renaming from 20060131 interface review, round 4

refpolicy/policy/modules/admin/consoletype.te

@@ -64,7 +64,7 @@ userdom_use_sysadm_fd(consoletype_t)
 userdom_rw_sysadm_pipe(consoletype_t)
 
 ifdef(`distro_redhat',`
-	fs_use_tmpfs_chr_dev(consoletype_t)
+	fs_rw_tmpfs_chr_files(consoletype_t)
 ')
 
 optional_policy(`apm',`

refpolicy/policy/modules/admin/kudzu.te

@@ -60,7 +60,7 @@ dev_rwx_zero(kudzu_t)
 
 fs_search_auto_mountpoints(kudzu_t)
 fs_search_ramfs(kudzu_t)
-fs_write_ramfs_socket(kudzu_t)
+fs_write_ramfs_sockets(kudzu_t)
 
 mls_file_read_up(kudzu_t)
 mls_file_write_down(kudzu_t)

refpolicy/policy/modules/admin/quota.te

@@ -31,8 +31,8 @@ dev_read_sysfs(quota_t)
 dev_getattr_all_blk_files(quota_t)
 dev_getattr_all_chr_files(quota_t)
 
-fs_get_xattr_fs_quota(quota_t)
-fs_set_xattr_fs_quota(quota_t)
+fs_get_xattr_fs_quotas(quota_t)
+fs_set_xattr_fs_quotas(quota_t)
 fs_getattr_xattr_fs(quota_t)
 fs_remount_xattr_fs(quota_t)
 fs_search_auto_mountpoints(quota_t)

refpolicy/policy/modules/admin/updfstab.te

@@ -33,7 +33,7 @@ dev_manage_generic_symlinks(updfstab_t)
 
 fs_getattr_xattr_fs(updfstab_t)
 fs_getattr_tmpfs(updfstab_t)
-fs_getattr_tmpfs_dir(updfstab_t)
+fs_getattr_tmpfs_dirs(updfstab_t)
 fs_search_auto_mountpoints(updfstab_t)
 
 selinux_get_fs_mount(updfstab_t)

refpolicy/policy/modules/apps/cdrecord.if

@@ -138,14 +138,14 @@ template(`cdrecord_per_userdomain_template', `
 		
 		ifdef(`enable_mls',`
 		',`
-			fs_search_removable_dirs($1_cdrecord_t)
+			fs_search_removable($1_cdrecord_t)
 			fs_read_removable_files($1_cdrecord_t)
 			fs_read_removable_symlinks($1_cdrecord_t)
 		')
 	',`
 		files_dontaudit_list_tmp($1_cdrecord_t)
 		files_dontaudit_list_home($1_cdrecord_t)
-		fs_dontaudit_list_removable_dirs($1_cdrecord_t)
+		fs_dontaudit_list_removable($1_cdrecord_t)
 		fs_donaudit_read_removable_files($1_cdrecord_t)
 		userdom_dontaudit_list_user_tmp($1,$1_cdrecord_t)
 		userdom_dontaudit_read_user_tmp_files($1,$1_cdrecord_t)

refpolicy/policy/modules/kernel/devices.te

@@ -155,7 +155,7 @@ dev_node(urandom_device_t)
 #
 type usbfs_t alias usbdevfs_t;
 files_mountpoint(usbfs_t)
-fs_make_noxattr_fs(usbfs_t)
+fs_noxattr_type(usbfs_t)
 genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0)
 genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
 

refpolicy/policy/modules/kernel/filesystem.if

@@ -31,7 +31,7 @@ interface(`fs_type',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_make_noxattr_fs',`
+interface(`fs_noxattr_type',`
 	gen_require(`
 		attribute noxattrfs;
 	')
@@ -171,24 +171,6 @@ interface(`fs_getattr_xattr_fs',`
 	allow $1 fs_t:filesystem getattr;
 ')
 
