[selinux-policy: 2668/3172] Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:57:13 UTC 2010
commit e2c9450235295e527197983fe030d26856d17521
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue May 18 10:28:17 2010 -0400
Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file. Module version bump for d56b33a.
policy/modules/system/udev.if | 37 ++++++++++++++++++-------------------
policy/modules/system/udev.te | 2 +-
2 files changed, 19 insertions(+), 20 deletions(-)
---
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index 12489cb..bfc4c75 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -132,6 +132,24 @@ interface(`udev_dontaudit_rw_dgram_sockets',`
########################################
## <summary>
+## Manage udev rules files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`udev_manage_rules_files',`
+ gen_require(`
+ type udev_rules_t;
+ ')
+
+ manage_files_pattern($1, udev_rules_t, udev_rules_t)
+')
+
+########################################
+## <summary>
## Do not audit search of udev database directories.
## </summary>
## <param name="domain">
@@ -213,22 +231,3 @@ interface(`udev_manage_pid_files',`
files_search_var_lib($1)
manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
')
-
-########################################
-## <summary>
-## Manage udev rules files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`udev_manage_rules_files',`
- gen_require(`
- type udev_rules_t;
- ')
-
- manage_dirs_pattern($1, udev_rules_t, udev_rules_t)
- manage_files_pattern($1, udev_rules_t, udev_rules_t)
-')
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index af1f4e4..52e1061 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -1,5 +1,5 @@
-policy_module(udev, 1.11.2)
+policy_module(udev, 1.11.3)
########################################
#
More information about the scm-commits
mailing list