[selinux-policy: 152/3172] add files_make_temporary_file and remove type attribute from create_private_tmp
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:18:11 UTC 2010
commit 38e24ae49eadad54f3723758144bfe3536678001
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed May 11 19:21:40 2005 +0000
add files_make_temporary_file and remove type attribute from
create_private_tmp
refpolicy/policy/modules/admin/netutils.te | 2 +-
refpolicy/policy/modules/admin/usermanage.te | 2 +-
refpolicy/policy/modules/apps/gpg.if | 2 +-
refpolicy/policy/modules/kernel/bootloader.te | 2 +-
refpolicy/policy/modules/services/cron.te | 4 ++--
refpolicy/policy/modules/services/mta.if | 2 +-
refpolicy/policy/modules/services/remotelogin.te | 2 +-
refpolicy/policy/modules/system/authlogin.te | 2 +-
refpolicy/policy/modules/system/files.if | 16 ++++++++++++++--
refpolicy/policy/modules/system/getty.te | 6 +++---
refpolicy/policy/modules/system/init.te | 2 +-
refpolicy/policy/modules/system/iptables.te | 2 +-
refpolicy/policy/modules/system/logging.te | 4 ++--
refpolicy/policy/modules/system/modutils.te | 2 +-
refpolicy/policy/modules/system/mount.te | 2 +-
refpolicy/policy/modules/system/sysnetwork.te | 2 +-
16 files changed, 33 insertions(+), 21 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index cdff63f..8445136 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -13,7 +13,7 @@ domain_make_system_domain(netutils_t,netutils_exec_t)
role system_r types netutils_t;
type netutils_tmp_t;
-files_make_file(netutils_tmp_t)
+files_make_temporary_file(netutils_tmp_t)
type ping_t; #, nscd_client_domain;
type ping_exec_t;
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 33b8504..6b95a66 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -28,7 +28,7 @@ type crack_db_t; #, usercanread;
files_make_file(crack_db_t)
type crack_tmp_t;
-files_make_file(crack_tmp_t)
+files_make_temporary_file(crack_tmp_t)
type groupadd_t; #, nscd_client_domain;
type groupadd_exec_t;
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 2fc096d..ca83e74 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -25,7 +25,7 @@ domain_make_entrypoint_file($1_gpg_agent_t,gpg_agent_exec_t)
role $1_r types $1_gpg_agent_t;
type $1_gpg_agent_tmp_t;
-files_make_file($1_gpg_agent_tmp_t)
+files_make_temporary_file($1_gpg_agent_tmp_t)
type $1_gpg_secret_t; #, $1_file_type;
files_make_file($1_gpg_secret_t)
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index 4577903..94ed02d 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -43,7 +43,7 @@ files_make_file(bootloader_etc_t)
# it consists of files and device nodes
#
type bootloader_tmp_t;
-files_make_file(bootloader_tmp_t)
+files_make_temporary_file(bootloader_tmp_t)
devices_make_device_node(bootloader_tmp_t)
# kernel modules
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index a34b524..6d49187 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -28,7 +28,7 @@ type crond_log_t;
logging_make_log_file(crond_log_t)
type crond_tmp_t;
-files_make_file(crond_tmp_t)
+files_make_temporary_file(crond_tmp_t)
type crond_var_run_t;
files_make_file(crond_var_run_t)
@@ -43,7 +43,7 @@ corecommands_make_shell_entrypoint(system_crond_t)
role system_r types system_crond_t;
type system_crond_tmp_t;
-files_make_file(system_crond_tmp_t)
+files_make_temporary_file(system_crond_tmp_t)
########################################
#
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 6b41ebb..8ead83e 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -13,7 +13,7 @@ type $1_mail_t;
domain_make_domain($1_mail_t)
type $1_mail_tmp_t;
-files_make_file($1_mail_tmp_t)
+files_make_temporary_file($1_mail_tmp_t)
logging_send_system_log_message($1_mail_t)
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index cd0054f..14cbadc 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -17,7 +17,7 @@ authlogin_make_login_program_entrypoint(remote_login_t)
role system_r types remote_login_t;
type remote_login_tmp_t;
-files_make_file(remote_login_tmp_t)
+files_make_temporary_file(remote_login_tmp_t)
########################################
