[selinux-policy: 2205/3172] fix ordering of interface calls in authlogin.

Thu Oct 7 22:15:49 UTC 2010

commit 2acba7bbdbeda96012e155f3dffeb5904a1ffdc7
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Aug 5 09:51:47 2009 -0400

    fix ordering of interface calls in authlogin.

 policy/modules/system/authlogin.te |   30 +++++++++++++++---------------
 1 files changed, 15 insertions(+), 15 deletions(-)
---

diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 98eee68..d5840d6 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -159,6 +159,8 @@ auth_use_nsswitch(pam_t)
 
 kernel_read_system_state(pam_t)
 
+files_read_etc_files(pam_t)
+
 fs_search_auto_mountpoints(pam_t)
 
 miscfiles_read_localization(pam_t)
@@ -168,8 +170,6 @@ term_use_all_user_ptys(pam_t)
 
 init_dontaudit_rw_utmp(pam_t)
 
-files_read_etc_files(pam_t)
-
 logging_send_syslog_msg(pam_t)
 
 ifdef(`distro_ubuntu',`
@@ -231,6 +231,17 @@ dev_getattr_xserver_misc_dev(pam_console_t)
 dev_setattr_xserver_misc_dev(pam_console_t)
 dev_read_urand(pam_console_t)
 
+files_read_etc_files(pam_console_t)
+files_search_pids(pam_console_t)
+files_list_mnt(pam_console_t)
+files_dontaudit_search_isid_type_dirs(pam_console_t)
+# read /etc/mtab
+files_read_etc_runtime_files(pam_console_t)
+
+fs_list_auto_mountpoints(pam_console_t)
+fs_list_noxattr_fs(pam_console_t)
+fs_getattr_all_fs(pam_console_t)
+
 mls_file_read_all_levels(pam_console_t)
 mls_file_write_all_levels(pam_console_t)
 
@@ -253,17 +264,6 @@ auth_use_nsswitch(pam_console_t)
 
 domain_use_interactive_fds(pam_console_t)
 
-files_read_etc_files(pam_console_t)
-files_search_pids(pam_console_t)
-files_list_mnt(pam_console_t)
-files_dontaudit_search_isid_type_dirs(pam_console_t)
-# read /etc/mtab
-files_read_etc_runtime_files(pam_console_t)
-
-fs_list_auto_mountpoints(pam_console_t)
-fs_list_noxattr_fs(pam_console_t)
-fs_getattr_all_fs(pam_console_t)
-
 init_use_fds(pam_console_t)
 init_use_script_ptys(pam_console_t)
 
@@ -352,6 +352,8 @@ allow utempter_t wtmp_t:file rw_file_perms;
 
 dev_read_urand(utempter_t)
 
+files_read_etc_files(utempter_t)
+
 term_getattr_all_user_ttys(utempter_t)
 term_getattr_all_user_ptys(utempter_t)
 term_dontaudit_use_all_user_ttys(utempter_t)
@@ -360,8 +362,6 @@ term_dontaudit_use_ptmx(utempter_t)
 
 init_rw_utmp(utempter_t)
 
-files_read_etc_files(utempter_t)
-
 domain_use_interactive_fds(utempter_t)
 
 logging_search_logs(utempter_t)
