Layer: kernel

Module: files

Description:

This module contains basic filesystem types and interfaces. This includes:

The concept of different file types including basic files, mount points, tmp files, etc.

Access to groups of files and all files.

Types and interfaces for the basic filesystem layout (/, /etc, /tmp, /usr, etc.).

This module is required to be included in all policies.

Interfaces:

files_associate_tmp(
	
		file_type
		
	)

Summary

Allow the specified type to associate to a filesystem with the type of the temporary directory (/tmp).

Parameters

Parameter:	Description:	Optional:
file_type	Type of the file to associate.	No

files_boot_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
	)

Summary

Create a private type object in boot with an automatic type transition

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
private_type	The type of the object to be created.	No
object_class	The object class of the object being created.	No

files_config_file(
	
		file_type
		
	)

Summary

Make the specified type a configuration file.

Parameters

Parameter:	Description:	Optional:
file_type	Type to be used as a configuration file.	No

files_create_boot_dirs(
	
		domain
		
	)

Summary

Create directories in /boot

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_create_boot_flag(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_create_kernel_img(
	
		domain
		
	)

Summary

Install a kernel into the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_create_kernel_symbol_table(
	
		domain
		
	)

Summary

Install a system.map into the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_delete_all_locks(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_delete_all_pid_dirs(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_delete_all_pids(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_delete_etc_files(
	
		domain
		
	)

Summary

Delete system configuration files in /etc.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_delete_kernel(
	
		domain
		
	)

Summary

Delete a kernel from /boot.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_delete_kernel_modules(
	
		domain
		
	)

Summary

Delete kernel module files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_delete_kernel_symbol_table(
	
		domain
		
	)

Summary

Delete a system.map in the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_delete_root_dir_entry(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_dontaudit_getattr_all_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_all_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all files.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_all_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named pipes.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_all_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named sockets.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_all_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all symbolic links.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_boot_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get attributes of the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_default_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of directories with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_default_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of files with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_home_dir(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the home directories root (/home).

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_non_security_blk_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security block devices.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_non_security_chr_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security character devices.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_non_security_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security files.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_non_security_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security named pipes.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_non_security_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security named sockets.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_non_security_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of non security symbolic links.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_pid_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the /var/run directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_getattr_tmp_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_dontaudit_ioctl_all_pids(
	
		domain
		
	)

Summary

Do not audit attempts to ioctl daemon runtime data files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_dontaudit_list_default(
	
		domain
		
	)

Summary

Do not audit attempts to list contents of directories with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_list_home(
	
		domain
		
	)

Summary

Do not audit attempts to list home directories root (/home).

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_list_non_security(
	
		domain
		
	)

Summary

Do not audit attempts to list all non-security directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_list_tmp(
	
		domain
		
	)

Summary

Do not audit listing of the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain not to audit.	No

files_dontaudit_read_default_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_read_etc_runtime_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files in /etc that are dynamically created on boot, such as mtab.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_read_root_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_dontaudit_rw_root_chr_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_dontaudit_rw_root_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_dontaudit_search_all_dirs(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_dontaudit_search_boot(
	
		domain
		
	)

Summary

Do not audit attempts to search the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_dontaudit_search_home(
	
		domain
		
	)

Summary

Do not audit attempts to search home directories root (/home).

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_search_isid_type_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search directories on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_dontaudit_search_locks(
	
		domain
		
	)

Summary

Do not audit attempts to search the locks directory (/var/lock).

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_search_pids(
	
		domain
		
	)

Summary

Do not audit attempts to search the /var/run directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_search_spool(
	
		domain
		
	)

Summary

Do not audit attempts to search generic spool directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_search_src(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_dontaudit_search_var(
	
		domain
		
	)

Summary

Do not audit attempts to search the contents of /var.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_dontaudit_write_all_pids(
	
		domain
		
	)

Summary

Do not audit attempts to write to daemon runtime data files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_dontaudit_write_var_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to write to /var.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

files_etc_filetrans(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_exec_etc_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_exec_usr_files(
	
		domain
		
	)