-########################################
-## <summary>
-##	Get the quotas of a persistent
-##	filesystem which has extended
-##	attributes, such as ext3, JFS, or XFS.
-## </summary>
-## <param name="domain">
-##	The type of the domain getting quotas.
-## </param>
-#
-interface(`fs_get_xattr_fs_quotas',`
-	gen_require(`
-		type fs_t;
-	')
-
-	allow $1 fs_t:filesystem quotaget;
-')
-
 ########################################
 ## <summary>
 ##	Do not audit attempts to
@@ -235,7 +217,7 @@ interface(`fs_relabelfrom_xattr_fs',`
 ##	The type of the domain mounting the filesystem.
 ## </param>
 #
-interface(`fs_get_xattr_fs_quota',`
+interface(`fs_get_xattr_fs_quotas',`
 	gen_require(`
 		type fs_t;
 	')
@@ -252,7 +234,7 @@ interface(`fs_get_xattr_fs_quota',`
 ##	The type of the domain mounting the filesystem.
 ## </param>
 #
-interface(`fs_set_xattr_fs_quota',`
+interface(`fs_set_xattr_fs_quotas',`
 	gen_require(`
 		type fs_t;
 	')
@@ -650,7 +632,7 @@ interface(`fs_read_cifs_symlinks',`
 ##	The type of the domain executing the files.
 ## </param>
 #
-interface(`fs_execute_cifs_files',`
+interface(`fs_exec_cifs_files',`
 	gen_require(`
 		type cifs_t;
 	')
@@ -1189,7 +1171,7 @@ interface(`fs_write_nfs_files',`
 ##	The type of the domain executing the files.
 ## </param>
 #
-interface(`fs_execute_nfs_files',`
+interface(`fs_exec_nfs_files',`
 	gen_require(`
 		type nfs_t;
 	')
@@ -1257,7 +1239,7 @@ interface(`fs_getattr_rpc_dirs',`
 ##	The type of the domain reading the symbolic links.
 ## </param>
 #
-interface(`fs_search_rpc_dirs',`
+interface(`fs_search_rpc',`
 	gen_require(`
 		type rpc_pipefs_t;
 	')
@@ -1273,7 +1255,7 @@ interface(`fs_search_rpc_dirs',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`fs_search_removable_dirs',`
+interface(`fs_search_removable',`
 	gen_require(`
 		type removable_t;
 	')
@@ -1290,7 +1272,7 @@ interface(`fs_search_removable_dirs',`
 ##	Domain not to audit.
 ## </param>
 #
-interface(`fs_dontaudit_list_removable_dirs',`
+interface(`fs_dontaudit_list_removable',`
 	gen_require(`
 		type removable_t;
 	')
@@ -1354,7 +1336,7 @@ interface(`fs_read_removable_symlinks',`
 ##	The type of the domain reading the symbolic links.
 ## </param>
 #
-interface(`fs_read_rpc_dirs',`
+interface(`fs_list_rpc',`
 	gen_require(`
 		type rpc_pipefs_t;
 	')
@@ -1787,7 +1769,7 @@ interface(`fs_dontaudit_search_ramfs',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`fs_write_ramfs_pipe',`
+interface(`fs_write_ramfs_pipes',`
 	gen_require(`
 		type ramfs_t;
 	')
@@ -1803,7 +1785,7 @@ interface(`fs_write_ramfs_pipe',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`fs_rw_ramfs_pipe',`
+interface(`fs_rw_ramfs_pipes',`
 	gen_require(`
 		type ramfs_t;
 	')
@@ -1819,7 +1801,7 @@ interface(`fs_rw_ramfs_pipe',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`fs_write_ramfs_socket',`
+interface(`fs_write_ramfs_sockets',`
 	gen_require(`
 		type ramfs_t;
 	')
@@ -2051,7 +2033,7 @@ interface(`fs_associate_tmpfs',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`fs_getattr_tmpfs_dir',`
+interface(`fs_getattr_tmpfs_dirs',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2067,7 +2049,7 @@ interface(`fs_getattr_tmpfs_dir',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`fs_setattr_tmpfs_dir',`
+interface(`fs_setattr_tmpfs_dirs',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2202,7 +2184,7 @@ interface(`fs_manage_auto_mountpoints',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_rw_tmpfs_file',`
+interface(`fs_rw_tmpfs_files',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2236,7 +2218,7 @@ interface(`fs_read_tmpfs_symlinks',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_use_tmpfs_chr_dev',`
+interface(`fs_rw_tmpfs_chr_files',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2270,7 +2252,7 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_relabel_tmpfs_chr_dev',`
+interface(`fs_relabel_tmpfs_chr_file',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2287,7 +2269,7 @@ interface(`fs_relabel_tmpfs_chr_dev',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_use_tmpfs_blk_dev',`
+interface(`fs_rw_tmpfs_blk_files',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2304,7 +2286,7 @@ interface(`fs_use_tmpfs_blk_dev',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_relabel_tmpfs_blk_dev',`
+interface(`fs_relabel_tmpfs_blk_file',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2376,7 +2358,7 @@ interface(`fs_manage_tmpfs_sockets',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_manage_tmpfs_chr_dev',`
+interface(`fs_manage_tmpfs_chr_files',`
 	gen_require(`
 		type tmpfs_t;
 	')
@@ -2394,7 +2376,7 @@ interface(`fs_manage_tmpfs_chr_dev',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`fs_manage_tmpfs_blk_dev',`
+interface(`fs_manage_tmpfs_blk_files',`
 	gen_require(`
 		type tmpfs_t;
 	')

