renaming from 20060131 interface review, round 3

refpolicy/policy/modules/admin/acct.te

@@ -74,7 +74,7 @@ userdom_dontaudit_use_unpriv_user_fd(acct_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(acct_t)
 	term_dontaudit_use_generic_pty(acct_t)
-	files_dontaudit_read_root_file(acct_t)
+	files_dontaudit_read_root_files(acct_t)
 ')
 
 optional_policy(`cron',`

refpolicy/policy/modules/admin/amanda.te

@@ -152,11 +152,11 @@ storage_raw_read_fixed_disk(amanda_t)
 
 files_read_etc_files(amanda_t)
 files_read_etc_runtime_files(amanda_t)
-files_list_all_dirs(amanda_t)
+files_list_all(amanda_t)
 files_read_all_files(amanda_t)
 files_read_all_symlinks(amanda_t)
-files_read_all_blk_nodes(amanda_t)
-files_read_all_chr_nodes(amanda_t)
+files_read_all_blk_files(amanda_t)
+files_read_all_chr_files(amanda_t)
 files_getattr_all_pipes(amanda_t)
 files_getattr_all_sockets(amanda_t)
 

refpolicy/policy/modules/admin/consoletype.te

@@ -53,7 +53,7 @@ init_write_script_pipe(consoletype_t)
 
 domain_use_wide_inherit_fd(consoletype_t)
 
-files_dontaudit_read_root_file(consoletype_t)
+files_dontaudit_read_root_files(consoletype_t)
 files_list_usr(consoletype_t)
 
 libs_use_ld_so(consoletype_t)

refpolicy/policy/modules/admin/dmesg.te

@@ -48,7 +48,7 @@ ifdef(`strict_policy',`
 
 	files_list_etc(dmesg_t)
 	# for when /usr is not mounted:
-	files_dontaudit_search_isid_type_dir(dmesg_t)
+	files_dontaudit_search_isid_type_dirs(dmesg_t)
 
 	init_use_fd(dmesg_t)
 	init_use_script_pty(dmesg_t)

refpolicy/policy/modules/admin/kudzu.te

@@ -98,7 +98,7 @@ files_read_usr_files(kudzu_t)
 # for /etc/sysconfig/hwconf - probably need a new type
 files_rw_etc_runtime_files(kudzu_t)
 # for file systems that are not yet mounted
-files_dontaudit_search_isid_type_dir(kudzu_t)
+files_dontaudit_search_isid_type_dirs(kudzu_t)
 
 init_use_fd(kudzu_t)
 init_use_script_pty(kudzu_t)
@@ -125,7 +125,7 @@ userdom_dontaudit_use_unpriv_user_fd(kudzu_t)
 ifdef(`targeted_policy',`
         term_dontaudit_use_unallocated_tty(kudzu_t)
         term_dontaudit_use_generic_pty(kudzu_t)
-        files_dontaudit_read_root_file(kudzu_t)
+        files_dontaudit_read_root_files(kudzu_t)
 
 	# cjp: this was originally in the else block
 	# of ifdef userhelper.te, but it seems to

refpolicy/policy/modules/admin/logrotate.te

@@ -98,7 +98,7 @@ files_read_etc_files(logrotate_t)
 files_read_etc_runtime_files(logrotate_t)
 files_read_all_pids(logrotate_t)
 # Write to /var/spool/slrnpull - should be moved into its own type.
-files_manage_generic_spools(logrotate_t)
+files_manage_generic_spool(logrotate_t)
 files_manage_generic_spool_dirs(logrotate_t)
 
 # cjp: why is this needed?

refpolicy/policy/modules/admin/prelink.te

@@ -58,7 +58,7 @@ domain_mmap_all_entry_files(prelink_t)
 
 files_list_all(prelink_t)
 files_getattr_all_files(prelink_t)
-files_write_non_security_dir(prelink_t)
+files_write_non_security_dirs(prelink_t)
 files_read_etc_files(prelink_t)
 files_read_etc_runtime_files(prelink_t)
 

refpolicy/policy/modules/admin/quota.te

@@ -43,7 +43,7 @@ term_dontaudit_use_console(quota_t)
 
 domain_use_wide_inherit_fd(quota_t)
 
-files_list_all_dirs(quota_t)
+files_list_all(quota_t)
 files_read_all_files(quota_t)
 files_read_all_symlinks(quota_t)
 files_getattr_all_pipes(quota_t)
@@ -64,7 +64,7 @@ userdom_dontaudit_use_unpriv_user_fd(quota_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(quota_t)
 	term_dontaudit_use_generic_pty(quota_t)
-	files_dontaudit_read_root_file(quota_t)
+	files_dontaudit_read_root_files(quota_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/admin/readahead.te

@@ -69,7 +69,7 @@ userdom_dontaudit_use_unpriv_user_fd(readahead_t)
 userdom_dontaudit_search_sysadm_home_dir(readahead_t)
 
 ifdef(`targeted_policy',`
-	files_dontaudit_read_root_file(readahead_t)
+	files_dontaudit_read_root_files(readahead_t)
 	term_dontaudit_use_unallocated_tty(readahead_t)
 	term_dontaudit_use_generic_pty(readahead_t)
 ')

refpolicy/policy/modules/admin/su.if

@@ -43,7 +43,7 @@ template(`su_restricted_domain_template', `
 	files_read_etc_files($1_su_t)
 	files_read_etc_runtime_files($1_su_t)
 	files_search_var_lib($1_su_t)
-	files_dontaudit_getattr_tmp_dir($1_su_t)
+	files_dontaudit_getattr_tmp_dirs($1_su_t)
 
 	auth_domtrans_chk_passwd($1_su_t)
 	auth_dontaudit_read_shadow($1_su_t)
@@ -162,7 +162,7 @@ template(`su_per_userdomain_template',`
 	files_read_etc_files($1_su_t)
 	files_read_etc_runtime_files($1_su_t)
 	files_search_var_lib($1_su_t)
-	files_dontaudit_getattr_tmp_dir($1_su_t)
+	files_dontaudit_getattr_tmp_dirs($1_su_t)
 
 	init_dontaudit_use_fd($1_su_t)
 	# Write to utmp.

refpolicy/policy/modules/admin/updfstab.te

@@ -88,7 +88,7 @@ userdom_dontaudit_use_unpriv_user_fd(updfstab_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(updfstab_t)
 	term_dontaudit_use_generic_pty(updfstab_t)
-	files_dontaudit_read_root_file(updfstab_t)
+	files_dontaudit_read_root_files(updfstab_t)
 ')
 
 optional_policy(`authlogin',`

refpolicy/policy/modules/apps/userhelper.if

@@ -104,7 +104,7 @@ template(`userhelper_per_userdomain_template',`
 	files_read_etc_files($1_userhelper_t)
 	# Read /var.
 	files_read_var_files($1_userhelper_t)
-	files_read_var_symlink($1_userhelper_t)
+	files_read_var_symlinks($1_userhelper_t)
 	# for some PAM modules and for cwd
 	files_search_home($1_userhelper_t)
 

refpolicy/policy/modules/kernel/bootloader.te

@@ -184,11 +184,11 @@ ifdef(`distro_redhat',`
 	files_mountpoint(bootloader_tmp_t)
 
 	# new file system defaults to file_t, granting file_t access is still bad.
-	files_manage_isid_type_dir(bootloader_t)
-	files_manage_isid_type_file(bootloader_t)
-	files_manage_isid_type_symlink(bootloader_t)
-	files_manage_isid_type_blk_node(bootloader_t)
-	files_manage_isid_type_chr_node(bootloader_t)
+	files_manage_isid_type_dirs(bootloader_t)
+	files_manage_isid_type_files(bootloader_t)
+	files_manage_isid_type_symlinks(bootloader_t)
+	files_manage_isid_type_blk_files(bootloader_t)
+	files_manage_isid_type_chr_files(bootloader_t)
 
 	# for mke2fs
 	mount_domtrans(bootloader_t)

refpolicy/policy/modules/kernel/files.if

@@ -274,38 +274,6 @@ interface(`files_dontaudit_getattr_all_dirs',`
 	dontaudit $1 file_type:dir getattr;
 ')
 
-########################################
-## <summary>
-##	Search all directories.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`files_search_all',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir { getattr search };
-')
-
-########################################
-## <summary>
-##	List the contents of all directories.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`files_list_all',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:dir r_dir_perms;
-')
-
 ########################################
 ## <summary>
 ##	List all non-security directories.
@@ -357,25 +325,6 @@ interface(`files_getattr_all_files',`
 	allow $1 file_type:lnk_file getattr;
 ')
 
