add home_domain()

docs/macro_conversion_guide

@@ -932,6 +932,32 @@ kernel_getattr_core($1)
 kernel_getattr_message_if($1)
 kernel_read_kernel_sysctl($1)
 
+#
+# home_domain($1,$2)
+#
+type $1_$2_home_t alias $1_$2_rw_t;
+files_poly_member($1_$2_home_t)
+userdom_home_file($1,$1_$2_home_t)
+allow $1_t $1_$2_home_t:dir manage_dir_perms;
+allow $1_t $1_$2_home_t:file manage_file_perms;
+allow $1_t $1_$2_home_t:lnk_file create_lnk_perms;
+allow $1_t $1_$2_home_t:{ dir file lnk_file } { relabelfrom relabelto };
+userdom_search_user_home($1,$1_$2_t)
+allow $1_$2_t $1_$2_home_t:dir manage_dir_perms;
+allow $1_$2_t $1_$2_home_t:file manage_file_perms;
+allow $1_$2_t $1_$2_home_t:lnk_file create_lnk_perms;
+fs_search_auto_mountpoints($1_$2_t)
+tunable_policy(`use_nfs_home_dirs',`
+fs_manage_nfs_dirs($1_$2_t)
+fs_manage_nfs_files($1_$2_t)
+fs_manage_nfs_symlinks($1_$2_t)
+')
+tunable_policy(`use_samba_home_dirs',`
+fs_manage_cifs_dirs($1_$2_t)
+fs_manage_cifs_files($1_$2_t)
+fs_manage_cifs_symlinks($1_$2_t)
+')
+
 #
 # in_user_role():
 #
@@ -1175,7 +1201,7 @@ allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append
 allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
 allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
 allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-fs_create_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
 #
 # unconfined_domain(): complete