[selinux-policy: 1854/3172] trunk: reorganize selinuxutil.

Thu Oct 7 21:45:21 UTC 2010

commit 389ad7b48d84a09afeae4fc826d9e4b7f7b816da
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Nov 16 15:39:09 2007 +0000

    trunk: reorganize selinuxutil.

 policy/modules/system/selinuxutil.te |   76 +++++++++++++++++-----------------
 1 files changed, 38 insertions(+), 38 deletions(-)
---

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 3b18326..13f3daf 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -54,7 +54,6 @@ domain_role_change_exemption(newrole_t)
 domain_obj_id_change_exemption(newrole_t)
 domain_interactive_fd(newrole_t)
 
-
 #
 # policy_config_t is the type of /etc/security/selinux/*
 # the security server policy configuration.
@@ -132,16 +131,16 @@ read_files_pattern(checkpolicy_t,policy_src_t,policy_src_t)
 read_lnk_files_pattern(checkpolicy_t,policy_src_t,policy_src_t)
 allow checkpolicy_t selinux_config_t:dir search_dir_perms;
 
-fs_getattr_xattr_fs(checkpolicy_t)
-
-term_use_console(checkpolicy_t)
-
 domain_use_interactive_fds(checkpolicy_t)
 
 files_list_usr(checkpolicy_t)
 # directory search permissions for path to source and binary policy files
 files_search_etc(checkpolicy_t)
 
+fs_getattr_xattr_fs(checkpolicy_t)
+
+term_use_console(checkpolicy_t)
+
 init_use_fds(checkpolicy_t)
 init_use_script_ptys(checkpolicy_t)
 
@@ -191,6 +190,7 @@ userdom_use_all_users_fds(load_policy_t)
 ifdef(`hide_broken_symptoms',`
 	# cjp: cover up stray file descriptors.
 	dontaudit load_policy_t selinux_config_t:file write;
+
 	optional_policy(`
 		unconfined_dontaudit_read_pipes(load_policy_t)
 	')
@@ -221,8 +221,19 @@ read_lnk_files_pattern(newrole_t,default_context_t,default_context_t)
 kernel_read_system_state(newrole_t)
 kernel_read_kernel_sysctls(newrole_t)
 
+corecmd_list_bin(newrole_t)
+corecmd_read_bin_symlinks(newrole_t)
+
 dev_read_urand(newrole_t)
 
+domain_use_interactive_fds(newrole_t)
+# for when the user types "exec newrole" at the command line:
+domain_sigchld_interactive_fds(newrole_t)
+
+files_read_etc_files(newrole_t)
+files_read_var_files(newrole_t)
+files_read_var_symlinks(newrole_t)
+
 fs_getattr_xattr_fs(newrole_t)
 fs_search_auto_mountpoints(newrole_t)
 
@@ -249,21 +260,10 @@ term_dontaudit_use_unallocated_ttys(newrole_t)
 auth_domtrans_chk_passwd(newrole_t)
 auth_rw_faillog(newrole_t)
 
-corecmd_list_bin(newrole_t)
-corecmd_read_bin_symlinks(newrole_t)
-
-domain_use_interactive_fds(newrole_t)
-# for when the user types "exec newrole" at the command line:
-domain_sigchld_interactive_fds(newrole_t)
-
 # Write to utmp.
 init_rw_utmp(newrole_t)
 init_use_fds(newrole_t)
 
-files_read_etc_files(newrole_t)
-files_read_var_files(newrole_t)
-files_read_var_symlinks(newrole_t)
-
 libs_use_ld_so(newrole_t)
 libs_use_shared_libs(newrole_t)
 
@@ -358,30 +358,30 @@ allow run_init_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_r
 # the failed access to the current directory
 dontaudit run_init_t self:capability { dac_override dac_read_search };
 
-fs_getattr_xattr_fs(run_init_t)
-
-dev_dontaudit_list_all_dev_nodes(run_init_t)
-
-term_dontaudit_list_ptys(run_init_t)
-
-auth_domtrans_chk_passwd(run_init_t)
-auth_dontaudit_read_shadow(run_init_t)
-
 corecmd_exec_bin(run_init_t)
 corecmd_exec_shell(run_init_t)
 
+dev_dontaudit_list_all_dev_nodes(run_init_t)
+
 domain_use_interactive_fds(run_init_t)
 
 files_read_etc_files(run_init_t)
 files_dontaudit_search_all_dirs(run_init_t)
 
+fs_getattr_xattr_fs(run_init_t)
+
+mls_rangetrans_source(run_init_t)
+
 selinux_validate_context(run_init_t)
 selinux_compute_access_vector(run_init_t)
 selinux_compute_create_context(run_init_t)
 selinux_compute_relabel_context(run_init_t)
 selinux_compute_user_contexts(run_init_t)
 
-mls_rangetrans_source(run_init_t)
+term_dontaudit_list_ptys(run_init_t)
+
+auth_domtrans_chk_passwd(run_init_t)
+auth_dontaudit_read_shadow(run_init_t)
 
 init_spec_domtrans_script(run_init_t)
 # for utmp
@@ -390,12 +390,12 @@ init_rw_utmp(run_init_t)
 libs_use_ld_so(run_init_t)
 libs_use_shared_libs(run_init_t)
 
-seutil_libselinux_linked(run_init_t)
-seutil_read_default_contexts(run_init_t)
+logging_send_syslog_msg(run_init_t)
 
 miscfiles_read_localization(run_init_t)
 
-logging_send_syslog_msg(run_init_t)
+seutil_libselinux_linked(run_init_t)
+seutil_read_default_contexts(run_init_t)
 
 ifndef(`direct_sysadm_daemon',`
 	ifdef(`distro_gentoo',`
@@ -467,7 +467,7 @@ miscfiles_read_localization(semanage_t)
 
 seutil_libselinux_linked(semanage_t)
 seutil_manage_file_contexts(semanage_t)
-seutil_manage_selinux_config(semanage_t)
+seutil_manage_config(semanage_t)
 seutil_domtrans_setfiles(semanage_t)
 seutil_domtrans_loadpolicy(semanage_t)
 seutil_manage_bin_policy(semanage_t)
@@ -524,6 +524,14 @@ kernel_dontaudit_list_all_sysctls(setfiles_t)
 
 dev_relabel_all_dev_nodes(setfiles_t)
 
+domain_use_interactive_fds(setfiles_t)
+domain_dontaudit_search_all_domains_state(setfiles_t)
+
+files_read_etc_runtime_files(setfiles_t)
+files_read_etc_files(setfiles_t)
+files_list_all(setfiles_t)
+files_relabel_all_files(setfiles_t)
+
 fs_getattr_xattr_fs(setfiles_t)
 fs_list_all(setfiles_t)
 fs_search_auto_mountpoints(setfiles_t)
@@ -552,17 +560,9 @@ init_use_script_fds(setfiles_t)
 init_use_script_ptys(setfiles_t)
 init_exec_script_files(setfiles_t)
 
-domain_use_interactive_fds(setfiles_t)
-domain_dontaudit_search_all_domains_state(setfiles_t)
-
 libs_use_ld_so(setfiles_t)
 libs_use_shared_libs(setfiles_t)
 
-files_read_etc_runtime_files(setfiles_t)
-files_read_etc_files(setfiles_t)
-files_list_all(setfiles_t)
-files_relabel_all_files(setfiles_t)
-
 logging_send_syslog_msg(setfiles_t)
 
 miscfiles_read_localization(setfiles_t)
