convert over to system_domain, plus a couple init cleanups

refpolicy/policy/modules/admin/consoletype.te

@@ -8,11 +8,10 @@ policy_module(consoletype, 1.0)
 #
 
 type consoletype_t;
-domain_make_domain(consoletype_t)
-role system_r types consoletype_t;
-
 type consoletype_exec_t;
-domain_make_entrypoint_file(consoletype_t,consoletype_exec_t)
+domain_make_init_domain(consoletype_t,consoletype_exec_t)
+domain_make_system_domain(consoletype_t,consoletype_exec_t)
+role system_r types consoletype_t;
 
 ########################################
 #

refpolicy/policy/modules/admin/usermanage.te

@@ -30,11 +30,9 @@ type crack_tmp_t;
 files_make_file(crack_tmp_t)
 
 type groupadd_t; #, privowner, nscd_client_domain;
-domain_make_domain(groupadd_t)
-role system_r types groupadd_t;
-
 type groupadd_exec_t;
-domain_make_entrypoint_file(groupadd_t,groupadd_exec_t)
+domain_make_system_domain(groupadd_t,groupadd_exec_t)
+role system_r types groupadd_t;
 
 type passwd_t; #,auth_write, privowner;
 domain_make_domain(passwd_t)
@@ -51,11 +49,9 @@ type sysadm_passwd_tmp_t;
 files_make_file(sysadm_passwd_tmp_t)
 
 type useradd_t; #, privowner, nscd_client_domain;
-domain_make_domain(useradd_t)
-role system_r types useradd_t;
-
 type useradd_exec_t;
-domain_make_entrypoint_file(useradd_t,useradd_exec_t)
+domain_make_system_domain(useradd_t,useradd_exec_t)
+role system_r types useradd_t;
 
 ########################################
 #

refpolicy/policy/modules/system/authlogin.te

@@ -20,7 +20,7 @@ files_make_file(login_exec_t)
 
 type pam_console_t;
 type pam_console_exec_t;
-domain_make_daemon_domain(pam_console_t,pam_console_exec_t)
+domain_make_system_domain(pam_console_t,pam_console_exec_t)
 role system_r types pam_console_t;
 
 domain_make_entrypoint_file(pam_console_t,pam_console_exec_t)

refpolicy/policy/modules/system/hotplug.te

@@ -9,7 +9,7 @@ policy_module(hotplug, 1.0)
 
 type hotplug_t;
 type hotplug_exec_t;
-domain_make_daemon_domain(hotplug_t,hotplug_exec_t)
+domain_make_system_domain(hotplug_t,hotplug_exec_t)
 
 type hotplug_etc_t; #, usercanread;
 files_make_file(hotplug_etc_t)

refpolicy/policy/modules/system/init.te

@@ -2,6 +2,11 @@
 
 policy_module(init,1.0)
 
+########################################
+#
+# Declarations
+#
+
 #
 # init_t is the domain of the init process.
 #
@@ -30,7 +35,6 @@ devices_create_dev_entry(init_t,initctl_t,fifo_file)
 #
 type init_var_run_t;
 files_make_file(init_var_run_t)
-files_create_daemon_runtime_data(init_t,init_var_run_t)
 
 type initrc_t;
 domain_make_domain(initrc_t)
@@ -53,7 +57,6 @@ files_make_file(initrc_state_t)
 
 type initrc_tmp_t;
 files_make_file(initrc_tmp_t)
-files_create_private_tmp_data(initrc_t,initrc_tmp_t)
 
 type run_init_t;
 domain_make_domain(run_init_t)
@@ -71,6 +74,7 @@ allow init_t init_exec_t:file { getattr read execute execute_no_trans };
 
 # For /var/run/shutdown.pid.
 allow init_t init_var_run_t:file { create getattr read append write setattr unlink };
+files_create_daemon_runtime_data(init_t,init_var_run_t)
 
