(typeattribute fixed_disk_raw_read)
(typeattribute fixed_disk_raw_write)
(typeattribute scsi_generic_read)
(typeattribute scsi_generic_write)
(typeattribute storage_unconfined_type)
(type fixed_disk_device_t)
(roletype object_r fixed_disk_device_t)
(type fuse_device_t)
(roletype object_r fuse_device_t)
(type scsi_generic_device_t)
(roletype object_r scsi_generic_device_t)
(type removable_device_t)
(roletype object_r removable_device_t)
(type tape_device_t)
(roletype object_r tape_device_t)
(roleattributeset cil_gen_require system_r)
(typeattributeset cil_gen_require device_node)
(typeattributeset device_node (fixed_disk_device_t fuse_device_t scsi_generic_device_t removable_device_t tape_device_t ))
(neverallow storage_typeattr_1 fixed_disk_device_t (chr_file (read)))
(neverallow storage_typeattr_1 fixed_disk_device_t (blk_file (read)))
(neverallow storage_typeattr_2 fixed_disk_device_t (chr_file (write append)))
(neverallow storage_typeattr_2 fixed_disk_device_t (blk_file (write append)))
(neverallow storage_typeattr_3 scsi_generic_device_t (chr_file (read)))
(neverallow storage_typeattr_3 scsi_generic_device_t (blk_file (read)))
(neverallow storage_typeattr_4 scsi_generic_device_t (chr_file (write append)))
(neverallow storage_typeattr_4 scsi_generic_device_t (blk_file (write append)))
(allow storage_unconfined_type fixed_disk_device_t (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open execmod)))
(allow storage_unconfined_type removable_device_t (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open execmod)))
(allow storage_unconfined_type scsi_generic_device_t (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open execmod)))
(allow storage_unconfined_type tape_device_t (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton open execmod)))
(typeattribute storage_typeattr_4)
(typeattributeset storage_typeattr_4 (not (scsi_generic_write storage_unconfined_type ) ))
(typeattribute storage_typeattr_3)
(typeattributeset storage_typeattr_3 (not (scsi_generic_read storage_unconfined_type ) ))
(typeattribute storage_typeattr_2)
(typeattributeset storage_typeattr_2 (not (fixed_disk_raw_write storage_unconfined_type ) ))
(typeattribute storage_typeattr_1)
(typeattributeset storage_typeattr_1 (not (fixed_disk_raw_read storage_unconfined_type ) ))
(optional storage_optional_2
    (typeattributeset cil_gen_require container_mountpoint_type)
    (typeattributeset cil_gen_require container_mountpoint_type)
    (typeattributeset container_mountpoint_type (fuse_device_t ))
)
(filecon "/dev/\.tmp-block-.*" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/n?(raw)?[qr]ft[0-3]" char (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/n?[hs]t[0-9].*" char (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/n?z?qft[0-3]" char (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/n?osst[0-3].*" char (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/n?pt[0-9]+" char (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/n?tpqic[12].*" char (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/[shmxv]d[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/aztcd" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/bpcd" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/bsg/.+" char (system_u object_r scsi_generic_device_t ((s0) (s0))))
(filecon "/dev/cdu.*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/cm20.*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/dasd[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/dasd[^/]*" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/dm-[0-9]+" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/drbd[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/etherd/.+" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/fd[^/]+" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/flash[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/gscd" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/hitcd" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/ht[0-1]" block (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/hwcdrom" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/initrd" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/jsfd" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/jsflash" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/loop.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/lvm" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/mcdx?" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/megadev.*" char (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/megaraid.*" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/mmcblk.*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/mmcblk.*" char (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/mspblk.*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/mtd.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/mtd.*" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/nb[^/]+" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/ng[0-9]+n[0-9]+" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/nvme[0-9]+" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/nvme[0-9]n[^/]+" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/optcd" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/p[fg][0-3]" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/pcd[0-3]" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/pd[a-d][^/]*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/pg[0-3]" char (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/pmem[0-9]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/ps3d.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/ram.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/(raw/)?rawctl" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/rd.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/s(cd|r)[^/]*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/sbpcd.*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/sg[0-9]+" char (system_u object_r scsi_generic_device_t ((s0) (s0))))
(filecon "/dev/sjcd" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/sonycd" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/tape.*" char (system_u object_r tape_device_t ((s0) (s0))))
(filecon "/dev/tw[a-z][^/]+" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/ub[a-z][^/]+" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/ubd[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/vd[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/xvd[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/zd.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/zfs" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/zpios" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/zram[0-9]+" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/ataraid/.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/cciss/[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/fuse" char (system_u object_r fuse_device_t ((s0) (s0))))
(filecon "/dev/floppy/[^/]*" block (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/dev/i2o/hd[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/ida/[^/]*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/md/.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/mapper/.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/device-mapper" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/raw/raw[0-9]+" char (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/scramdisk/.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/dev/usb/rio500" char (system_u object_r removable_device_t ((s0) (s0))))
(filecon "/usr/lib/udev/devices/loop.*" block (system_u object_r fixed_disk_device_t ((s0) (s0))))
(filecon "/usr/lib/udev/devices/fuse" char (system_u object_r fuse_device_t ((s0) (s0))))
