Introduce files_manage_non_security_file_type interface

This interface, similar to files_manage_non_auth_files, allows the
domain to manage and work on non-security related file types. No type
attributes are set so this can be used in a tunable_policy statement if
necessary.

Naming based on the attribute used (non_security_file_type).

1 files changed, 24 insertions, 0 deletions

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ca278d5f..5d53aa47 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',`
 	read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
 	read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
 ')
+
+########################################
+## <summary>
+##	Manage non-security related resources.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_non_security_file_type',`
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+	manage_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+