# Copyright (C) 2005 Tresys Technology, LLC ######################################## # # filesystem_make_filesystem(type) # define(`filesystem_make_filesystem',` requires_block_template(`$0'_depend) typeattribute $1 fs_type; ') define(`filesystem_make_filesystem_depend',` attribute fs_type; ') ######################################## # # filesystem_associate(type) # define(`filesystem_associate',` requires_block_template(`$0'_depend) allow $1 fs_t:filesystem associate; ') define(`filesystem_associate_depend',` type fs_t; class filesystem associate; ') ######################################## # # filesystem_noxattr_associate(type) # define(`filesystem_noxattr_associate',` requires_block_template(`$0'_depend) allow $1 autofs_t:filesystem associate; allow $1 cifs_t:filesystem associate; allow $1 dosfs_t:filesystem associate; allow $1 iso9660_t:filesystem associate; allow $1 nfs_t:filesystem associate; allow $1 removable_t:filesystem associate; allow $1 usbfs_t:filesystem associate; ') define(`filesystem_noxattr_associate_depend',` type fs_t, nfs_t, cifs_t, dosfs_t, iso9660_t, autofs_t, usbfs_t, removable_t; class filesystem associate; ') ######################################## # # filesystem_mount_persistent_filesystem(domain) # define(`filesystem_mount_persistent_filesystem',` requires_block_template(`$0'_depend) allow $1 fs_t:filesystem mount; ') define(`filesystem_mount_persistent_filesystem_depend',` type fs_t; class filesystem mount; ') ######################################## # # filesystem_remount_persistent_filesystem(domain) # define(`filesystem_remount_persistent_filesystem',` requires_block_template(`$0'_depend) allow $1 fs_t:filesystem remount; ') define(`filesystem_remount_persistent_filesystem_depend',` type fs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_persistent_filesystem(domain) # define(`filesystem_unmount_persistent_filesystem',` requires_block_template(`$0'_depend) allow $1 fs_t:filesystem mount; ') define(`filesystem_unmount_persistent_filesystem_depend',` type fs_t; class filesystem unmount; ') ######################################## # # filesystem_get_persistent_filesystem_attributes(domain) # define(`filesystem_get_persistent_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 fs_t:filesystem getattr; ') define(`filesystem_get_persistent_filesystem_attributes_depend',` type fs_t; class filesystem getattr; ') ######################################## # # filesystem_ignore_get_persistent_filesystem_attributes(domain) # define(`filesystem_ignore_get_persistent_filesystem_attributes',` requires_block_template(`$0'_depend) dontaudit $1 fs_t:filesystem getattr; ') define(`filesystem_ignore_get_persistent_filesystem_attributes_depend',` type fs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_automount_filesystem(domain) # define(`filesystem_mount_automount_filesystem',` requires_block_template(`$0'_depend) allow $1 autofs_t:filesystem mount; ') define(`filesystem_mount_automount_filesystem_depend',` type autofs_t; class filesystem mount; ') ######################################## # # filesystem_remount_automount_filesystem(domain) # define(`filesystem_remount_automount_filesystem',` requires_block_template(`$0'_depend) allow $1 autofs_t:filesystem remount; ') define(`filesystem_remount_automount_filesystem_depend',` type autofs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_automount_filesystem(domain) # define(`filesystem_unmount_automount_filesystem',` requires_block_template(`$0'_depend) allow $1 autofs_t:filesystem mount; ') define(`filesystem_unmount_automount_filesystem_depend',` type autofs_t; class filesystem unmount; ') ######################################## # # filesystem_get_automount_filesystem_attributes(domain) # define(`filesystem_get_automount_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 autofs_t:filesystem getattr; ') define(`filesystem_get_automount_filesystem_attributes_depend',` type autofs_t; class filesystem getattr; ') ######################################## # # filesystem_register_binary_executable_type(domain) # define(`filesystem_register_binary_executable_type',` requires_block_template(`$0'_depend) allow $1 binfmt_misc_fs_t:dir { getattr search }; allow $1 binfmt_misc_fs_t:file { getattr ioctl write }; ') define(`filesystem_register_binary_executable_type_depend',` type binfmt_misc_fs_t; class dir { getattr search }; class file { getattr ioctl write }; ') ######################################## # # filesystem_mount_windows_network_filesystem(domain) # define(`filesystem_mount_windows_network_filesystem',` requires_block_template(`$0'_depend) allow $1 cifs_t:filesystem mount; ') define(`filesystem_mount_windows_network_filesystem_depend',` type cifs_t; class filesystem mount; ') ######################################## # # filesystem_remount_windows_network_filesystem(domain) # define(`filesystem_remount_windows_network_filesystem',` requires_block_template(`$0'_depend) allow $1 cifs_t:filesystem remount; ') define(`filesystem_remount_windows_network_filesystem_depend',` type cifs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_windows_network_filesystem(domain) # define(`filesystem_unmount_windows_network_filesystem',` requires_block_template(`$0'_depend) allow $1 cifs_t:filesystem mount; ') define(`filesystem_unmount_windows_network_filesystem_depend',` type cifs_t; class filesystem unmount; ') ######################################## # # filesystem_get_windows_network_filesystem_attributes(domain) # define(`filesystem_get_windows_network_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 cifs_t:filesystem getattr; ') define(`filesystem_get_windows_network_filesystem_attributes_depend',` type cifs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_dos_filesystem(domain) # define(`filesystem_mount_dos_filesystem',` requires_block_template(`$0'_depend) allow $1 dosfs_t:filesystem mount; ') define(`filesystem_mount_dos_filesystem_depend',` type dosfs_t; class filesystem mount; ') ######################################## # # filesystem_remount_dos_filesystem(domain) # define(`filesystem_remount_dos_filesystem',` requires_block_template(`$0'_depend) allow $1 dosfs_t:filesystem remount; ') define(`filesystem_remount_dos_filesystem_depend',` type dosfs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_dos_filesystem(domain) # define(`filesystem_unmount_dos_filesystem',` requires_block_template(`$0'_depend) allow $1 dosfs_t:filesystem mount; ') define(`filesystem_unmount_dos_filesystem_depend',` type dosfs_t; class filesystem unmount; ') ######################################## # # filesystem_get_dos_filesystem_attributes(domain) # define(`filesystem_get_dos_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 dosfs_t:filesystem getattr; ') define(`filesystem_get_dos_filesystem_attributes_depend',` type dosfs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_cd_filesystem(domain) # define(`filesystem_mount_cd_filesystem',` requires_block_template(`$0'_depend) allow $1 iso9660_t:filesystem mount; ') define(`filesystem_mount_cd_filesystem_depend',` type iso9660_t; class filesystem mount; ') ######################################## # # filesystem_remount_cd_filesystem(domain) # define(`filesystem_remount_cd_filesystem',` requires_block_template(`$0'_depend) allow $1 iso9660_t:filesystem remount; ') define(`filesystem_remount_cd_filesystem_depend',` type iso9660_t; class filesystem remount; ') ######################################## # # filesystem_unmount_cd_filesystem(domain) # define(`filesystem_unmount_cd_filesystem',` requires_block_template(`$0'_depend) allow $1 iso9660_t:filesystem mount; ') define(`filesystem_unmount_cd_filesystem_depend',` type iso9660_t; class filesystem unmount; ') ######################################## # # filesystem_get_cd_filesystem_attributes(domain) # define(`filesystem_get_cd_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 iso9660_t:filesystem getattr; ') define(`filesystem_get_cd_filesystem_attributes_depend',` type iso9660_t; class filesystem getattr; ') ######################################## # # filesystem_mount_nfs_filesystem(domain) # define(`filesystem_mount_nfs_filesystem',` requires_block_template(`$0'_depend) allow $1 nfs_t:filesystem mount; ') define(`filesystem_mount_nfs_filesystem_depend',` type nfs_t; class filesystem mount; ') ######################################## # # filesystem_remount_nfs_filesystem(domain) # define(`filesystem_remount_nfs_filesystem',` requires_block_template(`$0'_depend) allow $1 nfs_t:filesystem remount; ') define(`filesystem_remount_nfs_filesystem_depend',` type