start renaming filesystem interfaces

refpolicy/policy/global_tunables

@@ -1,4 +1,10 @@
+## <tunable name="fcron_crond" dftval="false">
+##	Enable extra rules in the cron domain
+##	to support fcron.
+## </tunable>
+tunable_def(fcron_crond,false)
+
 ## <tunable name="use_dns" dftval="false">
-## 	Allow the use of DNS for name resolution.
+##	Allow the use of DNS for name resolution.
 ## </tunable>
 tunable_def(use_dns,false)

refpolicy/policy/modules/admin/consoletype.te

@@ -34,7 +34,7 @@ allow consoletype_t self:msg { send receive };
 kernel_use_file_descriptors(consoletype_t)
 kernel_ignore_read_system_state(consoletype_t)
 
-filesystem_get_all_filesystems_attributes(consoletype_t)
+fs_get_all_fs_attributes(consoletype_t)
 
 terminal_use_console(consoletype_t)
 terminal_use_general_physical_terminal(consoletype_t)
@@ -51,7 +51,7 @@ libraries_use_dynamic_loader(consoletype_t)
 libraries_use_shared_libraries(consoletype_t)
 
 ifdef(`distro_redhat', `
-	filesystem_use_tmpfs_character_devices(consoletype_t)
+	fs_use_tmpfs_character_devices(consoletype_t)
 ')
 
 optional_policy(`authlogin.te', `

refpolicy/policy/modules/admin/netutils.te

@@ -57,7 +57,7 @@ corenetwork_sendrecv_udp_on_all_ports(netutils_t)
 corenetwork_bind_tcp_on_all_nodes(netutils_t)
 corenetwork_bind_udp_on_all_nodes(netutils_t)
 
-filesystem_get_persistent_filesystem_attributes(netutils_t)
+fs_get_persistent_fs_attributes(netutils_t)
 
 init_use_file_descriptors(netutils_t)
 init_script_use_pseudoterminal(netutils_t)
@@ -115,7 +115,7 @@ corenetwork_sendrecv_udp_on_all_ports(ping_t)
 corenetwork_bind_udp_on_all_nodes(ping_t)
 corenetwork_bind_tcp_on_all_nodes(ping_t)
 
-filesystem_ignore_get_persistent_filesystem_attributes(ping_t)
+fs_ignore_get_persistent_fs_attributes(ping_t)
 
 domain_use_widely_inheritable_file_descriptors(ping_t)
 
@@ -173,7 +173,7 @@ corenetwork_sendrecv_udp_on_all_ports(traceroute_t)
 corenetwork_bind_udp_on_all_nodes(traceroute_t)
 corenetwork_bind_tcp_on_all_nodes(traceroute_t)
 
-filesystem_ignore_get_persistent_filesystem_attributes(traceroute_t)
+fs_ignore_get_persistent_fs_attributes(traceroute_t)
 
 domain_use_widely_inheritable_file_descriptors(traceroute_t)
 

refpolicy/policy/modules/admin/rpm.te

@@ -86,7 +86,7 @@ allow rpm_t rpm_tmpfs_t:file { create ioctl read getattr lock write setattr appe
 allow rpm_t rpm_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
 allow rpm_t rpm_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
 allow rpm_t rpm_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-filesystem_create_private_tmpfs_data(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_create_private_tmpfs_data(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
 # Access /var/lib/rpm files
 allow rpm_t rpm_var_lib_t:file { create ioctl read getattr lock write setattr append link unlink rename };
@@ -116,9 +116,9 @@ corenetwork_bind_udp_on_all_nodes(rpm_t)
 devices_get_pseudorandom_data(rpm_t)
 #devices_manage_all_device_types(rpm_t)
 
-#filesystem_manage_nfs_dir(rpm_t)
+#fs_manage_nfs_dir(rpm_t)
-#filesystem_manage_nfs_files(rpm_t)
+#fs_manage_nfs_files(rpm_t)
-filesystem_get_all_filesystems_attributes(rpm_t)
+fs_get_all_fs_attributes(rpm_t)
 
 storage_raw_write_fixed_disk(rpm_t)
 # for installing kernel packages
@@ -242,7 +242,7 @@ allow rpm_script_t rpm_script_tmpfs_t:file { create ioctl read getattr lock writ
 allow rpm_script_t rpm_script_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
 allow rpm_script_t rpm_script_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
 allow rpm_script_t rpm_script_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-filesystem_create_private_tmpfs_data(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_create_private_tmpfs_data(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
 kernel_read_kernel_sysctl(rpm_script_t)
 kernel_get_selinuxfs_mount_point(rpm_script_t)
@@ -259,12 +259,12 @@ devices_manage_generic_character_devices(rpm_script_t)
 devices_manage_all_block_devices(rpm_script_t)
 devices_manage_all_character_devices(rpm_script_t)
 
-filesystem_manage_nfs_files(rpm_script_t)
+fs_manage_nfs_files(rpm_script_t)
-filesystem_get_nfs_filesystem_attributes(rpm_script_t)
+fs_get_nfs_fs_attributes(rpm_script_t)
 # why is this not using mount?
-filesystem_get_persistent_filesystem_attributes(rpm_script_t)
+fs_get_persistent_fs_attributes(rpm_script_t)
-filesystem_mount_persistent_filesystem(rpm_script_t)
+fs_mount_persistent_fs(rpm_script_t)
-filesystem_unmount_persistent_filesystem(rpm_script_t)
+fs_unmount_persistent_fs(rpm_script_t)
 
 storage_raw_read_fixed_disk(rpm_script_t)
 storage_raw_write_fixed_disk(rpm_script_t)

refpolicy/policy/modules/admin/usermanage.te

@@ -87,7 +87,7 @@ kernel_compute_selinux_reachable_user_contexts(chfn_t)
 terminal_use_all_private_physical_terminals(chfn_t)
 terminal_use_all_private_pseudoterminals(chfn_t)
 
-filesystem_get_persistent_filesystem_attributes(chfn_t)
+fs_get_persistent_fs_attributes(chfn_t)
 
 # for SSP
 devices_get_pseudorandom_data(chfn_t)
@@ -163,7 +163,7 @@ kernel_read_system_state(crack_t)
 # for SSP
 devices_get_pseudorandom_data(crack_t)
 
-filesystem_get_persistent_filesystem_attributes(crack_t)
+fs_get_persistent_fs_attributes(crack_t)
 
 files_read_general_system_config(crack_t)
 files_read_runtime_system_config(crack_t)
@@ -217,7 +217,7 @@ kernel_compute_selinux_create_context(groupadd_t)
 kernel_compute_selinux_relabel_context(groupadd_t)
 kernel_compute_selinux_reachable_user_contexts(groupadd_t)
 
-filesystem_get_persistent_filesystem_attributes(groupadd_t)
+fs_get_persistent_fs_attributes(groupadd_t)
 
 terminal_use_all_private_physical_terminals(groupadd_t)
 terminal_use_all_private_pseudoterminals(groupadd_t)
@@ -295,7 +295,7 @@ kernel_compute_selinux_reachable_user_contexts(passwd_t)
 # for SSP
 devices_get_pseudorandom_data(passwd_t)
 
-filesystem_get_persistent_filesystem_attributes(passwd_t)
+fs_get_persistent_fs_attributes(passwd_t)
 
 # /usr/bin/passwd asks for w access to utmp, but it will operate
 # correctly without it.  Do not audit write denials to utmp.
@@ -394,7 +394,7 @@ kernel_read_system_state(sysadm_passwd_t)
 # for SSP
 devices_get_pseudorandom_data(sysadm_passwd_t)
 
-filesystem_get_persistent_filesystem_attributes(sysadm_passwd_t)
+fs_get_persistent_fs_attributes(sysadm_passwd_t)
 
 terminal_use_all_private_physical_terminals(sysadm_passwd_t)
 terminal_use_all_private_pseudoterminals(sysadm_passwd_t)
@@ -483,7 +483,7 @@ kernel_compute_selinux_reachable_user_contexts(useradd_t)
 # for getting the number of groups
 kernel_read_kernel_sysctl(useradd_t)
 
