[selinux-policy: 1456/3172] cleanup init_t a little

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:11:14 UTC 2010 

commit 2288381d08649cb1c6217b8f1a18519d5a27a0d8
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 19 17:44:27 2006 +0000

    cleanup init_t a little

 refpolicy/policy/modules/system/init.if |    1 -
 refpolicy/policy/modules/system/init.te |   30 ++++++++++++++----------------
 2 files changed, 14 insertions(+), 17 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 4bf2db6..00e8994 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -444,7 +444,6 @@ interface(`init_domtrans_script',`
 	files_list_etc($1)
 	domain_auto_trans($1,initrc_exec_t,initrc_t)
 
-	allow $1 initrc_t:fd use;
 	allow initrc_t $1:fd use;
 	allow initrc_t $1:fifo_file rw_file_perms;
 	allow initrc_t $1:process sigchld;
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 6e8ac96..f7f6089 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init,1.3.13)
+policy_module(init,1.3.14)
 
 gen_require(`
 	class passwd rootok;
@@ -115,26 +115,15 @@ dev_filetrans(init_t,initctl_t,fifo_file)
 # Modify utmp.
 allow init_t initrc_var_run_t:file { rw_file_perms setattr };
 
-# Run init scripts.
-domain_auto_trans(init_t,initrc_exec_t,initrc_t)
-
 kernel_read_system_state(init_t)
 kernel_share_state(init_t)
 
-dev_read_sysfs(init_t)
-
-mcs_process_set_categories(init_t)
-
-mls_process_write_down(init_t)
-
-selinux_set_boolean(init_t)
-
-term_use_all_terms(init_t)
-
 corecmd_exec_chroot(init_t)
 corecmd_exec_bin(init_t)
 corecmd_exec_sbin(init_t)
 
+dev_read_sysfs(init_t)
+
 domain_kill_all_domains(init_t)
 domain_signal_all_domains(init_t)
 domain_signull_all_domains(init_t)
@@ -156,6 +145,17 @@ files_dontaudit_rw_root_chr_files(init_t)
 # cjp: this may be related to /dev/log
 fs_write_ramfs_sockets(init_t)
 
+mcs_process_set_categories(init_t)
+
+mls_process_write_down(init_t)
+
+selinux_set_boolean(init_t)
+
+term_use_all_terms(init_t)
+
+# Run init scripts.
+init_domtrans_script(init_t)
+
 libs_use_ld_so(init_t)
 libs_use_shared_libs(init_t)
 libs_rw_ld_so_cache(init_t)
@@ -216,8 +216,6 @@ allow initrc_t self:udp_socket create_socket_perms;
 allow initrc_t self:fifo_file rw_file_perms;
 allow initrc_t self:netlink_route_socket r_netlink_socket_perms;
 
-allow initrc_t init_t:fd use;
-
 allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
 term_create_pty(initrc_t,initrc_devpts_t)

More information about the scm-commits mailing list