make fs use its own interfaces.

refpolicy/Changelog

@@ -2,7 +2,7 @@
   arbitrary category sets.
 - Change reiserfs from xattr filesystem to genfscon as it's xattrs
   are currently nonfunctional.
-- Change files module to use its own interfaces to simplify the module.
+- Change files and filesystem modules to use their own interfaces.
 - Add user fonts to xserver.
 - Additional interfaces in corecommands, miscfiles, and userdomain
   from Joy Latten.

refpolicy/policy/modules/kernel/filesystem.if

@@ -19,8 +19,6 @@ interface(`fs_type',`
 	')
 
 	typeattribute $1 filesystem_type;
-
-	allow $1 self:filesystem associate;
 ')
 
 ########################################

refpolicy/policy/modules/kernel/filesystem.te

@@ -1,5 +1,5 @@
 
-policy_module(filesystem,1.3.3)
+policy_module(filesystem,1.3.4)
 
 ########################################
 #
@@ -112,8 +112,8 @@ allow tmpfs_t noxattrfs:filesystem associate;
 #
 # Filesystems without extended attribute support
 #
-type autofs_t, noxattrfs;
+type autofs_t;
-fs_type(autofs_t)
+fs_noxattr_type(autofs_t)
 files_mountpoint(autofs_t)
 genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
 genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
@@ -122,8 +122,8 @@ genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
 # cifs_t is the type for filesystems and their
 # files shared from Windows servers
 #
-type cifs_t alias sambafs_t, noxattrfs;
+type cifs_t alias sambafs_t;
-fs_type(cifs_t)
+fs_noxattr_type(cifs_t)
 genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
 genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
 
@@ -131,8 +131,8 @@ genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
 # dosfs_t is the type for fat and vfat
 # filesystems and their files.
 #
-type dosfs_t, noxattrfs;
+type dosfs_t;
-fs_type(dosfs_t)
+fs_noxattr_type(dosfs_t)
 allow dosfs_t fs_t:filesystem associate;
 genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
 genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
@@ -143,25 +143,25 @@ genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
 # iso9660_t is the type for CD filesystems
 # and their files.
 #
-type iso9660_t, filesystem_type, noxattrfs;
+type iso9660_t;
-fs_type(iso9660_t)
+fs_noxattr_type(iso9660_t)
 genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
 genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
 
 #
 # removable_t is the default type of all removable media
 #
-type removable_t, noxattrfs;
+type removable_t;
 allow removable_t noxattrfs:filesystem associate;
-fs_type(removable_t)
+fs_noxattr_type(removable_t)
 files_config_file(removable_t)
 
 #
 # nfs_t is the default type for NFS file systems
 # and their files.
 #
-type nfs_t, filesystem_type, noxattrfs;
+type nfs_t;
-fs_type(nfs_t)
+fs_noxattr_type(nfs_t)
 files_mountpoint(nfs_t)
 genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
 genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
@@ -169,3 +169,10 @@ genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
 genfscon hfs / gen_context(system_u:object_r:nfs_t,s0)
 genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
 genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
+
+########################################
+#
+# Rules for all filesystem types
+#
+
+allow filesystem_type self:filesystem associate;