refpolicy/policy/modules/services/apache.te

@@ -614,13 +614,13 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_suexec_t)
 	fs_read_nfs_symlinks(httpd_suexec_t)
-	fs_execute_nfs_files(httpd_suexec_t)
+	fs_exec_nfs_files(httpd_suexec_t)
 ')
 
 tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
 	fs_read_cifs_files(httpd_suexec_t)
 	fs_read_cifs_symlinks(httpd_suexec_t)
-	fs_execute_cifs_files(httpd_suexec_t)
+	fs_exec_cifs_files(httpd_suexec_t)
 ')
 
 optional_policy(`mailman',`

refpolicy/policy/modules/services/rpc.te

@@ -52,7 +52,7 @@ kernel_read_sysctl(rpcd_t)
 corenet_udp_bind_generic_port(rpcd_t)
 corenet_udp_bind_reserved_port(rpcd_t)
 
-fs_read_rpc_dirs(rpcd_t)
+fs_list_rpc(rpcd_t)
 fs_read_rpc_files(rpcd_t)
 fs_read_rpc_symlinks(rpcd_t)
 fs_read_rpc_sockets(rpcd_t) 
@@ -134,7 +134,7 @@ corenet_udp_bind_reserved_port(gssd_t)
 
 dev_read_urand(gssd_t)
 
-fs_read_rpc_dirs(gssd_t) 
+fs_list_rpc(gssd_t) 
 fs_read_rpc_sockets(gssd_t) 
 fs_read_rpc_files(gssd_t) 
 

refpolicy/policy/modules/services/xserver.fc

@@ -37,10 +37,13 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:ROLE_xauth_home_t,s0)
 
 /tmp/\.ICE-unix		-d	gen_context(system_u:object_r:ice_tmp_t,s0)
 /tmp/\.ICE-unix/.*	-s	<<none>>
-/tmp/\.X0-lock		--	gen_context(system_u:object_r:xdm_xserver_tmp_t,s0)
 /tmp/\.X11-unix		-d	gen_context(system_u:object_r:xdm_tmp_t,s0)
 /tmp/\.X11-unix/.*	-s	<<none>>
 
