[selinux-policy: 1786/3172] trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels()
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:39:21 UTC 2010
commit f8233ab7b0154f836ecc81367bf00e0ff976af65
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Aug 20 18:26:08 2007 +0000
trunk: Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency.
Changelog | 2 ++
policy/modules/admin/bootloader.te | 4 ++--
policy/modules/admin/consoletype.te | 4 ++--
policy/modules/admin/dmidecode.te | 2 +-
policy/modules/admin/dpkg.te | 8 ++++----
policy/modules/admin/kudzu.te | 4 ++--
policy/modules/admin/logrotate.te | 4 ++--
policy/modules/admin/quota.te | 2 +-
policy/modules/admin/readahead.te | 2 +-
policy/modules/admin/rpm.te | 8 ++++----
policy/modules/admin/su.if | 2 +-
policy/modules/admin/tmpreaper.te | 4 ++--
policy/modules/admin/usermanage.te | 2 +-
policy/modules/kernel/mls.if | 4 ++--
policy/modules/services/cups.te | 4 ++--
policy/modules/services/hal.te | 2 +-
policy/modules/services/networkmanager.te | 2 +-
policy/modules/services/smartmon.te | 2 +-
policy/modules/system/authlogin.if | 4 ++--
policy/modules/system/authlogin.te | 4 ++--
policy/modules/system/fstools.te | 4 ++--
policy/modules/system/getty.te | 4 ++--
policy/modules/system/init.te | 8 ++++----
policy/modules/system/iptables.te | 2 +-
policy/modules/system/logging.te | 8 ++++----
policy/modules/system/modutils.te | 2 +-
policy/modules/system/mount.te | 4 ++--
policy/modules/system/selinuxutil.te | 14 +++++++-------
policy/modules/system/setrans.te | 4 ++--
policy/modules/system/udev.te | 4 ++--
policy/modules/system/userdomain.if | 2 +-
policy/modules/system/userdomain.te | 4 ++--
32 files changed, 66 insertions(+), 64 deletions(-)
---
diff --git a/Changelog b/Changelog
index 6a50983..951b549 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
+ mls_write_all_levels() and mls_read_all_levels(), for consistency.
- Add make kernel and init ranged interfaces pass the range transition MLS
constraints. Also remove calls to mls_rangetrans_target() in modules that use
the kernel and init interfaces, since its redundant.
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index 11d26ed..a467412 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -90,8 +90,8 @@ fs_read_tmpfs_symlinks(bootloader_t)
#Needed for ia64
fs_manage_dos_files(bootloader_t)
-mls_file_read_up(bootloader_t)
-mls_file_write_down(bootloader_t)
+mls_file_read_all_levels(bootloader_t)
+mls_file_write_all_levels(bootloader_t)
term_getattr_all_user_ttys(bootloader_t)
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
index bc5172d..94271c9 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -10,8 +10,8 @@ type consoletype_t;
type consoletype_exec_t;
application_executable_file(consoletype_exec_t)
init_domain(consoletype_t,consoletype_exec_t)
-mls_file_read_up(consoletype_t)
-mls_file_write_down(consoletype_t)
+mls_file_read_all_levels(consoletype_t)
+mls_file_write_all_levels(consoletype_t)
role system_r types consoletype_t;
ifdef(`targeted_policy',`',`
diff --git a/policy/modules/admin/dmidecode.te b/policy/modules/admin/dmidecode.te
index ffbca64..8db3734 100644
--- a/policy/modules/admin/dmidecode.te
+++ b/policy/modules/admin/dmidecode.te
@@ -21,7 +21,7 @@ allow dmidecode_t self:capability sys_rawio;
# Allow dmidecode to read /dev/mem
dev_read_raw_memory(dmidecode_t)
-mls_file_read_up(dmidecode_t)
+mls_file_read_all_levels(dmidecode_t)
term_list_ptys(dmidecode_t)
