udev: Systemd 246 merged udev and udevadm executables.
Drop init_system_domain() for udevadm to break type transition conflicts. Also fix interface naming issues for udevadm interfaces. Fixes #292 Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
parent
6c69f6e3de
commit
ac51d56ddc
|
@ -1160,7 +1160,7 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
udevadm_run(sysadm_t, sysadm_r)
|
udev_run_udevadm(sysadm_t, sysadm_r)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
|
/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
|
||||||
|
|
||||||
/usr/bin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/bin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/bin/udevadm -- gen_context(system_u:object_r:udevadm_exec_t,s0)
|
/usr/bin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/bin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/bin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/bin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/bin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
|
@ -18,7 +18,7 @@ ifdef(`distro_debian',`
|
||||||
')
|
')
|
||||||
|
|
||||||
/usr/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/sbin/udevadm -- gen_context(system_u:object_r:udevadm_exec_t,s0)
|
/usr/sbin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
/usr/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
|
/usr/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||||
|
|
|
@ -514,12 +514,49 @@ interface(`udev_manage_runtime_files',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`udevadm_domtrans',`
|
interface(`udev_domtrans_udevadm',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type udevadm_t, udevadm_exec_t;
|
type udevadm_t, udev_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
domtrans_pattern($1, udevadm_exec_t, udevadm_t)
|
domtrans_pattern($1, udev_exec_t, udevadm_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute udev admin in the udevadm domain. (Deprecated)
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed to transition.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`udevadm_domtrans',`
|
||||||
|
refpolicywarn(`$0($*) has been deprecated, use udev_domtrans_udevadm() instead.')
|
||||||
|
udev_domtrans_udevadm($1)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute udevadm in the udevadm domain, and
|
||||||
|
## allow the specified role the udevadm domain. (Deprecated)
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed to transition.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="role">
|
||||||
|
## <summary>
|
||||||
|
## Role allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <rolecap/>
|
||||||
|
#
|
||||||
|
interface(`udevadm_run',`
|
||||||
|
refpolicywarn(`$0($*) has been deprecated, use udev_run_udevadm() instead.')
|
||||||
|
udev_run_udevadm($1, $2)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -539,15 +576,30 @@ interface(`udevadm_domtrans',`
|
||||||
## </param>
|
## </param>
|
||||||
## <rolecap/>
|
## <rolecap/>
|
||||||
#
|
#
|
||||||
interface(`udevadm_run',`
|
interface(`udev_run_udevadm',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute_role udevadm_roles;
|
attribute_role udevadm_roles;
|
||||||
')
|
')
|
||||||
|
|
||||||
udevadm_domtrans($1)
|
udev_domtrans_udevadm($1)
|
||||||
roleattribute $2 udevadm_roles;
|
roleattribute $2 udevadm_roles;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute udevadm in the caller domain. (Deprecated)
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`udevadm_exec',`
|
||||||
|
refpolicywarn(`$0($*) has been deprecated, use udev_exec_udevadm() instead.')
|
||||||
|
udev_exec_udevadm($1)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute udevadm in the caller domain.
|
## Execute udevadm in the caller domain.
|
||||||
|
@ -558,10 +610,10 @@ interface(`udevadm_run',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`udevadm_exec',`
|
interface(`udev_exec_udevadm',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type udevadm_exec_t;
|
type udev_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
can_exec($1, udevadm_exec_t)
|
can_exec($1, udev_exec_t)
|
||||||
')
|
')
|
||||||
|
|
|
@ -7,7 +7,7 @@ policy_module(udev, 1.28.1)
|
||||||
attribute_role udevadm_roles;
|
attribute_role udevadm_roles;
|
||||||
|
|
||||||
type udev_t;
|
type udev_t;
|
||||||
type udev_exec_t;
|
type udev_exec_t alias udevadm_exec_t;
|
||||||
type udev_helper_exec_t;
|
type udev_helper_exec_t;
|
||||||
kernel_domtrans_to(udev_t, udev_exec_t)
|
kernel_domtrans_to(udev_t, udev_exec_t)
|
||||||
domain_obj_id_change_exemption(udev_t)
|
domain_obj_id_change_exemption(udev_t)
|
||||||
|
@ -17,9 +17,7 @@ init_daemon_domain(udev_t, udev_exec_t)
|
||||||
init_named_socket_activation(udev_t, udev_runtime_t)
|
init_named_socket_activation(udev_t, udev_runtime_t)
|
||||||
|
|
||||||
type udevadm_t;
|
type udevadm_t;
|
||||||
type udevadm_exec_t;
|
application_domain(udevadm_t, udev_exec_t)
|
||||||
init_system_domain(udevadm_t, udevadm_exec_t)
|
|
||||||
application_domain(udevadm_t, udevadm_exec_t)
|
|
||||||
role udevadm_roles types udevadm_t;
|
role udevadm_roles types udevadm_t;
|
||||||
|
|
||||||
type udev_etc_t alias etc_udev_t;
|
type udev_etc_t alias etc_udev_t;
|
||||||
|
|
Loading…
Reference in New Issue