+ifdef(`strict_policy',`
+/tmp/\.X0-lock		--	gen_context(system_u:object_r:xdm_xserver_tmp_t,s0)
+')
+
 #
 # /usr
 #

refpolicy/policy/modules/services/xserver.te

@@ -308,14 +308,14 @@ tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_dirs(xdm_t)
 	fs_manage_nfs_files(xdm_t)
 	fs_manage_nfs_symlinks(xdm_t)
-	fs_execute_nfs_files(xdm_t)
+	fs_exec_nfs_files(xdm_t)
 ')
 
 tunable_policy(`use_samba_home_dirs',`
 	fs_manage_cifs_dirs(xdm_t)
 	fs_manage_cifs_files(xdm_t)
 	fs_manage_cifs_symlinks(xdm_t)
-	fs_execute_cifs_files(xdm_t)
+	fs_exec_cifs_files(xdm_t)
 ')
 
 optional_policy(`gpm',`

refpolicy/policy/modules/system/fstools.te

@@ -74,13 +74,13 @@ dev_rw_lvm_control(fsadm_t)
 
 fs_search_auto_mountpoints(fsadm_t)
 fs_getattr_xattr_fs(fsadm_t)
-fs_rw_ramfs_pipe(fsadm_t)
-fs_rw_tmpfs_file(fsadm_t)
+fs_rw_ramfs_pipes(fsadm_t)
+fs_rw_tmpfs_files(fsadm_t)
 # remount file system to apply changes
 fs_remount_xattr_fs(fsadm_t)
 # for /dev/shm
 fs_search_tmpfs(fsadm_t)
-fs_getattr_tmpfs_dir(fsadm_t)
+fs_getattr_tmpfs_dirs(fsadm_t)
 fs_read_tmpfs_symlinks(fsadm_t)
 
 mls_file_write_down(fsadm_t)

refpolicy/policy/modules/system/hotplug.te

@@ -129,7 +129,7 @@ ifdef(`distro_redhat', `
 	optional_policy(`netutils',`
 		# for arping used for static IP addresses on PCMCIA ethernet
 		netutils_domtrans(hotplug_t)
-		fs_use_tmpfs_chr_dev(hotplug_t)
+		fs_rw_tmpfs_chr_files(hotplug_t)
 	')
 	files_getattr_generic_locks(hotplug_t)
 ')

refpolicy/policy/modules/system/init.te

@@ -164,7 +164,7 @@ seutil_read_config(init_t)
 miscfiles_read_localization(init_t)
 
 ifdef(`distro_redhat',`
-	fs_use_tmpfs_chr_dev(init_t)
+	fs_rw_tmpfs_chr_files(init_t)
 	fs_filetrans_tmpfs(init_t,initctl_t,fifo_file)
 ')
 
@@ -275,7 +275,7 @@ dev_delete_generic_symlinks(initrc_t)
 
 fs_register_binary_executable_type(initrc_t)
 # rhgb-console writes to ramfs
-fs_write_ramfs_pipe(initrc_t)
+fs_write_ramfs_pipes(initrc_t)
 # cjp: not sure why these are here; should use mount policy
 fs_mount_all_fs(initrc_t)
 fs_unmount_all_fs(initrc_t)
@@ -387,7 +387,7 @@ ifdef(`distro_debian',`
 	fs_filetrans_tmpfs(initrc_t,initrc_var_run_t,dir)
 
 	# for storing state under /dev/shm
-	fs_setattr_tmpfs_dir(initrc_t)
+	fs_setattr_tmpfs_dirs(initrc_t)
 	storage_create_fixed_disk_tmpfs(initrc_t)
 
 	files_setattr_etc_dirs(initrc_t)
@@ -428,7 +428,7 @@ ifdef(`distro_redhat',`
 	storage_raw_read_fixed_disk(initrc_t)
 	storage_raw_write_fixed_disk(initrc_t)
 
