selinux-refpolicy/policy/modules/apps/cryfs.if

## <summary>CryFS and similar other tools which mount encrypted directories using FUSE.</summary>

########################################
## <summary>
##	Role access for CryFS.
## </summary>
## <param name="role_prefix">
##	<summary>
##	The prefix of the user role (e.g., user
##	is the prefix for user_r).
##	</summary>
## </param>
## <param name="user_domain">
##	<summary>
##	User domain for the role.
##	</summary>
## </param>
## <param name="user_exec_domain">
##	<summary>
##	User exec domain for execute and transition access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
#
template(`cryfs_role',`
	gen_require(`
		attribute_role cryfs_roles;
		type cryfs_t, cryfs_exec_t;
	')

	########################################
	#
	# Declarations
	#

	roleattribute $4 cryfs_roles;

	########################################
	#
	# Policy
	#

	domtrans_pattern($3, cryfs_exec_t, cryfs_t)

	allow $3 cryfs_t:process signal_perms;
	ps_process_pattern($3, cryfs_t)

	optional_policy(`
		systemd_user_app_status($1, cryfs_t)
	')
')