#
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index dacadde..5e6b50a 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -33,7 +33,7 @@ type pam_exec_t;
domain_make_entrypoint_file(pam_t,pam_exec_t)
type pam_tmp_t;
-files_make_file(pam_tmp_t)
+files_make_temporary_file(pam_tmp_t)
type pam_var_console_t; #, nscd_client_domain
files_make_file(pam_var_console_t)
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index c334694..17ebea4 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -17,6 +17,20 @@ attribute file_type;
########################################
#
+# files_make_temporary_file(type)
+#
+define(`files_make_temporary_file',`
+requires_block_template(`$0'_depend)
+files_make_file($1)
+typeattribute $1 tmpfile;
+')
+
+define(`files_make_temporary_file_depend',`
+attribute tmpfile;
+')
+
+########################################
+#
# files_make_mountpoint(type)
#
define(`files_make_mountpoint',`
@@ -462,11 +476,9 @@ type_transition $1 tmp_t:file $2;
',`
type_transition $1 tmp_t:$3 $2;
')
-typeattribute $1 tmpfile;
')
define(`files_create_private_tmp_data_depend',`
-attribute tmpfile;
type tmp_t;
class dir { getattr search read write add_name };
')
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index 54abb19..ca2feb1 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -10,12 +10,12 @@ domain_make_file_descriptors_widely_inheritable(getty_t)
type getty_etc_t;
typealias getty_etc_t alias etc_getty_t;
-type getty_tmp_t;
-files_make_file(getty_tmp_t)
-
type getty_log_t;
logging_make_log_file(getty_log_t)
+type getty_tmp_t;
+files_make_temporary_file(getty_tmp_t)
+
########################################
#
# Getty local policy
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 832bcf0..bad47ae 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -56,7 +56,7 @@ type initrc_state_t;
files_make_file(initrc_state_t)
type initrc_tmp_t;
-files_make_file(initrc_tmp_t)
+files_make_temporary_file(initrc_tmp_t)
type run_init_t;
domain_make_domain(run_init_t)
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index a805952..dbdb78a 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -13,7 +13,7 @@ domain_make_system_domain(iptables_t,iptables_exec_t)
role system_r types iptables_t;
type iptables_tmp_t;
-files_make_file(iptables_tmp_t)
+files_make_temporary_file(iptables_tmp_t)
type iptables_var_run_t; #, pidfile;
files_make_file(iptables_var_run_t)
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index a15471d..7753793 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -12,7 +12,7 @@ type klogd_exec_t;
domain_make_daemon_domain(klogd_t,klogd_exec_t)
type klogd_tmp_t;
-files_make_file(klogd_tmp_t)
+files_make_temporary_file(klogd_tmp_t)
type klogd_var_run_t;
files_make_file(klogd_var_run_t)
@@ -22,7 +22,7 @@ type syslogd_exec_t;
domain_make_daemon_domain(syslogd_t,syslogd_exec_t)
type syslogd_tmp_t;
-files_make_file(syslogd_tmp_t)
+files_make_temporary_file(syslogd_tmp_t)
type syslogd_var_run_t;
files_make_file(syslogd_var_run_t)
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 62854b9..c09291b 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -31,7 +31,7 @@ domain_make_system_domain(update_modules_t,update_modules_exec_t)
role system_r types update_modules_t;
type update_modules_tmp_t;
-files_make_file(update_modules_tmp_t)
+files_make_temporary_file(update_modules_tmp_t)
########################################
#
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index a999b3d..e8f256f 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -6,7 +6,7 @@ domain_make_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
type mount_tmp_t;
-files_make_file(mount_tmp_t)
+files_make_temporary_file(mount_tmp_t)
########################################
#
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index b95984d..eeae74f 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -16,7 +16,7 @@ type dhcpc_state_t;
files_make_file(dhcpc_state_t)
type dhcpc_tmp_t;
-files_make_file(dhcpc_tmp_t)
+files_make_temporary_file(dhcpc_tmp_t)
type dhcpc_var_run_t;
files_make_file(dhcpc_var_run_t)
More information about the scm-commits
mailing list