[selinux-policy: 1980/3172] trunk: missed fixes on previous commit.

Thu Oct 7 21:56:02 UTC 2010

commit 7aabe358f47bacd619d10357b675d052940dcabe
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Aug 7 14:45:37 2008 +0000

    trunk: missed fixes on previous commit.

 policy/modules/apps/usernetctl.if |    2 +-
 policy/modules/kernel/storage.if  |   23 ++---------------------
 policy/modules/services/rsync.te  |    5 +++--
 3 files changed, 6 insertions(+), 24 deletions(-)
---

diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if
index 2dbc328..63b5167 100644
--- a/policy/modules/apps/usernetctl.if
+++ b/policy/modules/apps/usernetctl.if
@@ -66,6 +66,6 @@ interface(`usernetctl_run',`
 
 
 	optional_policy(`
-		ppp_run(usernetctl_t,$2,$3)
+		ppp_run(usernetctl_t, $2, $3)
 	')
 ')
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 63e7842..c711e97 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -81,26 +81,6 @@ interface(`storage_dontaudit_setattr_fixed_disk_dev',`
 
 ########################################
 ## <summary>
-##	dontaudit the caller attempts to read from a fixed disk.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	The type of the process performing this action.
-##	</summary>
-## </param>
-#
-interface(`storage_dontaudit_raw_read_fixed_disk',`
-	gen_require(`
-		attribute fixed_disk_raw_read;
-		type fixed_disk_device_t;
-	')
-
-	dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
-	dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
 ##	Allow the caller to directly read from a fixed disk.
 ##	This is extremly dangerous as it can bypass the
 ##	SELinux protections for filesystem objects, and
@@ -141,7 +121,8 @@ interface(`storage_dontaudit_read_fixed_disk',`
 		
 	')
 
-	dontaudit $1 fixed_disk_device_t:blk_file { getattr ioctl read };
+	dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
+	dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
 ')
 
 ########################################
diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te
index d7547bb..958e813 100644
--- a/policy/modules/services/rsync.te
+++ b/policy/modules/services/rsync.te
@@ -61,6 +61,9 @@ allow rsync_t rsync_data_t:dir list_dir_perms;
 read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
 read_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
 
+manage_files_pattern(rsync_t, rsync_log_t, rsync_log_t)
+logging_log_filetrans(rsync_t, rsync_log_t, file)
+
 manage_dirs_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
 manage_files_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
 files_tmp_filetrans(rsync_t, rsync_tmp_t, { file dir })
@@ -97,8 +100,6 @@ libs_use_ld_so(rsync_t)
 libs_use_shared_libs(rsync_t)
 
 logging_send_syslog_msg(rsync_t)
-manage_files_pattern(rsync_t,rsync_log_t,rsync_log_t)
-logging_log_filetrans(rsync_t,rsync_log_t,file)
 
 miscfiles_read_localization(rsync_t)
 miscfiles_read_public_files(rsync_t)