-########################################
-## <summary>
-##	Get the attributes of all sockets
-##	with the type of a file.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-# cjp: added for initrc_t/distro_redhat.  I
-# do not think it has any effect.
-interface(`files_getattr_all_file_type_sockets',`
-	gen_require(`
-		attribute file_type;
-	')
-
-	allow $1 file_type:socket_class_set getattr;
-')
-
 ########################################
 ## <summary>
 ##	Do not audit attempts to get the attributes
@@ -576,7 +525,7 @@ interface(`files_dontaudit_getattr_non_security_symlinks',`
 ##	Domain to not audit.
 ## </param>
 #
-interface(`files_dontaudit_getattr_non_security_blk_dev',`
+interface(`files_dontaudit_getattr_non_security_blk_files',`
 	gen_require(`
 		attribute file_type, security_file_type;
 	')
@@ -593,7 +542,7 @@ interface(`files_dontaudit_getattr_non_security_blk_dev',`
 ##	Domain to not audit.
 ## </param>
 #
-interface(`files_dontaudit_getattr_non_security_chr_dev',`
+interface(`files_dontaudit_getattr_non_security_chr_files',`
 	gen_require(`
 		attribute file_type, security_file_type;
 	')
@@ -728,7 +677,7 @@ interface(`files_dontaudit_getattr_non_security_sockets',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_read_all_blk_nodes',`
+interface(`files_read_all_blk_files',`
 	gen_require(`
 		attribute file_type;
 	')
@@ -745,7 +694,7 @@ interface(`files_read_all_blk_nodes',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_read_all_chr_nodes',`
+interface(`files_read_all_chr_files',`
 	gen_require(`
 		attribute file_type;
 	')
@@ -815,9 +764,9 @@ interface(`files_manage_all_files',`
 
 ########################################
 #
-# files_search_all_dirs(domain)
+# files_search_all(domain)
 #
-interface(`files_search_all_dirs',`
+interface(`files_search_all',`
 	gen_require(`
 		attribute file_type;
 	')
@@ -827,9 +776,9 @@ interface(`files_search_all_dirs',`
 
 ########################################
 #
-# files_list_all_dirs(domain)
+# files_list_all(domain)
 #
-interface(`files_list_all_dirs',`
+interface(`files_list_all',`
 	gen_require(`
 		attribute file_type;
 	')
@@ -943,9 +892,9 @@ interface(`files_filetrans_root',`
 
 ########################################
 #
-# files_dontaudit_read_root_file(domain)
+# files_dontaudit_read_root_files(domain)
 #
-interface(`files_dontaudit_read_root_file',`
+interface(`files_dontaudit_read_root_files',`
 	gen_require(`
 		type root_t;
 	')
@@ -955,9 +904,9 @@ interface(`files_dontaudit_read_root_file',`
 
 ########################################
 #
-# files_dontaudit_rw_root_file(domain)
+# files_dontaudit_rw_root_files(domain)
 #
-interface(`files_dontaudit_rw_root_file',`
+interface(`files_dontaudit_rw_root_files',`
 	gen_require(`
 		type root_t;
 	')
@@ -967,9 +916,9 @@ interface(`files_dontaudit_rw_root_file',`
 
 ########################################
 #
-# files_dontaudit_rw_root_chr_dev(domain)
+# files_dontaudit_rw_root_chr_files(domain)
 #
-interface(`files_dontaudit_rw_root_chr_dev',`
+interface(`files_dontaudit_rw_root_chr_files',`
 	gen_require(`
 		type root_t;
 	')
@@ -1009,7 +958,7 @@ interface(`files_unmount_rootfs',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_getattr_default_dir',`
+interface(`files_getattr_default_dirs',`
 	gen_require(`
 		type default_t;
 	')
@@ -1026,7 +975,7 @@ interface(`files_getattr_default_dir',`
 ##	Domain to not audit.
 ## </param>
 #
-interface(`files_dontaudit_getattr_default_dir',`
+interface(`files_dontaudit_getattr_default_dirs',`
 	gen_require(`
 		type default_t;
 	')
@@ -1217,7 +1166,7 @@ interface(`files_search_etc',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_setattr_etc_dir',`
+interface(`files_setattr_etc_dirs',`
 	gen_require(`
 		type etc_t;
 	')
@@ -1445,7 +1394,7 @@ interface(`files_filetrans_etc',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_getattr_isid_type_dir',`
+interface(`files_getattr_isid_type_dirs',`
 	gen_require(`
 		type file_t;
 	')
@@ -1462,7 +1411,7 @@ interface(`files_getattr_isid_type_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_dontaudit_search_isid_type_dir',`
+interface(`files_dontaudit_search_isid_type_dirs',`
 	gen_require(`
 		type file_t;
 	')
@@ -1479,7 +1428,7 @@ interface(`files_dontaudit_search_isid_type_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_list_isid_type_dir',`
+interface(`files_list_isid_type_dirs',`
 	gen_require(`
 		type file_t;
 	')
@@ -1496,7 +1445,7 @@ interface(`files_list_isid_type_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_rw_isid_type_dir',`
+interface(`files_rw_isid_type_dirs',`
 	gen_require(`
 		type file_t;
 	')
@@ -1513,7 +1462,7 @@ interface(`files_rw_isid_type_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_manage_isid_type_dir',`
+interface(`files_manage_isid_type_dirs',`
 	gen_require(`
 		type file_t;
 	')
@@ -1530,7 +1479,7 @@ interface(`files_manage_isid_type_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_mounton_isid_type_dir',`
+interface(`files_mounton_isid_type_dirs',`
 	gen_require(`
 		type file_t;
 	')
@@ -1547,7 +1496,7 @@ interface(`files_mounton_isid_type_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_read_isid_type_file',`
+interface(`files_read_isid_type_files',`
 	gen_require(`
 		type file_t;
 	')
@@ -1565,7 +1514,7 @@ interface(`files_read_isid_type_file',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_manage_isid_type_file',`
+interface(`files_manage_isid_type_files',`
 	gen_require(`
 		type file_t;
 	')
@@ -1583,7 +1532,7 @@ interface(`files_manage_isid_type_file',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_manage_isid_type_symlink',`
+interface(`files_manage_isid_type_symlinks',`
 	gen_require(`
 		type file_t;
 	')
@@ -1601,7 +1550,7 @@ interface(`files_manage_isid_type_symlink',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_rw_isid_type_blk_node',`
+interface(`files_rw_isid_type_blk_files',`
 	gen_require(`
 		type file_t;
 	')
@@ -1619,7 +1568,7 @@ interface(`files_rw_isid_type_blk_node',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_manage_isid_type_blk_node',`
+interface(`files_manage_isid_type_blk_files',`
 	gen_require(`
 		type file_t;
 	')
@@ -1637,7 +1586,7 @@ interface(`files_manage_isid_type_blk_node',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_manage_isid_type_chr_node',`
+interface(`files_manage_isid_type_chr_files',`
 	gen_require(`
 		type file_t;
 	')
@@ -1994,7 +1943,7 @@ interface(`files_associate_tmp',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_getattr_tmp_dir',`
+interface(`files_getattr_tmp_dirs',`
 	gen_require(`
 		type tmp_t;
 	')
@@ -2011,7 +1960,7 @@ interface(`files_getattr_tmp_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_dontaudit_getattr_tmp_dir',`
+interface(`files_dontaudit_getattr_tmp_dirs',`
 	gen_require(`
 		type tmp_t;
 	')
@@ -2374,7 +2323,7 @@ interface(`files_search_var',`
 ##	Domain to not audit.
 ## </param>
 #
-interface(`files_dontaudit_write_var',`
+interface(`files_dontaudit_write_var_dirs',`
 	gen_require(`
 		type var_t;
 	')
@@ -2474,7 +2423,7 @@ interface(`files_manage_var_files',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_read_var_symlink',`
+interface(`files_read_var_symlinks',`
 	gen_require(`
 		type var_t;
 	')
@@ -2529,23 +2478,6 @@ interface(`files_filetrans_var',`
 	')
 ')
 
-########################################
-## <summary>
-##	Search directories in /var/lib.
-## </summary>
-## <param name="domain">
-##	The type of the process performing this action.
-## </param>
-#
-interface(`files_search_var_lib_dir',`
-	gen_require(`
-		type var_t, var_lib_t;
-	')
-
-	allow $1 var_t:dir search;
-	allow $1 var_lib_t:dir search;
-')
-
 ########################################
 ## <summary>
 ##	Get the attributes of the /var/lib directory.
@@ -2554,7 +2486,7 @@ interface(`files_search_var_lib_dir',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_getattr_var_lib_dir',`
+interface(`files_getattr_var_lib_dirs',`
 	gen_require(`
 		type var_t, var_lib_t;
 	')
@@ -2733,7 +2665,7 @@ interface(`files_dontaudit_search_locks',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_rw_locks_dir',`
+interface(`files_rw_lock_dirs',`
 	gen_require(`
 		type var_t, var_lock_t;
 	')
@@ -2830,7 +2762,7 @@ interface(`files_filetrans_lock',`
 ##	Domain to not audit.
 ## </param>
 #
-interface(`files_dontaudit_getattr_pid_dir',`
+interface(`files_dontaudit_getattr_pid_dirs',`
 	gen_require(`
 		type var_run_t;
 	')
@@ -3068,9 +3000,9 @@ interface(`files_manage_generic_spool_dirs',`
 
