[selinux-policy: 1304/3172] use device_node attribute instead of individual calls per type
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:58:02 UTC 2010
commit 28567af2917316fef71636af3e54cf8798016d57
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 28 20:26:29 2006 +0000
use device_node attribute instead of individual calls per type
refpolicy/policy/modules/kernel/devices.if | 4 ----
refpolicy/policy/modules/kernel/devices.te | 10 ++++++++++
2 files changed, 10 insertions(+), 4 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 0bef90d..6ad516b 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -44,10 +44,6 @@ interface(`dev_node',`
')
typeattribute $1 device_node;
-
- fs_associate($1)
- fs_associate_tmpfs($1)
- files_associate_tmp($1)
')
########################################
diff --git a/refpolicy/policy/modules/kernel/devices.te b/refpolicy/policy/modules/kernel/devices.te
index 3c72579..567925a 100644
--- a/refpolicy/policy/modules/kernel/devices.te
+++ b/refpolicy/policy/modules/kernel/devices.te
@@ -195,3 +195,13 @@ files_associate_tmp(xconsole_device_t)
# this should be removed
type devfs_control_t;
dev_node(devfs_control_t)
+
+########################################
+#
+# Rules for all device nodes
+#
+
+fs_associate(device_node)
+fs_associate_tmpfs(device_node)
+
+files_associate_tmp(device_node)
More information about the scm-commits
mailing list