From f0047d02473a1b2d3202e1f62cfe69a2053a7280 Mon Sep 17 00:00:00 2001
From: David Sugar <dsugar@tresys.com>
Date: Fri, 2 Nov 2018 00:36:45 +0000
Subject: [PATCH] Add interface udev_run_domain

This interface is useful when using the 'RUN' option in UDEV rules where udev will be executing a user executable to perform some action.  This interface allows a domain transition to occur for the run action.

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/system/udev.if | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index a2067895b..fee558524 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -36,6 +36,37 @@ interface(`udev_domtrans',`
 	domtrans_pattern($1, udev_exec_t, udev_t)
 ')
 
+########################################
+## <summary>
+##	Allow udev to execute the specified program in
+##	the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	This is a interface to support the UDEV 'RUN'
+##	command.  This will allow the command run by
+##	udev to be run in a domain other than udev_t.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+## <param name="entry_file">
+##	<summary>
+##	Domain entry point file.
+##	</summary>
+## </param>
+#
+interface(`udev_run_domain',`
+	gen_require(`
+		type udev_t;
+	')
+
+	domtrans_pattern(udev_t,$2,$1)
+')
+
 ########################################
 ## <summary>
 ##	Execute udev in the caller domain.