nfs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_nfs_filesystem(domain) # define(`filesystem_unmount_nfs_filesystem',` requires_block_template(`$0'_depend) allow $1 nfs_t:filesystem mount; ') define(`filesystem_unmount_nfs_filesystem_depend',` type nfs_t; class filesystem unmount; ') ######################################## # # filesystem_get_nfs_filesystem_attributes(domain) # define(`filesystem_get_nfs_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 nfs_t:filesystem getattr; ') define(`filesystem_get_nfs_filesystem_attributes_depend',` type nfs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_nfsd_filesystem(domain) # define(`filesystem_mount_nfsd_filesystem',` requires_block_template(`$0'_depend) allow $1 nfsd_fs_t:filesystem mount; ') define(`filesystem_mount_nfsd_filesystem_depend',` type nfsd_fs_t; class filesystem mount; ') ######################################## # # filesystem_remount_nfsd_filesystem(domain) # define(`filesystem_remount_nfsd_filesystem',` requires_block_template(`$0'_depend) allow $1 nfsd_fs_t:filesystem remount; ') define(`filesystem_remount_nfsd_filesystem_depend',` type nfsd_fs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_nfsd_filesystem(domain) # define(`filesystem_unmount_nfsd_filesystem',` requires_block_template(`$0'_depend) allow $1 nfsd_fs_t:filesystem mount; ') define(`filesystem_unmount_nfsd_filesystem_depend',` type nfsd_fs_t; class filesystem unmount; ') ######################################## # # filesystem_get_nfsd_filesystem_attributes(domain) # define(`filesystem_get_nfsd_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 nfsd_fs_t:filesystem getattr; ') define(`filesystem_get_nfsd_filesystem_attributes_depend',` type nfsd_fs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_ram_filesystem(domain) # define(`filesystem_mount_ram_filesystem',` requires_block_template(`$0'_depend) allow $1 ramfs_t:filesystem mount; ') define(`filesystem_mount_ram_filesystem_depend',` type ramfs_t; class filesystem mount; ') ######################################## # # filesystem_remount_ram_filesystem(domain) # define(`filesystem_remount_ram_filesystem',` requires_block_template(`$0'_depend) allow $1 ramfs_t:filesystem remount; ') define(`filesystem_remount_ram_filesystem_depend',` type ramfs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_ram_filesystem(domain) # define(`filesystem_unmount_ram_filesystem',` requires_block_template(`$0'_depend) allow $1 ramfs_t:filesystem mount; ') define(`filesystem_unmount_ram_filesystem_depend',` type ramfs_t; class filesystem unmount; ') ######################################## # # filesystem_get_ram_filesystem_attributes(domain) # define(`filesystem_get_ram_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 ramfs_t:filesystem getattr; ') define(`filesystem_get_ram_filesystem_attributes_depend',` type ramfs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_rom_filesystem(domain) # define(`filesystem_mount_rom_filesystem',` requires_block_template(`$0'_depend) allow $1 romfs_t:filesystem mount; ') define(`filesystem_mount_rom_filesystem_depend',` type romfs_t; class filesystem mount; ') ######################################## # # filesystem_remount_rom_filesystem(domain) # define(`filesystem_remount_rom_filesystem',` requires_block_template(`$0'_depend) allow $1 romfs_t:filesystem remount; ') define(`filesystem_remount_rom_filesystem_depend',` type romfs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_rom_filesystem(domain) # define(`filesystem_unmount_rom_filesystem',` requires_block_template(`$0'_depend) allow $1 romfs_t:filesystem mount; ') define(`filesystem_unmount_rom_filesystem_depend',` type romfs_t; class filesystem unmount; ') ######################################## # # filesystem_get_rom_filesystem_attributes(domain) # define(`filesystem_get_rom_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 romfs_t:filesystem getattr; ') define(`filesystem_get_rom_filesystem_attributes_depend',` type romfs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_rpc_pipefs_filesystem(domain) # define(`filesystem_mount_rpc_pipefs_filesystem',` requires_block_template(`$0'_depend) allow $1 rpc_pipefs_t:filesystem mount; ') define(`filesystem_mount_rpc_pipefs_filesystem_depend',` type