Summary

Execute generic programs in /usr in the caller domain.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_exec_usr_src_files(
	
		domain
		
	)

Summary

Execute programs in /usr/src in the caller domain.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_all_dirs(
	
		domain
		
	)

Summary

Get the attributes of all directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_all_files(
	
		domain
		
	)

Summary

Get the attributes of all files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_all_pipes(
	
		domain
		
	)

Summary

Get the attributes of all named pipes.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_all_sockets(
	
		domain
		
	)

Summary

Get the attributes of all named sockets.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_all_symlinks(
	
		domain
		
	)

Summary

Get the attributes of all symbolic links.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_boot_dirs(
	
		domain
		
	)

Summary

Get attributes of the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_default_dirs(
	
		domain
		
	)

Summary

Getattr of directories with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_generic_locks(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_getattr_home_dir(
	
		domain
		
	)

Summary

Get the attributes of the home directories root (/home).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_isid_type_dirs(
	
		domain
		
	)

Summary

Getattr of directories on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_kernel_modules(
	
		domain
		
	)

Summary

Get the attributes of kernel module files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_tmp_dirs(
	
		domain
		
	)

Summary

Get the attributes of the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_usr_files(
	
		domain
		
	)

Summary

Get the attributes of files in /usr.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_getattr_var_lib_dirs(
	
		domain
		
	)

Summary

Get the attributes of the /var/lib directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_home_filetrans(
	
		domain
		
			,
		
		home_type
		
			,
		
		object
		
	)

Summary

Create objects in /home.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
home_type	The private type.	No
object	The class of the object being created.	No

files_kernel_modules_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
	)

Summary

Create objects in the kernel module directories with a private type via an automatic type transition.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
private_type	The type of the object to be created.	No
object_class	The object class of the object being created.	No

files_list_all(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_list_default(
	
		domain
		
	)

Summary

List contents of directories with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_etc(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_list_home(
	
		domain
		
	)

Summary

Get listing of home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_isid_type_dirs(
	
		domain
		
	)

Summary

List the contents of directories on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_kernel_modules(
	
		domain
		
	)

Summary

List the contents of the kernel module directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_mnt(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_list_non_security(
	
		domain
		
	)

Summary

List all non-security directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_pids(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_list_root(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_list_spool(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_list_tmp(
	
		domain
		
	)

Summary

Read the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_usr(
	
		domain
		
	)

Summary

List the contents of generic directories in /usr.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_var(
	
		domain
		
	)

Summary

List the contents of /var.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_var_lib(
	
		domain
		
	)

Summary

List the contents of the /var/lib directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_list_world_readable(
	
		domain
		
	)

Summary

List world-readable directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_lock_file(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_lock_filetrans(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_manage_all_files(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Manage all files on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:	Optional:
domain	The type of the domain perfoming this action.	No
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.	Yes

files_manage_boot_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_boot_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_etc_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_manage_etc_runtime_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in /etc that are dynamically created on boot, such as mtab.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_generic_locks(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_manage_generic_spool(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_manage_generic_spool_dirs(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_manage_isid_type_blk_files(
	
		domain
		
	)

Summary

Create, read, write, and delete block device nodes on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_isid_type_chr_files(
	
		domain
		
	)

Summary

Create, read, write, and delete character device nodes on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_isid_type_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_isid_type_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_isid_type_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_kernel_modules(
	
		domain
		
	)

Summary

Create, read, write, and delete kernel module files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_lost_found(
	
		domain
		
	)

Summary

Create, read, write, and delete objects in lost+found directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_mnt_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in /mnt.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_mnt_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in /mnt.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_mnt_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in /mnt.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_mounttab(
	
		domain
		
	)

Summary

Allow domain to manage mount tables necessary for rpcd, nfsd, etc.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_urandom_seed(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_manage_var_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in the /var directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_var_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in the /var directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_manage_var_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in the /var directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_mount_all_file_type_fs(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_mounton_all_mountpoints(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_mounton_all_poly_members(
	
		domain
		
	)

Summary

Mount filesystems on all polyinstantiation member directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_mounton_default(
	
		domain
		
	)

Summary

Mount a filesystem on a directory with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_mounton_isid_type_dirs(
	
		domain
		
	)

Summary

Mount a filesystem on a directory on new filesystems that has not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_mounton_mnt(
	
		domain
		
	)

Summary

Mount a filesystem on /mnt.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_mountpoint(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_pid_file(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_pid_filetrans(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_poly(
	
		file_type
		
	)

Summary

Make the specified type a polyinstantiated directory.

