From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.77)
	(envelope-from <gentoo-commits+bounces-484418-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Sof9H-0003oW-Sd
	for garchives@archives.gentoo.org; Tue, 10 Jul 2012 18:27:00 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B1934E0C72;
	Tue, 10 Jul 2012 18:26:47 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6E2C2E0C70
	for <gentoo-commits@lists.gentoo.org>; Tue, 10 Jul 2012 18:26:47 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id B08221B4017
	for <gentoo-commits@lists.gentoo.org>; Tue, 10 Jul 2012 18:26:46 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 69559E5433
	for <gentoo-commits@lists.gentoo.org>; Tue, 10 Jul 2012 18:26:45 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1341942627.278d8a1c1beaa385673d2ba15d68e42e9ad5f450.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/system/init.te policy/modules/system/udev.if policy/modules/system/udev.te
X-VCS-Directories: policy/modules/system/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 278d8a1c1beaa385673d2ba15d68e42e9ad5f450
X-VCS-Branch: master
Date: Tue, 10 Jul 2012 18:26:45 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 065eb434-29e2-4f00-be1a-b52c94a844ba
X-Archives-Hash: 6ba5c2da73b1f9d267c6192f4e1a82ac

commit:     278d8a1c1beaa385673d2ba15d68e42e9ad5f450
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Jul 10 17:50:27 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Jul 10 17:50:27 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-refp=
olicy.git;a=3Dcommit;h=3D278d8a1c

Update on udev/init file transitions for /run

---
 policy/modules/system/init.te |    3 +--
 policy/modules/system/udev.if |   11 ++++++++---
 policy/modules/system/udev.te |    2 ++
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.t=
e
index 76aad7a..4481731 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -855,8 +855,7 @@ optional_policy(`
 	udev_dontaudit_getattr_netlink_kobject_uevent_sockets(initrc_t)
 	udev_dontaudit_getattr_unix_stream_sockets(initrc_t)
 	udev_generic_pid_filetrans_run_dirs(initrc_t, "udev")
-	udev_pid_filetrans_db_dirs(initrc_t, "rules.d")
-	udev_pid_filetrans_db_dirs(initrc_t, "data")
+	udev_pid_filetrans_db(initrc_t, dir, "rules.d")
 	udev_manage_pid_files(initrc_t)
 	udev_manage_pid_dirs(initrc_t)
 	udev_manage_rules_files(initrc_t)

diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.i=
f
index cff9ce6..d8dd302 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -297,26 +297,31 @@ interface(`udev_create_db_dirs',`
=20
 ########################################
 ## <summary>
-##	Write dirs in /var/run/udev with the udev_tbl_t (udev database) file =
type
+##	Write in /var/run/udev with the udev_tbl_t (udev database) file type
 ## </summary>
 ## <param name=3D"domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name=3D"class">
+## 	<summary>
+##	Classes on which the file transition should occur
+##	</summary>
+## </param>
 ## <param name=3D"name" optional=3D"true">
 ##	<summary>
 ##	Name of the directory that the file transition will work on
 ##	</summary>
 ## </param>
 #
-interface(`udev_pid_filetrans_db_dirs',`
+interface(`udev_pid_filetrans_db',`
 	gen_require(`
 		type udev_tbl_t;
 		type udev_var_run_t;
 	')
=20
-	filetrans_pattern($1, udev_var_run_t, udev_tbl_t, dir, $2)
+	filetrans_pattern($1, udev_var_run_t, udev_tbl_t, $2, $3)
 ')
=20
 ########################################

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.t=
e
index 321a43b..ce479f2 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -174,6 +174,8 @@ sysnet_etc_filetrans_config(udev_t)
=20
 userdom_dontaudit_search_user_home_content(udev_t)
=20
+udev_pid_filetrans_db(udev_t, dir, "data")
+
 ifdef(`distro_gentoo',`
 	# during boot, init scripts use /dev/.rcsysinit
 	# existance to determine if we are in early booting