 ########################################
 #
-# files_read_generic_spools(domain)
+# files_read_generic_spool(domain)
 #
-interface(`files_read_generic_spools',`
+interface(`files_read_generic_spool',`
 	gen_require(`
 		type var_t, var_spool_t;
 	')
@@ -3082,9 +3014,9 @@ interface(`files_read_generic_spools',`
 
 ########################################
 #
-# files_manage_generic_spools(domain)
+# files_manage_generic_spool(domain)
 #
-interface(`files_manage_generic_spools',`
+interface(`files_manage_generic_spool',`
 	gen_require(`
 		type var_t, var_spool_t;
 	')
@@ -3175,7 +3107,7 @@ interface(`files_unconfined',`
 ##	Domain to allow
 ## </param>
 #
-interface(`files_write_non_security_dir',`
+interface(`files_write_non_security_dirs',`
 	gen_require(`
 		attribute file_type, security_file_type;
 	')

refpolicy/policy/modules/services/apache.te

@@ -289,7 +289,7 @@ mta_send_mail(httpd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(httpd_t)
 	term_dontaudit_use_generic_pty(httpd_t)
-	files_dontaudit_read_root_file(httpd_t)
+	files_dontaudit_read_root_files(httpd_t)
 
 	tunable_policy(`httpd_enable_homedirs',`
 		userdom_search_generic_user_home_dir(httpd_t)

refpolicy/policy/modules/services/apm.te

@@ -182,7 +182,7 @@ ifdef(`distro_suse',`
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(apmd_t)
 	term_dontaudit_use_generic_pty(apmd_t)
-	files_dontaudit_read_root_file(apmd_t)
+	files_dontaudit_read_root_files(apmd_t)
 	unconfined_domain_template(apmd_t)
 ')
 

refpolicy/policy/modules/services/arpwatch.te

@@ -96,7 +96,7 @@ mta_send_mail(arpwatch_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(arpwatch_t)
 	term_dontaudit_use_generic_pty(arpwatch_t)
-	files_dontaudit_read_root_file(arpwatch_t)
+	files_dontaudit_read_root_files(arpwatch_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/automount.te

@@ -90,15 +90,15 @@ dev_read_urand(automount_t)
 
 domain_use_wide_inherit_fd(automount_t)
 
-files_dontaudit_write_var(automount_t)
-files_search_var_lib_dir(automount_t)
+files_dontaudit_write_var_dirs(automount_t)
+files_search_var_lib(automount_t)
 files_search_mnt(automount_t)
 files_getattr_home_dir(automount_t)
 files_read_etc_files(automount_t)
 files_read_etc_runtime_files(automount_t)
 # for if the mount point is not labelled
-files_getattr_isid_type_dir(automount_t)
-files_getattr_default_dir(automount_t)
+files_getattr_isid_type_dirs(automount_t)
+files_getattr_default_dirs(automount_t)
 # because config files can be shell scripts
 files_exec_etc_files(automount_t)
 
@@ -132,7 +132,7 @@ userdom_dontaudit_use_unpriv_user_fd(automount_t)
 userdom_dontaudit_search_sysadm_home_dir(automount_t)
 
 ifdef(`targeted_policy', `
-	files_dontaudit_read_root_file(automount_t)
+	files_dontaudit_read_root_files(automount_t)
 	term_dontaudit_use_unallocated_tty(automount_t)
 	term_dontaudit_use_generic_pty(automount_t)
 ')

refpolicy/policy/modules/services/avahi.te

@@ -84,7 +84,7 @@ userdom_dontaudit_search_sysadm_home_dir(avahi_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(avahi_t)
 	term_dontaudit_use_generic_pty(avahi_t)
-	files_dontaudit_read_root_file(avahi_t)
+	files_dontaudit_read_root_files(avahi_t)
 ')
 
 optional_policy(`dbus',`

refpolicy/policy/modules/services/bind.te

@@ -148,7 +148,7 @@ userdom_dontaudit_search_sysadm_home_dir(named_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(named_t)
 	term_dontaudit_use_generic_pty(named_t)
-	files_dontaudit_read_root_file(named_t)
+	files_dontaudit_read_root_files(named_t)
 ')
 
 tunable_policy(`named_write_master_zones',`

refpolicy/policy/modules/services/bluetooth.te

@@ -139,7 +139,7 @@ userdom_dontaudit_search_sysadm_home_dir(bluetooth_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(bluetooth_t)
 	term_dontaudit_use_generic_pty(bluetooth_t)
-	files_dontaudit_read_root_file(bluetooth_t)
+	files_dontaudit_read_root_files(bluetooth_t)
 ')
 
 optional_policy(`dbus',`

refpolicy/policy/modules/services/canna.te

@@ -70,7 +70,7 @@ files_read_etc_files(canna_t)
 files_read_etc_runtime_files(canna_t)
 files_read_usr_files(canna_t)
 files_search_tmp(canna_t)
-files_dontaudit_read_root_file(canna_t)
+files_dontaudit_read_root_files(canna_t)
 
 init_use_fd(canna_t)
 init_use_script_pty(canna_t)
@@ -90,7 +90,7 @@ userdom_dontaudit_search_sysadm_home_dir(canna_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(canna_t)
 	term_dontaudit_use_generic_pty(canna_t)
-	files_dontaudit_read_root_file(canna_t)
+	files_dontaudit_read_root_files(canna_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/cpucontrol.te

@@ -58,7 +58,7 @@ userdom_dontaudit_use_unpriv_user_fd(cpucontrol_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(cpucontrol_t)
 	term_dontaudit_use_generic_pty(cpucontrol_t)
-	files_dontaudit_read_root_file(cpucontrol_t)
+	files_dontaudit_read_root_files(cpucontrol_t)
 ')
 
 optional_policy(`nscd',`
@@ -112,7 +112,7 @@ userdom_dontaudit_use_unpriv_user_fd(cpuspeed_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(cpuspeed_t)
 	term_dontaudit_use_generic_pty(cpuspeed_t)
-	files_dontaudit_read_root_file(cpuspeed_t)
+	files_dontaudit_read_root_files(cpuspeed_t)
 ')
 
 optional_policy(`nscd',`

refpolicy/policy/modules/services/cron.te

@@ -112,7 +112,7 @@ corecmd_list_sbin(crond_t)
 domain_use_wide_inherit_fd(crond_t)
 
 files_read_etc_files(crond_t)
-files_read_generic_spools(crond_t)
+files_read_generic_spool(crond_t)
 files_list_usr(crond_t)
 # Read from /var/spool/cron.
 files_search_var_lib(crond_t)
@@ -314,7 +314,7 @@ ifdef(`targeted_policy',`
 	files_exec_etc_files(system_crond_t)
 	files_read_etc_files(system_crond_t)
 	files_read_etc_runtime_files(system_crond_t)
-	files_list_all_dirs(system_crond_t)
+	files_list_all(system_crond_t)
 	files_getattr_all_dirs(system_crond_t)
 	files_getattr_all_files(system_crond_t)
 	files_getattr_all_symlinks(system_crond_t)
@@ -326,7 +326,7 @@ ifdef(`targeted_policy',`
 	files_dontaudit_search_pids(system_crond_t)
 	# Access other spool directories like
 	# /var/spool/anacron and /var/spool/slrnpull.
-	files_manage_generic_spools(system_crond_t)
+	files_manage_generic_spool(system_crond_t)
 
 	init_use_fd(system_crond_t)
 	init_use_script_fd(system_crond_t)

refpolicy/policy/modules/services/cups.te

@@ -198,7 +198,7 @@ lpd_manage_spool(cupsd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(cupsd_t)
 	term_dontaudit_use_generic_pty(cupsd_t)
-	files_dontaudit_read_root_file(cupsd_t)
+	files_dontaudit_read_root_files(cupsd_t)
 ')
 
 optional_policy(`cron',`
@@ -350,7 +350,7 @@ userdom_dontaudit_search_all_users_home(ptal_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(ptal_t)
 	term_dontaudit_use_generic_pty(ptal_t)
-	files_dontaudit_read_root_file(ptal_t)
+	files_dontaudit_read_root_files(ptal_t)
 ')
 
 optional_policy(`selinuxutil',`
@@ -449,7 +449,7 @@ lpd_read_config(cupsd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(hplip_t)
 	term_dontaudit_use_generic_pty(hplip_t)
-	files_dontaudit_read_root_file(hplip_t)
+	files_dontaudit_read_root_files(hplip_t)
 ')
 
