diff --git a/Changelog b/Changelog
index ee3dc7d47..5dcffa812 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Add optional name for kernel and system filetrans interfaces.
- Non-auth file attribute to eliminate set expressions, from James Carter.
- Virt updates from Sven Vermeulen.
- Various dontaudits from Sven Vermeulen.
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index f820f3baa..d82097506 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -932,13 +932,18 @@ interface(`dev_manage_generic_chr_files',`
## the transition will occur.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`dev_filetrans',`
gen_require(`
type device_t;
')
- filetrans_pattern($1, device_t, $2, $3)
+ filetrans_pattern($1, device_t, $2, $3, $4)
dev_associate($2)
files_associate_tmp($2)
@@ -962,13 +967,18 @@ interface(`dev_filetrans',`
## the transition will occur.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`dev_tmpfs_filetrans_dev',`
gen_require(`
type device_t;
')
- fs_tmpfs_filetrans($1, device_t, $2)
+ fs_tmpfs_filetrans($1, device_t, $2, $3)
')
########################################
@@ -1637,13 +1647,18 @@ interface(`dev_manage_cardmgr_dev',`
## Domain allowed access.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`dev_filetrans_cardmgr',`
gen_require(`
type device_t, cardmgr_dev_t;
')
- filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file })
+ filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file }, $2)
')
########################################
@@ -1893,13 +1908,18 @@ interface(`dev_manage_dri_dev',`
## Domain allowed access.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`dev_filetrans_dri',`
gen_require(`
type device_t, dri_device_t;
')
- filetrans_pattern($1, device_t, dri_device_t, chr_file)
+ filetrans_pattern($1, device_t, dri_device_t, chr_file, $2)
')
########################################
@@ -2347,13 +2367,18 @@ interface(`dev_rw_lirc',`
## Domain allowed access.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`dev_filetrans_lirc',`
gen_require(`
type device_t, lirc_device_t;
')
- filetrans_pattern($1, device_t, lirc_device_t, chr_file)
+ filetrans_pattern($1, device_t, lirc_device_t, chr_file, $2)
')
########################################
@@ -4630,13 +4655,18 @@ interface(`dev_manage_xen',`
## Domain allowed access.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`dev_filetrans_xen',`
gen_require(`
type device_t, xen_device_t;
')
- filetrans_pattern($1, device_t, xen_device_t, chr_file)
+ filetrans_pattern($1, device_t, xen_device_t, chr_file, $2)
')
########################################
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 82be0882e..74894d7e8 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,4 +1,4 @@
-policy_module(devices, 1.13.0)
+policy_module(devices, 1.13.1)
########################################
#
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index f6a77873f..41346fb6c 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1747,13 +1747,18 @@ interface(`files_dontaudit_rw_root_dir',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_root_filetrans',`
gen_require(`
type root_t;
')
- filetrans_pattern($1, root_t, $2, $3)
+ filetrans_pattern($1, root_t, $2, $3, $4)
')
########################################
@@ -2033,13 +2038,18 @@ interface(`files_manage_boot_dirs',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_boot_filetrans',`
gen_require(`
type boot_t;
')
- filetrans_pattern($1, boot_t, $2, $3)
+ filetrans_pattern($1, boot_t, $2, $3, $4)
')
########################################
@@ -2809,13 +2819,18 @@ interface(`files_manage_etc_symlinks',`
## Object classes to be created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_etc_filetrans',`
gen_require(`
type etc_t;
')
- filetrans_pattern($1, etc_t, $2, $3)
+ filetrans_pattern($1, etc_t, $2, $3, $4)
')
########################################
@@ -2833,6 +2848,11 @@ interface(`files_etc_filetrans',`
## Domain allowed access.
##
##
+##
+##
+## The name of the object being created.
