udev: Systemd 246 merged udev and udevadm executables.

Drop init_system_domain() for udevadm to break type transition conflicts.
Also fix interface naming issues for udevadm interfaces.

Fixes #292

Signed-off-by: Chris PeBenito <pebenito@ieee.org>

policy/modules/roles/sysadm.te

@@ -1160,7 +1160,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	udevadm_run(sysadm_t, sysadm_r)
+	udev_run_udevadm(sysadm_t, sysadm_r)
 ')
 
 optional_policy(`

policy/modules/system/udev.fc

@@ -6,7 +6,7 @@
 /etc/udev/scripts/.+ --	gen_context(system_u:object_r:udev_helper_exec_t,s0)
 
 /usr/bin/udev		--	gen_context(system_u:object_r:udev_exec_t,s0)
-/usr/bin/udevadm	--	gen_context(system_u:object_r:udevadm_exec_t,s0)
+/usr/bin/udevadm	--	gen_context(system_u:object_r:udev_exec_t,s0)
 /usr/bin/udevd		--	gen_context(system_u:object_r:udev_exec_t,s0)
 /usr/bin/udevinfo	--	gen_context(system_u:object_r:udev_exec_t,s0)
 /usr/bin/udevsend	--	gen_context(system_u:object_r:udev_exec_t,s0)
@@ -18,7 +18,7 @@ ifdef(`distro_debian',`
 ')
 
 /usr/sbin/udev		--	gen_context(system_u:object_r:udev_exec_t,s0)
-/usr/sbin/udevadm	--	gen_context(system_u:object_r:udevadm_exec_t,s0)
+/usr/sbin/udevadm	--	gen_context(system_u:object_r:udev_exec_t,s0)
 /usr/sbin/udevd		--	gen_context(system_u:object_r:udev_exec_t,s0)
 /usr/sbin/udevsend	--	gen_context(system_u:object_r:udev_exec_t,s0)
 /usr/sbin/udevstart	--	gen_context(system_u:object_r:udev_exec_t,s0)

policy/modules/system/udev.if

@@ -514,12 +514,49 @@ interface(`udev_manage_runtime_files',`
 ##	</summary>
 ## </param>
 #
-interface(`udevadm_domtrans',`
+interface(`udev_domtrans_udevadm',`
 	gen_require(`
-		type udevadm_t, udevadm_exec_t;
+		type udevadm_t, udev_exec_t;
 	')
 
-	domtrans_pattern($1, udevadm_exec_t, udevadm_t)
+	domtrans_pattern($1, udev_exec_t, udevadm_t)
+')
+
+########################################
+## <summary>
+##	Execute udev admin in the udevadm domain.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`udevadm_domtrans',`
+	refpolicywarn(`$0($*) has been deprecated, use udev_domtrans_udevadm() instead.')
+	udev_domtrans_udevadm($1)
+')
+
+########################################
+## <summary>
+##	Execute udevadm in the udevadm domain, and
+##	allow the specified role the udevadm domain.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`udevadm_run',`
+	refpolicywarn(`$0($*) has been deprecated, use udev_run_udevadm() instead.')
+	udev_run_udevadm($1, $2)
 ')
 
 ########################################
@@ -539,15 +576,30 @@ interface(`udevadm_domtrans',`
 ## </param>
 ## <rolecap/>
 #
-interface(`udevadm_run',`
+interface(`udev_run_udevadm',`
 	gen_require(`
 		attribute_role udevadm_roles;
 	')
 
-	udevadm_domtrans($1)
+	udev_domtrans_udevadm($1)
 	roleattribute $2 udevadm_roles;
 ')
 
+########################################
+## <summary>
+##	Execute udevadm in the caller domain.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udevadm_exec',`
+	refpolicywarn(`$0($*) has been deprecated, use udev_exec_udevadm() instead.')
+	udev_exec_udevadm($1)
+')
+
 ########################################
 ## <summary>
 ##	Execute udevadm in the caller domain.
@@ -558,10 +610,10 @@ interface(`udevadm_run',`
 ##	</summary>
 ## </param>
 #
-interface(`udevadm_exec',`
+interface(`udev_exec_udevadm',`
 	gen_require(`
-		type udevadm_exec_t;
+		type udev_exec_t;
 	')
 
-	can_exec($1, udevadm_exec_t)
+	can_exec($1, udev_exec_t)
 ')

policy/modules/system/udev.te

@@ -7,7 +7,7 @@ policy_module(udev, 1.28.1)
 attribute_role udevadm_roles;
 
 type udev_t;
-type udev_exec_t;
+type udev_exec_t alias udevadm_exec_t;
 type udev_helper_exec_t;
 kernel_domtrans_to(udev_t, udev_exec_t)
 domain_obj_id_change_exemption(udev_t)
@@ -17,9 +17,7 @@ init_daemon_domain(udev_t, udev_exec_t)
 init_named_socket_activation(udev_t, udev_runtime_t)
 
 type udevadm_t;
-type udevadm_exec_t;
+application_domain(udevadm_t, udev_exec_t)
-init_system_domain(udevadm_t, udevadm_exec_t)
-application_domain(udevadm_t, udevadm_exec_t)
 role udevadm_roles types udevadm_t;
 
 type udev_etc_t alias etc_udev_t;