 optional_policy(`mount',`
@@ -576,7 +576,7 @@ ifdef(`distro_redhat',`
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(cupsd_config_t)
 	term_dontaudit_use_generic_pty(cupsd_config_t)
-	files_dontaudit_read_root_file(cupsd_config_t)
+	files_dontaudit_read_root_files(cupsd_config_t)
 ')
 
 optional_policy(`cron',`

refpolicy/policy/modules/services/cyrus.te

@@ -115,7 +115,7 @@ mta_manage_spool(cyrus_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(cyrus_t)
 	term_dontaudit_use_generic_pty(cyrus_t)
-	files_dontaudit_read_root_file(cyrus_t)
+	files_dontaudit_read_root_files(cyrus_t)
 ')
 
 optional_policy(`cron',`

refpolicy/policy/modules/services/dbus.te

@@ -113,7 +113,7 @@ userdom_dontaudit_search_sysadm_home_dir(system_dbusd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(system_dbusd_t)
 	term_dontaudit_use_generic_pty(system_dbusd_t)
-	files_dontaudit_read_root_file(system_dbusd_t)
+	files_dontaudit_read_root_files(system_dbusd_t)
 ')
 
 tunable_policy(`read_default_t',`

refpolicy/policy/modules/services/dhcp.te

@@ -112,7 +112,7 @@ ifdef(`distro_gentoo',`
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(dhcpd_t)
 	term_dontaudit_use_generic_pty(dhcpd_t)
-	files_dontaudit_read_root_file(dhcpd_t)
+	files_dontaudit_read_root_files(dhcpd_t)
 ')
 
 optional_policy(`bind',`

refpolicy/policy/modules/services/dictd.te

@@ -84,7 +84,7 @@ userdom_dontaudit_use_unpriv_user_fd(dictd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(dictd_t)
 	term_dontaudit_use_generic_pty(dictd_t)
-	files_dontaudit_read_root_file(dictd_t)
+	files_dontaudit_read_root_files(dictd_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/distcc.te

@@ -92,7 +92,7 @@ userdom_dontaudit_search_sysadm_home_dir(distccd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(distccd_t)
 	term_dontaudit_use_generic_pty(distccd_t)
-	files_dontaudit_read_root_file(distccd_t)
+	files_dontaudit_read_root_files(distccd_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/dovecot.te

@@ -121,7 +121,7 @@ mta_manage_spool(dovecot_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(dovecot_t)
 	term_dontaudit_use_generic_pty(dovecot_t)
-	files_dontaudit_read_root_file(dovecot_t)
+	files_dontaudit_read_root_files(dovecot_t)
 ')
 
 optional_policy(`kerberos',`

refpolicy/policy/modules/services/fetchmail.te

@@ -93,7 +93,7 @@ userdom_dontaudit_search_sysadm_home_dir(fetchmail_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(fetchmail_t)
 	term_dontaudit_use_generic_pty(fetchmail_t)
-	files_dontaudit_read_root_file(fetchmail_t)
+	files_dontaudit_read_root_files(fetchmail_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/finger.te

@@ -107,7 +107,7 @@ userdom_dontaudit_search_user_home_dirs(fingerd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(fingerd_t)
 	term_dontaudit_use_generic_pty(fingerd_t)
-	files_dontaudit_read_root_file(fingerd_t)
+	files_dontaudit_read_root_files(fingerd_t)
 ')
 
 optional_policy(`cron',`

refpolicy/policy/modules/services/ftp.te

@@ -97,7 +97,7 @@ domain_use_wide_inherit_fd(ftpd_t)
 files_search_etc(ftpd_t)
 files_read_etc_files(ftpd_t)
 files_read_etc_runtime_files(ftpd_t)
-files_search_var_lib_dir(ftpd_t)
+files_search_var_lib(ftpd_t)
 
 fs_search_auto_mountpoints(ftpd_t)
 fs_getattr_all_fs(ftpd_t)
@@ -130,7 +130,7 @@ userdom_dontaudit_search_sysadm_home_dir(ftpd_t)
 userdom_dontaudit_use_unpriv_user_fd(ftpd_t)
 
 ifdef(`targeted_policy',`
-	files_dontaudit_read_root_file(ftpd_t)
+	files_dontaudit_read_root_files(ftpd_t)
 
 	term_dontaudit_use_generic_pty(ftpd_t)
 	term_dontaudit_use_unallocated_tty(ftpd_t)

refpolicy/policy/modules/services/gpm.te

@@ -81,7 +81,7 @@ userdom_dontaudit_search_sysadm_home_dir(gpm_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(gpm_t)
 	term_dontaudit_use_generic_pty(gpm_t)
-	files_dontaudit_read_root_file(gpm_t)
+	files_dontaudit_read_root_files(gpm_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/hal.te

@@ -140,7 +140,7 @@ userdom_dontaudit_search_sysadm_home_dir(hald_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(hald_t)
 	term_dontaudit_use_generic_pty(hald_t)
-	files_dontaudit_read_root_file(hald_t)
+	files_dontaudit_read_root_files(hald_t)
 	files_dontaudit_getattr_home_dir(hald_t)
 ')
 

refpolicy/policy/modules/services/howl.te

@@ -79,7 +79,7 @@ userdom_dontaudit_search_sysadm_home_dir(howl_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(howl_t)
 	term_dontaudit_use_generic_pty(howl_t)
-	files_dontaudit_read_root_file(howl_t)
+	files_dontaudit_read_root_files(howl_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/i18n_input.te

@@ -89,7 +89,7 @@ userdom_read_unpriv_user_home_files(i18n_input_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(i18n_input_t)
 	term_dontaudit_use_generic_pty(i18n_input_t)
-	files_dontaudit_read_root_file(i18n_input_t)
+	files_dontaudit_read_root_files(i18n_input_t)
 ')
 
 tunable_policy(`use_nfs_home_dirs',`

refpolicy/policy/modules/services/inetd.te

@@ -124,7 +124,7 @@ userdom_dontaudit_search_sysadm_home_dir(inetd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(inetd_t)
 	term_dontaudit_use_generic_pty(inetd_t)
-	files_dontaudit_read_root_file(inetd_t)
+	files_dontaudit_read_root_files(inetd_t)
 ')
 
 optional_policy(`amanda',`

refpolicy/policy/modules/services/inn.te

@@ -119,7 +119,7 @@ mta_send_mail(innd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(innd_t)
 	term_dontaudit_use_generic_pty(innd_t)
-	files_dontaudit_read_root_file(innd_t)
+	files_dontaudit_read_root_files(innd_t)
 ')
 
 optional_policy(`cron',`

refpolicy/policy/modules/services/irqbalance.te

@@ -54,7 +54,7 @@ userdom_dontaudit_search_sysadm_home_dir(irqbalance_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(irqbalance_t)
 	term_dontaudit_use_generic_pty(irqbalance_t)
-	files_dontaudit_read_root_file(irqbalance_t)
+	files_dontaudit_read_root_files(irqbalance_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/kerberos.te

@@ -134,7 +134,7 @@ userdom_dontaudit_search_sysadm_home_dir(kadmind_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(kadmind_t)
 	term_dontaudit_use_generic_pty(kadmind_t)
-	files_dontaudit_read_root_file(kadmind_t)
+	files_dontaudit_read_root_files(kadmind_t)
 ')
 
 optional_policy(`nis',`
@@ -234,7 +234,7 @@ userdom_dontaudit_search_sysadm_home_dir(krb5kdc_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(krb5kdc_t)
 	term_dontaudit_use_generic_pty(krb5kdc_t)
-	files_dontaudit_read_root_file(krb5kdc_t)
+	files_dontaudit_read_root_files(krb5kdc_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/ldap.te

@@ -135,7 +135,7 @@ ifdef(`targeted_policy',`
 
 	term_dontaudit_use_unallocated_tty(slapd_t)
 	term_dontaudit_use_generic_pty(slapd_t)
-	files_dontaudit_read_root_file(slapd_t)
+	files_dontaudit_read_root_files(slapd_t)
 ')
 
 optional_policy(`kerberos',`

refpolicy/policy/modules/services/lpd.te

@@ -220,7 +220,7 @@ userdom_dontaudit_search_sysadm_home_dir(lpd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(lpd_t)
 	term_dontaudit_use_generic_pty(lpd_t)
-	files_dontaudit_read_root_file(lpd_t)
+	files_dontaudit_read_root_files(lpd_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/mta.if

@@ -287,7 +287,7 @@ template(`mta_admin_template',`
 		files_filetrans_etc($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
 
 		# postfix needs this for newaliases
-		files_getattr_tmp_dir($1_mail_t)
+		files_getattr_tmp_dirs($1_mail_t)
 
 		postfix_exec_master($1_mail_t)
 

refpolicy/policy/modules/services/mta.te

@@ -142,7 +142,7 @@ optional_policy(`postfix',`
 	domain_use_wide_inherit_fd(system_mail_t)
 
