From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 11 Apr 2014 09:15:20 -0400
Subject: [refpolicy] [PATCH v3 1/3] Create new xattrfs attribute and
 fs_getattr_all_xattr_fs() interface
In-Reply-To: <1396644774-8809-1-git-send-email-bigon@debian.org>
References: <1396644774-8809-1-git-send-email-bigon@debian.org>
Message-ID: <5347EAE8.701@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/04/2014 04:52 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> Create a new attribute and fs_getattr_all_xattr_fs() interface that will
> be used for all the filesystems that support xattr

This set is merged.


> ---
>  policy/modules/kernel/filesystem.if | 58 +++++++++++++++++++++++++++++++++++++
>  policy/modules/kernel/filesystem.te |  1 +
>  2 files changed, 59 insertions(+)
> 
> diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
> index 8416beb..d24ae64 100644
> --- a/policy/modules/kernel/filesystem.if
> +++ b/policy/modules/kernel/filesystem.if
> @@ -108,6 +108,64 @@ interface(`fs_exec_noxattr',`
>  
>  ########################################
>  ## <summary>
> +##	Transform specified type into a filesystem
> +##	type which has extended attribute
> +##	support.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`fs_xattr_type',`
> +	gen_require(`
> +		attribute xattrfs;
> +	')
> +
> +	fs_type($1)
> +
> +	typeattribute $1 xattrfs;
> +')
> +
> +########################################
> +## <summary>
> +##	Get the attributes of all the
> +##	filesystems which have extended
> +##	attributes.
> +##	This includes pseudo filesystems.
> +## </summary>
> +## <desc>
> +##	<p>
> +##	Allow the specified domain to
> +##	get the attributes of a filesystems
> +##	which have extended attributes.
> +##	Example attributes:
> +##	</p>
> +##	<ul>
> +##		<li>Type of the file system (e.g., tmpfs)</li>
> +##		<li>Size of the file system</li>
> +##		<li>Available space on the file system</li>
> +##	</ul>
> +## </desc>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +## <infoflow type="read" weight="5"/>
> +## <rolecap/>
> +#
> +interface(`fs_getattr_all_xattr_fs',`
> +	gen_require(`
> +		attribute xattrfs;
> +	')
> +
> +	allow $1 xattrfs:filesystem getattr;
> +')
> +
> +########################################
> +## <summary>
>  ##	Mount a persistent filesystem which
>  ##	has extended attributes, such as
>  ##	ext3, JFS, or XFS.
> diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
> index d9cc21f..4207e8f 100644
> --- a/policy/modules/kernel/filesystem.te
> +++ b/policy/modules/kernel/filesystem.te
> @@ -8,6 +8,7 @@ policy_module(filesystem, 1.18.0)
>  attribute filesystem_type;
>  attribute filesystem_unconfined_type;
>  attribute noxattrfs;
> +attribute xattrfs;
>  
>  ##############################
>  #
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com