[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Fri, 08 Jun 2018 03:07:56 -0700 

commit:     6e80ac7a0685e7dedaae81a7d3bb206fe4b9f997
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Fri Jun  8 00:17:15 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Jun  8 09:22:56 2018 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6e80ac7a

systemd: Move lines.

 policy/modules/system/systemd.fc |  4 ++--
 policy/modules/system/systemd.if | 41 ++++++++++++++++++----------------------
 policy/modules/system/systemd.te |  6 +++---
 3 files changed, 23 insertions(+), 28 deletions(-)

diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
index df1a4b2e..277c7fc4 100644
--- a/policy/modules/system/systemd.fc
+++ b/policy/modules/system/systemd.fc
@@ -1,3 +1,5 @@
+/etc/udev/hwdb\.bin                    --      
gen_context(system_u:object_r:systemd_hwdb_t,s0)
+
 /usr/bin/systemd-analyze               --      
gen_context(system_u:object_r:systemd_analyze_exec_t,s0)
 /usr/bin/systemd-cgtop                 --      
gen_context(system_u:object_r:systemd_cgtop_exec_t,s0)
 /usr/bin/systemd-coredump              --      
gen_context(system_u:object_r:systemd_coredump_exec_t,s0)
@@ -39,8 +41,6 @@
 /usr/lib/systemd/system/systemd-binfmt.*       --      
gen_context(system_u:object_r:systemd_binfmt_unit_t,s0)
 /usr/lib/systemd/system/systemd-networkd.*             
gen_context(system_u:object_r:systemd_networkd_unit_t,s0)
 
-/etc/udev/hwdb.bin                             --      
gen_context(system_u:object_r:systemd_hwdb_t,s0)
-
 /var/lib/systemd/backlight(/.*)?       
gen_context(system_u:object_r:systemd_backlight_var_lib_t,s0)
 /var/lib/systemd/coredump(/.*)?        
gen_context(system_u:object_r:systemd_coredump_var_lib_t,s0)
 /var/lib/systemd/linger(/.*)?  
gen_context(system_u:object_r:systemd_logind_var_lib_t,s0)

diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 75bbeead..34685088 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -19,6 +19,24 @@ interface(`systemd_log_parse_environment',`
        typeattribute $1 systemd_log_parse_env_type;
 ')
 
+#######################################
+## <summary>
+##  Allow domain to read udev hwdb file
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain allowed access
+## </summary>
+## </param>
+#
+interface(`systemd_read_hwdb',`
+       gen_require(`
+               type systemd_hwdb_t;
+       ')
+
+       read_files_pattern($1, systemd_hwdb_t, systemd_hwdb_t)
+')
+
 ######################################
 ## <summary>
 ##   Read systemd_login PID files.
@@ -770,26 +788,3 @@ interface(`systemd_getattr_updated_runtime',`
 
        getattr_files_pattern($1, systemd_update_run_t, systemd_update_run_t)
 ')
-
-
-#######################################
-## <summary>
-##  Allow domain to read udev hwdb file
-## </summary>
-## <param name="domain">
-## <summary>
-##  domain allowed access
-## </summary>
-## </param>
-#
-interface(`systemd_read_hwdb',`
-       gen_require(`
-               type systemd_hwdb_t;
-       ')
-
-       read_files_pattern($1, systemd_hwdb_t, systemd_hwdb_t)
-')
-
-
-
-

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index c324d3bf..1cf5fb95 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -335,14 +335,14 @@ optional_policy(`
 #
 
 allow systemd_hw_t systemd_hwdb_t:file { manage_file_perms relabelfrom 
relabelto };
-
 files_etc_filetrans(systemd_hw_t, systemd_hwdb_t, file)
-files_search_pids(systemd_hw_t)
 
-init_read_state(systemd_hw_t)
+files_search_pids(systemd_hw_t)
 
 selinux_get_fs_mount(systemd_hw_t)
 
+init_read_state(systemd_hw_t)
+
 seutil_read_config(systemd_hw_t)
 seutil_read_file_contexts(systemd_hw_t)

Reply via email to