From dea8a63ed3ddb2e6056ec6f052075b893dcbeed8 Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <me@concord.sh>
Date: Thu, 16 Dec 2021 13:16:47 -0500
Subject: [PATCH] devices, kernel: deprecate dev_mounton_sysfs

dev_mounton_sysfs is a duplicate of dev_mounton_sysfs_dirs

Signed-off-by: Kenton Groombridge <me@concord.sh>
---
 policy/modules/kernel/devices.if | 11 ++++-------
 policy/modules/kernel/kernel.te  |  2 +-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index aace3ccd8..ad8c01b24 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -4238,7 +4238,7 @@ interface(`dev_rw_sysdig',`
 
 ########################################
 ## <summary>
-##	Mount a filesystem on sysfs.
+##	Mount a filesystem on sysfs.  (Deprecated)
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -4247,11 +4247,8 @@ interface(`dev_rw_sysdig',`
 ## </param>
 #
 interface(`dev_mounton_sysfs',`
-	gen_require(`
-		type sysfs_t;
-	')
-
-	allow $1 sysfs_t:dir mounton;
+	refpolicywarn(`$0($*) has been deprecated, please use dev_mounton_sysfs_dirs() instead.')
+	dev_mounton_sysfs_dirs($1)
 ')
 
 ########################################
@@ -4366,7 +4363,7 @@ interface(`dev_dontaudit_read_sysfs',`
 
 ########################################
 ## <summary>
-##     mounton sysfs directories.
+##	Mount on sysfs directories.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 9a938fa7e..737bb741d 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -284,7 +284,7 @@ corenet_ib_access_unlabeled_pkeys(kernel_t)
 corenet_ib_manage_subnet_all_endports(kernel_t)
 corenet_ib_manage_subnet_unlabeled_endports(kernel_t)
 
-dev_mounton_sysfs(kernel_t)
+dev_mounton_sysfs_dirs(kernel_t)
 dev_read_sysfs(kernel_t)
 dev_search_usbfs(kernel_t)
 # devtmpfs handling: