From 53f9abbe68c7f4c43d23f12d150cf6625d5107cc Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Jun 08 2010 13:15:41 +0000
Subject: Clean up cgroup.  Rename cgconfigparser to cgconfig.


---

diff --git a/policy/modules/services/cgroup.fc b/policy/modules/services/cgroup.fc
index 4b353d4..c17388d 100644
--- a/policy/modules/services/cgroup.fc
+++ b/policy/modules/services/cgroup.fc
@@ -4,7 +4,7 @@
 /etc/rc\.d/init\.d/cgconfig	--	gen_context(system_u:object_r:cgconfig_initrc_exec_t,s0)
 /etc/rc\.d/init\.d/cgred	--	gen_context(system_u:object_r:cgred_initrc_exec_t,s0)
 
-/sbin/cgconfigparser		--	gen_context(system_u:object_r:cgconfigparser_exec_t,s0)
+/sbin/cgconfigparser		--	gen_context(system_u:object_r:cgconfig_exec_t,s0)
 /sbin/cgrulesengd		--	gen_context(system_u:object_r:cgred_exec_t,s0)
 
 /var/run/cgred.*			gen_context(system_u:object_r:cgred_var_run_t,s0)
diff --git a/policy/modules/services/cgroup.if b/policy/modules/services/cgroup.if
index 21d29ff..a903d93 100644
--- a/policy/modules/services/cgroup.if
+++ b/policy/modules/services/cgroup.if
@@ -11,12 +11,12 @@
 ## </summary>
 ## </param>
 #
-interface(`cgroup_domtrans_cgconfigparser',`
+interface(`cgroup_domtrans_cgconfig',`
 	gen_require(`
-		type cgconfigparser_t, cgconfigparser_exec_t;
+		type cgconfig_t, cgconfig_exec_t;
 	')
 
-	domtrans_pattern($1, cgconfigparser_exec_t, cgconfigparser_t)
+	domtrans_pattern($1, cgconfig_exec_t, cgconfig_t)
 	corecmd_search_bin($1)
 ')
 
@@ -31,7 +31,7 @@ interface(`cgroup_domtrans_cgconfigparser',`
 ##	</summary>
 ## </param>
 #
-interface(`cgroup_initrc_domtrans_cgconfigparser',`
+interface(`cgroup_initrc_domtrans_cgconfig',`
 	gen_require(`
 		type cgconfig_initrc_exec_t;
 	')
@@ -119,13 +119,13 @@ interface(`cgroup_stream_connect', `
 #
 interface(`cgroup_admin',`
 	gen_require(`
-		type cgred_t, cgconfigparser_t, cgred_var_run_t;
+		type cgred_t, cgconfig_t, cgred_var_run_t;
 		type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
 		type cgred_etc_t;
 	')
 
-	allow $1 cgconfigparser_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, cgconfigparser_t, cgconfigparser_t)
+	allow $1 cgconfig_t:process { ptrace signal_perms getattr };
+	read_files_pattern($1, cgconfig_t, cgconfig_t)
 
 	allow $1 cgred_t:process { ptrace signal_perms getattr };
 	read_files_pattern($1, cgred_t, cgred_t)
@@ -137,7 +137,7 @@ interface(`cgroup_admin',`
 	admin_pattern($1, cgred_var_run_t)
 	files_search_pids($1)
 
-	cgroup_initrc_domtrans_cgconfigparser($1)
+	cgroup_initrc_domtrans_cgconfig($1)
 	domain_system_change_exemption($1)
 	role_transition $2 cgconfig_initrc_exec_t system_r;
 	allow $2 system_r;
diff --git a/policy/modules/services/cgroup.te b/policy/modules/services/cgroup.te
index 438df21..d74539c 100644
--- a/policy/modules/services/cgroup.te
+++ b/policy/modules/services/cgroup.te
@@ -3,7 +3,7 @@ policy_module(cgroup, 1.0.0)
 
 ########################################
 #
-# cgred personal declarations.
+# Declarations
 #
 
 type cgred_t;
@@ -19,14 +19,9 @@ files_pid_file(cgred_var_run_t)
 type cgrules_etc_t;
 files_config_file(cgrules_etc_t)
 
-########################################
-#
-# cgconfig personal declarations.
-#
-
-type cgconfigparser_t;
-type cgconfigparser_exec_t;
-init_daemon_domain(cgconfigparser_t, cgconfigparser_exec_t)
+type cgconfig_t;
+type cgconfig_exec_t;
+init_daemon_domain(cgconfig_t, cgconfig_exec_t)
 
 type cgconfig_initrc_exec_t;
 init_script_file(cgconfig_initrc_exec_t)
@@ -36,6 +31,26 @@ files_config_file(cgconfig_etc_t)
 
 ########################################
 #
+# cgconfig personal policy.
+#
+
+allow cgconfig_t self:capability { chown sys_admin };
+
+allow cgconfig_t cgconfig_etc_t:file read_file_perms;
+
+kernel_list_unlabeled(cgconfig_t)
+kernel_read_system_state(cgconfig_t)
+
+files_read_etc_files(cgconfig_t)
+
+fs_manage_cgroup_dirs(cgconfig_t)
+fs_manage_cgroup_files(cgconfig_t)
+fs_mount_cgroup(cgconfig_t)
+fs_mounton_cgroup(cgconfig_t)
+fs_unmount_cgroup(cgconfig_t)
+
+########################################
+#
 # cgred personal policy.
 #
 
@@ -55,7 +70,6 @@ domain_read_all_domains_state(cgred_t)
 files_getattr_all_files(cgred_t)
 files_getattr_all_sockets(cgred_t)
 files_read_all_symlinks(cgred_t)
-files_search_all(cgred_t)
 files_read_etc_files(cgred_t)
 
 fs_write_cgroup_files(cgred_t)
@@ -63,23 +77,3 @@ fs_write_cgroup_files(cgred_t)
 logging_send_syslog_msg(cgred_t)
 
 miscfiles_read_localization(cgred_t)
-
-########################################
-#
-# cgconfig personal policy.
-#
-
-allow cgconfigparser_t self:capability { chown sys_admin };
-
-allow cgconfigparser_t cgconfig_etc_t:file read_file_perms;
-
-kernel_list_unlabeled(cgconfigparser_t)
-kernel_read_system_state(cgconfigparser_t)
-
-files_read_etc_files(cgconfigparser_t)
-
-fs_manage_cgroup_dirs(cgconfigparser_t)
-fs_manage_cgroup_files(cgconfigparser_t)
-fs_mount_cgroup(cgconfigparser_t)
-fs_mounton_cgroup(cgconfigparser_t)
-fs_unmount_cgroup(cgconfigparser_t)