[people/stevee/selinux-policy.git] / refpolicy / policy / modules / system / files.te


policy_module(files,1.0)

########################################
#
# Declarations
#

attribute file_type;
attribute lockfile;
attribute mountpoint;
attribute pidfile;

# For labeling types that are to be polyinstantiated
attribute polydir;

# And for labeling the parent directories of those polyinstantiated directories
# This is necessary for remounting the original in the parent to give
# security aware apps access
attribute polyparent;

# And labeling for the member directories
attribute polymember;

attribute tmpfile;
attribute tmpfsfile;

# default_t is the default type for files that do not
# match any specification in the file_contexts configuration
# other than the generic /.* specification.
type default_t, file_type, mountpoint;
fs_associate(default_t)
fs_associate_noxattr(default_t)

#
# etc_t is the type of the system etc directories.
#
type etc_t, file_type;
fs_associate(etc_t)
fs_associate_noxattr(etc_t)

#
# etc_runtime_t is the type of various
# files in /etc that are automatically
# generated during initialization.
#
type etc_runtime_t, file_type;
fs_associate(etc_runtime_t)
fs_associate_noxattr(etc_runtime_t)

#
# file_t is the default type of a file that has not yet been
# assigned an extended attribute (EA) value (when using a filesystem
# that supports EAs).
#
type file_t, file_type, mountpoint;
fs_associate(file_t)
fs_associate_noxattr(file_t)
kernel_rootfs_mountpoint(file_t)
sid file context_template(system_u:object_r:file_t,s0)

#
# home_root_t is the type for the directory where user home directories
# are created
#
type home_root_t, file_type, mountpoint; #, polyparent
fs_associate(home_root_t)
fs_associate_noxattr(home_root_t)

#
# lost_found_t is the type for the lost+found directories.
#
type lost_found_t, file_type;
fs_associate(lost_found_t)
fs_associate_noxattr(lost_found_t)

#
# mnt_t is the type for mount points such as /mnt/cdrom
#
type mnt_t, file_type, mountpoint;
fs_associate(mnt_t)
fs_associate_noxattr(mnt_t)

type no_access_t, file_type;
fs_associate(no_access_t)
fs_associate_noxattr(no_access_t)

type poly_t, file_type;
fs_associate(poly_t)
fs_associate_noxattr(poly_t)

type readable_t, file_type;
fs_associate(readable_t)
fs_associate_noxattr(readable_t)

#
# root_t is the type for rootfs and the root directory.
#
type root_t, file_type, mountpoint; #, polyparent
fs_associate(root_t)
fs_associate_noxattr(root_t)
kernel_rootfs_mountpoint(root_t)
genfscon rootfs / context_template(system_u:object_r:root_t,s0)

#
# src_t is the type of files in the system src directories.
#
type src_t, file_type, mountpoint;
fs_associate(src_t)
fs_associate_noxattr(src_t)

#
# tmp_t is the type of the temporary directories
#
type tmp_t, file_type, tmpfile, mountpoint; #, polydir
fs_associate(tmp_t)
fs_associate_noxattr(tmp_t)

#
# usr_t is the type for /usr.
#
type usr_t, file_type, mountpoint;
fs_associate(usr_t)
fs_associate_noxattr(usr_t)

#
# var_t is the type of /var
#
type var_t, file_type, mountpoint;
fs_associate(var_t)
fs_associate_noxattr(var_t)

#
# var_lib_t is the type of /var/lib
#
type var_lib_t, file_type, mountpoint;
fs_associate(var_lib_t)
fs_associate_noxattr(var_lib_t)

#
# var_lock_t is tye type of /var/lock
#
type var_lock_t, file_type, lockfile;
fs_associate(var_lock_t)
fs_associate_noxattr(var_lock_t)

#
# var_run_t is the type of /var/run, usually
# used for pid and other runtime files.
#
type var_run_t, file_type, pidfile;
fs_associate(var_run_t)
fs_associate_noxattr(var_run_t)