+##
+##
##
#
interface(`files_create_boot_flag',`
@@ -2841,7 +2861,7 @@ interface(`files_create_boot_flag',`
')
allow $1 etc_runtime_t:file manage_file_perms;
- filetrans_pattern($1, root_t, etc_runtime_t, file)
+ filetrans_pattern($1, root_t, etc_runtime_t, file, $2)
')
########################################
@@ -3004,13 +3024,18 @@ interface(`files_manage_etc_runtime_files',`
## The class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_etc_filetrans_etc_runtime',`
gen_require(`
type etc_t, etc_runtime_t;
')
- filetrans_pattern($1, etc_t, etc_runtime_t, $2)
+ filetrans_pattern($1, etc_t, etc_runtime_t, $2, $3)
')
########################################
@@ -3549,13 +3574,18 @@ interface(`files_relabelto_home',`
## The class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_home_filetrans',`
gen_require(`
type home_root_t;
')
- filetrans_pattern($1, home_root_t, $2, $3)
+ filetrans_pattern($1, home_root_t, $2, $3, $4)
')
########################################
@@ -3989,13 +4019,18 @@ interface(`files_relabel_kernel_modules',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_kernel_modules_filetrans',`
gen_require(`
type modules_object_t;
')
- filetrans_pattern($1, modules_object_t, $2, $3)
+ filetrans_pattern($1, modules_object_t, $2, $3, $4)
')
########################################
@@ -4503,13 +4538,18 @@ interface(`files_read_all_tmp_files',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_tmp_filetrans',`
gen_require(`
type tmp_t;
')
- filetrans_pattern($1, tmp_t, $2, $3)
+ filetrans_pattern($1, tmp_t, $2, $3, $4)
')
########################################
@@ -4866,13 +4906,18 @@ interface(`files_read_usr_symlinks',`
## The object class.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_usr_filetrans',`
gen_require(`
type usr_t;
')
- filetrans_pattern($1, usr_t, $2, $3)
+ filetrans_pattern($1, usr_t, $2, $3, $4)
')
########################################
@@ -5269,13 +5314,18 @@ interface(`files_manage_var_symlinks',`
## The object class.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_var_filetrans',`
gen_require(`
type var_t;
')
- filetrans_pattern($1, var_t, $2, $3)
+ filetrans_pattern($1, var_t, $2, $3, $4)
')
########################################
@@ -5403,6 +5453,11 @@ interface(`files_rw_var_lib_dirs',`
## The object class.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_var_lib_filetrans',`
gen_require(`
@@ -5410,7 +5465,7 @@ interface(`files_var_lib_filetrans',`
')
allow $1 var_t:dir search_dir_perms;
- filetrans_pattern($1, var_lib_t, $2, $3)
+ filetrans_pattern($1, var_lib_t, $2, $3, $4)
')
########################################
@@ -5743,6 +5798,11 @@ interface(`files_manage_all_locks',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_lock_filetrans',`
gen_require(`
@@ -5751,7 +5811,7 @@ interface(`files_lock_filetrans',`
allow $1 var_t:dir search_dir_perms;
allow $1 var_lock_t:lnk_file read_lnk_file_perms;
- filetrans_pattern($1, var_lock_t, $2, $3)
+ filetrans_pattern($1, var_lock_t, $2, $3, $4)
')
########################################
@@ -5937,6 +5997,11 @@ interface(`files_write_generic_pid_pipes',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
##
#
interface(`files_pid_filetrans',`
@@ -5946,7 +6011,7 @@ interface(`files_pid_filetrans',`
allow $1 var_t:dir search_dir_perms;
allow $1 var_run_t:lnk_file read_lnk_file_perms;
- filetrans_pattern($1, var_run_t, $2, $3)
+ filetrans_pattern($1, var_run_t, $2, $3, $4)
')
########################################
@@ -6254,6 +6319,11 @@ interface(`files_manage_generic_spool',`
## the transition will occur.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`files_spool_filetrans',`
gen_require(`
@@ -6261,7 +6331,7 @@ interface(`files_spool_filetrans',`
')
allow $1 var_t:dir search_dir_perms;
- filetrans_pattern($1, var_spool_t, $2, $3)
+ filetrans_pattern($1, var_spool_t, $2, $3, $4)
')
########################################
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 8ab66bdf8..d0bca68e8 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,4 +1,4 @@
-policy_module(files, 1.16.2)
+policy_module(files, 1.16.3)
########################################
#
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 97fcdac26..7c6b791b7 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -2188,6 +2188,11 @@ interface(`fs_dontaudit_list_inotifyfs',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`fs_hugetlbfs_filetrans',`
gen_require(`
@@ -2195,7 +2200,7 @@ interface(`fs_hugetlbfs_filetrans',`
')
allow $2 hugetlbfs_t:filesystem associate;
- filetrans_pattern($1, hugetlbfs_t, $2, $3)
+ filetrans_pattern($1, hugetlbfs_t, $2, $3, $4)
')
########################################
@@ -4014,6 +4019,11 @@ interface(`fs_dontaudit_write_tmpfs_dirs',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`fs_tmpfs_filetrans',`
gen_require(`
@@ -4021,7 +4031,7 @@ interface(`fs_tmpfs_filetrans',`
')
allow $2 tmpfs_t:filesystem associate;
- filetrans_pattern($1, tmpfs_t, $2, $3)
+ filetrans_pattern($1, tmpfs_t, $2, $3, $4)
')
########################################
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index abd970d0d..f1ab8c6d2 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -1,4 +1,4 @@
-policy_module(filesystem, 1.15.0)
+policy_module(filesystem, 1.15.1)
########################################
#
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 7fc677f88..d26fe81c2 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1575,6 +1575,11 @@ interface(`init_rw_script_tmp_files',`
## The object class.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`init_script_tmp_filetrans',`
gen_require(`
@@ -1582,7 +1587,7 @@ interface(`init_script_tmp_filetrans',`
')
files_search_tmp($1)
- filetrans_pattern($1, initrc_tmp_t, $2, $3)
+ filetrans_pattern($1, initrc_tmp_t, $2, $3, $4)
