[selinux-policy: 153/3172] add make temporary_file and daemon_runtime_file

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:18:16 UTC 2010 

commit d25dd9c1c2372c4ec638dd597a156bb70f6e9c80
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed May 11 19:36:36 2005 +0000

    add make temporary_file and daemon_runtime_file

 refpolicy/policy/modules/services/cron.te     |    2 +-
 refpolicy/policy/modules/system/authlogin.te  |    2 +-
 refpolicy/policy/modules/system/files.if      |   37 +++++++++++++++++--------
 refpolicy/policy/modules/system/hotplug.te    |    2 +-
 refpolicy/policy/modules/system/init.te       |    7 +++--
 refpolicy/policy/modules/system/iptables.te   |    4 +-
 refpolicy/policy/modules/system/logging.te    |    4 +-
 refpolicy/policy/modules/system/sysnetwork.te |    2 +-
 refpolicy/policy/modules/system/udev.te       |    4 +-
 9 files changed, 39 insertions(+), 25 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 6d49187..cba4cbd 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -31,7 +31,7 @@ type crond_tmp_t;
 files_make_temporary_file(crond_tmp_t)
 
 type crond_var_run_t;
-files_make_file(crond_var_run_t)
+files_make_daemon_runtime_file(crond_var_run_t)
 
 type crontab_exec_t;
 files_make_file(crontab_exec_t)
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 5e6b50a..3df7fdb 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -39,7 +39,7 @@ type pam_var_console_t; #, nscd_client_domain
 files_make_file(pam_var_console_t)
 
 type pam_var_run_t;
-files_make_file(pam_var_run_t)
+files_make_daemon_runtime_file(pam_var_run_t)
 
 type shadow_t;
 files_make_file(shadow_t)
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 17ebea4..257e1b0 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -17,29 +17,44 @@ attribute file_type;
 
 ########################################
 #
-# files_make_temporary_file(type)
+# files_make_mountpoint(type)
 #
-define(`files_make_temporary_file',`
+define(`files_make_mountpoint',`
 requires_block_template(`$0'_depend)
 files_make_file($1)
-typeattribute $1 tmpfile;
+typeattribute $1 mountpoint;
 ')
 
-define(`files_make_temporary_file_depend',`
-attribute tmpfile;
+define(`files_make_mountpoint_depend',`
+attribute mountpoint;
 ')
 
 ########################################
 #
-# files_make_mountpoint(type)
+# files_make_daemon_runtime_file(type)
 #
-define(`files_make_mountpoint',`
+define(`files_make_daemon_runtime_file',`
 requires_block_template(`$0'_depend)
-typeattribute $1 mountpoint;
+files_make_file($1)
+typeattribute $1 pidfile;
 ')
 
-define(`files_make_mountpoint_depend',`
-attribute mountpoint;
+define(`files_make_daemon_runtime_file_depend',`
+attribute pidfile;
+')
+
+########################################
+#
+# files_make_temporary_file(type)
+#
+define(`files_make_temporary_file',`
+requires_block_template(`$0'_depend)
+files_make_file($1)
+typeattribute $1 tmpfile;
+')
+
+define(`files_make_temporary_file_depend',`
+attribute tmpfile;
 ')
 
 ########################################
@@ -660,11 +675,9 @@ type_transition $1 var_run_t:file $2;
 ',`
 type_transition $1 var_run_t:$3 $2;
 ') dnl end ifelse
-typeattribute $1 pidfile;
 ')
 
 define(`files_create_daemon_runtime_data_depend',`
-attribute pidfile;
 type var_t, var_run_t;
 class dir { getattr search read write add_name remove_name };
 ')
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 516974a..10e5d1b 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -15,7 +15,7 @@ type hotplug_etc_t; #, usercanread;
 files_make_file(hotplug_etc_t)
 