-filesystem_get_persistent_filesystem_attributes(useradd_t)
+fs_get_persistent_fs_attributes(useradd_t)
 
 terminal_use_all_private_physical_terminals(useradd_t)
 terminal_use_all_private_pseudoterminals(useradd_t)

refpolicy/policy/modules/apps/gpg.if

@@ -79,7 +79,7 @@ define(`gpg_per_userdomain_template',`
 	devices_get_random_data($1_gpg_t)
 	devices_get_pseudorandom_data($1_gpg_t)
 
-	filesystem_get_persistent_filesystem_attributes($1_gpg_t)
+	fs_get_persistent_fs_attributes($1_gpg_t)
 
 	files_read_general_system_config($1_gpg_t)
 	files_read_general_application_resources($1_gpg_t)

refpolicy/policy/modules/kernel/bootloader.te

@@ -106,7 +106,7 @@ devices_get_pseudorandom_data(bootloader_t)
 # for reading BIOS data
 devices_raw_read_memory(bootloader_t)
 
-filesystem_get_persistent_filesystem_attributes(bootloader_t)
+fs_get_persistent_fs_attributes(bootloader_t)
 
 terminal_get_all_private_physical_terminal_attributes(bootloader_t)
 

refpolicy/policy/modules/kernel/devices.if

@@ -12,10 +12,10 @@ define(`devices_make_device_node',`
 
 	typeattribute $1 device_node;
 
-	filesystem_associate($1)
+	fs_associate($1)
 
 	optional_policy(`distro_redhat',`
-		filesystem_tmpfs_associate($1)
+		fs_tmpfs_associate($1)
 	')
 ')
 
@@ -370,7 +370,7 @@ define(`devices_create_dev_entry',`
 	type_transition $1 device_t:$3 $2;
 
 	optional_policy(`distro_redhat',`
-		filesystem_tmpfs_associate($2)
+		fs_tmpfs_associate($2)
 	')
 ')
 

refpolicy/policy/modules/kernel/devices.te

@@ -11,7 +11,7 @@ attribute memory_raw_write;
 type device_t;
 files_make_file(device_t)
 files_make_mountpoint(device_t)
-filesystem_tmpfs_associate(device_t)
+fs_tmpfs_associate(device_t)
 
 # Only directories and symlinks should be labeled device_t.
 # If there are other files with this type, it is wrong.
@@ -25,142 +25,142 @@ filesystem_tmpfs_associate(device_t)
 # Type for /dev/agpgart
 #
 type agp_device_t, device_node;
-filesystem_associate(agp_device_t)
+fs_associate(agp_device_t)
-filesystem_tmpfs_associate(agp_device_t)
+fs_tmpfs_associate(agp_device_t)
 
 #
 # Type for /dev/apm_bios
 #
 type apm_bios_t, device_node;
-filesystem_associate(apm_bios_t)
+fs_associate(apm_bios_t)
-filesystem_tmpfs_associate(apm_bios_t)
+fs_tmpfs_associate(apm_bios_t)
 
 type cardmgr_dev_t, device_node;
-filesystem_associate(cardmgr_dev_t)
+fs_associate(cardmgr_dev_t)
-filesystem_tmpfs_associate(cardmgr_dev_t)
+fs_tmpfs_associate(cardmgr_dev_t)
 
 #
 # clock_device_t is the type of
 # /dev/rtc.
 #
 type clock_device_t, device_node;
-filesystem_associate(clock_device_t)
+fs_associate(clock_device_t)
-filesystem_tmpfs_associate(clock_device_t)
+fs_tmpfs_associate(clock_device_t)
 
 #
 # cpu control devices /dev/cpu/0/*
 #
 type cpu_device_t, device_node;
-filesystem_associate(cpu_device_t)
+fs_associate(cpu_device_t)
-filesystem_tmpfs_associate(cpu_device_t)
+fs_tmpfs_associate(cpu_device_t)
 
 type dri_device_t, device_node;
-filesystem_associate(dri_device_t)
+fs_associate(dri_device_t)
-filesystem_tmpfs_associate(dri_device_t)
+fs_tmpfs_associate(dri_device_t)
 
 type event_device_t, device_node;
-filesystem_associate(event_device_t)
+fs_associate(event_device_t)
-filesystem_tmpfs_associate(event_device_t)
+fs_tmpfs_associate(event_device_t)
 
 #
 # Type for framebuffer /dev/fb/*
 #
 type framebuf_device_t, device_node;
-filesystem_associate(framebuf_device_t)
+fs_associate(framebuf_device_t)
-filesystem_tmpfs_associate(framebuf_device_t)
+fs_tmpfs_associate(framebuf_device_t)
 
 #
 # Type for /dev/mapper/control
 #
 type lvm_control_t, device_node;
-filesystem_associate(lvm_control_t)
+fs_associate(lvm_control_t)
-filesystem_tmpfs_associate(lvm_control_t)
+fs_tmpfs_associate(lvm_control_t)
 
 #
 # memory_device_t is the type of /dev/kmem,
 # /dev/mem and /dev/port.
 #
 type memory_device_t, device_node;
-filesystem_associate(memory_device_t)
+fs_associate(memory_device_t)
-filesystem_tmpfs_associate(memory_device_t)
+fs_tmpfs_associate(memory_device_t)
 
 neverallow ~memory_raw_read memory_device_t:{ chr_file blk_file } read;
 neverallow ~memory_raw_write memory_device_t:{ chr_file blk_file } { append write };
 
 type misc_device_t, device_node;
-filesystem_associate(misc_device_t)
+fs_associate(misc_device_t)
-filesystem_tmpfs_associate(misc_device_t)
+fs_tmpfs_associate(misc_device_t)
 
 #
 # A more general type for mouse devices.
 #
 type mouse_device_t, device_node;
-filesystem_associate(mouse_device_t)
+fs_associate(mouse_device_t)
-filesystem_tmpfs_associate(mouse_device_t)
+fs_tmpfs_associate(mouse_device_t)
 
 #
 # Type for /dev/cpu/mtrr and /proc/mtrr
 #
 type mtrr_device_t, device_node;
-filesystem_associate(mtrr_device_t)
+fs_associate(mtrr_device_t)
-filesystem_tmpfs_associate(mtrr_device_t)
+fs_tmpfs_associate(mtrr_device_t)
 genfscon proc /mtrr context_template(system_u:object_r:mtrr_device_t,s0)
 
 #
 # null_device_t is the type of /dev/null.
 #
 type null_device_t, device_node;
-filesystem_associate(null_device_t)
+fs_associate(null_device_t)
-filesystem_tmpfs_associate(null_device_t)
+fs_tmpfs_associate(null_device_t)
 sid devnull context_template(system_u:object_r:null_device_t,s0)
 
 #
 # Type for /dev/pmu 
 #
 type power_device_t, device_node;
-filesystem_associate(power_device_t)
+fs_associate(power_device_t)
-filesystem_tmpfs_associate(power_device_t)
+fs_tmpfs_associate(power_device_t)
 
 type printer_device_t, device_node;
-filesystem_associate(printer_device_t)
+fs_associate(printer_device_t)
-filesystem_tmpfs_associate(printer_device_t)
+fs_tmpfs_associate(printer_device_t)
 
 #
 # random_device_t is the type of /dev/random
 #
 type random_device_t, device_node;
-filesystem_associate(random_device_t)
+fs_associate(random_device_t)
-filesystem_tmpfs_associate(random_device_t)
+fs_tmpfs_associate(random_device_t)
 
 type scanner_device_t, device_node;
-filesystem_associate(scanner_device_t)
+fs_associate(scanner_device_t)
-filesystem_tmpfs_associate(scanner_device_t)
+fs_tmpfs_associate(scanner_device_t)
 
 #
 # Type for sound devices and mixers
 #
 type sound_device_t, device_node;
-filesystem_associate(sound_device_t)
+fs_associate(sound_device_t)
-filesystem_tmpfs_associate(sound_device_t)
+fs_tmpfs_associate(sound_device_t)
 