 	# postfix needs this for newaliases
-	files_getattr_tmp_dir(system_mail_t)
+	files_getattr_tmp_dirs(system_mail_t)
 
 	postfix_exec_master(system_mail_t)
 

refpolicy/policy/modules/services/mysql.te

@@ -88,7 +88,7 @@ term_dontaudit_use_console(mysqld_t)
 
 domain_use_wide_inherit_fd(mysqld_t)
 
-files_getattr_var_lib_dir(mysqld_t)
+files_getattr_var_lib_dirs(mysqld_t)
 files_read_etc_runtime_files(mysqld_t)
 files_read_etc_files(mysqld_t)
 files_read_usr_files(mysqld_t)
@@ -118,7 +118,7 @@ ifdef(`distro_redhat',`
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(mysqld_t)
 	term_dontaudit_use_generic_pty(mysqld_t)
-	files_dontaudit_read_root_file(mysqld_t)
+	files_dontaudit_read_root_files(mysqld_t)
 ')
 
 optional_policy(`daemontools',`

refpolicy/policy/modules/services/networkmanager.te

@@ -111,7 +111,7 @@ userdom_dontaudit_use_unpriv_user_tty(NetworkManager_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(NetworkManager_t)
 	term_dontaudit_use_generic_pty(NetworkManager_t)
-	files_dontaudit_read_root_file(NetworkManager_t)
+	files_dontaudit_read_root_files(NetworkManager_t)
 ')
 
 optional_policy(`bind',`

refpolicy/policy/modules/services/nis.te

@@ -120,7 +120,7 @@ portmap_udp_sendto(ypbind_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(ypbind_t)
 	term_dontaudit_use_generic_pty(ypbind_t)
-	files_dontaudit_read_root_file(ypbind_t)
+	files_dontaudit_read_root_files(ypbind_t)
 ')
 
 optional_policy(`mount',`
@@ -221,7 +221,7 @@ portmap_udp_sendto(yppasswdd_t)
 ifdef(`targeted_policy',`
         term_dontaudit_use_unallocated_tty(yppasswdd_t)
         term_dontaudit_use_generic_pty(yppasswdd_t)
-        files_dontaudit_read_root_file(yppasswdd_t)
+        files_dontaudit_read_root_files(yppasswdd_t)
 ')
 
 optional_policy(`hostname',`
@@ -316,7 +316,7 @@ portmap_udp_sendto(ypserv_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(ypserv_t)
 	term_dontaudit_use_generic_pty(ypserv_t)
-	files_dontaudit_read_root_file(ypserv_t)
+	files_dontaudit_read_root_files(ypserv_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/nscd.te

@@ -119,7 +119,7 @@ ifdef(`targeted_policy',`
 
 	term_dontaudit_use_unallocated_tty(nscd_t)
 	term_dontaudit_use_generic_pty(nscd_t)
-	files_dontaudit_read_root_file(nscd_t)
+	files_dontaudit_read_root_files(nscd_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/ntp.te

@@ -119,7 +119,7 @@ userdom_dontaudit_list_sysadm_home_dir(ntpd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(ntpd_t)
 	term_dontaudit_use_generic_pty(ntpd_t)
-	files_dontaudit_read_root_file(ntpd_t)
+	files_dontaudit_read_root_files(ntpd_t)
 ')
 
 optional_policy(`cron',`

refpolicy/policy/modules/services/openct.te

@@ -59,7 +59,7 @@ userdom_dontaudit_search_sysadm_home_dir(openct_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(openct_t)
 	term_dontaudit_use_generic_pty(openct_t)
-	files_dontaudit_read_root_file(openct_t)
+	files_dontaudit_read_root_files(openct_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/pegasus.te

@@ -114,7 +114,7 @@ userdom_dontaudit_search_sysadm_home_dir(pegasus_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(pegasus_t)
 	term_dontaudit_use_generic_pty(pegasus_t)
-	files_dontaudit_read_root_file(pegasus_t)
+	files_dontaudit_read_root_files(pegasus_t)
 ')
 
 optional_policy(`logging',`

refpolicy/policy/modules/services/portmap.te

@@ -100,7 +100,7 @@ userdom_dontaudit_search_sysadm_home_dir(portmap_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(portmap_t)
 	term_dontaudit_use_generic_pty(portmap_t)
-	files_dontaudit_read_root_file(portmap_t)
+	files_dontaudit_read_root_files(portmap_t)
 ')
 
 optional_policy(`inetd',`

refpolicy/policy/modules/services/postfix.if

@@ -68,7 +68,7 @@ template(`postfix_domain_template',`
 	files_read_etc_runtime_files(postfix_$1_t)
 	files_read_usr_symlinks(postfix_$1_t)
 	files_search_spool(postfix_$1_t)
-	files_getattr_tmp_dir(postfix_$1_t)
+	files_getattr_tmp_dirs(postfix_$1_t)
 
 	init_use_fd(postfix_$1_t)
 	init_sigchld(postfix_$1_t)
@@ -86,7 +86,7 @@ template(`postfix_domain_template',`
 	ifdef(`targeted_policy', `
 		term_dontaudit_use_unallocated_tty(postfix_$1_t)
 		term_dontaudit_use_generic_pty(postfix_$1_t)
-		files_dontaudit_read_root_file(postfix_$1_t)
+		files_dontaudit_read_root_files(postfix_$1_t)
 	')
 
 	optional_policy(`nscd',`

refpolicy/policy/modules/services/postgresql.te

@@ -143,7 +143,7 @@ userdom_dontaudit_use_unpriv_user_fd(postgresql_t)
 mta_getattr_spool(postgresql_t)
 
 ifdef(`targeted_policy', `
-	files_dontaudit_read_root_file(postgresql_t)
+	files_dontaudit_read_root_files(postgresql_t)
 	term_dontaudit_use_generic_pty(postgresql_t)
 	term_dontaudit_use_unallocated_tty(postgresql_t)
 ')

refpolicy/policy/modules/services/ppp.te

@@ -179,7 +179,7 @@ userdom_search_unpriv_user_home_dirs(pppd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(pppd_t)
 	term_dontaudit_use_generic_pty(pppd_t)
-	files_dontaudit_read_root_file(pppd_t)
+	files_dontaudit_read_root_files(pppd_t)
 
 	optional_policy(`postfix',`
 		gen_require(`
@@ -299,7 +299,7 @@ userdom_dontaudit_search_sysadm_home_dir(pptp_t)
 ifdef(`targeted_policy',`
         term_dontaudit_use_unallocated_tty(pptp_t)
         term_dontaudit_use_generic_pty(pptp_t)
-        files_dontaudit_read_root_file(pptp_t)
+        files_dontaudit_read_root_files(pptp_t)
 ')
 
 optional_policy(`hostname',`

refpolicy/policy/modules/services/privoxy.te

@@ -83,7 +83,7 @@ userdom_use_sysadm_terms(privoxy_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(privoxy_t)
 	term_dontaudit_use_generic_pty(privoxy_t)
-	files_dontaudit_read_root_file(privoxy_t)
+	files_dontaudit_read_root_files(privoxy_t)
 ')
 
 optional_policy(`mount',`

refpolicy/policy/modules/services/procmail.te

@@ -76,7 +76,7 @@ ifdef(`hide_broken_symptoms',`
 
 ifdef(`targeted_policy', `
 	corenet_udp_bind_generic_port(procmail_t)
-	files_getattr_tmp_dir(procmail_t)
+	files_getattr_tmp_dirs(procmail_t)
 ')
 
 optional_policy(`logging',`
@@ -102,7 +102,7 @@ optional_policy(`spamassassin',`
 	corenet_udp_bind_generic_port(procmail_t)
 	corenet_tcp_connect_spamd_port(procmail_t)
 
-	files_getattr_tmp_dir(procmail_t)
+	files_getattr_tmp_dirs(procmail_t)
 
 	spamassassin_exec(procmail_t)
 	spamassassin_exec_client(procmail_t)

refpolicy/policy/modules/services/radius.te

@@ -106,7 +106,7 @@ userdom_dontaudit_getattr_sysadm_home_dir(radiusd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(radiusd_t)
 	term_dontaudit_use_generic_pty(radiusd_t)
-	files_dontaudit_read_root_file(radiusd_t)
+	files_dontaudit_read_root_files(radiusd_t)
 ')
 
 optional_policy(`cron',`

refpolicy/policy/modules/services/radvd.te

@@ -81,7 +81,7 @@ userdom_dontaudit_search_sysadm_home_dir(radvd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(radvd_t)
 	term_dontaudit_use_generic_pty(radvd_t)
-	files_dontaudit_read_root_file(radvd_t)
+	files_dontaudit_read_root_files(radvd_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/rdisc.te

@@ -59,7 +59,7 @@ userdom_dontaudit_use_unpriv_user_fd(rdisc_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(rdisc_t)
 	term_dontaudit_use_generic_pty(rdisc_t)
-	files_dontaudit_read_root_file(rdisc_t)
+	files_dontaudit_read_root_files(rdisc_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/remotelogin.te

