From 43917f18a8d29961f9500fd406a776b6fac33e1b Mon Sep 17 00:00:00 2001
From: John Turner <jturner.usa@gmail.com>
Date: Sat, 23 Aug 2025 20:19:00 -0400
Subject: move "dos" out of misc.cil

---
 src/fs/noseclabelfs/dosnoseclabelfs.cil | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

(limited to 'src/fs/noseclabelfs')

diff --git a/src/fs/noseclabelfs/dosnoseclabelfs.cil b/src/fs/noseclabelfs/dosnoseclabelfs.cil
index dc1412a..b591804 100644
--- a/src/fs/noseclabelfs/dosnoseclabelfs.cil
+++ b/src/fs/noseclabelfs/dosnoseclabelfs.cil
@@ -2,6 +2,16 @@
 ;; SPDX-License-Identifier: Unlicense
 
 (block dos
+    (macro map_fs_files ((type ARG1))
+	(allow ARG1 fs (file (map))))
+    
+    (macro boot_file_type_transition_fs ((type ARG1))
+	(call .boot.file_type_transition
+	    (ARG1 fs dir "efi")))
+
+    (macro root_file_type_transition_fs ((type ARG1))
+	(call .root.file_type_transition
+	    (ARG1 fs dir "efi")))    
 
     (genfscon "fat" "/" fs_context)
     (genfscon "hfs" "/" fs_context)
@@ -13,9 +23,13 @@
     (genfscon "vfat" "/" fs_context)
     (genfscon "exfat" "/" fs_context)
 
-    (macro map_fs_files ((type ARG1))
-	(allow ARG1 fs (file (map))))
-
     (blockinherit .noseclabelfs.template)
+    
+    (call .rbacsep.exempt.obj.type (fs))
+    (call .xattr.associate_fs (fs))
+    
+    (filecon "/boot/efi" dir fs_context)
+    (filecon "/boot/efi/.*" any ())
 
-    (call .rbacsep.exempt.obj.type (fs)))
+    (filecon "/efi" dir fs_context)
+    (filecon "/efi/.*" any ()))
-- 
cgit v1.2.3