renaming and xml

refpolicy/policy/modules/kernel/filesystem.te

@@ -2,6 +2,7 @@
 policy_module(filesystem,1.0)
 
 attribute fs_type;
+attribute noxattrfs;
 
 ########################################
 #
@@ -72,19 +73,13 @@ fs_use_trans tmpfs context_template(system_u:object_r:tmpfs_t,s0);
 fs_use_trans shm context_template(system_u:object_r:tmpfs_t,s0);
 
 allow tmpfs_t self:filesystem associate;
-allow tmpfs_t autofs_t:filesystem associate;
+allow tmpfs_t noxattrfs:filesystem associate;
-allow tmpfs_t cifs_t:filesystem associate;
-allow tmpfs_t dosfs_t:filesystem associate;
-allow tmpfs_t iso9660_t:filesystem associate;
-allow tmpfs_t nfs_t:filesystem associate;
-allow tmpfs_t removable_t:filesystem associate;
-allow tmpfs_t usbfs_t:filesystem associate;
 
 ########################################
 #
 # Filesystems without extended attribute support
 #
-type autofs_t, fs_type;
+type autofs_t, fs_type, noxattrfs;
 allow autofs_t self:filesystem associate;
 genfscon autofs / context_template(system_u:object_r:autofs_t,s0)
 genfscon automount / context_template(system_u:object_r:autofs_t,s0)
@@ -93,7 +88,7 @@ genfscon automount / context_template(system_u:object_r:autofs_t,s0)
 # cifs_t is the type for filesystems and their
 # files shared from Windows servers
 #
-type cifs_t alias sambafs_t, fs_type;
+type cifs_t alias sambafs_t, fs_type, noxattrfs;
 allow cifs_t self:filesystem associate;
 genfscon cifs / context_template(system_u:object_r:cifs_t,s0)
 genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
@@ -102,7 +97,7 @@ genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
 # dosfs_t is the type for fat and vfat
 # filesystems and their files.
 #
-type dosfs_t, fs_type;
+type dosfs_t, fs_type, noxattrfs;
 allow dosfs_t self:filesystem associate;
 genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)
 genfscon msdos / context_template(system_u:object_r:dosfs_t,s0)
@@ -113,7 +108,7 @@ genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0)
 # iso9660_t is the type for CD filesystems
 # and their files.
 #
-type iso9660_t, fs_type;
+type iso9660_t, fs_type, noxattrfs;
 allow iso9660_t self:filesystem associate;
 genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0)
 genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
@@ -121,20 +116,14 @@ genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
 #
 # removable_t is the default type of all removable media
 #
-type removable_t, fs_type;
+type removable_t, fs_type, noxattrfs;
-allow removable_t self:filesystem associate;
+allow removable_t noxattrfs:filesystem associate;
-allow removable_t autofs_t:filesystem associate;
-allow removable_t cifs_t:filesystem associate;
-allow removable_t dosfs_t:filesystem associate;
-allow removable_t iso9660_t:filesystem associate;
-allow removable_t nfs_t:filesystem associate;
-allow removable_t usbfs_t:filesystem associate;
 
 #
 # nfs_t is the default type for NFS file systems
 # and their files.
 #
-type nfs_t, fs_type;
+type nfs_t, fs_type, noxattrfs;
 files_make_mountpoint(nfs_t)
 allow nfs_t self:filesystem associate;
 genfscon nfs / context_template(system_u:object_r:nfs_t,s0)