init: Add filetrans for /run/initctl

sysvinit 2.89 moved /dev/initctl to /run/initctl. Reported-by: revel
2018-04-30 14:32:23 +08:00 · 2018-04-30 14:32:23 +08:00 · 9219bde71e
commit 9219bde71e
parent c95e835170
2 changed files with 6 additions and 0 deletions
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@ -1314,6 +1314,8 @@ interface(`init_getattr_initctl',`
 			type initctl_t;
 		')

+		dev_list_all_dev_nodes($1)
+		files_search_pids($1)
 		allow $1 initctl_t:fifo_file getattr;
 	')
 ')
@ -1353,6 +1355,7 @@ interface(`init_write_initctl',`
 	')

 	dev_list_all_dev_nodes($1)
+	files_search_pids($1)
 	allow $1 initctl_t:fifo_file write;
 ')

@ -1385,6 +1388,7 @@ interface(`init_telinit',`
 	corecmd_exec_bin($1)

 	dev_list_all_dev_nodes($1)
+	files_search_pids($1)

 	init_exec($1)
 ')
@ -1405,6 +1409,7 @@ interface(`init_rw_initctl',`
 	')

 	dev_list_all_dev_nodes($1)
+	files_search_pids($1)
 	allow $1 initctl_t:fifo_file rw_fifo_file_perms;
 ')

--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@ -145,6 +145,7 @@ allow init_t init_var_run_t:file manage_lnk_file_perms;

 allow init_t initctl_t:fifo_file manage_fifo_file_perms;
 dev_filetrans(init_t, initctl_t, fifo_file)
+files_pid_filetrans(init_t, initctl_t, fifo_file)

 # Modify utmp.
 allow init_t initrc_var_run_t:file { rw_file_perms setattr };