')
########################################
@@ -1750,7 +1755,7 @@ interface(`init_pid_filetrans_utmp',`
type initrc_var_run_t;
')
- files_pid_filetrans($1, initrc_var_run_t, file)
+ files_pid_filetrans($1, initrc_var_run_t, file, "utmp")
')
########################################
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index c5d945011..59d5eaceb 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 1.18.2)
+policy_module(init, 1.18.3)
gen_require(`
class passwd rootok;
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 831b909b6..321bb13fa 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -480,6 +480,11 @@ interface(`logging_domtrans_syslog',`
## The object class of the object being created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
##
#
interface(`logging_log_filetrans',`
@@ -488,7 +493,7 @@ interface(`logging_log_filetrans',`
')
files_search_var($1)
- filetrans_pattern($1, var_log_t, $2, $3)
+ filetrans_pattern($1, var_log_t, $2, $3, $4)
')
########################################
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 8ea7fdbb4..92555db67 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,4 +1,4 @@
-policy_module(logging, 1.18.1)
+policy_module(logging, 1.18.2)
########################################
#
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 588557146..38220721d 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -1043,7 +1043,7 @@ interface(`seutil_manage_module_store',`
files_search_etc($1)
manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
manage_files_pattern($1, semanage_store_t, semanage_store_t)
- filetrans_pattern($1, selinux_config_t, semanage_store_t, dir)
+ filetrans_pattern($1, selinux_config_t, semanage_store_t, dir, "modules")
')
#######################################
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 4a0705ed7..9630d5d9b 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,4 +1,4 @@
-policy_module(selinuxutil, 1.16.2)
+policy_module(selinuxutil, 1.16.3)
gen_require(`
bool secure_mode;
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 41a860d53..41a18532c 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -401,13 +401,18 @@ interface(`sysnet_create_config',`
## Domain allowed access.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`sysnet_etc_filetrans_config',`
gen_require(`
type net_conf_t;
')
- files_etc_filetrans($1, net_conf_t, file)
+ files_etc_filetrans($1, net_conf_t, file, $2)
')
#######################################
@@ -622,6 +627,11 @@ interface(`sysnet_search_dhcp_state',`
## The object class.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`sysnet_dhcp_state_filetrans',`
gen_require(`
@@ -629,7 +639,7 @@ interface(`sysnet_dhcp_state_filetrans',`
')
files_search_var_lib($1)
- filetrans_pattern($1, dhcp_state_t, $2, $3)
+ filetrans_pattern($1, dhcp_state_t, $2, $3, $4)
')
########################################
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 9db715813..8aed9d047 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,4 +1,4 @@
-policy_module(sysnetwork, 1.13.1)
+policy_module(sysnetwork, 1.13.2)
########################################
#
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index a094ec7ec..e720dcd85 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1597,13 +1597,18 @@ interface(`userdom_relabelto_user_home_dirs',`
## Domain allowed access.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`userdom_home_filetrans_user_home_dir',`
gen_require(`
type user_home_dir_t;
')
- files_home_filetrans($1, user_home_dir_t, dir)
+ files_home_filetrans($1, user_home_dir_t, dir, $2)
')
########################################
@@ -2074,13 +2079,18 @@ interface(`userdom_manage_user_home_content_sockets',`
## The class of the object to be created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`userdom_user_home_dir_filetrans',`
gen_require(`
type user_home_dir_t;
')
- filetrans_pattern($1, user_home_dir_t, $2, $3)
+ filetrans_pattern($1, user_home_dir_t, $2, $3, $4)
files_search_home($1)
')
@@ -2105,13 +2115,18 @@ interface(`userdom_user_home_dir_filetrans',`
## The class of the object to be created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`userdom_user_home_content_filetrans',`
gen_require(`
type user_home_dir_t, user_home_t;
')
- filetrans_pattern($1, user_home_t, $2, $3)
+ filetrans_pattern($1, user_home_t, $2, $3, $4)
allow $1 user_home_dir_t:dir search_dir_perms;
files_search_home($1)
')
@@ -2132,13 +2147,18 @@ interface(`userdom_user_home_content_filetrans',`
## The class of the object to be created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
type user_home_dir_t, user_home_t;
')
- filetrans_pattern($1, user_home_dir_t, user_home_t, $2)
+ filetrans_pattern($1, user_home_dir_t, user_home_t, $2, $3)
files_search_home($1)
')
@@ -2456,13 +2476,18 @@ interface(`userdom_manage_user_tmp_sockets',`
## The class of the object to be created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`userdom_user_tmp_filetrans',`
gen_require(`
type user_tmp_t;
')
- filetrans_pattern($1, user_tmp_t, $2, $3)
+ filetrans_pattern($1, user_tmp_t, $2, $3, $4)
files_search_tmp($1)
')
@@ -2482,13 +2507,18 @@ interface(`userdom_user_tmp_filetrans',`
## The class of the object to be created.
##
##
+##
+##
+## The name of the object being created.
+##
+##
#
interface(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
type user_tmp_t;
')
- files_tmp_filetrans($1, user_tmp_t, $2)
+ files_tmp_filetrans($1, user_tmp_t, $2, $3)
')
########################################
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index c441a3769..47efe9a21 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,4 +1,4 @@
-policy_module(userdomain, 4.7.1)
+policy_module(userdomain, 4.7.2)
########################################
#