Parameters

Parameter:	Description:	Optional:
file_type	Type of the file to be used as a polyinstantiated directory.	No

files_poly_member(
	
		file_type
		
	)

Summary

Make the specified type a polyinstantiation member directory.

Parameters

Parameter:	Description:	Optional:
file_type	Type of the file to be used as a member directory.	No

files_poly_member_tmp(
	
		domain
		
			,
		
		file_type
		
	)

Summary

Make the domain use the specified type of polyinstantiated directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain using the polyinstantiated directory.	No
file_type	Type of the file to be used as a member directory.	No

files_poly_parent(
	
		file_type
		
	)

Summary

Make the specified type a parent of a polyinstantiated directory.

Parameters

Parameter:	Description:	Optional:
file_type	Type of the file to be used as a parent directory.	No

files_polyinstantiate_all(
	
		domain
		
	)

Summary

Allow access to manage all polyinstantiated directories on the system.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_purge_tmp(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_read_all_blk_files(
	
		domain
		
	)

Summary

Read all block nodes with file types.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_all_chr_files(
	
		domain
		
	)

Summary

Read all character nodes with file types.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_all_dirs_except(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Read all directories on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:	Optional:
domain	The type of the domain perfoming this action.	No
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.	Yes

files_read_all_files(
	
		domain
		
	)

Summary

Read all files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_all_files_except(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Read all files on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:	Optional:
domain	The type of the domain perfoming this action.	No
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.	Yes

files_read_all_locks(
	
		domain
		
	)

Summary

Read all lock files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_all_pids(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_read_all_symlinks(
	
		domain
		
	)

Summary

Read all symbolic links.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_all_symlinks_except(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Read all symbolic links on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:	Optional:
domain	The type of the domain perfoming this action.	No
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.	Yes

files_read_default_files(
	
		domain
		
	)

Summary

Read files with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_default_pipes(
	
		domain
		
	)

Summary

Read named pipes with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_default_sockets(
	
		domain
		
	)

Summary

Read sockets with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_default_symlinks(
	
		domain
		
	)

Summary

Read symbolic links with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_etc_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_read_etc_runtime_files(
	
		domain
		
	)

Summary

Read files in /etc that are dynamically created on boot, such as mtab.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_generic_spool(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_read_generic_tmp_files(
	
		domain
		
	)

Summary

Read files in the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_generic_tmp_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_isid_type_files(
	
		domain
		
	)

Summary

Read files on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_kernel_modules(
	
		domain
		
	)

Summary

Read kernel module files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_kernel_symbol_table(
	
		domain
		
	)

Summary

Read system.map in the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_non_security_files(
	
		domain
		
	)

Summary

Read all non-security files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_usr_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_read_usr_src_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_read_usr_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in /usr.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_var_files(
	
		domain
		
	)

Summary

Read files in the /var directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_var_lib_files(
	
		domain
		
	)

Summary

Read generic files in /var/lib.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_var_lib_symlinks(
	
		domain
		
	)

Summary

Read generic symbolic links in /var/lib

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_var_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in the /var directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_world_readable_files(
	
		domain
		
	)

Summary

Read world-readable files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_world_readable_pipes(
	
		domain
		
	)

Summary

Read world-readable named pipes.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_world_readable_sockets(
	
		domain
		
	)

Summary

Read world-readable sockets.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_read_world_readable_symlinks(
	
		domain
		
	)

Summary

Read world-readable symbolic links.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_relabel_all_files(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Relabel all files on the filesystem, except the listed exceptions.

