[refpolicy] [PATCH 1/2] udev create lnk files in openrc dirs

Chris Richards gizmo at giz-works.com
Wed Dec 29 00:20:10 CST 2010


When starting and stopping dhcpcd, some scripts are fired off by udev as the
result of devices being hotplugged (net.eth0).  These scripts update status
information for openrc, specifically with respect to started or stopoed
services, as well as information regarding the hotplugged or scheduled state.
They also need to be able to read information regarding the current runlevel
of the system, also maintained by openrc.

Add interfaces to init.if

Signed-off-by: Chris Richards <gizmo at giz-works.com>
---
 policy/modules/system/init.if |   43 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index ed152c4..940b91f 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1461,6 +1467,25 @@ interface(`init_getattr_script_status_files',`
 
 ########################################
 ## <summary>
+##	Read init script status files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_read_script_status_files',`
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	list_dirs_pattern($1, initrc_state_t, initrc_state_t)
+	read_files_pattern($1, initrc_state_t, initrc_state_t)
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts to read init script
 ##	status files.
 ## </summary>
@@ -1481,6 +1506,24 @@ interface(`init_dontaudit_read_script_status_files',`
 
 ########################################
 ## <summary>
+##	Manage init script status link files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_manage_script_status_lnk_files',`
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	manage_lnk_files_pattern($1, initrc_state_t, initrc_state_t)
+')
+
+########################################
+## <summary>
 ##	Read init script temporary data.
 ## </summary>
 ## <param name="domain">
-- 
1.7.3.4



More information about the refpolicy mailing list