@@ -97,7 +97,7 @@ files_read_world_readable_pipes(remote_login_t)
 files_read_world_readable_sockets(remote_login_t)
 files_list_mnt(remote_login_t)
 # for when /var/mail is a sym-link
-files_read_var_symlink(remote_login_t)
+files_read_var_symlinks(remote_login_t)
 
 init_rw_utmp(remote_login_t)
 

refpolicy/policy/modules/services/roundup.te

@@ -89,7 +89,7 @@ userdom_dontaudit_use_unpriv_user_fd(roundup_t)
 userdom_dontaudit_search_sysadm_home_dir(roundup_t)
 
 ifdef(`targeted_policy',`
-	files_dontaudit_read_root_file(roundup_t)
+	files_dontaudit_read_root_files(roundup_t)
 	term_dontaudit_use_unallocated_tty(roundup_t)
 	term_dontaudit_use_generic_pty(roundup_t)
 ')

refpolicy/policy/modules/services/rpc.if

@@ -77,7 +77,7 @@ template(`rpc_domain_template', `
 	files_read_etc_files($1_t)
 	files_read_etc_runtime_files($1_t)
 	files_search_var($1_t)
-	files_search_var_lib_dir($1_t)
+	files_search_var_lib($1_t)
 
 	init_use_fd($1_t)
 	init_use_script_pty($1_t)
@@ -96,7 +96,7 @@ template(`rpc_domain_template', `
 	ifdef(`targeted_policy',`
 		term_dontaudit_use_unallocated_tty($1_t)
 		term_dontaudit_use_generic_pty($1_t)
-		files_dontaudit_read_root_file($1_t)
+		files_dontaudit_read_root_files($1_t)
 	')
 
 	optional_policy(`mount',`

refpolicy/policy/modules/services/rpc.te

@@ -100,7 +100,7 @@ term_use_controlling_term(nfsd_t)
 # does not really need this, but it is easier to just allow it
 files_search_pids(nfsd_t) 
 # for exportfs and rpc.mountd
-files_getattr_tmp_dir(nfsd_t) 
+files_getattr_tmp_dirs(nfsd_t) 
 # cjp: this should really have its own type
 files_manage_mounttab(rpcd_t)
 

refpolicy/policy/modules/services/samba.te

@@ -289,7 +289,7 @@ userdom_dontaudit_use_unpriv_user_fd(smbd_t)
 userdom_use_unpriv_users_fd(smbd_t)
 
 ifdef(`targeted_policy', `
-	files_dontaudit_read_root_file(smbd_t)
+	files_dontaudit_read_root_files(smbd_t)
 	term_dontaudit_use_generic_pty(smbd_t)
 	term_dontaudit_use_unallocated_tty(smbd_t)
 ')
@@ -420,7 +420,7 @@ userdom_dontaudit_use_unpriv_user_fd(nmbd_t)
 userdom_use_unpriv_users_fd(nmbd_t)
 
 ifdef(`targeted_policy', `
-	files_dontaudit_read_root_file(nmbd_t)
+	files_dontaudit_read_root_files(nmbd_t)
 	term_dontaudit_use_generic_pty(nmbd_t)
 	term_dontaudit_use_unallocated_tty(nmbd_t)
 ')
@@ -714,7 +714,7 @@ userdom_priveleged_home_dir_manager(winbind_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(winbind_t)
 	term_dontaudit_use_generic_pty(winbind_t)
-	files_dontaudit_read_root_file(winbind_t)
+	files_dontaudit_read_root_files(winbind_t)
 ')
 
 optional_policy(`kerberos',`

refpolicy/policy/modules/services/sasl.te

@@ -60,7 +60,7 @@ files_read_etc_files(saslauthd_t)
 files_dontaudit_read_etc_runtime_files(saslauthd_t)
 files_search_var_lib(saslauthd_t)
 files_dontaudit_getattr_home_dir(saslauthd_t)
-files_dontaudit_getattr_tmp_dir(saslauthd_t)
+files_dontaudit_getattr_tmp_dirs(saslauthd_t)
 
 init_use_fd(saslauthd_t)
 init_use_script_pty(saslauthd_t)
@@ -84,7 +84,7 @@ userdom_dontaudit_search_sysadm_home_dir(saslauthd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(saslauthd_t)
 	term_dontaudit_use_generic_pty(saslauthd_t)
-	files_dontaudit_read_root_file(saslauthd_t)
+	files_dontaudit_read_root_files(saslauthd_t)
 ')
 
 # cjp: typeattribute dont work in conditionals yet

refpolicy/policy/modules/services/sendmail.te

@@ -105,7 +105,7 @@ ifdef(`targeted_policy',`
 	unconfined_domain_template(sendmail_t)
 	term_dontaudit_use_unallocated_tty(sendmail_t)
 	term_dontaudit_use_generic_pty(sendmail_t)
-	files_dontaudit_read_root_file(sendmail_t)
+	files_dontaudit_read_root_files(sendmail_t)
 ',`
 	allow sendmail_t sendmail_tmp_t:dir create_dir_perms;
 	allow sendmail_t sendmail_tmp_t:file create_file_perms;

refpolicy/policy/modules/services/slrnpull.te

@@ -69,7 +69,7 @@ userdom_dontaudit_use_unpriv_user_fd(slrnpull_t)
 userdom_dontaudit_search_sysadm_home_dir(slrnpull_t)
 
 ifdef(`targeted_policy',`
-	files_dontaudit_read_root_file(slrnpull_t)
+	files_dontaudit_read_root_files(slrnpull_t)
 	term_dontaudit_use_unallocated_tty(slrnpull_t)
 	term_dontaudit_use_generic_pty(slrnpull_t)
 ')

refpolicy/policy/modules/services/smartmon.te

@@ -91,7 +91,7 @@ userdom_dontaudit_search_sysadm_home_dir(fsdaemon_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(fsdaemon_t)
 	term_dontaudit_use_generic_pty(fsdaemon_t)
-	files_dontaudit_read_root_file(fsdaemon_t)
+	files_dontaudit_read_root_files(fsdaemon_t)
 ')
 
 optional_policy(`mta',`

refpolicy/policy/modules/services/snmp.te

@@ -126,7 +126,7 @@ ifdef(`distro_redhat', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(snmpd_t)
 	term_dontaudit_use_generic_pty(snmpd_t)
-	files_dontaudit_read_root_file(snmpd_t)
+	files_dontaudit_read_root_files(snmpd_t)
 ')
 
 optional_policy(`amanda',`

refpolicy/policy/modules/services/spamassassin.te

@@ -119,7 +119,7 @@ userdom_dontaudit_search_sysadm_home_dir(spamd_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(spamd_t)
 	term_dontaudit_use_generic_pty(spamd_t)
-	files_dontaudit_read_root_file(spamd_t)
+	files_dontaudit_read_root_files(spamd_t)
 	userdom_manage_generic_user_home_dirs(spamd_t)
 	userdom_manage_generic_user_home_files(spamd_t)
 ')

refpolicy/policy/modules/services/squid.te

@@ -113,7 +113,7 @@ files_read_etc_files(squid_t)
 files_read_etc_runtime_files(squid_t)
 files_read_usr_files(squid_t)
 files_search_spool(squid_t)
-files_dontaudit_getattr_tmp_dir(squid_t)
+files_dontaudit_getattr_tmp_dirs(squid_t)
 files_getattr_home_dir(squid_t)
 
 init_use_fd(squid_t)
@@ -138,7 +138,7 @@ userdom_dontaudit_search_sysadm_home_dir(squid_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(squid_t)
 	term_dontaudit_use_generic_pty(squid_t)
-	files_dontaudit_read_root_file(squid_t)
+	files_dontaudit_read_root_files(squid_t)
 ')
 
 tunable_policy(`squid_connect_any',`

refpolicy/policy/modules/services/ssh.te

@@ -255,7 +255,7 @@ ifdef(`targeted_policy',`',`
 	ifdef(`targeted_policy', `
 		term_dontaudit_use_unallocated_tty(ssh_keygen_t)
 		term_dontaudit_use_generic_pty(ssh_keygen_t)
-		files_dontaudit_read_root_file(ssh_keygen_t)
+		files_dontaudit_read_root_files(ssh_keygen_t)
 	')
 
 	optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/stunnel.te

@@ -100,7 +100,7 @@ ifdef(`distro_gentoo', `
 	ifdef(`targeted_policy', `
         	term_dontaudit_use_unallocated_tty(stunnel_t)
         	term_dontaudit_use_generic_pty(stunnel_t)
-        	files_dontaudit_read_root_file(stunnel_t)
+        	files_dontaudit_read_root_files(stunnel_t)
 	')
 
 	optional_policy(`daemontools',`

refpolicy/policy/modules/services/tftp.te

@@ -65,7 +65,7 @@ domain_use_wide_inherit_fd(tftpd_t)
 
 files_read_etc_files(tftpd_t);
 files_read_var_files(tftpd_t)
-files_read_var_symlink(tftpd_t)
+files_read_var_symlinks(tftpd_t)
 files_search_var(tftpd_t)
 
 init_use_fd(tftpd_t)
@@ -87,7 +87,7 @@ userdom_dontaudit_search_sysadm_home_dir(tftpd_t)
 ifdef(`targeted_policy', `
         term_dontaudit_use_unallocated_tty(tftpd_t)
         term_dontaudit_use_generic_pty(tftpd_t)
-        files_dontaudit_read_root_file(tftpd_t)
+        files_dontaudit_read_root_files(tftpd_t)
 ')
 
 optional_policy(`mount',`

refpolicy/policy/modules/services/timidity.te

@@ -88,7 +88,7 @@ userdom_search_sysadm_home_dir(timidity_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(timidity_t)
 	term_dontaudit_use_generic_pty(timidity_t)
-	files_dontaudit_read_root_file(timidity_t)
+	files_dontaudit_read_root_files(timidity_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/services/xfs.te