Parameters

Parameter:	Description:	Optional:
domain	The type of the domain perfoming this action.	No
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.	Yes

files_relabel_etc_files(
	
		domain
		
	)

Summary

Relabel from and to generic files in /etc.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_relabel_kernel_modules(
	
		domain
		
	)

Summary

Relabel from and to kernel module files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_relabelfrom_boot_files(
	
		domain
		
	)

Summary

Relabel from files in the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_relabelto_all_file_type_fs(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_relabelto_usr_files(
	
		domain
		
	)

Summary

Relabel a file to the type used in /usr.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_root_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
	)

Summary

Create an object in the root directory, with a private type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
private type	The type of the object to be created.	No
object	The object class of the object being created.	No

files_rw_boot_symlinks(
	
		domain
		
	)

Summary

Read and write symbolic links in the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_rw_etc_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_rw_etc_runtime_files(
	
		domain
		
	)

Summary

Read and write files in /etc that are dynamically created on boot, such as mtab.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_rw_generic_pids(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_rw_generic_tmp_sockets(
	
		domain
		
	)

Summary

Read and write generic named sockets in the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_rw_isid_type_blk_files(
	
		domain
		
	)

Summary

Read and write block device nodes on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_rw_isid_type_dirs(
	
		domain
		
	)

Summary

Read and write directories on new filesystems that have not yet been labeled.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_rw_lock_dirs(
	
		domain
		
	)

Summary

Add and remove entries in the /var/lock directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_all(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_search_boot(
	
		domain
		
	)

Summary

Search the /boot directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_default(
	
		domain
		
	)

Summary

Search the contents of directories with the default file type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_etc(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_search_home(
	
		domain
		
	)

Summary

Search home directories root (/home).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_kernel_modules(
	
		domain
		
	)

Summary

Search the contents of the kernel module directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_locks(
	
		domain
		
	)

Summary

Search the locks directory (/var/lock).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_mnt(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_search_pids(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_search_spool(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_search_tmp(
	
		domain
		
	)

Summary

Search the tmp directory (/tmp).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_usr(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_search_var(
	
		domain
		
	)

Summary

Search the contents of /var.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_search_var_lib(
	
		domain
		
	)

Summary

Search the /var/lib directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_security_file(
	
		file_type
		
	)

Summary

Make the specified type a file that should not be dontaudited from browsing from user domains.

Parameters

Parameter:	Description:	Optional:
file_type	Type of the file to be used as a member directory.	No

files_setattr_all_tmp_dirs(
	
		domain
		
	)

Summary

Set the attributes of all tmp directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_setattr_etc_dirs(
	
		domain
		
	)

Summary

Set the attributes of the /etc directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_tmp_file(
	
		file_type
		
	)

Summary

Make the specified type a file used for temporary files.

Parameters

Parameter:	Description:	Optional:
file_type	Type of the file to be used as a temporary file.	No

files_tmp_filetrans(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_tmpfs_file(
	
		type
		
	)

Summary

Transform the type into a file, for use on a virtual memory filesystem (tmpfs).

Parameters

Parameter:	Description:	Optional:
type	The type to be transformed.	No

files_type(
	
		type
		
	)

Summary

Make the specified type usable for files in a filesystem.

Parameters

Parameter:	Description:	Optional:
type	Type to be used for files.	No

files_unconfined(
	
		domain
		
	)

Summary

Unconfined access to files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_unmount_all_file_type_fs(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_unmount_rootfs(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

files_usr_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
	)

Summary

Create objects in the /usr directory

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
file_type	The type of the object to be created	No
object_class	The object class.	No

files_var_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
	)

Summary

Create objects in the /var directory

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
file_type	The type of the object to be created	No
object_class	The object class.	No

files_var_lib_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
	)

Summary

Create objects in the /var/lib directory

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
file_type	The type of the object to be created	No
object_class	The object class.	No

files_write_kernel_modules(
	
		domain
		
	)

Summary

Write kernel module files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

files_write_non_security_dirs(
	
		domain
		
	)

Summary

Allow attempts to modify any directory

Parameters

Parameter:	Description:	Optional:
domain	Domain to allow	No

Return