rpc_pipefs_t; class filesystem mount; ') ######################################## # # filesystem_remount_rpc_pipefs_filesystem(domain) # define(`filesystem_remount_rpc_pipefs_filesystem',` requires_block_template(`$0'_depend) allow $1 rpc_pipefs_t:filesystem remount; ') define(`filesystem_remount_rpc_pipefs_filesystem_depend',` type rpc_pipefs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_rpc_pipefs_filesystem(domain) # define(`filesystem_unmount_rpc_pipefs_filesystem',` requires_block_template(`$0'_depend) allow $1 rpc_pipefs_t:filesystem mount; ') define(`filesystem_unmount_rpc_pipefs_filesystem_depend',` type rpc_pipefs_t; class filesystem unmount; ') ######################################## # # filesystem_get_rpc_pipefs_filesystem_attributes(domain) # define(`filesystem_get_rpc_pipefs_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 rpc_pipefs_t:filesystem getattr; ') define(`filesystem_get_rpc_pipefs_filesystem_attributes_depend',` type rpc_pipefs_t; class filesystem getattr; ') ######################################## # # filesystem_mount_tmpfs_filesystem(domain) # define(`filesystem_mount_tmpfs_filesystem',` requires_block_template(`$0'_depend) allow $1 tmpfs_t:filesystem mount; ') define(`filesystem_mount_tmpfs_filesystem_depend',` type tmpfs_t; class filesystem mount; ') ######################################## # # filesystem_remount_tmpfs_filesystem(domain) # define(`filesystem_remount_tmpfs_filesystem',` requires_block_template(`$0'_depend) allow $1 tmpfs_t:filesystem remount; ') define(`filesystem_remount_tmpfs_filesystem_depend',` type tmpfs_t; class filesystem remount; ') ######################################## # # filesystem_unmount_tmpfs_filesystem(domain) # define(`filesystem_unmount_tmpfs_filesystem',` requires_block_template(`$0'_depend) allow $1 tmpfs_t:filesystem mount; ') define(`filesystem_unmount_tmpfs_filesystem_depend',` type tmpfs_t; class filesystem unmount; ') ######################################## # # filesystem_get_tmpfs_filesystem_attributes(domain) # define(`filesystem_get_tmpfs_filesystem_attributes',` requires_block_template(`$0'_depend) allow $1 tmpfs_t:filesystem getattr; ') define(`filesystem_get_tmpfs_filesystem_attributes_depend',` type tmpfs_t; class filesystem getattr; ') ######################################## # # filesystem_tmpfs_associate(type) # define(`filesystem_tmpfs_associate',` requires_block_template(`$0'_depend) allow $1 tmpfs_t:filesystem associate; ') define(`filesystem_tmpfs_associate_depend',` type tmpfs_t; class filesystem associate; ') ######################################## # # filesystem_create_private_tmpfs_data(domain,derivedtype,[class]) # define(`filesystem_create_private_tmpfs_data',` requires_block_template(`$0'_depend) allow $1 tmpfs_t:dir { getattr search read write add_name }; ifelse(`$3',`',` type_transition $1 tmpfs_t:file $2; ',` type_transition $1 tmpfs_t:$3 $2; ') ') define(`filesystem_create_private_tmpfs_data_depend',` type tmpfs_t; class dir { getattr search read write add_name }; ') ######################################## # # filesystem_mount_all_filesystems(type) # define(`filesystem_mount_all_filesystems',` requires_block_template(`$0'_depend) allow $1 fs_type:filesystem mount; ') define(`filesystem_mount_all_filesystems_depend',` attribute fs_type; class filesystem mount; ') ######################################## # # filesystem_remount_all_filesystems(type) # define(`filesystem_remount_all_filesystems',` requires_block_template(`$0'_depend) allow $1 fs_type:filesystem remount; ') define(`filesystem_remount_all_filesystems_depend',` attribute fs_type; class filesystem remount; ') ######################################## # # filesystem_unmount_all_filesystems(type) # define(`filesystem_unmount_all_filesystems',` requires_block_template(`$0'_depend) allow $1 fs_type:filesystem unmount; ') define(`filesystem_mount_all_filesystems_depend',` attribute fs_type; class filesystem unmount; ') ######################################## # # filesystem_get_all_filesystems_attributes(type) # define(`filesystem_get_all_filesystems_attributes',` requires_block_template(`$0'_depend) allow $1 fs_type:filesystem getattr; ') define(`filesystem_get_all_filesystems_attributes_depend',` attribute fs_type; class filesystem getattr; ')