diff --git a/policy/modules/admin/dpkg.te b/policy/modules/admin/dpkg.te
index 9ffc409..df270e9 100644
--- a/policy/modules/admin/dpkg.te
+++ b/policy/modules/admin/dpkg.te
@@ -126,8 +126,8 @@ fs_manage_nfs_symlinks(dpkg_t)
fs_getattr_all_fs(dpkg_t)
fs_search_auto_mountpoints(dpkg_t)
-mls_file_read_up(dpkg_t)
-mls_file_write_down(dpkg_t)
+mls_file_read_all_levels(dpkg_t)
+mls_file_write_all_levels(dpkg_t)
mls_file_upgrade(dpkg_t)
selinux_get_fs_mount(dpkg_t)
@@ -268,8 +268,8 @@ fs_mount_xattr_fs(dpkg_script_t)
fs_unmount_xattr_fs(dpkg_script_t)
fs_search_auto_mountpoints(dpkg_script_t)
-mls_file_read_up(dpkg_script_t)
-mls_file_write_down(dpkg_script_t)
+mls_file_read_all_levels(dpkg_script_t)
+mls_file_write_all_levels(dpkg_script_t)
selinux_get_fs_mount(dpkg_script_t)
selinux_validate_context(dpkg_script_t)
diff --git a/policy/modules/admin/kudzu.te b/policy/modules/admin/kudzu.te
index 4c8d5c7..fb51cb3 100644
--- a/policy/modules/admin/kudzu.te
+++ b/policy/modules/admin/kudzu.te
@@ -62,8 +62,8 @@ fs_search_auto_mountpoints(kudzu_t)
fs_search_ramfs(kudzu_t)
fs_write_ramfs_sockets(kudzu_t)
-mls_file_read_up(kudzu_t)
-mls_file_write_down(kudzu_t)
+mls_file_read_all_levels(kudzu_t)
+mls_file_write_all_levels(kudzu_t)
modutils_read_module_deps(kudzu_t)
modutils_read_module_config(kudzu_t)
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index 3258b60..25e4744 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -72,8 +72,8 @@ dev_read_urand(logrotate_t)
fs_search_auto_mountpoints(logrotate_t)
fs_getattr_xattr_fs(logrotate_t)
-mls_file_read_up(logrotate_t)
-mls_file_write_down(logrotate_t)
+mls_file_read_all_levels(logrotate_t)
+mls_file_write_all_levels(logrotate_t)
mls_file_upgrade(logrotate_t)
selinux_get_fs_mount(logrotate_t)
diff --git a/policy/modules/admin/quota.te b/policy/modules/admin/quota.te
index 2aab40a..c52b0d2 100644
--- a/policy/modules/admin/quota.te
+++ b/policy/modules/admin/quota.te
@@ -50,7 +50,7 @@ fs_getattr_xattr_fs(quota_t)
fs_remount_xattr_fs(quota_t)
fs_search_auto_mountpoints(quota_t)
-mls_file_read_up(quota_t)
+mls_file_read_all_levels(quota_t)
storage_raw_read_fixed_disk(quota_t)
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 13efda9..849d2d5 100644
--- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te
@@ -54,7 +54,7 @@ fs_dontaudit_read_ramfs_pipes(readahead_t)
fs_dontaudit_read_ramfs_files(readahead_t)
fs_read_tmpfs_symlinks(readahead_t)
-mls_file_read_up(readahead_t)
+mls_file_read_all_levels(readahead_t)
term_dontaudit_use_console(readahead_t)
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index da6d7bd..762f519 100644
--- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te
@@ -115,8 +115,8 @@ fs_manage_nfs_symlinks(rpm_t)
fs_getattr_all_fs(rpm_t)
fs_search_auto_mountpoints(rpm_t)
-mls_file_read_up(rpm_t)
-mls_file_write_down(rpm_t)
+mls_file_read_all_levels(rpm_t)
+mls_file_write_all_levels(rpm_t)
mls_file_upgrade(rpm_t)
mls_file_downgrade(rpm_t)
@@ -276,8 +276,8 @@ fs_search_auto_mountpoints(rpm_script_t)
mcs_killall(rpm_script_t)
mcs_ptrace_all(rpm_script_t)
-mls_file_read_up(rpm_script_t)
-mls_file_write_down(rpm_script_t)
+mls_file_read_all_levels(rpm_script_t)
+mls_file_write_all_levels(rpm_script_t)
selinux_get_fs_mount(rpm_script_t)
selinux_validate_context(rpm_script_t)
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index 9659f2c..6c337fa 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -221,7 +221,7 @@ template(`su_per_role_template',`
