From 01197e1c606be4b55b1b0551c8f8856bcb8c13f8 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 3 Nov 2022 11:27:49 +0100
Subject: [PATCH] Add watch interfaces

Add interfacecs that allow watch filesystem.
---
 policy/modules/kernel/filesystem.if | 36 +++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 2c1fdd7150..bb2f077f6d 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -264,6 +264,24 @@ interface(`fs_relabelfrom_xattr_fs',`
 	allow $1 fs_t:filesystem relabelfrom;
 ')
 
+########################################
+## <summary>
+##      Watch filesystem with extended attributes
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_watch_xattr_fs',`
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem watch;
+')
+
 ########################################
 ## <summary>
 ##	Get the filesystem quotas of a filesystem
@@ -5274,6 +5292,24 @@ interface(`fs_mount_tmpfs',`
 	allow $1 tmpfs_t:filesystem mount;
 ')
 
+########################################
+## <summary>
+##      Watch a tmpfs filesystem.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_watch_tmpfs',`
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem watch;
+')
+
 ########################################
 ## <summary>
 ##	Dontaudit remount a tmpfs filesystem.