# Copyright (C) 2005 Tresys Technology, LLC

policy_module(filesystem,1.0)

attribute fs_type;

########################################
#
# fs_t is the default type for persistent
# filesystems with extended attributes
#
type fs_t, fs_type;

########################################
#
# Non-persistent/pseudo filesystems
#
type bdev_t, fs_type;
genfscon bdev / system_u:object_r:bdev_t

type binfmt_misc_fs_t, fs_type;
genfscon binfmt_misc / system_u:object_r:binfmt_misc_fs_t

type eventpollfs_t, fs_type;
genfscon eventpollfs / system_u:object_r:eventpollfs_t

type futexfs_t, fs_type;
genfscon futexfs / system_u:object_r:futexfs_t

type nfsd_fs_t, fs_type;
genfscon nfsd / system_u:object_r:nfsd_fs_t

type ramfs_t, fs_type;
allow ramfs_t self:filesystem associate;
genfscon ramfs / system_u:object_r:ramfs_t

type romfs_t, fs_type;
allow romfs_t self:filesystem associate;
genfscon romfs / system_u:object_r:romfs_t
genfscon cramfs / system_u:object_r:romfs_t

type rpc_pipefs_t, fs_type;
genfscon rpc_pipefs / system_u:object_r:rpc_pipefs_t

#
# tmpfs_t is the type for tmpfs filesystems
#
type tmpfs_t, fs_type;
allow tmpfs_t self:filesystem associate;
allow tmpfs_t autofs_t:filesystem associate;
allow tmpfs_t cifs_t:filesystem associate;
allow tmpfs_t dosfs_t:filesystem associate;
allow tmpfs_t iso9660_t:filesystem associate;
allow tmpfs_t nfs_t:filesystem associate;
allow tmpfs_t removable_t:filesystem associate;
allow tmpfs_t usbfs_t:filesystem associate;

########################################
#
# Filesystems without extended attribute support
#
type autofs_t, fs_type;
allow autofs_t self:filesystem associate;
genfscon autofs / system_u:object_r:autofs_t
genfscon automount / system_u:object_r:autofs_t

#
# cifs_t is the type for filesystems and their
# files shared from Windows servers
#
type cifs_t alias sambafs_t, fs_type;
allow cifs_t self:filesystem associate;
genfscon cifs / system_u:object_r:cifs_t
genfscon smbfs / system_u:object_r:cifs_t

#
# dosfs_t is the type for fat and vfat
# filesystems and their files.
#
type dosfs_t, fs_type;
allow dosfs_t self:filesystem associate;
genfscon vfat / system_u:object_r:dosfs_t
genfscon msdos / system_u:object_r:dosfs_t
genfscon fat / system_u:object_r:dosfs_t
genfscon ntfs / system_u:object_r:dosfs_t

#
# iso9660_t is the type for CD filesystems
# and their files.
#
type iso9660_t, fs_type;
allow iso9660_t self:filesystem associate;
genfscon iso9660 / system_u:object_r:iso9660_t
genfscon udf / system_u:object_r:iso9660_t

#
# removable_t is the default type of all removable media
#
type removable_t, fs_type;
allow removable_t self:filesystem associate;
allow removable_t autofs_t:filesystem associate;
allow removable_t cifs_t:filesystem associate;
allow removable_t dosfs_t:filesystem associate;
allow removable_t iso9660_t:filesystem associate;
allow removable_t nfs_t:filesystem associate;
allow removable_t usbfs_t:filesystem associate;

#
# nfs_t is the default type for NFS file systems
# and their files.
#
type nfs_t, fs_type;
files_make_mountpoint(nfs_t)
allow nfs_t self:filesystem associate;
genfscon nfs / system_u:object_r:nfs_t
genfscon nfs4 / system_u:object_r:nfs_t
genfscon afs / system_u:object_r:nfs_t