# Write to utmp.
init_rw_utmp($1_su_t)
- mls_file_write_down($1_su_t)
+ mls_file_write_all_levels($1_su_t)
libs_use_ld_so($1_su_t)
libs_use_shared_libs($1_su_t)
diff --git a/policy/modules/admin/tmpreaper.te b/policy/modules/admin/tmpreaper.te
index 5057e7a..0d49a6a 100644
--- a/policy/modules/admin/tmpreaper.te
+++ b/policy/modules/admin/tmpreaper.te
@@ -29,8 +29,8 @@ files_purge_tmp(tmpreaper_t)
# why does it need setattr?
files_setattr_all_tmp_dirs(tmpreaper_t)
-mls_file_read_up(tmpreaper_t)
-mls_file_write_down(tmpreaper_t)
+mls_file_read_all_levels(tmpreaper_t)
+mls_file_write_all_levels(tmpreaper_t)
libs_use_ld_so(tmpreaper_t)
libs_use_shared_libs(tmpreaper_t)
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index d03e317..a393442 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -281,7 +281,7 @@ dev_read_urand(passwd_t)
fs_getattr_xattr_fs(passwd_t)
fs_search_auto_mountpoints(passwd_t)
-mls_file_write_down(passwd_t)
+mls_file_write_all_levels(passwd_t)
mls_file_downgrade(passwd_t)
selinux_get_fs_mount(passwd_t)
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
index e6250e2..0b30904 100644
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@@ -53,7 +53,7 @@ interface(`mls_file_read_to_clearance',`
## </param>
#
interface(`mls_file_read_up',`
-# refpolicywarn(`$0($*) has been deprecated, please use mls_file_read_all_levels() instead.')
+ refpolicywarn(`$0($*) has been deprecated, please use mls_file_read_all_levels() instead.')
mls_file_read_all_levels($1)
')
@@ -119,7 +119,7 @@ interface(`mls_file_write_to_clearance',`
## </param>
#
interface(`mls_file_write_down',`
-# refpolicywarn(`$0($*) has been deprecated, please use mls_file_write_all_levels() instead.')
+ refpolicywarn(`$0($*) has been deprecated, please use mls_file_write_all_levels() instead.')
mls_file_write_all_levels($1)
')
diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te
index bf89435..f90d054 100644
--- a/policy/modules/services/cups.te
+++ b/policy/modules/services/cups.te
@@ -167,8 +167,8 @@ fs_search_auto_mountpoints(cupsd_t)
mls_fd_use_all_levels(cupsd_t)
mls_file_downgrade(cupsd_t)
-mls_file_write_down(cupsd_t)
-mls_file_read_up(cupsd_t)
+mls_file_write_all_levels(cupsd_t)
+mls_file_read_all_levels(cupsd_t)
mls_socket_write_all_levels(cupsd_t)
term_use_unallocated_ttys(cupsd_t)
diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te
index ba6bab3..1f1ddf1 100644
--- a/policy/modules/services/hal.te
+++ b/policy/modules/services/hal.te
@@ -138,7 +138,7 @@ fs_list_inotifyfs(hald_t)
fs_list_auto_mountpoints(hald_t)
files_getattr_all_mountpoints(hald_t)
-mls_file_read_up(hald_t)
+mls_file_read_all_levels(hald_t)
selinux_get_fs_mount(hald_t)
selinux_validate_context(hald_t)
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index 0d53b20..3d7fb68 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -66,7 +66,7 @@ dev_read_urand(NetworkManager_t)
fs_getattr_all_fs(NetworkManager_t)
fs_search_auto_mountpoints(NetworkManager_t)
-mls_file_read_up(NetworkManager_t)
+mls_file_read_all_levels(NetworkManager_t)
selinux_dontaudit_search_fs(NetworkManager_t)
diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te
index 60255f6..c702de5 100644
--- a/policy/modules/services/smartmon.te
+++ b/policy/modules/services/smartmon.te
@@ -60,7 +60,7 @@ files_read_etc_files(fsdaemon_t)
fs_getattr_all_fs(fsdaemon_t)
fs_search_auto_mountpoints(fsdaemon_t)
-mls_file_read_up(fsdaemon_t)
+mls_file_read_all_levels(fsdaemon_t)
storage_raw_read_fixed_disk(fsdaemon_t)
storage_raw_write_fixed_disk(fsdaemon_t)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 753ffed..cc2c243 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -197,8 +197,8 @@ interface(`auth_login_pgm_domain',`
