From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-468719-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SYvAP-0003lh-FK
	for garchives@archives.gentoo.org; Mon, 28 May 2012 08:19:05 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A047AE078C;
	Mon, 28 May 2012 08:18:55 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 5578CE078C
	for <gentoo-commits@lists.gentoo.org>; Mon, 28 May 2012 08:18:55 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id EF8DD1B401D
	for <gentoo-commits@lists.gentoo.org>; Mon, 28 May 2012 08:18:52 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id BA0FAE5428
	for <gentoo-commits@lists.gentoo.org>; Mon, 28 May 2012 08:18:51 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1338193116.eff479638c17429af225fbf5aee9bf075dd9dd69.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/system/init.te policy/modules/system/udev.if
X-VCS-Directories: policy/modules/system/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: eff479638c17429af225fbf5aee9bf075dd9dd69
X-VCS-Branch: master
Date: Mon, 28 May 2012 08:18:51 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 7c24282b-1355-42bf-bb2e-8e32fc37fdbb
X-Archives-Hash: 101076d216c06d6b66643f294892963a

commit:     eff479638c17429af225fbf5aee9bf075dd9dd69
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Mon May 28 08:18:36 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon May 28 08:18:36 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-refp=
olicy.git;a=3Dcommit;h=3Deff47963

Allow initrc to create udev_var_run

---
 policy/modules/system/init.te |    4 ++--
 policy/modules/system/udev.if |   39 ++++++++++++++++++-----------------=
----
 2 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.t=
e
index f1acb15..07c23d4 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -853,9 +853,9 @@ optional_policy(`
 optional_policy(`
 	udev_dontaudit_getattr_netlink_kobject_uevent_sockets(initrc_t)
 	udev_dontaudit_getattr_unix_stream_sockets(initrc_t)
-	udev_pid_filetrans_tbl_dirs(initrc_t, "udev")
-	udev_manage_db(initrc_t)
+	udev_pid_filetrans_run_dirs(initrc_t, "udev")
 	udev_manage_pid_files(initrc_t)
+	udev_manage_pid_dirs(initrc_t)
 	udev_manage_rules_files(initrc_t)
 ')
=20

diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.i=
f
index 098dfd5..c98bcec 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -272,54 +272,51 @@ interface(`udev_rw_db',`
=20
 ########################################
 ## <summary>
-##	Manage the udev db files and directories
+##	Write dirs in /var/run with the udev_var_run file type
 ## </summary>
 ## <param name=3D"domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name=3D"name" optional=3D"true">
+##	<summary>
+##	Name of the directory that the file transition will work on
+##	</summary>
+## </param>
 #
-interface(`udev_manage_db',`
+interface(`udev_pid_filetrans_run_dirs',`
 	gen_require(`
-		type udev_tbl_t;
+		type udev_var_run_t;
 	')
=20
-	dev_list_all_dev_nodes($1)
-	manage_dirs_pattern($1, udev_tbl_t, udev_tbl_t)
-	manage_files_pattern($1, udev_tbl_t, udev_tbl_t)
+	files_pid_filetrans($1, udev_var_run_t, dir, $2)
 ')
=20
-
 ########################################
 ## <summary>
-##	Write dirs in /var/run with the udev_tbl file type
+##	Create, read, write, and delete
+##	udev pid files.
 ## </summary>
 ## <param name=3D"domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
-## <param name=3D"name" optional=3D"true">
-##	<summary>
-##	Name of the directory that the file transition will work on
-##	</summary>
-## </param>
 #
-interface(`udev_pid_filetrans_tbl_dirs',`
+interface(`udev_manage_pid_files',`
 	gen_require(`
-		type udev_tbl_t;
+		type udev_var_run_t;
 	')
=20
-	allow $1 var_t:dir search_dir_perms;
-	allow $1 var_run_t:lnk_file read_lnk_file_perms;
-	files_pid_filetrans($1, udev_tbl_t, dir, $2)
+	files_search_var_lib($1)
+	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
 ')
=20
 ########################################
 ## <summary>
 ##	Create, read, write, and delete
-##	udev pid files.
+##	udev run directories
 ## </summary>
 ## <param name=3D"domain">
 ##	<summary>
@@ -327,11 +324,11 @@ interface(`udev_pid_filetrans_tbl_dirs',`
 ##	</summary>
 ## </param>
 #
-interface(`udev_manage_pid_files',`
+interface(`udev_manage_pid_dirs',`
 	gen_require(`
 		type udev_var_run_t;
 	')
=20
 	files_search_var_lib($1)
-	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
+	manage_dirs_pattern($1, udev_var_run_t, udev_var_run_t)
 ')