From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.77)
	(envelope-from <gentoo-commits+bounces-482773-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SmVzw-0000Ap-1m
	for garchives@archives.gentoo.org; Wed, 04 Jul 2012 20:16:28 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E2296E0683;
	Wed,  4 Jul 2012 20:16:10 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id B7159E0683
	for <gentoo-commits@lists.gentoo.org>; Wed,  4 Jul 2012 20:16:10 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id DE48D1B4025
	for <gentoo-commits@lists.gentoo.org>; Wed,  4 Jul 2012 20:16:09 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id A52C0E5436
	for <gentoo-commits@lists.gentoo.org>; Wed,  4 Jul 2012 20:16:08 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1341432898.895d3c5721bc3ae5df2c1db5ba28aaa4dc09ee88.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/system/init.te policy/modules/system/udev.if
X-VCS-Directories: policy/modules/system/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 895d3c5721bc3ae5df2c1db5ba28aaa4dc09ee88
X-VCS-Branch: master
Date: Wed,  4 Jul 2012 20:16:08 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 3a86e3ab-7dff-4b50-bedf-89dc4e3ee446
X-Archives-Hash: f7dab2a86909565adb7e651a2152e223

commit:     895d3c5721bc3ae5df2c1db5ba28aaa4dc09ee88
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Jul  4 20:14:58 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Jul  4 20:14:58 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-refp=
olicy.git;a=3Dcommit;h=3D895d3c57

Fix bug #424359 - Introduce proper transitions for udev init script in /r=
un/udev

---
 policy/modules/system/init.te |    4 +++-
 policy/modules/system/udev.if |   26 +++++++++++++++++++++++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.t=
e
index f82ecf2..2534150 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -853,7 +853,9 @@ optional_policy(`
 optional_policy(`
 	udev_dontaudit_getattr_netlink_kobject_uevent_sockets(initrc_t)
 	udev_dontaudit_getattr_unix_stream_sockets(initrc_t)
-	udev_pid_filetrans_run_dirs(initrc_t, "udev")
+	udev_generic_pid_filetrans_run_dirs(initrc_t, "udev")
+	udev_pid_filetrans_db_dirs(initrc_t, "rules.d")
+	udev_pid_filetrans_db_dirs(initrc_t, "data")
 	udev_manage_pid_files(initrc_t)
 	udev_manage_pid_dirs(initrc_t)
 	udev_manage_rules_files(initrc_t)

diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.i=
f
index 8f59ae9..5469742 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -276,6 +276,30 @@ interface(`udev_rw_db',`
=20
 ########################################
 ## <summary>
+##	Write dirs in /var/run/udev with the udev_tbl_t (udev database) file =
type
+## </summary>
+## <param name=3D"domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name=3D"name" optional=3D"true">
+##	<summary>
+##	Name of the directory that the file transition will work on
+##	</summary>
+## </param>
+#
+interface(`udev_pid_filetrans_db_dirs',`
+	gen_require(`
+		type udev_tbl_t;
+		type udev_var_run_t;
+	')
+
+	filetrans_pattern($1, udev_var_run_t, udev_tbl_t, dir, $2)
+')
+
+########################################
+## <summary>
 ##	Write dirs in /var/run with the udev_var_run file type
 ## </summary>
 ## <param name=3D"domain">
@@ -289,7 +313,7 @@ interface(`udev_rw_db',`
 ##	</summary>
 ## </param>
 #
-interface(`udev_pid_filetrans_run_dirs',`
+interface(`udev_generic_pid_filetrans_run_dirs',`
 	gen_require(`
 		type udev_var_run_t;
 	')