filesystem: Move ecryptfs interface definitions.

Signed-off-by: Chris PeBenito <pebenito@ieee.org> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Chris PeBenito <pebenito@ieee.org> 2022-06-03 15:25:59 -0400
committer: Jason Zaman <perfinion@gentoo.org> 2022-09-03 11:41:55 -0700
commit: 94ce813d36eb6dd0d9cda680f999a360e6b2b5df (patch)
tree: 0495c8891cfc794d8bdfc69e225be09cf58010fa
parent: container: Boolean for ecryptfs (diff)
download: hardened-refpolicy-94ce813d36eb6dd0d9cda680f999a360e6b2b5df.tar.gz
hardened-refpolicy-94ce813d36eb6dd0d9cda680f999a360e6b2b5df.tar.bz2
hardened-refpolicy-94ce813d36eb6dd0d9cda680f999a360e6b2b5df.zip
1 files changed, 78 insertions, 78 deletions
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 54a2f13ee..93907c673 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1931,84 +1931,6 @@ interface(`fs_cifs_domtrans',`
 	domain_auto_transition_pattern($1, cifs_t, $2)
 ')
 
-########################################
-## <summary>
-##      Create, read, write, and delete directories
-##      on an eCryptfs filesystem.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_ecryptfs_dirs',`
-        gen_require(`
-                type ecryptfs_t;
-        ')
-
-        allow $1 ecryptfs_t:dir manage_dir_perms;
-')
-
-########################################
-## <summary>
-##      Create, read, write, and delete files
-##      on an eCryptfs filesystem.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-## <rolecap/>
-#
-interface(`fs_manage_ecryptfs_files',`
-        gen_require(`
-                type ecryptfs_t;
-        ')
-
-        manage_files_pattern($1, ecryptfs_t, ecryptfs_t)
-')
-
-########################################
-## <summary>
-##      Create, read, write, and delete named sockets
-##      on an eCryptfs filesystem.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`fs_manage_ecryptfs_named_sockets',`
-        gen_require(`
-                type ecryptfs_t;
-        ')
-
-        manage_sock_files_pattern($1, ecryptfs_t, ecryptfs_t)
-')
-
-########################################
-## <summary>
-##      Read symbolic links on an eCryptfs filesystem.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-interface(`fs_list_ecryptfs',`
-        gen_require(`
-                type ecryptfs_t;
-        ')
-
-        allow $1 ecryptfs_t:dir list_dir_perms;
-        read_lnk_files_pattern($1, ecryptfs_t, ecryptfs_t)
-')
-
 #######################################
 ## <summary>
 ##	Create, read, write, and delete dirs
@@ -2275,6 +2197,84 @@ interface(`fs_manage_dos_files',`
 
 ########################################
 ## <summary>
+##      Read symbolic links on an eCryptfs filesystem.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_list_ecryptfs',`
+        gen_require(`
+                type ecryptfs_t;
+        ')
+
+        allow $1 ecryptfs_t:dir list_dir_perms;
+        read_lnk_files_pattern($1, ecryptfs_t, ecryptfs_t)
+')
+
+########################################
+## <summary>
+##      Create, read, write, and delete directories
+##      on an eCryptfs filesystem.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+interface(`fs_manage_ecryptfs_dirs',`
+        gen_require(`
+                type ecryptfs_t;
+        ')
+
+        allow $1 ecryptfs_t:dir manage_dir_perms;
+')
+
+########################################
+## <summary>
+##      Create, read, write, and delete files
+##      on an eCryptfs filesystem.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+interface(`fs_manage_ecryptfs_files',`
+        gen_require(`
+                type ecryptfs_t;
+        ')
+
+        manage_files_pattern($1, ecryptfs_t, ecryptfs_t)
+')
+
+########################################
+## <summary>
+##      Create, read, write, and delete named sockets
+##      on an eCryptfs filesystem.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_manage_ecryptfs_named_sockets',`
+        gen_require(`
+                type ecryptfs_t;
+        ')
+
+        manage_sock_files_pattern($1, ecryptfs_t, ecryptfs_t)
+')
+
+########################################
+## <summary>
 ##	Get the attributes of efivarfs filesystems.
 ## </summary>
 ## <param name="domain">
author	Chris PeBenito <pebenito@ieee.org>	2022-06-03 15:25:59 -0400
committer	Jason Zaman <perfinion@gentoo.org>	2022-09-03 11:41:55 -0700
commit	94ce813d36eb6dd0d9cda680f999a360e6b2b5df (patch)
tree	0495c8891cfc794d8bdfc69e225be09cf58010fa
parent	container: Boolean for ecryptfs (diff)
download	hardened-refpolicy-94ce813d36eb6dd0d9cda680f999a360e6b2b5df.tar.gz hardened-refpolicy-94ce813d36eb6dd0d9cda680f999a360e6b2b5df.tar.bz2 hardened-refpolicy-94ce813d36eb6dd0d9cda680f999a360e6b2b5df.zip