From 9f2f9e6dfe946b40ac9cb9d5ef272e6e8e5c7af1 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 2 May 2005 18:40:42 +0000
Subject: [PATCH] add ignore read rootfs file

---
 refpolicy/policy/modules/system/files.if | 32 ++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 8adce404..439e70c7 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -80,10 +80,10 @@ class chr_file relabelfrom;
 
 ########################################
 #
-# files_search_all_directories(type,[`optional'])
+# files_search_all_directories(domain)
 #
 define(`files_search_all_directories',`
-requires_block_template(files_search_all_directories_depend,$2)
+requires_block_template(files_search_all_directories_depend)
 allow $1 file_type:dir search;
 ')
 
@@ -92,6 +92,20 @@ attribute file_type;
 class dir search;
 ')
 
+########################################
+#
+# files_ignore_search_all_directories(domain)
+#
+define(`files_ignore_search_all_directories',`
+requires_block_template(files_ignore_search_all_directories_depend)
+dontaudit $1 file_type:dir search;
+')
+
+define(`files_ignore_search_all_directories_depend',`
+attribute file_type;
+class dir search;
+')
+
 ########################################
 #
 # files_read_all_directories(type,[`optional'])
@@ -150,6 +164,20 @@ type root_t;
 class dir { getattr search read write add_name };
 ')
 
+########################################
+#
+# files_ignore_read_rootfs_file(domain)
+#
+define(`files_ignore_read_rootfs_file',`
+requires_block_template(files_ignore_read_rootfs_file_depend)
+dontaudit $1 root_t:file read;
+')
+
+define(`files_ignore_read_rootfs_file_depend',`
+type root_t;
+class file read;
+')
+
 ########################################
 #
 # files_ignore_modify_rootfs_file(domain,[`optional'])