Rearrange cgroup interfaces in filesystem.

2010-06-08 09:10:45 -04:00 · 2010-06-08 09:10:45 -04:00 · 860c05d9de
commit 860c05d9de
parent 04dcd73fe3
1 changed files with 97 additions and 97 deletions
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@ -557,24 +557,6 @@ interface(`fs_register_binary_executable_type',`
 	rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
 ')

-########################################
-## <summary>
-##	Get attributes of cgroup filesystems.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_getattr_cgroup',`
-	gen_require(`
-		type cgroup_t;
-	')
-
-	allow $1 cgroup_t:filesystem getattr;
-')
-
 ########################################
 ## <summary>
 ##	Mount cgroup filesystems.
@ -593,24 +575,6 @@ interface(`fs_mount_cgroup', `
 	allow $1 cgroup_t:filesystem mount;
 ')

-########################################
-## <summary>
-##	Mount on cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_mounton_cgroup', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	allow $1 cgroup_t:dir mounton;
-')
-
 ########################################
 ## <summary>
 ##	Remount cgroup filesystems.
@ -649,7 +613,7 @@ interface(`fs_unmount_cgroup', `

 ########################################
 ## <summary>
-##	Delete cgroup directories.
+##	Get attributes of cgroup filesystems.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@ -657,49 +621,12 @@ interface(`fs_unmount_cgroup', `
 ##	</summary>
 ## </param>
 #
-interface(`fs_delete_cgroup_dirs', `
+interface(`fs_getattr_cgroup',`
 	gen_require(`
 		type cgroup_t;
 	')

-	delete_dirs_pattern($1, cgroup_t, cgroup_t)
-')
-
-########################################
-## <summary>
-##	list cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_list_cgroup_dirs', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	list_dirs_pattern($1, cgroup_t, cgroup_t)
-')
-
-########################################
-## <summary>
-##	Manage cgroup directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_manage_cgroup_dirs',`
-	gen_require(`
-		type cgroup_t;
-
-	')
-
-	manage_dirs_pattern($1, cgroup_t, cgroup_t)
+	allow $1 cgroup_t:filesystem getattr;
 ')

 ########################################
@ -723,7 +650,7 @@ interface(`fs_search_cgroup_dirs',`

 ########################################
 ## <summary>
-##	Manage cgroup files.
+##	list cgroup directories.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@ -731,13 +658,49 @@ interface(`fs_search_cgroup_dirs',`
 ##	</summary>
 ## </param>
 #
-interface(`fs_manage_cgroup_files',`
+interface(`fs_list_cgroup_dirs', `
+	gen_require(`
+		type cgroup_t;
+	')
+
+	list_dirs_pattern($1, cgroup_t, cgroup_t)
+')
+
+########################################
+## <summary>
+##	Delete cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_delete_cgroup_dirs', `
+	gen_require(`
+		type cgroup_t;
+	')
+
+	delete_dirs_pattern($1, cgroup_t, cgroup_t)
+')
+
+########################################
+## <summary>
+##	Manage cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_manage_cgroup_dirs',`
 	gen_require(`
 		type cgroup_t;

 	')

-	manage_files_pattern($1, cgroup_t, cgroup_t)
+	manage_dirs_pattern($1, cgroup_t, cgroup_t)
 ')

 ########################################
@ -759,6 +722,24 @@ interface(`fs_read_cgroup_files',`
 	read_files_pattern($1, cgroup_t, cgroup_t)
 ')

+########################################
+## <summary>
+##	Write cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_write_cgroup_files', `
+	gen_require(`
+		type cgroup_t;
+	')
+
+	write_files_pattern($1, cgroup_t, cgroup_t)
+')
+
 ########################################
 ## <summary>
 ##	Read and write cgroup files.
@ -778,24 +759,6 @@ interface(`fs_rw_cgroup_files',`
 	rw_files_pattern($1, cgroup_t, cgroup_t)
 ')

-########################################
-## <summary>
-##	Write cgroup files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`fs_write_cgroup_files', `
-	gen_require(`
-		type cgroup_t;
-	')
-
-	write_files_pattern($1, cgroup_t, cgroup_t)
-')
-
 ########################################
 ## <summary>
 ##	Do not audit attempts to open,
@ -816,6 +779,43 @@ interface(`fs_dontaudit_rw_cgroup_files',`
 	dontaudit $1 cgroup_t:file rw_file_perms;
 ')

+########################################
+## <summary>
+##	Manage cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_manage_cgroup_files',`
+	gen_require(`
+		type cgroup_t;
+
+	')
+
+	manage_files_pattern($1, cgroup_t, cgroup_t)
+')
+
+########################################
+## <summary>
+##	Mount on cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_mounton_cgroup', `
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:dir mounton;
+')
+
 ########################################
 ## <summary>
 ##	Do not audit attempts to read