From Debian package 0.2.20091117-2
fs_hugetlbfs_filetrans merged upstream in 7af0e9bc (2010-03-12)
fs_associate_hugetlbfs(file_type) merged upstream in 48e0aa86 (2010-06-09)

* Use filesystem transitions for hugetlbfs_t.

Index: policy/modules/kernel/files.if
===================================================================
--- policy/modules/kernel/files.if.orig
+++ policy/modules/kernel/files.if
@@ -413,6 +413,26 @@
 
 ########################################
 ## <summary>
+##	Transform the type into a file, for use on a
+##	virtual memory filesystem (hugetlbfs).
+## </summary>
+## <param name="type">
+##	<summary>
+##	The type to be transformed.
+##	</summary>
+## </param>
+#
+interface(`files_hugetlbfs_file',`
+	gen_require(`
+		attribute hugetlbfsfile;
+	')
+
+	files_type($1)
+	typeattribute $1 hugetlbfsfile;
+')
+
+########################################
+## <summary>
 ##	Get the attributes of all directories.
 ## </summary>
 ## <param name="domain">
Index: policy/modules/kernel/files.te
===================================================================
--- policy/modules/kernel/files.te.orig
+++ policy/modules/kernel/files.te
@@ -31,6 +31,7 @@
 
 attribute tmpfile;
 attribute tmpfsfile;
+attribute hugetlbfsfile;
 
 # this attribute is not currently used and will be removed in the future.
 # unfortunately, this attribute can not be removed yet because it may cause
@@ -213,6 +214,13 @@
 
 ########################################
 #
+# Rules for all hugetlbfs file types
+#
+
+fs_associate_hugetlbfs(hugetlbfsfile)
+
+########################################
+#
 # Unconfined access to this module
 #
 
Index: policy/modules/kernel/filesystem.te
===================================================================
--- policy/modules/kernel/filesystem.te.orig
+++ policy/modules/kernel/filesystem.te
@@ -95,6 +95,8 @@
 type hugetlbfs_t;
 fs_type(hugetlbfs_t)
 files_mountpoint(hugetlbfs_t)
+files_type(hugetlbfs_t)
+files_poly_parent(hugetlbfs_t)
 fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
 
 type ibmasmfs_t;
Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if.orig
+++ policy/modules/system/userdomain.if
@@ -358,6 +358,7 @@
 interface(`userdom_manage_tmpfs_role',`
 	gen_require(`
 		type user_tmpfs_t;
+		type user_hugetlbfs_t;
 	')
 
 	manage_dirs_pattern($2, user_tmpfs_t, user_tmpfs_t)
@@ -366,6 +367,8 @@
 	manage_sock_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
 	manage_fifo_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
 	fs_tmpfs_filetrans($2, user_tmpfs_t, { dir file lnk_file sock_file fifo_file })
+	manage_files_pattern($2, user_hugetlbfs_t, user_hugetlbfs_t)
+	fs_hugetlbfs_filetrans($2, user_hugetlbfs_t, { file })
 ')
 
 #######################################
Index: policy/modules/system/userdomain.te
===================================================================
--- policy/modules/system/userdomain.te.orig
+++ policy/modules/system/userdomain.te
@@ -91,6 +91,9 @@
 files_tmpfs_file(user_tmpfs_t)
 userdom_user_home_content(user_tmpfs_t)
 
+type user_hugetlbfs_t;
+files_hugetlbfs_file(user_hugetlbfs_t)
+
 type user_tty_device_t alias { staff_tty_device_t sysadm_tty_device_t secadm_tty_device_t auditadm_tty_device_t unconfined_tty_device_t };
 dev_node(user_tty_device_t)
 ubac_constrained(user_tty_device_t)