From 270d428a46f343005b9bf541e1748ef8e556d918 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Jan 27 2006 19:55:42 +0000 Subject: from today's interface review meeting: s/kernel_use_unlabeled_blk_dev/kernel_rw_unlabeled_blk_dev/g s/kernel_userland_entry/kernel_domtrans_to/g --- diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if index 8e6ca0b..323164a 100644 --- a/refpolicy/policy/modules/kernel/kernel.if +++ b/refpolicy/policy/modules/kernel/kernel.if @@ -18,7 +18,7 @@ ## The executable type for the entrypoint. ## # -interface(`kernel_userland_entry',` +interface(`kernel_domtrans_to',` gen_require(` type kernel_t; ') @@ -1562,7 +1562,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',` ## Domain allowed access. ## # -interface(`kernel_use_unlabeled_blk_dev',` +interface(`kernel_rw_unlabeled_blk_dev',` gen_require(` type unlabeled_t; ') diff --git a/refpolicy/policy/modules/system/fstools.te b/refpolicy/policy/modules/system/fstools.te index d0a6683..8a5e37b 100644 --- a/refpolicy/policy/modules/system/fstools.te +++ b/refpolicy/policy/modules/system/fstools.te @@ -55,7 +55,7 @@ kernel_change_ring_buffer_level(fsadm_t) kernel_getattr_proc(fsadm_t) # Access to /initrd devices kernel_rw_unlabeled_dir(fsadm_t) -kernel_use_unlabeled_blk_dev(fsadm_t) +kernel_rw_unlabeled_blk_dev(fsadm_t) dev_getattr_all_chr_files(fsadm_t) # mkreiserfs and other programs need this for UUID diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te index d767b9e..4ae405c 100644 --- a/refpolicy/policy/modules/system/hotplug.te +++ b/refpolicy/policy/modules/system/hotplug.te @@ -8,7 +8,7 @@ policy_module(hotplug,1.1.0) type hotplug_t; type hotplug_exec_t; -kernel_userland_entry(hotplug_t,hotplug_exec_t) +kernel_domtrans_to(hotplug_t,hotplug_exec_t) init_daemon_domain(hotplug_t,hotplug_exec_t) type hotplug_etc_t; diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index ca9b82b..91fa300 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -35,7 +35,7 @@ role system_r types init_t; gen_require(` type init_exec_t; ') -kernel_userland_entry(init_t,init_exec_t) +kernel_domtrans_to(init_t,init_exec_t) domain_entry_file(init_t,init_exec_t) # diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te index d840f88..ce7a596 100644 --- a/refpolicy/policy/modules/system/modutils.te +++ b/refpolicy/policy/modules/system/modutils.te @@ -114,7 +114,7 @@ logging_search_logs(insmod_t) miscfiles_read_localization(insmod_t) if( ! secure_mode_insmod ) { - kernel_userland_entry(insmod_t,insmod_exec_t) + kernel_domtrans_to(insmod_t,insmod_exec_t) } ifdef(`hide_broken_symptoms',` diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te index 7089cdb..6812ad1 100644 --- a/refpolicy/policy/modules/system/udev.te +++ b/refpolicy/policy/modules/system/udev.te @@ -14,7 +14,7 @@ gen_require(` type udev_t; type udev_helper_exec_t; -kernel_userland_entry(udev_t,udev_exec_t) +kernel_domtrans_to(udev_t,udev_exec_t) domain_obj_id_change_exempt(udev_t) domain_entry_file(udev_t,udev_helper_exec_t) domain_wide_inherit_fd(udev_t)