diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te index 432f089..361107c 100644 --- a/refpolicy/policy/modules/system/udev.te +++ b/refpolicy/policy/modules/system/udev.te @@ -37,7 +37,7 @@ allow udev_t udev_tbl_t:file { create ioctl read getattr lock write setattr appe kernel_read_system_state(udev_t) kernel_get_core_interface_attributes(udev_t) -kernel_use_kernel_fd(udev_t) +kernel_use_file_descriptors(udev_t) kernel_read_device_sysctl(udev_t) kernel_read_hotplug_sysctl(udev_t) kernel_read_modprobe_sysctl(udev_t) @@ -61,7 +61,7 @@ domain_execute_all_entrypoint_programs(udev_t) # Security selinux_read_config(udev_t) selinux_read_default_contexts(udev_t) -#selinux_read_file_contexts(udev_t) +selinux_read_file_contexts(udev_t) modutils_insmod_transition(udev_t) @@ -78,10 +78,6 @@ allow udev_t var_lock_t:file getattr; # TODO: Need macro for reading daemon runtime data. allow udev_t initrc_var_run_t:file r_file_perms; -# Sysctl -# The following probably should be added to the kernel_read_device_sysctl() macro -#allow udev_t sysctl_dev_t:dir search; - # Devices allow udev_t device_t:dir { relabelfrom relabelto create_dir_perms }; file_type_auto_trans(udev_t, device_t, udev_tbl_t, file)