From 46410fd2b965d219e0c70ec11f7b2ba420791f47 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 23 May 2005 15:49:31 +0000
Subject: [PATCH] add tmpfsfile support

---
 refpolicy/policy/modules/system/files.if | 46 ++++++++++++++++++++++++
 refpolicy/policy/modules/system/files.te |  3 +-
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index b1fcda24..2d8f3c94 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -73,6 +73,29 @@ define(`files_make_temporary_file_depend',`
 attribute tmpfile;
 ')
 
+########################################
+## <interface name="files_make_tmpfs_file">
+##	<description>
+##		Transform the type into a file, for use on a
+##		virtual memory filesystem (tmpfs).
+##	</description>
+##	<parameter name="type">
+##		The type to be transformed.
+##	</parameter>
+##	<infoflow type="none"/>
+## </interface>
+#
+define(`files_make_tmpfs_file',`
+requires_block_template(`$0'_depend)
+files_make_file($1)
+filesystem_tmpfs_associate($1)
+typeattribute $1 tmpfsfile;
+')
+
+define(`files_make_tmpfs_file_depend',`
+attribute tmpfsfile;
+')
+
 ########################################
 #
 # files_get_all_file_attributes(domain)
@@ -407,6 +430,29 @@ class file { create ioctl read getattr lock write setattr append link unlink ren
 class lnk_file { getattr read };
 ')
 
+########################################
+## <interface name="files_remove_general_system_config">
+##	<description>
+##		Delete system configuration files in /etc.
+##	</description>
+##	<parameter name="domain">
+##		The type of the process performing this action.
+##	</parameter>
+##	<infoflow type="write" weight="1"/>
+## </interface>
+#
+define(`files_remove_general_system_config',`
+requires_block_template(`$0'_depend)
+allow $1 etc_t:dir { getattr search read write remove_name };
+allow $1 etc_t:file unlink;
+')
+
+define(`files_remove_general_system_config_depend',`
+type etc_t;
+class dir { getattr search read write remove_name };
+class file unlink;
+')
+
 ########################################
 #
 # files_execute_system_config_script(domain)
diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te
index c26db14f..3dc00267 100644
--- a/refpolicy/policy/modules/system/files.te
+++ b/refpolicy/policy/modules/system/files.te
@@ -4,9 +4,10 @@ policy_module(files,1.0)
 
 attribute file_type;
 attribute lockfile;
+attribute mountpoint;
 attribute pidfile;
 attribute tmpfile;
-attribute mountpoint;
+attribute tmpfsfile;
 
 # default_t is the default type for files that do not
 # match any specification in the file_contexts configuration