#
# var_spool_t is the type of /var/spool
#
type var_spool_t, file_type;
fs_associate(var_spool_t)
fs_associate_noxattr(var_spool_t)
Commit	Line	Data
e181fe05	1
960373dd CP	2	policy_module(files,1.0)
960373dd CP	3
fd89e19f CP	4	########################################
	5	#
	6	# Declarations
	7	#
	8
b4cd1533 CP	9	attribute file_type;
b4cd1533 CP	10	attribute lockfile;
46410fd2	11	attribute mountpoint;
b4cd1533	12	attribute pidfile;
a1fcff33 CP	13
	14	# For labeling types that are to be polyinstantiated
	15	attribute polydir;
	16
	17	# And for labeling the parent directories of those polyinstantiated directories
	18	# This is necessary for remounting the original in the parent to give
	19	# security aware apps access
	20	attribute polyparent;
	21
	22	# And labeling for the member directories
	23	attribute polymember;
	24
b4cd1533	25	attribute tmpfile;
46410fd2	26	attribute tmpfsfile;
b4cd1533 CP	27
	28	# default_t is the default type for files that do not
	29	# match any specification in the file_contexts configuration
	30	# other than the generic /.* specification.
a2d8246b	31	type default_t, file_type, mountpoint;
763c441e	32	fs_associate(default_t)
0fd9dc55	33	fs_associate_noxattr(default_t)
b4cd1533 CP	34
	35	#
	36	# etc_t is the type of the system etc directories.
	37	#
	38	type etc_t, file_type;
763c441e	39	fs_associate(etc_t)
0fd9dc55	40	fs_associate_noxattr(etc_t)
b4cd1533 CP	41
	42	#
	43	# etc_runtime_t is the type of various
	44	# files in /etc that are automatically
	45	# generated during initialization.
	46	#
	47	type etc_runtime_t, file_type;
763c441e	48	fs_associate(etc_runtime_t)
0fd9dc55	49	fs_associate_noxattr(etc_runtime_t)
b4cd1533 CP	50
	51	#
	52	# file_t is the default type of a file that has not yet been
	53	# assigned an extended attribute (EA) value (when using a filesystem
	54	# that supports EAs).
	55	#
a2d8246b	56	type file_t, file_type, mountpoint;
763c441e	57	fs_associate(file_t)
0fd9dc55 CP	58	fs_associate_noxattr(file_t)
0fd9dc55 CP	59	kernel_rootfs_mountpoint(file_t)
cabfa520	60	sid file context_template(system_u:object_r:file_t,s0)
b4cd1533	61
b4cd1533 CP	62	#
	63	# home_root_t is the type for the directory where user home directories
	64	# are created
	65	#
0907bda1	66	type home_root_t, file_type, mountpoint; #, polyparent
763c441e	67	fs_associate(home_root_t)
0fd9dc55	68	fs_associate_noxattr(home_root_t)
b4cd1533 CP	69
	70	#
	71	# lost_found_t is the type for the lost+found directories.
	72	#
	73	type lost_found_t, file_type;
763c441e	74	fs_associate(lost_found_t)
0fd9dc55	75	fs_associate_noxattr(lost_found_t)
b4cd1533 CP	76
	77	#
	78	# mnt_t is the type for mount points such as /mnt/cdrom
	79	#
a2d8246b	80	type mnt_t, file_type, mountpoint;
763c441e	81	fs_associate(mnt_t)
0fd9dc55	82	fs_associate_noxattr(mnt_t)
b4cd1533	83
219bcf7a	84	type no_access_t, file_type;
763c441e	85	fs_associate(no_access_t)
0fd9dc55	86	fs_associate_noxattr(no_access_t)
219bcf7a CP	87
219bcf7a CP	88	type poly_t, file_type;
763c441e	89	fs_associate(poly_t)
0fd9dc55	90	fs_associate_noxattr(poly_t)
219bcf7a CP	91
219bcf7a CP	92	type readable_t, file_type;
763c441e	93	fs_associate(readable_t)
0fd9dc55	94	fs_associate_noxattr(readable_t)
219bcf7a	95
a2d8246b CP	96	#
	97	# root_t is the type for rootfs and the root directory.
	98	#
0907bda1	99	type root_t, file_type, mountpoint; #, polyparent
763c441e	100	fs_associate(root_t)
0fd9dc55 CP	101	fs_associate_noxattr(root_t)
0fd9dc55 CP	102	kernel_rootfs_mountpoint(root_t)
e32c0d3b	103	genfscon rootfs / context_template(system_u:object_r:root_t,s0)
a2d8246b	104
b4cd1533 CP	105	#
	106	# src_t is the type of files in the system src directories.
	107	#
0907bda1	108	type src_t, file_type, mountpoint;
763c441e	109	fs_associate(src_t)
0fd9dc55	110	fs_associate_noxattr(src_t)
b4cd1533 CP	111
	112	#
	113	# tmp_t is the type of the temporary directories
	114	#
0907bda1	115	type tmp_t, file_type, tmpfile, mountpoint; #, polydir
763c441e	116	fs_associate(tmp_t)
0fd9dc55	117	fs_associate_noxattr(tmp_t)
b4cd1533 CP	118
	119	#
	120	# usr_t is the type for /usr.
	121	#
a2d8246b	122	type usr_t, file_type, mountpoint;
763c441e	123	fs_associate(usr_t)
0fd9dc55	124	fs_associate_noxattr(usr_t)
b4cd1533 CP	125
	126	#
	127	# var_t is the type of /var
	128	#
a2d8246b	129	type var_t, file_type, mountpoint;
763c441e	130	fs_associate(var_t)
0fd9dc55	131	fs_associate_noxattr(var_t)
b4cd1533 CP	132
	133	#
	134	# var_lib_t is the type of /var/lib
	135	#
ea7d571b	136	type var_lib_t, file_type, mountpoint;
763c441e	137	fs_associate(var_lib_t)
0fd9dc55	138	fs_associate_noxattr(var_lib_t)
b4cd1533 CP	139
	140	#
	141	# var_lock_t is tye type of /var/lock
	142	#
	143	type var_lock_t, file_type, lockfile;
763c441e	144	fs_associate(var_lock_t)
0fd9dc55	145	fs_associate_noxattr(var_lock_t)
b4cd1533 CP	146
	147	#
	148	# var_run_t is the type of /var/run, usually
	149	# used for pid and other runtime files.
	150	#
	151	type var_run_t, file_type, pidfile;
763c441e	152	fs_associate(var_run_t)
0fd9dc55	153	fs_associate_noxattr(var_run_t)
b4cd1533 CP	154
	155	#
	156	# var_spool_t is the type of /var/spool
	157	#
	158	type var_spool_t, file_type;
763c441e	159	fs_associate(var_spool_t)
0fd9dc55	160	fs_associate_noxattr(var_spool_t)