From 9c47227c7aed9b9c585d1eba2025b2132107cee3 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 5 Aug 2009 09:48:46 -0400
Subject: [PATCH] fix ordering of interface calls in sudo.

---
 policy/modules/admin/sudo.if | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 9cdaedab..d2deefee 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -83,10 +83,25 @@ template(`sudo_role_template',`
 	kernel_read_system_state($1_sudo_t)
 	kernel_link_key($1_sudo_t)
 
+	corecmd_read_bin_symlinks($1_sudo_t)
+	corecmd_getattr_all_executables($1_sudo_t)
+
 	dev_read_urand($1_sudo_t)
 	dev_rw_generic_usb_dev($1_sudo_t)
 	dev_read_sysfs($1_sudo_t)
 
+	domain_use_interactive_fds($1_sudo_t)
+	domain_sigchld_interactive_fds($1_sudo_t)
+	domain_getattr_all_entry_files($1_sudo_t)
+
+	files_read_etc_files($1_sudo_t)
+	files_read_var_files($1_sudo_t)
+	files_read_usr_symlinks($1_sudo_t)
+	files_getattr_usr_files($1_sudo_t)
+	# for some PAM modules and for cwd
+	files_dontaudit_search_home($1_sudo_t)
+	files_list_tmp($1_sudo_t)
+
 	fs_search_auto_mountpoints($1_sudo_t)
 	fs_getattr_xattr_fs($1_sudo_t)
 
@@ -101,21 +116,6 @@ template(`sudo_role_template',`
 	auth_manage_pam_pid($1_sudo_t)
 	auth_use_nsswitch($1_sudo_t)
 
-	corecmd_read_bin_symlinks($1_sudo_t)
-	corecmd_getattr_all_executables($1_sudo_t)
-
-	domain_use_interactive_fds($1_sudo_t)
-	domain_sigchld_interactive_fds($1_sudo_t)
-	domain_getattr_all_entry_files($1_sudo_t)
-
-	files_read_etc_files($1_sudo_t)
-	files_read_var_files($1_sudo_t)
-	files_read_usr_symlinks($1_sudo_t)
-	files_getattr_usr_files($1_sudo_t)
-	# for some PAM modules and for cwd
-	files_dontaudit_search_home($1_sudo_t)
-	files_list_tmp($1_sudo_t)
-
 	init_rw_utmp($1_sudo_t)
 
 	logging_send_audit_msgs($1_sudo_t)