From 28567af2917316fef71636af3e54cf8798016d57 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mar 28 2006 20:26:29 +0000
Subject: use device_node attribute instead of individual calls per type


---

diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 0bef90d..6ad516b 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -44,10 +44,6 @@ interface(`dev_node',`
 	')
 
 	typeattribute $1 device_node;
-
-	fs_associate($1)
-	fs_associate_tmpfs($1)
-	files_associate_tmp($1)
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/devices.te b/refpolicy/policy/modules/kernel/devices.te
index 3c72579..567925a 100644
--- a/refpolicy/policy/modules/kernel/devices.te
+++ b/refpolicy/policy/modules/kernel/devices.te
@@ -195,3 +195,13 @@ files_associate_tmp(xconsole_device_t)
 # this should be removed
 type devfs_control_t;
 dev_node(devfs_control_t)
+
+########################################
+#
+# Rules for all device nodes
+#
+
+fs_associate(device_node)
+fs_associate_tmpfs(device_node)
+
+files_associate_tmp(device_node)