 #
 # urandom_device_t is the type of /dev/urandom
 #
 type urandom_device_t, device_node;
-filesystem_associate(urandom_device_t)
+fs_associate(urandom_device_t)
-filesystem_tmpfs_associate(urandom_device_t)
+fs_tmpfs_associate(urandom_device_t)
 
 type v4l_device_t, device_node;
-filesystem_associate(v4l_device_t)
+fs_associate(v4l_device_t)
-filesystem_tmpfs_associate(v4l_device_t)
+fs_tmpfs_associate(v4l_device_t)
 
 type xserver_misc_device_t, device_node;
-filesystem_associate(xserver_misc_device_t)
+fs_associate(xserver_misc_device_t)
-filesystem_tmpfs_associate(xserver_misc_device_t)
+fs_tmpfs_associate(xserver_misc_device_t)
 
 #
 # zero_device_t is the type of /dev/zero.
 #
 type zero_device_t, device_node;
-filesystem_associate(zero_device_t)
+fs_associate(zero_device_t)
-filesystem_tmpfs_associate(zero_device_t)
+fs_tmpfs_associate(zero_device_t)

refpolicy/policy/modules/kernel/kernel.if

@@ -129,7 +129,7 @@ define(`kernel_ignore_use_file_descriptors_depend',`
 ')
 
 ########################################
-## <interface name="kernel_make_root_filesystem_mountpoint">
+## <interface name="kernel_make_root_fs_mountpoint">
 ##	<description>
 ## 		Allows the kernel to mount filesystems on
 ## 		the caller.
@@ -144,13 +144,13 @@ define(`kernel_ignore_use_file_descriptors_depend',`
 ##	<infoflow type="both" weight="1"/>
 ## </interface>
 #
-define(`kernel_make_root_filesystem_mountpoint',`
+define(`kernel_make_root_fs_mountpoint',`
 	requires_block_template(`$0'_depend)
 
 	allow kernel_t $1:dir mounton;
 ')
 
-define(`kernel_make_root_filesystem_mountpoint_depend',`
+define(`kernel_make_root_fs_mountpoint_depend',`
 	type kernel_t;
 
 	class dir mounton;
@@ -1481,7 +1481,7 @@ define(`kernel_modify_kernel_sysctl_depend',`
 ')
 
 ########################################
-## <interface name="kernel_read_filesystem_sysctl">
+## <interface name="kernel_read_fs_sysctl">
 ##	<description>
 ## 		Allow caller to read filesystem information.
 ##	</description>
@@ -1494,7 +1494,7 @@ define(`kernel_modify_kernel_sysctl_depend',`
 ##	<infoflow type="read" weight="10"/>
 ## </interface>
 #
-define(`kernel_read_filesystem_sysctl',`
+define(`kernel_read_fs_sysctl',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 proc_t:dir search;
@@ -1503,7 +1503,7 @@ define(`kernel_read_filesystem_sysctl',`
 	allow $1 sysctl_fs_t:file { getattr read };
 ')
 
-define(`kernel_read_filesystem_sysctl_depend',`
+define(`kernel_read_fs_sysctl_depend',`
 	type proc_t, sysctl_t, sysctl_fs_t;
 
 	class dir { search getattr read };
@@ -1512,8 +1512,8 @@ define(`kernel_read_filesystem_sysctl_depend',`
 
 ########################################
 #
-# kernel_modify_filesystem_sysctl(domain)
+# kernel_modify_fs_sysctl(domain)
-## <interface name="kernel_modify_filesystem_sysctl">
+## <interface name="kernel_modify_fs_sysctl">
 ##	<description>
 ## 		Allow caller to modify filesystem information.
 ##	</description>
@@ -1526,7 +1526,7 @@ define(`kernel_read_filesystem_sysctl_depend',`
 ##	<infoflow type="both" weight="10"/>
 ## </interface>
 #
-define(`kernel_modify_filesystem_sysctl',`
+define(`kernel_modify_fs_sysctl',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 proc_t:dir search;
@@ -1535,7 +1535,7 @@ define(`kernel_modify_filesystem_sysctl',`
 	allow $1 sysctl_fs_t:file { getattr read write };
 ')
 
-define(`kernel_modify_filesystem_sysctl_depend',`
+define(`kernel_modify_fs_sysctl_depend',`
 	type proc_t, sysctl_t, sysctl_fs_t;
 
 	class dir { search getattr read };
@@ -1663,7 +1663,7 @@ define(`kernel_read_all_sysctl',`
 	kernel_read_hotplug_sysctl($1)
 	kernel_read_modprobe_sysctl($1)
 	kernel_read_kernel_sysctl($1)
-	kernel_read_filesystem_sysctl($1)
+	kernel_read_fs_sysctl($1)
 	kernel_read_irq_sysctl($1)
 	kernel_read_rpc_sysctl($1)
 ')
@@ -1690,7 +1690,7 @@ define(`kernel_modify_all_sysctl',`
 	kernel_modify_hotplug_sysctl($1)
 	kernel_modify_modprobe_sysctl($1)
 	kernel_modify_kernel_sysctl($1)
-	kernel_modify_filesystem_sysctl($1)
+	kernel_modify_fs_sysctl($1)
 	kernel_modify_irq_sysctl($1)
 	kernel_modify_rpc_sysctl($1)
 ')

refpolicy/policy/modules/kernel/kernel.te

@@ -55,7 +55,7 @@ sid tcp_socket		context_template(system_u:object_r:unlabeled_t,s0)
 # applied to selinuxfs inodes.
 #
 type security_t;
-filesystem_make_filesystem(security_t)
+fs_make_fs(security_t)
 sid security context_template(system_u:object_r:security_t,s0)
 genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
 
@@ -64,7 +64,7 @@ genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
 #
 type sysfs_t;
 files_make_mountpoint(sysfs_t)
-filesystem_make_filesystem(sysfs_t)
+fs_make_fs(sysfs_t)
 genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0)
 
 #
@@ -72,7 +72,7 @@ genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0)
 #
 type usbfs_t alias usbdevfs_t;
 files_make_mountpoint(usbfs_t)
-filesystem_make_filesystem(usbfs_t)
+fs_make_fs(usbfs_t)
 genfscon usbfs / context_template(system_u:object_r:usbfs_t,s0)
 genfscon usbdevfs / context_template(system_u:object_r:usbfs_t,s0)
 
@@ -82,7 +82,7 @@ genfscon usbdevfs / context_template(system_u:object_r:usbfs_t,s0)
 
 type proc_t;
 files_make_mountpoint(proc_t)
-filesystem_make_filesystem(proc_t)
+fs_make_fs(proc_t)
 genfscon proc / context_template(system_u:object_r:proc_t,s0)
 genfscon proc /sysvipc context_template(system_u:object_r:proc_t,s0)
 
@@ -209,7 +209,7 @@ domain_signal_all_domains(kernel_t)
 
 # Mount root file system.  Used when loading a policy
 # from initrd, then mounting the root filesystem
-filesystem_mount_all_filesystems(kernel_t)
+fs_mount_all_fs(kernel_t)
 
 # /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
 corecommands_execute_general_programs(kernel_t)

refpolicy/policy/modules/kernel/terminal.if

@@ -67,7 +67,7 @@ define(`terminal_make_physical_terminal',`
 	')
 
 	ifdef(`distro_redhat',`
-		filesystem_tmpfs_associate($2)
+		fs_tmpfs_associate($2)
 	')
 ')
 

refpolicy/policy/modules/kernel/terminal.te

@@ -22,7 +22,7 @@ devices_make_device_node(console_device_t)
 #
 type devpts_t;
 files_make_mountpoint(devpts_t)
-filesystem_make_filesystem(devpts_t)
+fs_make_fs(devpts_t)
 fs_use_trans devpts context_template(system_u:object_r:devpts_t,s0);
 
 #

refpolicy/policy/modules/services/cron.if

@@ -70,7 +70,7 @@ define(`cron_per_userdomain_template',`
 
 	devices_get_pseudorandom_data($1_crond_t)
 
-	filesystem_get_all_filesystems_attributes($1_crond_t)
+	fs_get_all_fs_attributes($1_crond_t)
 
 	domain_execute_all_entrypoint_programs($1_crond_t)
 
@@ -153,7 +153,7 @@ define(`cron_per_userdomain_template',`
 
 	allow $1_crontab_t crond_log_t:file { getattr read append };
 