selinux_compute_relabel_context($1)
selinux_compute_user_contexts($1)
- mls_file_read_up($1)
- mls_file_write_down($1)
+ mls_file_read_all_levels($1)
+ mls_file_write_all_levels($1)
mls_file_upgrade($1)
mls_file_downgrade($1)
mls_process_set_level($1)
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 3c6b300..f7a2c8a 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -169,8 +169,8 @@ dev_getattr_xserver_misc_dev(pam_console_t)
dev_setattr_xserver_misc_dev(pam_console_t)
dev_read_urand(pam_console_t)
-mls_file_read_up(pam_console_t)
-mls_file_write_down(pam_console_t)
+mls_file_read_all_levels(pam_console_t)
+mls_file_write_all_levels(pam_console_t)
storage_getattr_fixed_disk_dev(pam_console_t)
storage_setattr_fixed_disk_dev(pam_console_t)
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 50d2f18..4d7854e 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -96,8 +96,8 @@ fs_search_tmpfs(fsadm_t)
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
-mls_file_read_up(fsadm_t)
-mls_file_write_down(fsadm_t)
+mls_file_read_all_levels(fsadm_t)
+mls_file_write_all_levels(fsadm_t)
storage_raw_read_fixed_disk(fsadm_t)
storage_raw_write_fixed_disk(fsadm_t)
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
index dd5b7e8..edfbabb 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -66,8 +66,8 @@ fs_getattr_xattr_fs(getty_t)
mcs_process_set_categories(getty_t)
-mls_file_read_up(getty_t)
-mls_file_write_down(getty_t)
+mls_file_read_all_levels(getty_t)
+mls_file_write_all_levels(getty_t)
# Chown, chmod, read and write ttys.
term_use_all_user_ttys(getty_t)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 92ef6ba..e4f2b87 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -140,8 +140,8 @@ fs_write_ramfs_sockets(init_t)
mcs_process_set_categories(init_t)
mcs_killall(init_t)
-mls_file_read_up(init_t)
-mls_file_write_down(init_t)
+mls_file_read_all_levels(init_t)
+mls_file_write_all_levels(init_t)
mls_process_write_down(init_t)
mls_fd_use_all_levels(init_t)
@@ -287,8 +287,8 @@ mcs_ptrace_all(initrc_t)
mcs_killall(initrc_t)
mcs_process_set_categories(initrc_t)
-mls_file_read_up(initrc_t)
-mls_file_write_down(initrc_t)
+mls_file_read_all_levels(initrc_t)
+mls_file_write_all_levels(initrc_t)
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index 6a6cd80..c5decd8 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -49,7 +49,7 @@ dev_read_sysfs(iptables_t)
fs_getattr_xattr_fs(iptables_t)
fs_search_auto_mountpoints(iptables_t)
-mls_file_read_up(iptables_t)
+mls_file_read_all_levels(iptables_t)
term_dontaudit_use_console(iptables_t)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index a4803b8..9628ffb 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -80,7 +80,7 @@ kernel_read_proc_symlinks(auditctl_t)
domain_read_all_domains_state(auditctl_t)
domain_use_interactive_fds(auditctl_t)
-mls_file_read_up(auditctl_t)
+mls_file_read_all_levels(auditctl_t)
term_use_all_terms(auditctl_t)
@@ -153,8 +153,8 @@ libs_use_shared_libs(auditd_t)
miscfiles_read_localization(auditd_t)
-mls_file_read_up(auditd_t)
-mls_file_write_down(auditd_t) # Need to be able to write to /var/run/ directory
+mls_file_read_all_levels(auditd_t)
+mls_file_write_all_levels(auditd_t) # Need to be able to write to /var/run/ directory
mls_fd_use_all_levels(auditd_t)
seutil_dontaudit_read_config(auditd_t)
@@ -222,7 +222,7 @@ logging_send_syslog_msg(klogd_t)
miscfiles_read_localization(klogd_t)
-mls_file_read_up(klogd_t)
+mls_file_read_all_levels(klogd_t)
userdom_dontaudit_search_sysadm_home_dirs(klogd_t)
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index e12a155..87e4b48 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -21,7 +21,7 @@ files_type(modules_dep_t)