@@ -76,7 +76,7 @@ ifdef(`distro_debian',`
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(xfs_t)
 	term_dontaudit_use_generic_pty(xfs_t)
-	files_dontaudit_read_root_file(xfs_t)
+	files_dontaudit_read_root_files(xfs_t)
 ')
 
 optional_policy(`nis',`

refpolicy/policy/modules/services/zebra.te

@@ -109,7 +109,7 @@ userdom_dontaudit_search_sysadm_home_dir(zebra_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(zebra_t)
 	term_dontaudit_use_generic_pty(zebra_t)
-	files_dontaudit_read_root_file(zebra_t)
+	files_dontaudit_read_root_files(zebra_t)
 	unconfined_sigchld(zebra_t)
 ')
 

refpolicy/policy/modules/system/authlogin.te

@@ -218,7 +218,7 @@ ifdef(`direct_sysadm_daemon', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(pam_console_t)
 	term_dontaudit_use_generic_pty(pam_console_t)
-	files_dontaudit_read_root_file(pam_console_t)
+	files_dontaudit_read_root_files(pam_console_t)
 ')
 
 optional_policy(`gpm',`

refpolicy/policy/modules/system/clock.te

@@ -52,7 +52,7 @@ init_use_script_pty(hwclock_t)
 
 files_read_etc_files(hwclock_t)
 # for when /usr is not mounted:
-files_dontaudit_search_isid_type_dir(hwclock_t)
+files_dontaudit_search_isid_type_dirs(hwclock_t)
 
 libs_use_ld_so(hwclock_t)
 libs_use_shared_libs(hwclock_t)
@@ -64,7 +64,7 @@ miscfiles_read_localization(hwclock_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(hwclock_t)
 	term_dontaudit_use_generic_pty(hwclock_t)
-	files_dontaudit_read_root_file(hwclock_t)
+	files_dontaudit_read_root_files(hwclock_t)
 ')
 
 optional_policy(`apm',`

refpolicy/policy/modules/system/fstools.te

@@ -112,12 +112,12 @@ files_list_home(fsadm_t)
 files_read_usr_files(fsadm_t)
 files_read_etc_files(fsadm_t)
 files_manage_lost_found(fsadm_t)
-files_manage_isid_type_dir(fsadm_t)
+files_manage_isid_type_dirs(fsadm_t)
 # Write to /etc/mtab.
 files_manage_etc_runtime_files(fsadm_t)
 # Access to /initrd devices
-files_rw_isid_type_dir(fsadm_t)
-files_rw_isid_type_blk_node(fsadm_t)
+files_rw_isid_type_dirs(fsadm_t)
+files_rw_isid_type_blk_files(fsadm_t)
 # Recreate /mnt/cdrom.
 files_manage_mnt_dirs(fsadm_t)
 # for tune2fs

refpolicy/policy/modules/system/hostname.te

@@ -44,7 +44,7 @@ domain_use_wide_inherit_fd(hostname_t)
 files_read_etc_files(hostname_t)
 files_dontaudit_search_var(hostname_t)
 # for when /usr is not mounted:
-files_dontaudit_search_isid_type_dir(hostname_t)
+files_dontaudit_search_isid_type_dirs(hostname_t)
 
 libs_use_ld_so(hostname_t)
 libs_use_shared_libs(hostname_t)

refpolicy/policy/modules/system/hotplug.te

@@ -93,7 +93,7 @@ files_read_etc_files(hotplug_t)
 files_manage_etc_runtime_files(hotplug_t)
 files_exec_etc_files(hotplug_t)
 # for when filesystems are not mounted early in the boot:
-files_dontaudit_search_isid_type_dir(hotplug_t)
+files_dontaudit_search_isid_type_dirs(hotplug_t)
 
 init_use_fd(hotplug_t)
 init_use_script_pty(hotplug_t)

refpolicy/policy/modules/system/init.te

@@ -140,13 +140,13 @@ domain_sigchld_all_domains(init_t)
 
 files_read_etc_files(init_t)
 files_rw_generic_pids(init_t)
-files_dontaudit_search_isid_type_dir(init_t)
+files_dontaudit_search_isid_type_dirs(init_t)
 files_manage_etc_runtime_files(init_t)
 # Run /etc/X11/prefdm:
 files_exec_etc_files(init_t)
 # file descriptors inherited from the rootfs:
-files_dontaudit_rw_root_file(init_t)
-files_dontaudit_rw_root_chr_dev(init_t)
+files_dontaudit_rw_root_files(init_t)
+files_dontaudit_rw_root_chr_files(init_t)
 
 libs_use_ld_so(init_t)
 libs_use_shared_libs(init_t)
@@ -337,11 +337,11 @@ files_manage_generic_locks(initrc_t)
 files_exec_etc_files(initrc_t)
 files_read_usr_files(initrc_t)
 files_manage_urandom_seed(initrc_t)
-files_manage_generic_spools(initrc_t)
+files_manage_generic_spool(initrc_t)
 # Mount and unmount file systems.
 # cjp: not sure why these are here; should use mount policy
-files_list_isid_type_dir(initrc_t)
-files_mounton_isid_type_dir(initrc_t)
+files_list_isid_type_dirs(initrc_t)
+files_mounton_isid_type_dirs(initrc_t)
 files_list_default(initrc_t)
 files_mounton_default(initrc_t)
 
@@ -390,7 +390,7 @@ ifdef(`distro_debian',`
 	fs_setattr_tmpfs_dir(initrc_t)
 	storage_create_fixed_disk_tmpfs(initrc_t)
 
-	files_setattr_etc_dir(initrc_t)
+	files_setattr_etc_dirs(initrc_t)
 ')
 
 ifdef(`distro_gentoo',`
@@ -410,7 +410,7 @@ ifdef(`distro_redhat',`
 	# Red Hat systems seem to have a stray
 	# fd open from the initrd
 	kernel_dontaudit_use_fd(initrc_t)
-	files_dontaudit_read_root_file(initrc_t)
+	files_dontaudit_read_root_files(initrc_t)
 
 	selinux_set_enforce_mode(initrc_t)
 
@@ -434,7 +434,6 @@ ifdef(`distro_redhat',`
 	storage_getattr_removable_device(initrc_t)
 
 	files_create_boot_flag(initrc_t)
-	files_getattr_all_file_type_sockets(initrc_t)
 	# wants to read /.fonts directory
 	files_read_default_files(initrc_t)
 	files_mountpoint(initrc_tmp_t)

refpolicy/policy/modules/system/ipsec.te

@@ -127,7 +127,7 @@ userdom_dontaudit_search_sysadm_home_dir(ipsec_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(ipsec_t)
 	term_dontaudit_use_generic_pty(ipsec_t)
-	files_dontaudit_read_root_file(ipsec_t)
+	files_dontaudit_read_root_files(ipsec_t)
 ')
 
 optional_policy(`nis',`
@@ -236,7 +236,7 @@ domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t)
 files_read_etc_files(ipsec_mgmt_t)
 files_exec_etc_files(ipsec_mgmt_t)
 files_read_etc_runtime_files(ipsec_mgmt_t)
-files_dontaudit_getattr_default_dir(ipsec_mgmt_t)
+files_dontaudit_getattr_default_dirs(ipsec_mgmt_t)
 files_dontaudit_getattr_default_files(ipsec_mgmt_t)
 
 init_use_script_pty(ipsec_mgmt_t)

refpolicy/policy/modules/system/iptables.te

@@ -78,7 +78,7 @@ userdom_use_all_user_fd(iptables_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(iptables_t)
 	term_dontaudit_use_generic_pty(iptables_t)
-	files_dontaudit_read_root_file(iptables_t)
+	files_dontaudit_read_root_files(iptables_t)
 ')
 