-	filesystem_get_persistent_filesystem_attributes($1_crontab_t)
+	fs_get_persistent_fs_attributes($1_crontab_t)
 
 	domain_use_widely_inheritable_file_descriptors($1_crontab_t)
 

refpolicy/policy/modules/services/cron.te

@@ -89,7 +89,7 @@ kernel_compute_selinux_reachable_user_contexts(crond_t)
 
 devices_get_pseudorandom_data(crond_t)
 
-filesystem_get_all_filesystems_attributes(crond_t)
+fs_get_all_fs_attributes(crond_t)
 
 terminal_ignore_use_console(crond_t)
 
@@ -252,8 +252,8 @@ devices_get_all_block_device_attributes(system_crond_t)
 devices_get_all_character_device_attributes(system_crond_t)
 devices_get_pseudorandom_data(system_crond_t)
 
-filesystem_get_all_filesystems_attributes(system_crond_t)
+fs_get_all_fs_attributes(system_crond_t)
-filesystem_get_all_file_attributes(system_crond_t)
+fs_get_all_file_attributes(system_crond_t)
 
 init_use_file_descriptors(system_crond_t)
 init_script_use_file_descriptors(system_crond_t)

refpolicy/policy/modules/services/mta.te

@@ -62,7 +62,7 @@ corenetwork_sendrecv_tcp_on_all_ports(system_mail_t)
 
 devices_get_pseudorandom_data(system_mail_t)
 
-filesystem_get_persistent_filesystem_attributes(system_mail_t)
+fs_get_persistent_fs_attributes(system_mail_t)
 
 init_script_use_pseudoterminal(system_mail_t)
 

refpolicy/policy/modules/services/remotelogin.te

@@ -53,7 +53,7 @@ kernel_compute_selinux_reachable_user_contexts(remote_login_t)
 # for SSP/ProPolice
 devices_get_pseudorandom_data(remote_login_t)
 
-filesystem_get_persistent_filesystem_attributes(remote_login_t)
+fs_get_persistent_fs_attributes(remote_login_t)
 
 init_script_modify_runtime_data(remote_login_t)
 

refpolicy/policy/modules/services/sendmail.te

@@ -56,7 +56,7 @@ corenetwork_bind_tcp_on_smtp_port(sendmail_t)
 
 devices_get_pseudorandom_data(sendmail_t)
 
-filesystem_get_all_filesystems_attributes(sendmail_t)
+fs_get_all_fs_attributes(sendmail_t)
 
 terminal_ignore_use_console(sendmail_t)
 
@@ -88,7 +88,7 @@ mta_manage_mail_spool(sendmail_t)
 
 sysnetwork_read_network_config(sendmail_t)
 
-tunable_policy(`targeted_policy', `
+ifdef(`targeted_policy', `
 	terminal_ignore_use_general_physical_terminal(sendmail_t)
 	terminal_ignore_use_general_pseudoterminal(sendmail_t)
 	files_ignore_read_rootfs_file(sendmail_t)

refpolicy/policy/modules/system/authlogin.if

@@ -25,7 +25,7 @@ define(`authlogin_per_userdomain_template',`
 	# is_selinux_enabled
 	kernel_read_system_state($1_chkpwd_t)
 
-	filesystem_ignore_get_persistent_filesystem_attributes($1_chkpwd_t)
+	fs_ignore_get_persistent_fs_attributes($1_chkpwd_t)
 
 	domain_use_widely_inheritable_file_descriptors($1_chkpwd_t)
 
@@ -154,9 +154,7 @@ define(`authlogin_login_program_transition_depend',`
 define(`authlogin_check_password_transition',`
 	requires_block_template(`$0'_depend)
 
-	allow $1 chkpwd_exec_t:file { getattr read execute };
+	domain_auto_trans($1,chkpwd_exec_t,system_chkpwd_t)
-	allow $1 system_chkpwd_t:process transition;
-	type_transition $1 chkpwd_exec_t:process system_chkpwd_t;
 
 	allow $1 system_chkpwd_t:fd use;
 	allow system_chkpwd_t $1:fd use;

refpolicy/policy/modules/system/authlogin.te

@@ -170,8 +170,8 @@ selinux_read_file_contexts(pam_console_t)
 
 userdomain_ignore_use_all_unprivileged_users_file_descriptors(pam_console_t)
 
-tunable_policy(`direct_sysadm_daemon', `
+ifdef(`direct_sysadm_daemon', `
-	dontaudit pam_console_t admin_tty_type:chr_file rw_file_perms;
+	userdomain_dontaudit_use_admin_terminals(pam_console_t)
 ')
 
 ifdef(`targeted_policy', `
@@ -236,7 +236,7 @@ allow system_chkpwd_t shadow_t:file { getattr read };
 # is_selinux_enabled
 kernel_read_system_state(system_chkpwd_t)
 
-filesystem_ignore_get_persistent_filesystem_attributes(system_chkpwd_t)
+fs_ignore_get_persistent_fs_attributes(system_chkpwd_t)
 
 terminal_use_general_physical_terminal(system_chkpwd_t)
 

refpolicy/policy/modules/system/clock.te

@@ -34,7 +34,7 @@ kernel_read_hardware_state(hwclock_t)
 
 devices_modify_realtime_clock(hwclock_t)
 
-filesystem_get_persistent_filesystem_attributes(hwclock_t)
+fs_get_persistent_fs_attributes(hwclock_t)
 
 terminal_ignore_use_console(hwclock_t)
 terminal_use_general_physical_terminal(hwclock_t)

refpolicy/policy/modules/system/domain.if

@@ -475,7 +475,7 @@ define(`domain_read_all_entrypoint_programs_depend',`
 #
 # domain_trans(source_domain,entrypoint_file,target_domain)
 #
-define(`domain_auto_trans',`
+define(`domain_trans',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 $2:file { getattr read execute };

refpolicy/policy/modules/system/files.if

@@ -8,8 +8,8 @@
 define(`files_make_file',`
 	requires_block_template(`$0'_depend)
 
-	filesystem_associate($1)
+	fs_associate($1)
-	filesystem_noxattr_associate($1)
+	fs_noxattr_associate($1)
 	typeattribute $1 file_type;
 ')
 
@@ -93,7 +93,7 @@ define(`files_make_tmpfs_file',`
 	requires_block_template(`$0'_depend)
 
 	files_make_file($1)
-	filesystem_tmpfs_associate($1)
+	fs_tmpfs_associate($1)
 	typeattribute $1 tmpfsfile;
 ')
 
@@ -258,15 +258,15 @@ define(`files_ignore_search_all_directories_depend',`
 
 #######################################
 #
-# files_relabelto_all_file_type_filesystems(domain)
+# files_relabelto_all_file_type_fs(domain)
 #
-define(`files_relabelto_all_file_type_filesystems',`
+define(`files_relabelto_all_file_type_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 file_type:filesystem relabelto;
 ')
 
-define(`files_relabelto_all_file_type_filesystems_depend',`
+define(`files_relabelto_all_file_type_fs_depend',`
 	attribute file_type;
 
 	filesystem relabelto;
@@ -274,15 +274,15 @@ define(`files_relabelto_all_file_type_filesystems_depend',`
 
 #######################################
 #
-# files_mount_all_file_type_filesystems(domain)
+# files_mount_all_file_type_fs(domain)
 #
-define(`files_mount_all_file_type_filesystems',`
+define(`files_mount_all_file_type_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 file_type:filesystem mount;
 ')
 
-define(`files_mount_all_file_type_filesystems_depend',`
+define(`files_mount_all_file_type_fs_depend',`
 	attribute file_type;
 
 	filesystem mount;
@@ -290,15 +290,15 @@ define(`files_mount_all_file_type_filesystems_depend',`
 
 #######################################
 #
-# files_unmount_all_file_type_filesystems(domain)
+# files_unmount_all_file_type_fs(domain)
 #
-define(`files_unmount_all_file_type_filesystems',`
+define(`files_unmount_all_file_type_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 file_type:filesystem mount;
 ')
 