type insmod_t;
type insmod_exec_t;
application_domain(insmod_t,insmod_exec_t)
-mls_file_write_down(insmod_t)
+mls_file_write_all_levels(insmod_t)
role system_r types insmod_t;
type depmod_t;
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 4cc9b97..f1f63e3 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -110,8 +110,8 @@ logging_send_syslog_msg(mount_t)
miscfiles_read_localization(mount_t)
-mls_file_read_up(mount_t)
-mls_file_write_down(mount_t)
+mls_file_read_all_levels(mount_t)
+mls_file_write_all_levels(mount_t)
sysnet_use_portmap(mount_t)
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 0906086..28f757d 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -178,7 +178,7 @@ files_read_etc_runtime_files(load_policy_t)
fs_getattr_xattr_fs(load_policy_t)
-mls_file_read_up(load_policy_t)
+mls_file_read_all_levels(load_policy_t)
selinux_get_fs_mount(load_policy_t)
selinux_load_policy(load_policy_t)
@@ -243,8 +243,8 @@ dev_read_urand(newrole_t)
fs_getattr_xattr_fs(newrole_t)
fs_search_auto_mountpoints(newrole_t)
-mls_file_read_up(newrole_t)
-mls_file_write_down(newrole_t)
+mls_file_read_all_levels(newrole_t)
+mls_file_write_all_levels(newrole_t)
mls_file_upgrade(newrole_t)
mls_file_downgrade(newrole_t)
mls_process_set_level(newrole_t)
@@ -472,8 +472,8 @@ files_read_etc_runtime_files(semanage_t)
files_read_usr_files(semanage_t)
files_list_pids(semanage_t)
-mls_file_write_down(semanage_t)
-mls_file_read_up(semanage_t)
+mls_file_write_all_levels(semanage_t)
+mls_file_read_all_levels(semanage_t)
selinux_validate_context(semanage_t)
selinux_get_enforce_mode(semanage_t)
@@ -551,8 +551,8 @@ fs_list_all(setfiles_t)
fs_search_auto_mountpoints(setfiles_t)
fs_relabelfrom_noxattr_fs(setfiles_t)
-mls_file_read_up(setfiles_t)
-mls_file_write_down(setfiles_t)
+mls_file_read_all_levels(setfiles_t)
+mls_file_write_all_levels(setfiles_t)
mls_file_upgrade(setfiles_t)
mls_file_downgrade(setfiles_t)
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index d070f7d..4c263a3 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -52,8 +52,8 @@ domain_getsession_all_domains(setrans_t)
files_read_etc_runtime_files(setrans_t)
-mls_file_read_up(setrans_t)
-mls_file_write_down(setrans_t)
+mls_file_read_all_levels(setrans_t)
+mls_file_write_all_levels(setrans_t)
mls_net_receive_all_levels(setrans_t)
mls_socket_write_all_levels(setrans_t)
mls_process_read_up(setrans_t)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index a4ed0a2..028789b 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -105,8 +105,8 @@ fs_list_inotifyfs(udev_t)
mcs_ptrace_all(udev_t)
-mls_file_read_up(udev_t)
-mls_file_write_down(udev_t)
+mls_file_read_all_levels(udev_t)
+mls_file_write_all_levels(udev_t)
mls_file_upgrade(udev_t)
mls_file_downgrade(udev_t)
mls_process_write_down(udev_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 6db2c1f..2248ca7 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1282,7 +1282,7 @@ template(`userdom_security_admin_template',`
fs_manage_dos_files($1)
mls_process_read_up($1)
- mls_file_read_up($1)
+ mls_file_read_all_levels($1)
mls_file_upgrade($1)
mls_file_downgrade($1)
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 6a1f647..a7fbb1b 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -198,8 +198,8 @@ ifdef(`strict_policy',`
corecmd_exec_shell(secadm_t)
domain_obj_id_change_exemption(secadm_t)
mls_process_read_up(secadm_t)
- mls_file_read_up(secadm_t)
- mls_file_write_down(secadm_t)
+ mls_file_read_all_levels(secadm_t)
+ mls_file_write_all_levels(secadm_t)
mls_file_upgrade(secadm_t)
mls_file_downgrade(secadm_t)
auth_relabel_all_files_except_shadow(secadm_t)
More information about the scm-commits
mailing list