfs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_nfs_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type nfs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_nfsd_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_nfsd_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_nfsd_filesystem_depend,$2)
|
|
|
|
allow $1 nfsd_fs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_nfsd_filesystem_depend',`
|
|
|
|
type nfsd_fs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_nfsd_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_nfsd_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_nfsd_filesystem_depend,$2)
|
|
|
|
allow $1 nfsd_fs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_nfsd_filesystem_depend',`
|
|
|
|
type nfsd_fs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_nfsd_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_nfsd_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_nfsd_filesystem_depend,$2)
|
|
|
|
allow $1 nfsd_fs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_nfsd_filesystem_depend',`
|
|
|
|
type nfsd_fs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_nfsd_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_nfsd_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_nfsd_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 nfsd_fs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_nfsd_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type nfsd_fs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_ram_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_ram_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_ram_filesystem_depend,$2)
|
|
|
|
allow $1 ramfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_ram_filesystem_depend',`
|
|
|
|
type ramfs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_ram_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_ram_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_ram_filesystem_depend,$2)
|
|
|
|
allow $1 ramfs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_ram_filesystem_depend',`
|
|
|
|
type ramfs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_ram_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_ram_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_ram_filesystem_depend,$2)
|
|
|
|
allow $1 ramfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_ram_filesystem_depend',`
|
|
|
|
type ramfs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_ram_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_ram_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_ram_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 ramfs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_ram_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type ramfs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_rom_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_rom_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_rom_filesystem_depend,$2)
|
|
|
|
allow $1 romfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_rom_filesystem_depend',`
|
|
|
|
type romfs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_rom_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_rom_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_rom_filesystem_depend,$2)
|
|
|
|
allow $1 romfs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_rom_filesystem_depend',`
|
|
|
|
type romfs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_rom_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_rom_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_rom_filesystem_depend,$2)
|
|
|
|
allow $1 romfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_rom_filesystem_depend',`
|
|
|
|
type romfs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_rom_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_rom_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_rom_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 romfs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_rom_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type romfs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_rpc_pipefs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_rpc_pipefs_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_rpc_pipefs_filesystem_depend,$2)
|
|
|
|
allow $1 rpc_pipefs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_rpc_pipefs_filesystem_depend',`
|
|
|
|
type rpc_pipefs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_rpc_pipefs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_rpc_pipefs_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_rpc_pipefs_filesystem_depend,$2)
|
|
|
|
allow $1 rpc_pipefs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_rpc_pipefs_filesystem_depend',`
|
|
|
|
type rpc_pipefs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_rpc_pipefs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_rpc_pipefs_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_rpc_pipefs_filesystem_depend,$2)
|
|
|
|
allow $1 rpc_pipefs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_rpc_pipefs_filesystem_depend',`
|
|
|
|
type rpc_pipefs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_rpc_pipefs_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_rpc_pipefs_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_rpc_pipefs_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 rpc_pipefs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_rpc_pipefs_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type rpc_pipefs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_tmpfs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_tmpfs_filesystem',`
|
|
|
|
requires_block_template(filesystem_mount_tmpfs_filesystem_depend,$2)
|
|
|
|
allow $1 tmpfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_tmpfs_filesystem_depend',`
|
|
|
|
type tmpfs_t;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_tmpfs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_tmpfs_filesystem',`
|
|
|
|
requires_block_template(filesystem_remount_tmpfs_filesystem_depend,$2)
|
|
|
|
allow $1 tmpfs_t:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_tmpfs_filesystem_depend',`
|
|
|
|
type tmpfs_t;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_tmpfs_filesystem(domain,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_tmpfs_filesystem',`
|
|
|
|
requires_block_template(filesystem_unmount_tmpfs_filesystem_depend,$2)
|
|
|
|
allow $1 tmpfs_t:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_unmount_tmpfs_filesystem_depend',`
|
|
|
|
type tmpfs_t;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
# filesystem_read_tmpfs_filesystem_attributes(domain,[`optional'])
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_tmpfs_filesystem_attributes',`
|
|
|
|
requires_block_template(filesystem_read_tmpfs_filesystem_attributes_depend,$2)
|
2005-04-14 20:18:17 +00:00
|
|
|
allow $1 tmpfs_t:filesystem getattr;
|
|
|
|
')
|
|
|
|
|
2005-04-22 19:31:32 +00:00
|
|
|
define(`filesystem_read_tmpfs_filesystem_attributes_depend',`
|
2005-04-14 20:18:17 +00:00
|
|
|
type tmpfs_t;
|
|
|
|
class filesystem getattr;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_tmpfs_associate(type,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_tmpfs_associate',`
|
|
|
|
requires_block_template(filesystem_tmpfs_associate_depend,$2)
|
|
|
|
allow $1 tmpfs_t:filesystem associate;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_tmpfs_associate_depend',`
|
|
|
|
type tmpfs_t;
|
|
|
|
class filesystem associate;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_create_private_tmpfs_data(domain,derivedtype,[class],[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_create_private_tmpfs_data',`
|
|
|
|
requires_block_template(filesystem_create_private_tmpfs_data_depend,$4)
|
|
|
|
allow $1 tmpfs_t:dir { getattr search read write add_name };
|
|
|
|
ifelse(`$3',`',`
|
|
|
|
type_transition $1 tmpfs_t:file $2;
|
|
|
|
',`
|
|
|
|
type_transition $1 tmpfs_t:$3 $2;
|
|
|
|
')
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_create_private_tmpfs_data_depend',`
|
|
|
|
type tmpfs_t;
|
|
|
|
class dir { getattr search read write add_name };
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_mount_all_filesystems(type,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_mount_all_filesystems',`
|
|
|
|
requires_block_template(filesystem_mount_all_filesystems_depend,$2)
|
|
|
|
allow $1 fs_type:filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_all_filesystems_depend',`
|
|
|
|
attribute fs_type;
|
|
|
|
class filesystem mount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_remount_all_filesystems(type,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_remount_all_filesystems',`
|
|
|
|
requires_block_template(filesystem_remount_all_filesystems_depend,$2)
|
|
|
|
allow $1 fs_type:filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_remount_all_filesystems_depend',`
|
|
|
|
attribute fs_type;
|
|
|
|
class filesystem remount;
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# filesystem_unmount_all_filesystems(type,[`optional'])
|
|
|
|
#
|
|
|
|
define(`filesystem_unmount_all_filesystems',`
|
|
|
|
requires_block_template(filesystem_unmount_all_filesystems_depend,$2)
|
|
|
|
allow $1 fs_type:filesystem unmount;
|
|
|
|
')
|
|
|
|
|
|
|
|
define(`filesystem_mount_all_filesystems_depend',`
|
|
|
|
attribute fs_type;
|
|
|
|
class filesystem unmount;
|
|
|
|
')
|