-define(`files_unmount_all_file_type_filesystems_depend',`
+define(`files_unmount_all_file_type_fs_depend',`
 	attribute file_type;
 
 	filesystem mount;
@@ -457,15 +457,15 @@ define(`files_remove_root_dir_entry_depend',`
 
 ########################################
 #
-# files_unmount_root_filesystem(domain)
+# files_unmount_root_fs(domain)
 #
-define(`files_unmount_root_filesystem',`
+define(`files_unmount_root_fs',`
 	requires_block_template(`$0'_depend)
 
 	allow $1 root_t:filesystem unmount;
 ')
 
-define(`files_unmount_root_filesystem_depend',`
+define(`files_unmount_root_fs_depend',`
 	type root_t;
 
 	class filesystem unmount;

refpolicy/policy/modules/system/files.te

@@ -12,15 +12,15 @@ attribute tmpfsfile;
 # match any specification in the file_contexts configuration
 # other than the generic /.* specification.
 type default_t, file_type, mountpoint;
-filesystem_associate(default_t)
+fs_associate(default_t)
-filesystem_noxattr_associate(default_t)
+fs_noxattr_associate(default_t)
 
 #
 # etc_t is the type of the system etc directories.
 #
 type etc_t, file_type;
-filesystem_associate(etc_t)
+fs_associate(etc_t)
-filesystem_noxattr_associate(etc_t)
+fs_noxattr_associate(etc_t)
 
 #
 # etc_runtime_t is the type of various
@@ -28,8 +28,8 @@ filesystem_noxattr_associate(etc_t)
 # generated during initialization.
 #
 type etc_runtime_t, file_type;
-filesystem_associate(etc_runtime_t)
+fs_associate(etc_runtime_t)
-filesystem_noxattr_associate(etc_runtime_t)
+fs_noxattr_associate(etc_runtime_t)
 
 #
 # file_t is the default type of a file that has not yet been
@@ -37,9 +37,9 @@ filesystem_noxattr_associate(etc_runtime_t)
 # that supports EAs).
 #
 type file_t, file_type, mountpoint;
-filesystem_associate(file_t)
+fs_associate(file_t)
-filesystem_noxattr_associate(file_t)
+fs_noxattr_associate(file_t)
-kernel_make_root_filesystem_mountpoint(file_t)
+kernel_make_root_fs_mountpoint(file_t)
 sid file context_template(system_u:object_r:file_t,s0)
 
 #
@@ -47,98 +47,98 @@ sid file context_template(system_u:object_r:file_t,s0)
 # are created
 #
 type home_root_t, file_type, mountpoint;
-filesystem_associate(home_root_t)
+fs_associate(home_root_t)
-filesystem_noxattr_associate(home_root_t)
+fs_noxattr_associate(home_root_t)
 
 #
 # lost_found_t is the type for the lost+found directories.
 #
 type lost_found_t, file_type;
-filesystem_associate(lost_found_t)
+fs_associate(lost_found_t)
-filesystem_noxattr_associate(lost_found_t)
+fs_noxattr_associate(lost_found_t)
 
 #
 # mnt_t is the type for mount points such as /mnt/cdrom
 #
 type mnt_t, file_type, mountpoint;
-filesystem_associate(mnt_t)
+fs_associate(mnt_t)
-filesystem_noxattr_associate(mnt_t)
+fs_noxattr_associate(mnt_t)
 
 type no_access_t, file_type;
-filesystem_associate(no_access_t)
+fs_associate(no_access_t)
-filesystem_noxattr_associate(no_access_t)
+fs_noxattr_associate(no_access_t)
 
 type poly_t, file_type;
-filesystem_associate(poly_t)
+fs_associate(poly_t)
-filesystem_noxattr_associate(poly_t)
+fs_noxattr_associate(poly_t)
 
 type readable_t, file_type;
-filesystem_associate(readable_t)
+fs_associate(readable_t)
-filesystem_noxattr_associate(readable_t)
+fs_noxattr_associate(readable_t)
 
 #
 # root_t is the type for rootfs and the root directory.
 #
 type root_t, file_type, mountpoint;
-filesystem_associate(root_t)
+fs_associate(root_t)
-filesystem_noxattr_associate(root_t)
+fs_noxattr_associate(root_t)
 kernel_read_directory_from(root_t)
-kernel_make_root_filesystem_mountpoint(root_t)
+kernel_make_root_fs_mountpoint(root_t)
 genfscon rootfs / context_template(system_u:object_r:root_t,s0)
 
 #
 # src_t is the type of files in the system src directories.
 #
 type src_t, file_type;
-filesystem_associate(src_t)
+fs_associate(src_t)
-filesystem_noxattr_associate(src_t)
+fs_noxattr_associate(src_t)
 
 #
 # tmp_t is the type of the temporary directories
 #
 type tmp_t, file_type, tmpfile, mountpoint;
-filesystem_associate(tmp_t)
+fs_associate(tmp_t)
-filesystem_noxattr_associate(tmp_t)
+fs_noxattr_associate(tmp_t)
 
 #
 # usr_t is the type for /usr.
 #
 type usr_t, file_type, mountpoint;
-filesystem_associate(usr_t)
+fs_associate(usr_t)
-filesystem_noxattr_associate(usr_t)
+fs_noxattr_associate(usr_t)
 
 #
 # var_t is the type of /var
 #
 type var_t, file_type, mountpoint;
-filesystem_associate(var_t)
+fs_associate(var_t)
-filesystem_noxattr_associate(var_t)
+fs_noxattr_associate(var_t)
 
 #
 # var_lib_t is the type of /var/lib
 #
 type var_lib_t, file_type;
-filesystem_associate(var_lib_t)
+fs_associate(var_lib_t)
-filesystem_noxattr_associate(var_lib_t)
+fs_noxattr_associate(var_lib_t)
 
 #
 # var_lock_t is tye type of /var/lock
 #
 type var_lock_t, file_type, lockfile;
-filesystem_associate(var_lock_t)
+fs_associate(var_lock_t)
-filesystem_noxattr_associate(var_lock_t)
+fs_noxattr_associate(var_lock_t)
 
 #
 # var_run_t is the type of /var/run, usually
 # used for pid and other runtime files.
 #
 type var_run_t, file_type, pidfile;
-filesystem_associate(var_run_t)
+fs_associate(var_run_t)
-filesystem_noxattr_associate(var_run_t)
+fs_noxattr_associate(var_run_t)
 
 #
 # var_spool_t is the type of /var/spool
 #
 type var_spool_t, file_type;
-filesystem_associate(var_spool_t)
+fs_associate(var_spool_t)
-filesystem_noxattr_associate(var_spool_t)
+fs_noxattr_associate(var_spool_t)

refpolicy/policy/modules/system/getty.te

@@ -45,7 +45,7 @@ allow getty_t getty_log_t:file { getattr append setattr };
 kernel_read_hardware_state(getty_t)
 
 # for error condition handling
-filesystem_get_persistent_filesystem_attributes(getty_t)
+fs_get_persistent_fs_attributes(getty_t)
 
 # Chown, chmod, read and write ttys.
 terminal_use_all_private_physical_terminals(getty_t)

refpolicy/policy/modules/system/hostname.te

@@ -31,7 +31,7 @@ kernel_ignore_use_file_descriptors(hostname_t)
 
 files_read_general_system_config(hostname_t)
 files_ignore_search_system_state_data_directory(hostname_t)
-filesystem_get_persistent_filesystem_attributes(hostname_t)
+fs_get_persistent_fs_attributes(hostname_t)
 
 terminal_ignore_use_console(hostname_t)
 terminal_use_all_private_physical_terminals(hostname_t)
@@ -55,7 +55,7 @@ miscfiles_read_localization(hostname_t)
 userdomain_use_all_users_file_descriptors(hostname_t)
 
 ifdef(`distro_redhat', `
-	filesystem_use_tmpfs_character_devices(hostname_t)
+	fs_use_tmpfs_character_devices(hostname_t)
 ')
 
 ifdef(`targeted_policy', `

refpolicy/policy/modules/system/hotplug.te

@@ -61,7 +61,7 @@ corenetwork_bind_tcp_on_all_nodes(hotplug_t)
 # for SSP
 devices_get_pseudorandom_data(hotplug_t)
 
