Rearrange interfaces in files.if and udev.if.

2012-07-24 08:55:52 -04:00 · 2012-07-24 08:55:52 -04:00 · 61c65fe602
parent bd4ea4cdc0
commit 61c65fe602
2 changed files with 45 additions and 45 deletions
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@ -5548,6 +5548,24 @@ interface(`files_manage_mounttab',`
 	manage_files_pattern($1, var_lib_t, var_lib_t)
 ')

+########################################
+## <summary>
+##	Set the attributes of the generic lock directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_setattr_lock_dirs',`
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	setattr_dirs_pattern($1, var_t, var_lock_t)
+')
+
 ########################################
 ## <summary>
 ##	Search the locks directory (/var/lock).
@ -5606,26 +5624,6 @@ interface(`files_list_locks',`
 	list_dirs_pattern($1, var_t, var_lock_t)
 ')

-########################################
-## <summary>
-## 	Create lock directories
-## </summary>
-## <param name="domain">
-## 	<summary>
-##	Domain allowed access
-##	</summary>
-## </param>
-#
-interface(`files_create_lock_dirs',`
-	gen_require(`
-		type var_t, var_lock_t;
-	')
-
-	allow $1 var_t:dir search_dir_perms;
-	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
-	create_dirs_pattern($1, var_lock_t, var_lock_t)
-')
-
 ########################################
 ## <summary>
 ##	Add and remove entries in the /var/lock
@ -5648,20 +5646,22 @@ interface(`files_rw_lock_dirs',`

 ########################################
 ## <summary>
-##	Set the attributes of the generic lock directories.
+## 	Create lock directories
 ## </summary>
 ## <param name="domain">
-##	<summary>
-##	Domain allowed access.
+## 	<summary>
+##	Domain allowed access
 ##	</summary>
 ## </param>
 #
-interface(`files_setattr_lock_dirs',`
+interface(`files_create_lock_dirs',`
 	gen_require(`
 		type var_t, var_lock_t;
 	')

-	setattr_dirs_pattern($1, var_t, var_lock_t)
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	create_dirs_pattern($1, var_lock_t, var_lock_t)
 ')

 ########################################
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@ -241,6 +241,26 @@ interface(`udev_search_pids',`
 	search_dirs_pattern($1, udev_var_run_t, udev_var_run_t)
 ')

+########################################
+## <summary>
+##	Create, read, write, and delete
+##	udev pid directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udev_manage_pid_dirs',`
+	gen_require(`
+		type udev_var_run_t;
+	')
+
+	files_search_var($1)
+	manage_dirs_pattern($1, udev_var_run_t, udev_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##	Create directories in the run location with udev_var_run_t type
@ -264,26 +284,6 @@ interface(`udev_generic_pid_filetrans_run_dirs',`
 	files_pid_filetrans($1, udev_var_run_t, dir, $2)
 ')

-########################################
-## <summary>
-##	Create, read, write, and delete
-##	udev pid directories
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_manage_pid_dirs',`
-	gen_require(`
-		type udev_var_run_t;
-	')
-
-	files_search_var($1)
-	manage_dirs_pattern($1, udev_var_run_t, udev_var_run_t)
-')
-
 ########################################
 ## <summary>
 ##	Create, read, write, and delete