diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if index 12489cb..bfc4c75 100644 --- a/policy/modules/system/udev.if +++ b/policy/modules/system/udev.if @@ -132,6 +132,24 @@ interface(`udev_dontaudit_rw_dgram_sockets',` ######################################## ## <summary> +## Manage udev rules files +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`udev_manage_rules_files',` + gen_require(` + type udev_rules_t; + ') + + manage_files_pattern($1, udev_rules_t, udev_rules_t) +') + +######################################## +## <summary> ## Do not audit search of udev database directories. ## </summary> ## <param name="domain"> @@ -213,22 +231,3 @@ interface(`udev_manage_pid_files',` files_search_var_lib($1) manage_files_pattern($1, udev_var_run_t, udev_var_run_t) ') - -######################################## -## <summary> -## Manage udev rules files -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`udev_manage_rules_files',` - gen_require(` - type udev_rules_t; - ') - - manage_dirs_pattern($1, udev_rules_t, udev_rules_t) - manage_files_pattern($1, udev_rules_t, udev_rules_t) -') diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index af1f4e4..52e1061 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -1,5 +1,5 @@ -policy_module(udev, 1.11.2) +policy_module(udev, 1.11.3) ######################################## #