-filesystem_get_all_filesystems_attributes(hotplug_t)
+fs_get_all_fs_attributes(hotplug_t)
 
 storage_set_fixed_disk_attributes(hotplug_t)
 storage_set_removable_device_attributes(hotplug_t)
@@ -112,7 +112,7 @@ ifdef(`distro_redhat', `
 	optional_policy(`netutils.te', `
 		# for arping used for static IP addresses on PCMCIA ethernet
 		netutils_transition(hotplug_t)
-		filesystem_use_tmpfs_character_devices(hotplug_t)
+		fs_use_tmpfs_character_devices(hotplug_t)
 	')
 	files_get_system_lock_file_attributes(hotplug_t)
 ')

refpolicy/policy/modules/system/init.te

@@ -42,8 +42,8 @@ type initrc_exec_t;
 domain_make_entrypoint_file(initrc_t,initrc_exec_t)
 
 type initrc_devpts_t;
-filesystem_associate(initrc_devpts_t)
+fs_associate(initrc_devpts_t)
-filesystem_noxattr_associate(initrc_devpts_t)
+fs_noxattr_associate(initrc_devpts_t)
 terminal_make_pseudoterminal(initrc_devpts_t)
 
 type initrc_var_run_t;
@@ -79,7 +79,7 @@ allow init_t init_var_run_t:file { create getattr read append write setattr unli
 files_create_daemon_runtime_data(init_t,init_var_run_t)
 
 allow init_t initctl_t:fifo_file { create getattr read append write setattr unlink };
-filesystem_tmpfs_associate(initctl_t)
+fs_tmpfs_associate(initctl_t)
 devices_create_dev_entry(init_t,initctl_t,fifo_file)
 
 # Modify utmp.
@@ -140,8 +140,8 @@ selinux_read_config(init_t)
 miscfiles_read_localization(init_t)
 
 ifdef(`distro_redhat',`
-	filesystem_use_tmpfs_character_devices(init_t)
+	fs_use_tmpfs_character_devices(init_t)
-	filesystem_create_private_tmpfs_data(init_t,initctl_t,fifo_file)
+	fs_create_private_tmpfs_data(init_t,initctl_t,fifo_file)
 ')
 
 optional_policy(`authlogin.te',`
@@ -228,12 +228,12 @@ devices_remove_lvm_control_channel(initrc_t)
 # Wants to remove udev.tbl:
 devices_remove_dev_symbolic_links(initrc_t)
 
-filesystem_register_binary_executable_type(initrc_t)
+fs_register_binary_executable_type(initrc_t)
 # cjp: not sure why these are here; should use mount policy
-filesystem_mount_all_filesystems(initrc_t)
+fs_mount_all_fs(initrc_t)
-filesystem_unmount_all_filesystems(initrc_t)
+fs_unmount_all_fs(initrc_t)
-filesystem_remount_all_filesystems(initrc_t)
+fs_remount_all_fs(initrc_t)
-filesystem_get_all_filesystems_attributes(initrc_t)
+fs_get_all_fs_attributes(initrc_t)
 
 storage_get_fixed_disk_attributes(initrc_t)
 storage_set_fixed_disk_attributes(initrc_t)
@@ -308,7 +308,7 @@ userdomain_read_all_users_data(initrc_t)
 userdomain_use_admin_terminals(initrc_t)
 
 ifdef(`distro_debian', `
-	filesystem_create_private_tmpfs_data(initrc_t,initrc_var_run_t,dir)
+	fs_create_private_tmpfs_data(initrc_t,initrc_var_run_t,dir)
 ')
 
 ifdef(`distro_redhat',`
@@ -336,7 +336,7 @@ ifdef(`distro_redhat',`
 	storage_raw_read_fixed_disk(initrc_t)
 	storage_raw_write_fixed_disk(initrc_t)
 
-	filesystem_use_tmpfs_character_devices(initrc_t)
+	fs_use_tmpfs_character_devices(initrc_t)
 
 	files_create_boot_flag(initrc_t)
 

refpolicy/policy/modules/system/iptables.te

@@ -44,7 +44,7 @@ kernel_read_kernel_sysctl(iptables_t)
 kernel_read_modprobe_sysctl(iptables_t)
 kernel_use_file_descriptors(iptables_t)
 
-filesystem_get_persistent_filesystem_attributes(iptables_t)
+fs_get_persistent_fs_attributes(iptables_t)
 
 terminal_ignore_use_console(iptables_t)
 

refpolicy/policy/modules/system/libraries.te

@@ -60,7 +60,7 @@ allow ldconfig_t { shlib_t texrel_shlib_t }:file { getattr read execute };
 
 kernel_read_system_state(ldconfig_t)
 
-filesystem_get_persistent_filesystem_attributes(ldconfig_t)
+fs_get_persistent_fs_attributes(ldconfig_t)
 
 domain_use_widely_inheritable_file_descriptors(ldconfig_t)
 

refpolicy/policy/modules/system/locallogin.te

@@ -153,7 +153,7 @@ ifdef(`crack.te', `
 
 allow local_login_t mouse_device_t:chr_file { getattr setattr };
 
-tunable_policy(`targeted_policy',`
+ifdef(`targeted_policy',`
 	unconfined_domain(local_login_t)
 	domain_auto_trans(local_login_t, shell_exec_t, unconfined_t)
 ')

refpolicy/policy/modules/system/logging.te

@@ -61,7 +61,7 @@ files_create_daemon_runtime_data(auditd_t,auditd_var_run_t)
 kernel_read_kernel_sysctl(auditd_t)
 kernel_read_hardware_state(auditd_t)
 
-filesystem_get_all_filesystems_attributes(auditd_t)
+fs_get_all_fs_attributes(auditd_t)
 
 terminal_ignore_use_console(auditd_t)
 
@@ -79,7 +79,7 @@ libraries_use_shared_libraries(auditd_t)
 
 miscfiles_read_localization(auditd_t)
 
-tunable_policy(`targeted_policy', `
+ifdef(`targeted_policy', `
 	terminal_ignore_use_general_physical_terminal(auditd_t)
 	terminal_ignore_use_general_pseudoterminal(auditd_t)
 	files_ignore_read_rootfs_file(auditd_t)
@@ -132,7 +132,7 @@ bootloader_read_kernel_symbol_table(klogd_t)
 
 devices_raw_read_memory(klogd_t)
 
-filesystem_get_all_filesystems_attributes(klogd_t)
+fs_get_all_fs_attributes(klogd_t)
 
 files_create_daemon_runtime_data(klogd_t,klogd_var_run_t)
 files_read_runtime_system_config(klogd_t)
@@ -208,7 +208,7 @@ corenetwork_sendrecv_udp_on_all_ports(syslogd_t)
 corenetwork_bind_udp_on_all_nodes(syslogd_t)
 corenetwork_bind_udp_on_syslogd_port(syslogd_t)
 
-filesystem_get_all_filesystems_attributes(syslogd_t)
+fs_get_all_fs_attributes(syslogd_t)
 
 init_use_file_descriptors(syslogd_t)
 init_script_use_pseudoterminal(syslogd_t)
@@ -243,7 +243,7 @@ ifdef(`klogd.te', `', `
 	kernel_change_ring_buffer_level(syslogd_t)
 ')
 
-tunable_policy(`targeted_policy', `
+ifdef(`targeted_policy', `
 	terminal_ignore_use_general_physical_terminal(syslogd_t)
 	terminal_ignore_use_general_pseudoterminal(syslogd_t)
 	files_ignore_read_rootfs_file(syslogd_t)

refpolicy/policy/modules/system/lvm.te

@@ -99,7 +99,7 @@ devices_ignore_get_generic_block_device_attributes(lvm_t)
 devices_ignore_get_generic_pipe_attributes(lvm_t)
 terminal_ignore_get_all_private_physical_terminal_attributes(lvm_t)
 
-filesystem_get_persistent_filesystem_attributes(lvm_t)
+fs_get_persistent_fs_attributes(lvm_t)
 
