from today's interface review meeting:

s/kernel_use_unlabeled_blk_dev/kernel_rw_unlabeled_blk_dev/g s/kernel_userland_entry/kernel_domtrans_to/g
2006-01-27 19:55:42 +00:00 · 2006-01-27 19:55:42 +00:00 · 270d428a46
commit 270d428a46
parent 5850761393
6 changed files with 7 additions and 7 deletions
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@ -18,7 +18,7 @@
 ##	The executable type for the entrypoint.
 ## </param>
 #
-interface(`kernel_userland_entry',`
+interface(`kernel_domtrans_to',`
 	gen_require(`
 		type kernel_t;
 	')
@ -1562,7 +1562,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`kernel_use_unlabeled_blk_dev',`
+interface(`kernel_rw_unlabeled_blk_dev',`
 	gen_require(`
 		type unlabeled_t;
 	')
--- a/refpolicy/policy/modules/system/fstools.te
+++ b/refpolicy/policy/modules/system/fstools.te
@ -55,7 +55,7 @@ kernel_change_ring_buffer_level(fsadm_t)
 kernel_getattr_proc(fsadm_t)
 # Access to /initrd devices
 kernel_rw_unlabeled_dir(fsadm_t)
-kernel_use_unlabeled_blk_dev(fsadm_t)
+kernel_rw_unlabeled_blk_dev(fsadm_t)

 dev_getattr_all_chr_files(fsadm_t)
 # mkreiserfs and other programs need this for UUID
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@ -8,7 +8,7 @@ policy_module(hotplug,1.1.0)

 type hotplug_t;
 type hotplug_exec_t;
-kernel_userland_entry(hotplug_t,hotplug_exec_t)
+kernel_domtrans_to(hotplug_t,hotplug_exec_t)
 init_daemon_domain(hotplug_t,hotplug_exec_t)

 type hotplug_etc_t;
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@ -35,7 +35,7 @@ role system_r types init_t;
 gen_require(`
 	type init_exec_t;
 ')
-kernel_userland_entry(init_t,init_exec_t)
+kernel_domtrans_to(init_t,init_exec_t)
 domain_entry_file(init_t,init_exec_t)

 #
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@ -114,7 +114,7 @@ logging_search_logs(insmod_t)
 miscfiles_read_localization(insmod_t)

 if( ! secure_mode_insmod ) {
-	kernel_userland_entry(insmod_t,insmod_exec_t)
+	kernel_domtrans_to(insmod_t,insmod_exec_t)
 }

 ifdef(`hide_broken_symptoms',`
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@ -14,7 +14,7 @@ gen_require(`

 type udev_t;
 type udev_helper_exec_t;
-kernel_userland_entry(udev_t,udev_exec_t)
+kernel_domtrans_to(udev_t,udev_exec_t)
 domain_obj_id_change_exempt(udev_t)
 domain_entry_file(udev_t,udev_helper_exec_t)
 domain_wide_inherit_fd(udev_t)