 type hotplug_var_run_t;
-files_make_file(hotplug_var_run_t)
+files_make_daemon_runtime_file(hotplug_var_run_t)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index bad47ae..25e7f9e 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -34,7 +34,7 @@ devices_create_dev_entry(init_t,initctl_t,fifo_file)
 # init_var_run_t is the type for /var/run/shutdown.pid.
 #
 type init_var_run_t;
-files_make_file(init_var_run_t)
+files_make_daemon_runtime_file(init_var_run_t)
 
 type initrc_t;
 domain_make_domain(initrc_t)
@@ -49,8 +49,7 @@ filesystem_noxattr_associate(initrc_devpts_t)
 terminal_make_pseudoterminal(initrc_t,initrc_devpts_t)
 
 type initrc_var_run_t;
-files_make_file(initrc_var_run_t)
-files_create_daemon_runtime_data(initrc_t,initrc_var_run_t)
+files_make_daemon_runtime_file(initrc_var_run_t)
 
 type initrc_state_t;
 files_make_file(initrc_state_t)
@@ -173,6 +172,8 @@ allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rena
 allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
 allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
 
+files_create_daemon_runtime_data(initrc_t,initrc_var_run_t)
+
 allow initrc_t initrc_tmp_t : file { create ioctl read getattr lock write setattr append link unlink rename };
 allow initrc_t initrc_tmp_t : dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
 files_create_private_tmp_data(initrc_t,initrc_tmp_t, { file dir })
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index dbdb78a..85c5274 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -15,8 +15,8 @@ role system_r types iptables_t;
 type iptables_tmp_t;
 files_make_temporary_file(iptables_tmp_t)
 
-type iptables_var_run_t; #, pidfile;
-files_make_file(iptables_var_run_t)
+type iptables_var_run_t;
+files_make_daemon_runtime_file(iptables_var_run_t)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 7753793..33c518b 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -15,7 +15,7 @@ type klogd_tmp_t;
 files_make_temporary_file(klogd_tmp_t)
 
 type klogd_var_run_t;
-files_make_file(klogd_var_run_t)
+files_make_daemon_runtime_file(klogd_var_run_t)
 
 type syslogd_t;
 type syslogd_exec_t;
@@ -25,7 +25,7 @@ type syslogd_tmp_t;
 files_make_temporary_file(syslogd_tmp_t)
 
 type syslogd_var_run_t;
-files_make_file(syslogd_var_run_t)
+files_make_daemon_runtime_file(syslogd_var_run_t)
 
 type var_log_t, logfile;
 files_make_file(var_log_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index eeae74f..e8818fc 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -19,7 +19,7 @@ type dhcpc_tmp_t;
 files_make_temporary_file(dhcpc_tmp_t)
 
 type dhcpc_var_run_t;
-files_make_file(dhcpc_var_run_t)
+files_make_daemon_runtime_file(dhcpc_var_run_t)
 
 type ifconfig_t;
 type ifconfig_exec_t;
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 34e0311..57598ff 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -25,10 +25,9 @@ files_make_file(udev_runtime_t)
 
 type udev_tbl_t alias udev_tdb_t;
 files_make_file(udev_tbl_t)
-devices_create_dev_entry(udev_t,udev_tbl_t,file)
 
 type udev_var_run_t;
-files_make_file(udev_var_run_t)
+files_make_daemon_runtime_file(udev_var_run_t)
 
 ########################################
 #
@@ -56,6 +55,7 @@ allow udev_t udev_etc_t:file { read getattr lock ioctl };
 
 # create udev database in /dev/.udevdb
 allow udev_t udev_tbl_t:file { create ioctl read getattr lock write setattr append link unlink rename };
+devices_create_dev_entry(udev_t,udev_tbl_t,file)
 
 allow udev_t udev_var_run_t : dir { read getattr lock search ioctl add_name remove_name write };
 allow udev_t udev_var_run_t : file { create ioctl read getattr lock write setattr append link unlink rename };

More information about the scm-commits mailing list