udev: Systemd 246 merged udev and udevadm executables.
Drop init_system_domain() for udevadm to break type transition conflicts. Also fix interface naming issues for udevadm interfaces. Fixes #292 Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito
parent
6c69f6e3de
commit
ac51d56ddc
@ -1160,7 +1160,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udevadm_run(sysadm_t, sysadm_r)
|
||||
udev_run_udevadm(sysadm_t, sysadm_r)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
|
||||
|
||||
/usr/bin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/bin/udevadm -- gen_context(system_u:object_r:udevadm_exec_t,s0)
|
||||
/usr/bin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/bin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/bin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
@ -18,7 +18,7 @@ ifdef(`distro_debian',`
|
||||
')
|
||||
|
||||
/usr/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/sbin/udevadm -- gen_context(system_u:object_r:udevadm_exec_t,s0)
|
||||
/usr/sbin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
|
||||
@ -514,12 +514,49 @@ interface(`udev_manage_runtime_files',`
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udevadm_domtrans',`
|
||||
interface(`udev_domtrans_udevadm',`
|
||||
gen_require(`
|
||||
type udevadm_t, udevadm_exec_t;
|
||||
type udevadm_t, udev_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, udevadm_exec_t, udevadm_t)
|
||||
domtrans_pattern($1, udev_exec_t, udevadm_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute udev admin in the udevadm domain. (Deprecated)
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udevadm_domtrans',`
|
||||
refpolicywarn(`$0($*) has been deprecated, use udev_domtrans_udevadm() instead.')
|
||||
udev_domtrans_udevadm($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute udevadm in the udevadm domain, and
|
||||
## allow the specified role the udevadm domain. (Deprecated)
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`udevadm_run',`
|
||||
refpolicywarn(`$0($*) has been deprecated, use udev_run_udevadm() instead.')
|
||||
udev_run_udevadm($1, $2)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -539,15 +576,30 @@ interface(`udevadm_domtrans',`
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`udevadm_run',`
|
||||
interface(`udev_run_udevadm',`
|
||||
gen_require(`
|
||||
attribute_role udevadm_roles;
|
||||
')
|
||||
|
||||
udevadm_domtrans($1)
|
||||
udev_domtrans_udevadm($1)
|
||||
roleattribute $2 udevadm_roles;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute udevadm in the caller domain. (Deprecated)
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udevadm_exec',`
|
||||
refpolicywarn(`$0($*) has been deprecated, use udev_exec_udevadm() instead.')
|
||||
udev_exec_udevadm($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute udevadm in the caller domain.
|
||||
@ -558,10 +610,10 @@ interface(`udevadm_run',`
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udevadm_exec',`
|
||||
interface(`udev_exec_udevadm',`
|
||||
gen_require(`
|
||||
type udevadm_exec_t;
|
||||
type udev_exec_t;
|
||||
')
|
||||
|
||||
can_exec($1, udevadm_exec_t)
|
||||
can_exec($1, udev_exec_t)
|
||||
')
|
||||
|
||||
@ -7,7 +7,7 @@ policy_module(udev, 1.28.1)
|
||||
attribute_role udevadm_roles;
|
||||
|
||||
type udev_t;
|
||||
type udev_exec_t;
|
||||
type udev_exec_t alias udevadm_exec_t;
|
||||
type udev_helper_exec_t;
|
||||
kernel_domtrans_to(udev_t, udev_exec_t)
|
||||
domain_obj_id_change_exemption(udev_t)
|
||||
@ -17,9 +17,7 @@ init_daemon_domain(udev_t, udev_exec_t)
|
||||
init_named_socket_activation(udev_t, udev_runtime_t)
|
||||
|
||||
type udevadm_t;
|
||||
type udevadm_exec_t;
|
||||
init_system_domain(udevadm_t, udevadm_exec_t)
|
||||
application_domain(udevadm_t, udevadm_exec_t)
|
||||
application_domain(udevadm_t, udev_exec_t)
|
||||
role udevadm_roles types udevadm_t;
|
||||
|
||||
type udev_etc_t alias etc_udev_t;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user