[selinux-policy: 2212/3172] fix ordering of interface calls in locallogin.

[Daniel J Walsh]

commit 8cd1306e5b93dbf7131e529144d8145e1f8466b2
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Aug 5 10:06:04 2009 -0400

    fix ordering of interface calls in locallogin.

 policy/modules/system/locallogin.te |   46 +++++++++++++++++-----------------
 1 files changed, 23 insertions(+), 23 deletions(-)
---
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 3cb6ca2..30e25c7 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -61,6 +61,13 @@ kernel_read_kernel_sysctls(local_login_t)
 kernel_search_key(local_login_t)
 kernel_link_key(local_login_t)
 
+corecmd_list_bin(local_login_t)
+corecmd_read_bin_symlinks(local_login_t)
+# cjp: these are probably not needed:
+corecmd_read_bin_files(local_login_t)
+corecmd_read_bin_pipes(local_login_t)
+corecmd_read_bin_sockets(local_login_t)
+
 dev_setattr_mouse_dev(local_login_t)
 dev_getattr_mouse_dev(local_login_t)
 dev_getattr_power_mgmt_dev(local_login_t)
@@ -84,6 +91,20 @@ dev_dontaudit_search_sysfs(local_login_t)
 dev_dontaudit_getattr_video_dev(local_login_t)
 dev_dontaudit_setattr_video_dev(local_login_t)
 
+domain_read_all_entry_files(local_login_t)
+
+files_read_etc_files(local_login_t)
+files_read_etc_runtime_files(local_login_t)
+files_read_usr_files(local_login_t)
+files_list_mnt(local_login_t)
+files_list_world_readable(local_login_t)
+files_read_world_readable_files(local_login_t)
+files_read_world_readable_symlinks(local_login_t)
+files_read_world_readable_pipes(local_login_t)
+files_read_world_readable_sockets(local_login_t)
+# for when /var/mail is a symlink
+files_read_var_symlinks(local_login_t)
+
 fs_search_auto_mountpoints(local_login_t)
 
 storage_dontaudit_getattr_fixed_disk_dev(local_login_t)
@@ -104,27 +125,6 @@ auth_manage_pam_pid(local_login_t)
 auth_manage_pam_console_data(local_login_t)
 auth_domtrans_pam_console(local_login_t)
 
-corecmd_list_bin(local_login_t)
-corecmd_read_bin_symlinks(local_login_t)
-# cjp: these are probably not needed:
-corecmd_read_bin_files(local_login_t)
-corecmd_read_bin_pipes(local_login_t)
-corecmd_read_bin_sockets(local_login_t)
-
-domain_read_all_entry_files(local_login_t)
-
-files_read_etc_files(local_login_t)
-files_read_etc_runtime_files(local_login_t)
-files_read_usr_files(local_login_t)
-files_list_mnt(local_login_t)
-files_list_world_readable(local_login_t)
-files_read_world_readable_files(local_login_t)
-files_read_world_readable_symlinks(local_login_t)
-files_read_world_readable_pipes(local_login_t)
-files_read_world_readable_sockets(local_login_t)
-# for when /var/mail is a symlink
-files_read_var_symlinks(local_login_t)
-
 init_dontaudit_use_fds(local_login_t)
 
 miscfiles_read_localization(local_login_t)
@@ -219,6 +219,8 @@ files_read_etc_files(sulogin_t)
 # because file systems are not mounted:
 files_dontaudit_search_isid_type_dirs(sulogin_t)
 
+auth_read_shadow(sulogin_t)
+
 init_getpgid_script(sulogin_t)
 
 logging_send_syslog_msg(sulogin_t)
@@ -226,8 +228,6 @@ logging_send_syslog_msg(sulogin_t)
 seutil_read_config(sulogin_t)
 seutil_read_default_contexts(sulogin_t)
 
-auth_read_shadow(sulogin_t)
-
 userdom_use_unpriv_users_fds(sulogin_t)
 
 userdom_search_user_home_dirs(sulogin_t)