 # LVM creates block devices in /dev/mapper or /dev/<vg>
 # depending on its version

refpolicy/policy/modules/system/modutils.te

@@ -66,7 +66,7 @@ devices_write_mtrr(insmod_t)
 devices_get_pseudorandom_data(insmod_t)
 devices_direct_agp_access(insmod_t)
 
-filesystem_get_persistent_filesystem_attributes(insmod_t)
+fs_get_persistent_fs_attributes(insmod_t)
 
 corecommands_execute_general_programs(insmod_t)
 corecommands_execute_system_programs(insmod_t)
@@ -131,7 +131,7 @@ bootloader_create_private_module_dir_entry(depmod_t,modules_dep_t)
 
 kernel_read_system_state(depmod_t)
 
-filesystem_get_persistent_filesystem_attributes(depmod_t)
+fs_get_persistent_fs_attributes(depmod_t)
 
 terminal_use_console(depmod_t)
 
@@ -194,7 +194,7 @@ kernel_read_system_state(update_modules_t)
 
 devices_get_pseudorandom_data(update_modules_t)
 
-filesystem_get_persistent_filesystem_attributes(update_modules_t)
+fs_get_persistent_fs_attributes(update_modules_t)
 
 terminal_use_console(update_modules_t)
 

refpolicy/policy/modules/system/mount.te

@@ -31,11 +31,11 @@ storage_raw_write_fixed_disk(mount_t)
 storage_raw_read_removable_device(mount_t)
 storage_raw_write_removable_device(mount_t)
 
-filesystem_get_persistent_filesystem_attributes(mount_t)
+fs_get_persistent_fs_attributes(mount_t)
-filesystem_mount_all_filesystems(mount_t)
+fs_mount_all_fs(mount_t)
-filesystem_unmount_all_filesystems(mount_t)
+fs_unmount_all_fs(mount_t)
-filesystem_remount_all_filesystems(mount_t)
+fs_remount_all_fs(mount_t)
-filesystem_relabelfrom_persistent_filesystem(mount_t)
+fs_relabelfrom_persistent_fs(mount_t)
 
 terminal_use_console(mount_t)
 
@@ -50,11 +50,11 @@ files_create_private_tmp_data(mount_t,mount_tmp_t,{ file dir })
 files_read_general_system_config(mount_t)
 files_manage_runtime_system_config(mount_t)
 files_mount_on_all_mountpoints(mount_t)
-files_unmount_root_filesystem(mount_t)
+files_unmount_root_fs(mount_t)
 # These rules need to be generalized.  Only admin, initrc should have it:
-files_relabelto_all_file_type_filesystems(mount_t)
+files_relabelto_all_file_type_fs(mount_t)
-files_mount_all_file_type_filesystems(mount_t)
+files_mount_all_file_type_fs(mount_t)
-files_mount_all_file_type_filesystems(mount_t)
+files_mount_all_file_type_fs(mount_t)
 
 init_use_file_descriptors(mount_t)
 init_script_use_pseudoterminal(mount_t)
@@ -69,13 +69,13 @@ miscfiles_read_localization(mount_t)
 userdomain_use_all_users_file_descriptors(mount_t)
 
 ifdef(`distro_redhat',`
-	filesystem_use_tmpfs_character_devices(mount_t)
+	fs_use_tmpfs_character_devices(mount_t)
 	allow mount_t tmpfs_t:dir mounton;
 
 	optional_policy(`authlogin.te',`
 		authlogin_pam_console_read_runtime_data(mount_t)
 		# mount config by default sets fscontext=removable_t
-		filesystem_relabelfrom_dos_filesystem(mount_t)
+		fs_relabelfrom_dos_fs(mount_t)
 	')
 ')
 

refpolicy/policy/modules/system/selinux.te

@@ -111,7 +111,7 @@ allow checkpolicy_t policy_src_t:file { getattr read ioctl };
 allow checkpolicy_t policy_src_t:lnk_file { getattr read };
 allow checkpolicy_t selinux_config_t:dir search;
 
-filesystem_get_persistent_filesystem_attributes(checkpolicy_t)
+fs_get_persistent_fs_attributes(checkpolicy_t)
 
 terminal_use_console(checkpolicy_t)
 
@@ -153,7 +153,7 @@ kernel_get_selinuxfs_mount_point(load_policy_t)
 kernel_load_selinux_policy(load_policy_t)
 kernel_set_selinux_boolean(load_policy_t)
 
-filesystem_get_persistent_filesystem_attributes(load_policy_t)
+fs_get_persistent_fs_attributes(load_policy_t)
 
 terminal_use_console(load_policy_t)
 terminal_list_pseudoterminals(load_policy_t)
@@ -205,7 +205,7 @@ kernel_compute_selinux_reachable_user_contexts(newrole_t)
 
 devices_get_pseudorandom_data(newrole_t)
 
-filesystem_get_persistent_filesystem_attributes(newrole_t)
+fs_get_persistent_fs_attributes(newrole_t)
 
 terminal_use_all_private_physical_terminals(newrole_t)
 terminal_use_all_private_pseudoterminals(newrole_t)
@@ -287,7 +287,7 @@ kernel_compute_selinux_create_context(restorecon_t)
 kernel_compute_selinux_relabel_context(restorecon_t)
 kernel_compute_selinux_reachable_user_contexts(restorecon_t)
 
-filesystem_get_persistent_filesystem_attributes(restorecon_t)
+fs_get_persistent_fs_attributes(restorecon_t)
 
 terminal_use_general_physical_terminal(restorecon_t)
 
@@ -319,10 +319,10 @@ files_read_all_directories(restorecon_t)
 authlogin_relabel_to_shadow_passwords(restorecon_t)
 
 ifdef(`distro_redhat', `
-filesystem_use_tmpfs_character_devices(restorecon_t)
+fs_use_tmpfs_character_devices(restorecon_t)
-filesystem_use_tmpfs_block_devices(restorecon_t)
+fs_use_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_block_devices(restorecon_t)
+fs_relabel_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_character_devices(restorecon_t)
+fs_relabel_tmpfs_character_devices(restorecon_t)
 ')
 
 ifdef(`TODO',`
@@ -360,7 +360,7 @@ ifdef(`targeted_policy',`',`
 	# the failed access to the current directory
 	dontaudit run_init_t self:capability { dac_override dac_read_search };
 
-	filesystem_get_persistent_filesystem_attributes(run_init_t)
+	fs_get_persistent_fs_attributes(run_init_t)
 
 	devices_ignore_list_device_nodes(run_init_t)
 
@@ -420,7 +420,7 @@ kernel_compute_selinux_create_context(setfiles_t)
 kernel_compute_selinux_relabel_context(setfiles_t)
 kernel_compute_selinux_reachable_user_contexts(setfiles_t)
 
-filesystem_get_persistent_filesystem_attributes(setfiles_t)
+fs_get_persistent_fs_attributes(setfiles_t)
 
 terminal_use_all_private_physical_terminals(setfiles_t)
 terminal_use_all_private_pseudoterminals(setfiles_t)

refpolicy/policy/modules/system/selinuxutil.te

@@ -111,7 +111,7 @@ allow checkpolicy_t policy_src_t:file { getattr read ioctl };
 allow checkpolicy_t policy_src_t:lnk_file { getattr read };
 allow checkpolicy_t selinux_config_t:dir search;
 
-filesystem_get_persistent_filesystem_attributes(checkpolicy_t)
+fs_get_persistent_fs_attributes(checkpolicy_t)
 
 terminal_use_console(checkpolicy_t)
 
@@ -153,7 +153,7 @@ kernel_get_selinuxfs_mount_point(load_policy_t)
 kernel_load_selinux_policy(load_policy_t)
 kernel_set_selinux_boolean(load_policy_t)
 
-filesystem_get_persistent_filesystem_attributes(load_policy_t)
+fs_get_persistent_fs_attributes(load_policy_t)
 
 terminal_use_console(load_policy_t)
 terminal_list_pseudoterminals(load_policy_t)
@@ -205,7 +205,7 @@ kernel_compute_selinux_reachable_user_contexts(newrole_t)
 
 devices_get_pseudorandom_data(newrole_t)
 
