selinux-refpolicy/policy/modules/apps/cryfs.if

## <summary>CryFS and similar other tools which mount encrypted directories using FUSE.</summary>

########################################
## <summary>
##	Role access for CryFS.
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role.
##	</summary>
## </param>
#
interface(`cryfs_role',`
	gen_require(`
		attribute_role cryfs_roles;
		type cryfs_t, cryfs_exec_t;
	')

	########################################
	#
	# Declarations
	#

	roleattribute $1 cryfs_roles;

	########################################
	#
	# Policy
	#

	domtrans_pattern($2, cryfs_exec_t, cryfs_t)

	allow $2 cryfs_t:process signal_perms;
	ps_process_pattern($2, cryfs_t)
')