From e6506d8ed109fe85ae9236a62c17f68a8eeedb8f Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 4 Sep 2020 12:28:24 +0200
Reference: https://github.com/fedora-selinux/selinux-policy/commit/e6506d8ed109fe85ae9236a62c17f68a8eeedb8f
Conflict: NA
Subject: [PATCH] Add new devices and filesystem interfaces

Add dev_remount_sysfs_fs(), fs_all_mount_fs_perms_xattr_fs(),
fs_all_mount_fs_perms_tmpfs() interfaces.
---
 policy/modules/kernel/devices.if    | 18 ++++++++++++++++++
 policy/modules/kernel/filesystem.if | 38 +++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 2a69660..61fedbb 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -4832,6 +4832,24 @@ interface(`dev_unmount_sysfs_fs',`
 
 ########################################
 ## <summary>
+##	Remount sysfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_remount_sysfs_fs',`
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:filesystem remount;
+')
+
+########################################
+## <summary>
 ##	Search the sysfs directories.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 17a9f08..d3f24d2 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -169,6 +169,26 @@ interface(`fs_unmount_xattr_fs',`
 
 ########################################
 ## <summary>
+##	Mount, remount, unmount a persistent filesystem which
+##	has extended attributes, such as
+##	ext3, JFS, or XFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_all_mount_fs_perms_xattr_fs',`
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem mount_fs_perms;
+')
+
+########################################
+## <summary>
 ##	Get the attributes of persistent
 ##	filesystems which have extended
 ##	attributes, such as ext3, JFS, or XFS.
@@ -5206,6 +5226,24 @@ interface(`fs_unmount_tmpfs',`
 
 ########################################
 ## <summary>
+##	Mount, remount, unmount a tmpfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_all_mount_fs_perms_tmpfs',`
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem mount_fs_perms;
+')
+
+########################################
+## <summary>
 ##	Mount on tmpfs directories.
 ## </summary>
 ## <param name="domain">
-- 
1.8.3.1