RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

filesystem: Move ecryptfs interface definitions. 

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito 2022-06-03 15:25:59 -04:00
parent 45f1a0d54e
commit d698a5594c
1 changed files with 78 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
policy/modules/kernel/filesystem.if
View File

@ -1931,84 +1931,6 @@ interface(`fs_cifs_domtrans',`
domain_auto_transition_pattern($1, cifs_t, $2)
')
########################################
## <summary>
## Create, read, write, and delete directories
## on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`fs_manage_ecryptfs_dirs',`
gen_require(`
type ecryptfs_t;
')
allow $1 ecryptfs_t:dir manage_dir_perms;
')
########################################
## <summary>
## Create, read, write, and delete files
## on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`fs_manage_ecryptfs_files',`
gen_require(`
type ecryptfs_t;
')
manage_files_pattern($1, ecryptfs_t, ecryptfs_t)
')
########################################
## <summary>
## Create, read, write, and delete named sockets
## on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_manage_ecryptfs_named_sockets',`
gen_require(`
type ecryptfs_t;
')
manage_sock_files_pattern($1, ecryptfs_t, ecryptfs_t)
')
########################################
## <summary>
## Read symbolic links on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_list_ecryptfs',`
gen_require(`
type ecryptfs_t;
')
allow $1 ecryptfs_t:dir list_dir_perms;
read_lnk_files_pattern($1, ecryptfs_t, ecryptfs_t)
')
#######################################
## <summary>
## Create, read, write, and delete dirs
@ -2273,6 +2195,84 @@ interface(`fs_manage_dos_files',`
manage_files_pattern($1, dosfs_t, dosfs_t)
')
########################################
## <summary>
## Read symbolic links on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_list_ecryptfs',`
gen_require(`
type ecryptfs_t;
')
allow $1 ecryptfs_t:dir list_dir_perms;
read_lnk_files_pattern($1, ecryptfs_t, ecryptfs_t)
')
########################################
## <summary>
## Create, read, write, and delete directories
## on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`fs_manage_ecryptfs_dirs',`
gen_require(`
type ecryptfs_t;
')
allow $1 ecryptfs_t:dir manage_dir_perms;
')
########################################
## <summary>
## Create, read, write, and delete files
## on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`fs_manage_ecryptfs_files',`
gen_require(`
type ecryptfs_t;
')
manage_files_pattern($1, ecryptfs_t, ecryptfs_t)
')
########################################
## <summary>
## Create, read, write, and delete named sockets
## on an eCryptfs filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_manage_ecryptfs_named_sockets',`
gen_require(`
type ecryptfs_t;
')
manage_sock_files_pattern($1, ecryptfs_t, ecryptfs_t)
')
########################################
## <summary>
## Get the attributes of efivarfs filesystems.