-	fs_use_tmpfs_chr_dev(initrc_t)
+	fs_rw_tmpfs_chr_files(initrc_t)
 
 	storage_create_fixed_disk(initrc_t)
 	storage_getattr_removable_device(initrc_t)

refpolicy/policy/modules/system/locallogin.te

@@ -239,7 +239,7 @@ allow sulogin_t self:msg { send receive };
 kernel_read_system_state(sulogin_t)
 
 fs_search_auto_mountpoints(sulogin_t)
-fs_use_tmpfs_chr_dev(sulogin_t)
+fs_rw_tmpfs_chr_files(sulogin_t)
 
 files_read_etc_files(sulogin_t)
 # because file systems are not mounted:

refpolicy/policy/modules/system/mount.te

@@ -45,7 +45,7 @@ fs_unmount_all_fs(mount_t)
 fs_remount_all_fs(mount_t)
 fs_relabelfrom_all_fs(mount_t)
 fs_search_auto_mountpoints(mount_t)
-fs_use_tmpfs_chr_dev(mount_t)
+fs_rw_tmpfs_chr_files(mount_t)
 fs_read_tmpfs_symlinks(mount_t)
 
 term_use_all_terms(mount_t)
@@ -113,7 +113,7 @@ optional_policy(`portmap',`
 	corenet_udp_bind_reserved_port(mount_t)
 	corenet_tcp_connect_all_ports(mount_t)
 
-	fs_search_rpc_dirs(mount_t)
+	fs_search_rpc(mount_t)
 
 	portmap_udp_sendrecv(mount_t)
 

refpolicy/policy/modules/system/selinuxutil.te

@@ -369,10 +369,10 @@ files_list_all(restorecon_t)
 auth_relabelto_shadow(restorecon_t)
 
 ifdef(`distro_redhat', `
-	fs_use_tmpfs_chr_dev(restorecon_t)
-	fs_use_tmpfs_blk_dev(restorecon_t)
-	fs_relabel_tmpfs_blk_dev(restorecon_t)
-	fs_relabel_tmpfs_chr_dev(restorecon_t)
+	fs_rw_tmpfs_chr_files(restorecon_t)
+	fs_rw_tmpfs_blk_files(restorecon_t)
+	fs_relabel_tmpfs_blk_file(restorecon_t)
+	fs_relabel_tmpfs_chr_file(restorecon_t)
 ')
 
 ifdef(`hide_broken_symptoms',`

refpolicy/policy/modules/system/udev.te

@@ -150,10 +150,10 @@ ifdef(`distro_redhat',`
 	fs_manage_tmpfs_files(udev_t)
 	fs_manage_tmpfs_symlinks(udev_t)
 	fs_manage_tmpfs_sockets(udev_t)
-	fs_manage_tmpfs_blk_dev(udev_t)
-	fs_manage_tmpfs_chr_dev(udev_t)
-	fs_relabel_tmpfs_blk_dev(udev_t)
-	fs_relabel_tmpfs_chr_dev(udev_t)
+	fs_manage_tmpfs_blk_files(udev_t)
+	fs_manage_tmpfs_chr_files(udev_t)
+	fs_relabel_tmpfs_blk_file(udev_t)
+	fs_relabel_tmpfs_chr_file(udev_t)
 
 	# for arping used for static IP addresses on PCMCIA ethernet
 	netutils_domtrans(udev_t)

refpolicy/policy/modules/system/userdomain.if

@@ -290,7 +290,7 @@ template(`base_user_template',`
 		fs_manage_nfs_symlinks($1_t)
 		fs_manage_nfs_named_sockets($1_t)
 		fs_manage_nfs_named_pipes($1_t)
-		fs_execute_nfs_files($1_t)
+		fs_exec_nfs_files($1_t)
 	',`
 		fs_dontaudit_manage_nfs_dirs($1_t)
 		fs_dontaudit_manage_nfs_files($1_t)
@@ -302,7 +302,7 @@ template(`base_user_template',`
 		fs_manage_cifs_symlinks($1_t)
 		fs_manage_cifs_named_sockets($1_t)
 		fs_manage_cifs_named_pipes($1_t)
-		fs_execute_cifs_files($1_t)
+		fs_exec_cifs_files($1_t)
 	',`
 		fs_dontaudit_manage_cifs_dirs($1_t)
 		fs_dontaudit_manage_cifs_files($1_t)