From: bigon@debian.org (Laurent Bigonville)
Date: Sat, 22 Mar 2014 13:06:09 +0100
Subject: [refpolicy] [PATCH v2 1/3] Create new xattrfs attribute and
	fs_getattr_all_xattr_fs() interface
Message-ID: <1395489971-17651-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Create a new attribute and fs_getattr_all_xattr_fs() interface that will
be used for all the filesystems that support xattr
---
 policy/modules/kernel/filesystem.if | 58 +++++++++++++++++++++++++++++++++++++
 policy/modules/kernel/filesystem.te |  1 +
 2 files changed, 59 insertions(+)

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 8416beb..d24ae64 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -108,6 +108,64 @@ interface(`fs_exec_noxattr',`
 
 ########################################
 ## <summary>
+##	Transform specified type into a filesystem
+##	type which has extended attribute
+##	support.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_xattr_type',`
+	gen_require(`
+		attribute xattrfs;
+	')
+
+	fs_type($1)
+
+	typeattribute $1 xattrfs;
+')
+
+########################################
+## <summary>
+##	Get the attributes of all the
+##	filesystems which have extended
+##	attributes.
+##	This includes pseudo filesystems.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to
+##	get the attributes of a filesystems
+##	which have extended attributes.
+##	Example attributes:
+##	</p>
+##	<ul>
+##		<li>Type of the file system (e.g., tmpfs)</li>
+##		<li>Size of the file system</li>
+##		<li>Available space on the file system</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+## <rolecap/>
+#
+interface(`fs_getattr_all_xattr_fs',`
+	gen_require(`
+		attribute xattrfs;
+	')
+
+	allow $1 xattrfs:filesystem getattr;
+')
+
+########################################
+## <summary>
 ##	Mount a persistent filesystem which
 ##	has extended attributes, such as
 ##	ext3, JFS, or XFS.
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index d9cc21f..4207e8f 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -8,6 +8,7 @@ policy_module(filesystem, 1.18.0)
 attribute filesystem_type;
 attribute filesystem_unconfined_type;
 attribute noxattrfs;
+attribute xattrfs;
 
 ##############################
 #
-- 
1.9.1