[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/

[Jason Zaman]

commit:     71f9eaa40d0cca90e45ad49ae78e0ce3767ebb7a
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Tue Feb  2 18:32:42 2021 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb  6 21:15:09 2021 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=71f9eaa4

apt, bootloader: Move lines.

Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/admin/apt.fc        | 6 ++++--
 policy/modules/admin/bootloader.te | 5 ++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/policy/modules/admin/apt.fc b/policy/modules/admin/apt.fc
index 66fec023..456375f9 100644
--- a/policy/modules/admin/apt.fc
+++ b/policy/modules/admin/apt.fc
@@ -4,9 +4,11 @@
 /usr/bin/apt-get       --      gen_context(system_u:object_r:apt_exec_t,s0)
 /usr/bin/apt-shell     --      gen_context(system_u:object_r:apt_exec_t,s0)
 /usr/bin/aptitude      --      gen_context(system_u:object_r:apt_exec_t,s0)
+/usr/bin/unattended-upgrade -- gen_context(system_u:object_r:apt_exec_t,s0)
+
 /usr/sbin/update-apt-xapian-index -- 
gen_context(system_u:object_r:apt_exec_t,s0)
+
 /usr/share/unattended-upgrades/unattended-upgrade-shutdown -- 
gen_context(system_u:object_r:apt_exec_t,s0)
-/usr/bin/unattended-upgrade -- gen_context(system_u:object_r:apt_exec_t,s0)
 
 ifndef(`distro_redhat',`
 /usr/sbin/synaptic     --      gen_context(system_u:object_r:apt_exec_t,s0)
@@ -25,5 +27,5 @@ ifndef(`distro_redhat',`
 /var/lock/aptitude     gen_context(system_u:object_r:apt_lock_t,s0)
 
 /var/log/aptitude.*    gen_context(system_u:object_r:apt_var_log_t,s0)
-/var/log/unattended-upgrades(/.*)      
gen_context(system_u:object_r:apt_var_log_t,s0)
 /var/log/apt(/.*)?     gen_context(system_u:object_r:apt_var_log_t,s0)
+/var/log/unattended-upgrades(/.*)      
gen_context(system_u:object_r:apt_var_log_t,s0)

diff --git a/policy/modules/admin/bootloader.te 
b/policy/modules/admin/bootloader.te
index 78b34125..cbaf65cd 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -180,15 +180,14 @@ ifdef(`distro_debian',`
 
        libs_relabelto_lib_files(bootloader_t)
 
+       apt_use_fds(bootloader_t)
+       apt_use_ptys(bootloader_t)
        # for apt-cache
        apt_read_db(bootloader_t)
        apt_manage_cache(bootloader_t)
 
        dpkg_read_db(bootloader_t)
        dpkg_rw_pipes(bootloader_t)
-
-       apt_use_fds(bootloader_t)
-       apt_use_ptys(bootloader_t)
 ')
 
 ifdef(`distro_redhat',`