From e27827b86ccf68159a2fcead2c5ef68e74307810 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 25 Aug 2009 09:56:56 -0400
Subject: [PATCH] split dev_create_cardmgr_dev() into a create and a filetrans
 interface.

---
 policy/modules/kernel/devices.if | 31 +++++++++++++++++++++++++------
 policy/modules/kernel/devices.te |  2 +-
 policy/modules/system/pcmcia.te  |  2 +-
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index c1cf30bf4..dec0e0289 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -1208,6 +1208,27 @@ interface(`dev_dontaudit_rw_cardmgr',`
 	dontaudit $1 cardmgr_dev_t:chr_file { read write };
 ')
 
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	the PCMCIA card manager device
+##	with the correct type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_create_cardmgr_dev',`
+	gen_require(`
+		type device_t, cardmgr_dev_t;
+	')
+
+	create_chr_files_pattern($1, device_t, cardmgr_dev_t)
+	create_blk_files_pattern($1, device_t, cardmgr_dev_t)
+')
+
 ########################################
 ## <summary>
 ##	Create, read, write, and delete
@@ -1230,9 +1251,9 @@ interface(`dev_manage_cardmgr_dev',`
 
 ########################################
 ## <summary>
-##	Create, read, write, and delete
-##	the PCMCIA card manager device
-##	with the correct type.
+##	Automatic type transition to the type
+##	for PCMCIA card manager device nodes when
+##	created in /dev.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1240,13 +1261,11 @@ interface(`dev_manage_cardmgr_dev',`
 ##	</summary>
 ## </param>
 #
-interface(`dev_create_cardmgr_dev',`
+interface(`dev_filetrans_cardmgr',`
 	gen_require(`
 		type device_t, cardmgr_dev_t;
 	')
 
-	create_chr_files_pattern($1, device_t, cardmgr_dev_t)
-	create_blk_files_pattern($1, device_t, cardmgr_dev_t)
 	filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file })
 ')
 
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 6c2f05d3c..c37a400bb 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,5 +1,5 @@
 
-policy_module(devices, 1.8.1)
+policy_module(devices, 1.8.2)
 
 ########################################
 #
diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te
index d17a662a9..9556bde35 100644
--- a/policy/modules/system/pcmcia.te
+++ b/policy/modules/system/pcmcia.te
@@ -55,7 +55,7 @@ corecmd_exec_all_executables(cardmgr_t)
 
 dev_read_sysfs(cardmgr_t)
 dev_manage_cardmgr_dev(cardmgr_t)
-dev_create_cardmgr_dev(cardmgr_t)
+dev_filetrans_cardmgr(cardmgr_t)
 dev_getattr_all_chr_files(cardmgr_t)
 dev_getattr_all_blk_files(cardmgr_t)
 # for SSP