[selinux-policy: 2668/3172] Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file.

[Daniel J Walsh]

commit e2c9450235295e527197983fe030d26856d17521
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue May 18 10:28:17 2010 -0400

    Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file.  Module version bump for d56b33a.

 policy/modules/system/udev.if |   37 ++++++++++++++++++-------------------
 policy/modules/system/udev.te |    2 +-
 2 files changed, 19 insertions(+), 20 deletions(-)
---
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index 12489cb..bfc4c75 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -132,6 +132,24 @@ interface(`udev_dontaudit_rw_dgram_sockets',`
 
 ########################################
 ## <summary>
+##	Manage udev rules files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udev_manage_rules_files',`
+	gen_require(`
+		type udev_rules_t;
+	')
+
+	manage_files_pattern($1, udev_rules_t, udev_rules_t)
+')
+
+########################################
+## <summary>
 ##	Do not audit search of udev database directories.
 ## </summary>
 ## <param name="domain">
@@ -213,22 +231,3 @@ interface(`udev_manage_pid_files',`
 	files_search_var_lib($1)
 	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
 ')
-
-########################################
-## <summary>
-##	Manage udev rules files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_manage_rules_files',`
-	gen_require(`
-		type udev_rules_t;
-	')
-
-	manage_dirs_pattern($1, udev_rules_t, udev_rules_t)
-	manage_files_pattern($1, udev_rules_t, udev_rules_t)
-')
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index af1f4e4..52e1061 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -1,5 +1,5 @@
 
-policy_module(udev, 1.11.2)
+policy_module(udev, 1.11.3)
 
 ########################################
 #