From 7aebdb853de0636d8876db95fd6d36073d3cf2f2 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 19 Apr 2005 18:57:13 +0000
Subject: [PATCH] add rootfs dontaudits for use in init.te

---
 refpolicy/policy/modules/system/files.if | 28 ++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 698cae302..1ac92a684 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -67,6 +67,34 @@ type root_t;
 class dir { getattr search read write add_name };
 ')
 
+########################################
+#
+# files_ignore_modify_rootfs_file(domain,[`optional'])
+#
+define(`files_ignore_modify_rootfs_file',`
+requires_block_template(files_ignore_modify_rootfs_file_depend,$2)
+dontaudit $1 root_t:file { read write };
+')
+
+define(`files_ignore_modify_rootfs_file_depend',`
+type root_t;
+class file { read write };
+')
+
+########################################
+#
+# files_ignore_modify_rootfs_device(domain,[`optional'])
+#
+define(`files_ignore_modify_rootfs_device',`
+requires_block_template(files_ignore_modify_rootfs_device_depend,$2)
+dontaudit $1 root_t:chr_file { read write };
+')
+
+define(`files_ignore_modify_rootfs_device_depend',`
+type root_t;
+class chr_file { read write };
+')
+
 ########################################
 #
 # files_create_private_root_dir_entry(domain,privatetype,[class(es)],[`optional'])