-filesystem_get_persistent_filesystem_attributes(newrole_t)
+fs_get_persistent_fs_attributes(newrole_t)
 
 terminal_use_all_private_physical_terminals(newrole_t)
 terminal_use_all_private_pseudoterminals(newrole_t)
@@ -287,7 +287,7 @@ kernel_compute_selinux_create_context(restorecon_t)
 kernel_compute_selinux_relabel_context(restorecon_t)
 kernel_compute_selinux_reachable_user_contexts(restorecon_t)
 
-filesystem_get_persistent_filesystem_attributes(restorecon_t)
+fs_get_persistent_fs_attributes(restorecon_t)
 
 terminal_use_general_physical_terminal(restorecon_t)
 
@@ -319,10 +319,10 @@ files_read_all_directories(restorecon_t)
 authlogin_relabel_to_shadow_passwords(restorecon_t)
 
 ifdef(`distro_redhat', `
-filesystem_use_tmpfs_character_devices(restorecon_t)
+fs_use_tmpfs_character_devices(restorecon_t)
-filesystem_use_tmpfs_block_devices(restorecon_t)
+fs_use_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_block_devices(restorecon_t)
+fs_relabel_tmpfs_block_devices(restorecon_t)
-filesystem_relabel_tmpfs_character_devices(restorecon_t)
+fs_relabel_tmpfs_character_devices(restorecon_t)
 ')
 
 ifdef(`TODO',`
@@ -360,7 +360,7 @@ ifdef(`targeted_policy',`',`
 	# the failed access to the current directory
 	dontaudit run_init_t self:capability { dac_override dac_read_search };
 
-	filesystem_get_persistent_filesystem_attributes(run_init_t)
+	fs_get_persistent_fs_attributes(run_init_t)
 
 	devices_ignore_list_device_nodes(run_init_t)
 
@@ -420,7 +420,7 @@ kernel_compute_selinux_create_context(setfiles_t)
 kernel_compute_selinux_relabel_context(setfiles_t)
 kernel_compute_selinux_reachable_user_contexts(setfiles_t)
 
-filesystem_get_persistent_filesystem_attributes(setfiles_t)
+fs_get_persistent_fs_attributes(setfiles_t)
 
 terminal_use_all_private_physical_terminals(setfiles_t)
 terminal_use_all_private_pseudoterminals(setfiles_t)

refpolicy/policy/modules/system/sysnetwork.te

@@ -107,7 +107,7 @@ corenetwork_bind_udp_on_dhcpc_port(dhcpc_t)
 # for SSP
 devices_get_pseudorandom_data(dhcpc_t)
 
-filesystem_get_all_filesystems_attributes(dhcpc_t)
+fs_get_all_fs_attributes(dhcpc_t)
 
 terminal_ignore_use_console(dhcpc_t)
 terminal_ignore_use_all_private_physical_terminals(dhcpc_t)
@@ -268,7 +268,7 @@ kernel_read_network_state(ifconfig_t)
 kernel_ignore_search_sysctl_dir(ifconfig_t)
 kernel_ignore_search_network_sysctl_dir(ifconfig_t)
 
-filesystem_get_persistent_filesystem_attributes(ifconfig_t)
+fs_get_persistent_fs_attributes(ifconfig_t)
 
 terminal_ignore_use_all_private_physical_terminals(ifconfig_t)
 terminal_ignore_use_all_private_pseudoterminals(ifconfig_t)

refpolicy/policy/modules/system/udev.te

@@ -79,7 +79,7 @@ kernel_compute_selinux_reachable_user_contexts(udev_t)
 
 devices_manage_device_nodes(udev_t)
 
-filesystem_get_all_filesystems_attributes(udev_t)
+fs_get_all_fs_attributes(udev_t)
 
 corecommands_execute_general_programs(udev_t)
 corecommands_execute_system_programs(udev_t)
@@ -114,8 +114,8 @@ selinux_restorecon_transition(udev_t)
 sysnetwork_ifconfig_transition(udev_t)
 
 ifdef(`distro_redhat',`
-	filesystem_manage_tmpfs_block_devices(udev_t)
+	fs_manage_tmpfs_block_devices(udev_t)
-	filesystem_manage_tmpfs_character_devices(udev_t)
+	fs_manage_tmpfs_character_devices(udev_t)
 
 	# for arping used for static IP addresses on PCMCIA ethernet
 	netutils_transition(udev_t)

refpolicy/policy/modules/system/userdomain.if

@@ -88,7 +88,7 @@ define(`base_user_domain',`
 	allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
 	allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
 	allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-	filesystem_create_private_tmpfs_data($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+	fs_create_private_tmpfs_data($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
 	allow $1_t $1_tty_device_t:chr_file { setattr getattr read write append ioctl lock };
 
@@ -136,8 +136,8 @@ define(`base_user_domain',`
 	devices_get_direct_rendering_interface_attributes($1_t)
 	devices_ignore_use_direct_rendering_interface($1_t)
 
-	filesystem_get_all_filesystems_quotas($1_t)
+	fs_get_all_fs_quotas($1_t)
-	filesystem_get_all_filesystems_attributes($1_t)
+	fs_get_all_fs_attributes($1_t)
 
 	# for eject
 	storage_get_fixed_disk_attributes($1_t)
@@ -180,21 +180,21 @@ define(`base_user_domain',`
 	}
 
 	if (use_nfs_home_dirs) {
-		filesystem_manage_nfs_directories($1_t)
+		fs_manage_nfs_directories($1_t)
-		filesystem_manage_nfs_files($1_t)
+		fs_manage_nfs_files($1_t)
-		filesystem_manage_nfs_symbolic_links($1_t)
+		fs_manage_nfs_symbolic_links($1_t)
-		filesystem_manage_nfs_named_sockets($1_t)
+		fs_manage_nfs_named_sockets($1_t)
-		filesystem_manage_nfs_named_pipes($1_t)
+		fs_manage_nfs_named_pipes($1_t)
-		filesystem_execute_nfs_files($1_t)
+		fs_execute_nfs_files($1_t)
 	}
 
 	if (use_samba_home_dirs) {
-		filesystem_manage_windows_network_directories($1_t)
+		fs_manage_windows_network_directories($1_t)
-		filesystem_manage_windows_network_files($1_t)
+		fs_manage_windows_network_files($1_t)
-		filesystem_manage_windows_network_symbolic_links($1_t)
+		fs_manage_windows_network_symbolic_links($1_t)
-		filesystem_manage_windows_network_named_sockets($1_t)
+		fs_manage_windows_network_named_sockets($1_t)
-		filesystem_manage_windows_network_named_pipes($1_t)
+		fs_manage_windows_network_named_pipes($1_t)
-		filesystem_execute_windows_network_files($1_t)
+		fs_execute_windows_network_files($1_t)
 	}
 
 	if (user_direct_mouse) {
@@ -686,8 +686,8 @@ define(`admin_domain_template',`
 	devices_get_all_block_device_attributes($1_t)
 	devices_get_all_character_device_attributes($1_t)
 
-	filesystem_get_all_filesystems_attributes($1_t)
+	fs_get_all_fs_attributes($1_t)
-	filesystem_set_all_filesystems_quotas($1_t)
+	fs_set_all_fs_quotas($1_t)
 
 	storage_raw_read_removable_device($1_t)
 	storage_raw_write_removable_device($1_t)
@@ -875,6 +875,29 @@ define(`userdomain_use_admin_terminals_depend',`
 	class chr_file { getattr read write ioctl };
 ')
 
+########################################
+## <interface name="userdomain_dontaudit_use_admin_terminals">
+##	<description>
+##		Do not audit attempts to use admin ttys and ptys.
+##	</description>
+##	<parameter name="domain">
+##		The type of the process performing this action.
+##	</parameter>
+##	<infoflow type="none"/>
+## </interface>
+#
+define(`userdomain_dontaudit_use_admin_terminals',`
+	requires_block_template(`$0'_depend)
+
+	dontaudit $1 admin_terminal:chr_file { read write };
+')
+
+define(`userdomain_dontaudit_use_admin_terminals_depend',`
+	attribute admin_terminal;
+
+	class chr_file { read write };
+')
+
 ########################################
 ## <interface name="userdomain_search_all_users_home_dirs">
 ##	<description>