 optional_policy(`firstboot',`

refpolicy/policy/modules/system/locallogin.te

@@ -140,7 +140,7 @@ files_read_world_readable_symlinks(local_login_t)
 files_read_world_readable_pipes(local_login_t)
 files_read_world_readable_sockets(local_login_t)
 # for when /var/mail is a symlink
-files_read_var_symlink(local_login_t)
+files_read_var_symlinks(local_login_t)
 
 init_rw_utmp(local_login_t)
 init_dontaudit_use_fd(local_login_t)
@@ -243,7 +243,7 @@ fs_use_tmpfs_chr_dev(sulogin_t)
 
 files_read_etc_files(sulogin_t)
 # because file systems are not mounted:
-files_dontaudit_search_isid_type_dir(sulogin_t)
+files_dontaudit_search_isid_type_dirs(sulogin_t)
 
 init_get_script_process_group(sulogin_t)
 

refpolicy/policy/modules/system/logging.te

@@ -335,7 +335,7 @@ domain_use_wide_inherit_fd(syslogd_t)
 files_read_etc_files(syslogd_t)
 files_read_etc_runtime_files(syslogd_t)
 # /initrd is not umounted before minilog starts
-files_dontaudit_search_isid_type_dir(syslogd_t)
+files_dontaudit_search_isid_type_dirs(syslogd_t)
 
 libs_use_ld_so(syslogd_t)
 libs_use_shared_libs(syslogd_t)
@@ -359,7 +359,7 @@ ifdef(`targeted_policy',`
 	allow syslogd_t var_run_t:fifo_file { ioctl read write };
 	term_dontaudit_use_unallocated_tty(syslogd_t)
 	term_dontaudit_use_generic_pty(syslogd_t)
-	files_dontaudit_read_root_file(syslogd_t)
+	files_dontaudit_read_root_files(syslogd_t)
 ')
 
 optional_policy(`inn',`

refpolicy/policy/modules/system/lvm.te

@@ -103,7 +103,7 @@ userdom_dontaudit_search_sysadm_home_dir(clvmd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(clvmd_t)
 	term_dontaudit_use_generic_pty(clvmd_t)
-	files_dontaudit_read_root_file(clvmd_t)
+	files_dontaudit_read_root_files(clvmd_t)
 ')
 
 optional_policy(`mount',`
@@ -220,7 +220,7 @@ domain_use_wide_inherit_fd(lvm_t)
 files_read_etc_files(lvm_t)
 files_read_etc_runtime_files(lvm_t)
 # for when /usr is not mounted:
-files_dontaudit_search_isid_type_dir(lvm_t)
+files_dontaudit_search_isid_type_dirs(lvm_t)
 
 init_use_fd(lvm_t)
 init_dontaudit_getattr_initctl(lvm_t)
@@ -240,14 +240,14 @@ seutil_sigchld_newrole(lvm_t)
 
 ifdef(`distro_redhat',`
 	# this is from the initrd:
-	files_rw_isid_type_dir(lvm_t)
+	files_rw_isid_type_dirs(lvm_t)
 ')
 
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(lvm_t)
 	term_dontaudit_use_generic_pty(lvm_t)
 
-	files_dontaudit_read_root_file(lvm_t)
+	files_dontaudit_read_root_files(lvm_t)
 ')
 
 optional_policy(`bootloader',`

refpolicy/policy/modules/system/modutils.te

@@ -98,7 +98,7 @@ files_exec_etc_files(insmod_t)
 # for nscd:
 files_dontaudit_search_pids(insmod_t)
 # for when /var is not mounted early in the boot:
-files_dontaudit_search_isid_type_dir(insmod_t)
+files_dontaudit_search_isid_type_dirs(insmod_t)
 
 init_use_initctl(insmod_t)
 init_use_fd(insmod_t)

refpolicy/policy/modules/system/mount.te

@@ -56,7 +56,7 @@ corecmd_exec_bin(mount_t)
 
 domain_use_wide_inherit_fd(mount_t)
 
-files_search_all_dirs(mount_t)
+files_search_all(mount_t)
 files_read_etc_files(mount_t)
 files_manage_etc_runtime_files(mount_t)
 files_mounton_all_mountpoints(mount_t)
@@ -67,7 +67,7 @@ files_mount_all_file_type_fs(mount_t)
 files_unmount_all_file_type_fs(mount_t)
 # for when /etc/mtab loses its type
 # cjp: this seems wrong, the type should probably be etc
-files_read_isid_type_file(mount_t)
+files_read_isid_type_files(mount_t)
 
 init_use_fd(mount_t)
 init_use_script_pty(mount_t)

refpolicy/policy/modules/system/pcmcia.te

@@ -125,7 +125,7 @@ ifdef(`targeted_policy',`
 	term_use_generic_pty(cardmgr_t)
 	term_dontaudit_use_unallocated_tty(cardmgr_t)
 	term_dontaudit_use_generic_pty(cardmgr_t)
-	files_dontaudit_read_root_file(cardmgr_t)
+	files_dontaudit_read_root_files(cardmgr_t)
 ')
 
 optional_policy(`selinuxutil',`

refpolicy/policy/modules/system/raid.te

@@ -72,7 +72,7 @@ mta_send_mail(mdadm_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(mdadm_t)
 	term_dontaudit_use_generic_pty(mdadm_t)
-	files_dontaudit_read_root_file(mdadm_t)
+	files_dontaudit_read_root_files(mdadm_t)
 ')
 
 optional_policy(`selinux',`

refpolicy/policy/modules/system/selinuxutil.te

@@ -264,7 +264,7 @@ init_rw_utmp(newrole_t)
 
 files_read_etc_files(newrole_t)
 files_read_var_files(newrole_t)
-files_read_var_symlink(newrole_t)
+files_read_var_symlinks(newrole_t)
 
 libs_use_ld_so(newrole_t)
 libs_use_shared_libs(newrole_t)
@@ -364,7 +364,7 @@ kernel_relabel_unlabeled(restorecon_t)
 dev_relabel_all_dev_nodes(restorecon_t)
 
 files_relabel_all_files(restorecon_t)
-files_list_all_dirs(restorecon_t)
+files_list_all(restorecon_t)
 # this is to satisfy the assertion:
 auth_relabelto_shadow(restorecon_t)
 
@@ -517,7 +517,7 @@ userdom_read_all_user_files(setfiles_t)
 # relabeling rules
 kernel_relabel_unlabeled(setfiles_t)
 dev_relabel_all_dev_nodes(setfiles_t)
-files_list_all_dirs(setfiles_t)
+files_list_all(setfiles_t)
 files_relabel_all_files(setfiles_t)
 # this is to satisfy the assertion:
 auth_relabelto_shadow(setfiles_t)

refpolicy/policy/modules/system/sysnetwork.te

@@ -154,7 +154,7 @@ ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(dhcpc_t)
 	term_dontaudit_use_generic_pty(dhcpc_t)
 
-	files_dontaudit_read_root_file(dhcpc_t)
+	files_dontaudit_read_root_files(dhcpc_t)
 ')
 
 optional_policy(`consoletype',`
@@ -294,7 +294,7 @@ term_dontaudit_use_all_user_ptys(ifconfig_t)
 
 domain_use_wide_inherit_fd(ifconfig_t)
 
-files_dontaudit_read_root_file(ifconfig_t)
+files_dontaudit_read_root_files(ifconfig_t)
 
 init_use_fd(ifconfig_t)
 init_use_script_pty(ifconfig_t)

refpolicy/policy/modules/system/udev.te

@@ -111,7 +111,7 @@ domain_dontaudit_list_all_domains_proc(udev_t)
 files_read_etc_runtime_files(udev_t)
 files_read_etc_files(udev_t)
 files_exec_etc_files(udev_t)
-files_dontaudit_search_isid_type_dir(udev_t)
+files_dontaudit_search_isid_type_dirs(udev_t)
 files_getattr_generic_locks(udev_t)
 files_search_mnt(udev_t)
 

refpolicy/policy/modules/system/userdomain.if

@@ -229,8 +229,8 @@ template(`base_user_template',`
 	files_dontaudit_getattr_non_security_symlinks($1_t)
 	files_dontaudit_getattr_non_security_pipes($1_t)
 	files_dontaudit_getattr_non_security_sockets($1_t)
-	files_dontaudit_getattr_non_security_blk_dev($1_t)
-	files_dontaudit_getattr_non_security_chr_dev($1_t)
+	files_dontaudit_getattr_non_security_blk_files($1_t)
+	files_dontaudit_getattr_non_security_chr_files($1_t)
 
 	# Caused by su - init scripts
 	init_dontaudit_use_script_pty($1_t)
@@ -411,7 +411,7 @@ template(`base_user_template',`
 	')
 
 	optional_policy(`rpm',`
-		files_getattr_var_lib_dir($1_t)
+		files_getattr_var_lib_dirs($1_t)
 		files_search_var_lib($1_t)
 	')