Remove excessive permission in udev_manage_rules_files() and move the interface up in the .if file. Module version bump for d56b33a.

2010-05-18 10:28:17 -04:00 · 2010-05-18 10:28:17 -04:00 · e2c9450235
parent d56b33a1e4
commit e2c9450235
2 changed files with 19 additions and 20 deletions
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@ -130,6 +130,24 @@ interface(`udev_dontaudit_rw_dgram_sockets',`
 	dontaudit $1 udev_t:unix_dgram_socket { read write };
 ')

+########################################
+## <summary>
+##	Manage udev rules files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udev_manage_rules_files',`
+	gen_require(`
+		type udev_rules_t;
+	')
+
+	manage_files_pattern($1, udev_rules_t, udev_rules_t)
+')
+
 ########################################
 ## <summary>
 ##	Do not audit search of udev database directories.
@ -213,22 +231,3 @@ interface(`udev_manage_pid_files',`
 	files_search_var_lib($1)
 	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
 ')
-
-########################################
-## <summary>
-##	Manage udev rules files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`udev_manage_rules_files',`
-	gen_require(`
-		type udev_rules_t;
-	')
-
-	manage_dirs_pattern($1, udev_rules_t, udev_rules_t)
-	manage_files_pattern($1, udev_rules_t, udev_rules_t)
-')
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@ -1,5 +1,5 @@

-policy_module(udev, 1.11.2)
+policy_module(udev, 1.11.3)

 ########################################
 #