 # Run init scripts.  this is ok since initrc
 # is also in this module
@@ -140,21 +144,13 @@ allow init_t self:capability ~sys_module;
 # Modify utmp.
 allow init_t initrc_var_run_t:file { getattr read write setattr };
 
-optional_policy(`consoletype.te',`
+ifdef(`TODO',`
-consoletype_execute(init_t,optional)
-')
-
-########################################
-#
-# the following still need to be converted over
-#
-
 # something other then static libs
 allow init_t lib_t:file { getattr read };
 
 # for mount points
 allow init_t file_t:dir search;
-
+') dnl end TODO
 
 ########################################
 #
@@ -179,6 +175,10 @@ allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rena
 allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
 allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
 
+allow initrc_t initrc_tmp_t : file { create ioctl read getattr lock write setattr append link unlink rename };
+allow initrc_t initrc_tmp_t : dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
+files_create_private_tmp_data(initrc_t,initrc_tmp_t, { file dir })
+
 kernel_read_system_state(initrc_t)
 kernel_read_software_raid_state(initrc_t)
 kernel_read_network_state(initrc_t)
@@ -280,23 +280,6 @@ authlogin_pam_read_runtime_data(initrc_t)
 authlogin_pam_remove_runtime_data(initrc_t)
 ')
 
-optional_policy(`consoletype.te',`
-consoletype_transition(initrc_t)
-')
-
-optional_policy(`modutils.te',`
-modutils_depmod_transition(initrc_t)
-modutils_update_modules_transition(initrc_t)
-')
-
-optional_policy(`mount.te',`
-mount_transition(initrc_t)
-')
-
-optional_policy(`sysnetwork.te',`
-sysnetwork_ifconfig_transition(initrc_t)
-')
-
 tunable_policy(`distro_redhat',`
 kernel_set_selinux_enforcement_mode(initrc_t)
 

refpolicy/policy/modules/system/iptables.te

@@ -9,7 +9,7 @@ policy_module(iptables, 1.0)
 
 type iptables_t;
 type iptables_exec_t;
-domain_make_daemon_domain(iptables_t,iptables_exec_t)
+domain_make_system_domain(iptables_t,iptables_exec_t)
 role system_r types iptables_t;
 
 type iptables_tmp_t;

refpolicy/policy/modules/system/modutils.te

@@ -11,25 +11,19 @@ type modules_dep_t;
 files_make_file(modules_dep_t)
 
 type insmod_t;
-domain_make_domain(insmod_t)
+type insmod_exec_t;
+domain_make_system_domain(insmod_t,insmod_exec_t)
 role system_r types insmod_t;
 
-type insmod_exec_t;
-domain_make_entrypoint_file(insmod_t,insmod_exec_t)
-
 type depmod_t;
-domain_make_domain(depmod_t)
+type depmod_exec_t;
+domain_make_system_domain(depmod_t,depmod_exec_t)
 role system_r types depmod_t;
 
-type depmod_exec_t;
-domain_make_entrypoint_file(depmod_t,depmod_exec_t)
-
 type update_modules_t;
-domain_make_domain(update_modules_t)
-role system_r types update_modules_t;
-
 type update_modules_exec_t;
-domain_make_entrypoint_file(update_modules_t,update_modules_exec_t)
+domain_make_system_domain(update_modules_t,update_modules_exec_t)
+role system_r types update_modules_t;
 
 type update_modules_tmp_t;
 files_make_file(update_modules_tmp_t)

refpolicy/policy/modules/system/mount.te

@@ -1,11 +1,9 @@
 # Copyright (C) 2005 Tresys Technology, LLC
 
 type mount_t;
-domain_make_domain(mount_t)
-role system_r types mount_t;
-
 type mount_exec_t;
-domain_make_entrypoint_file(mount_t,mount_exec_t)
+domain_make_system_domain(mount_t,mount_exec_t)
+role system_r types mount_t;
 
 type mount_tmp_t;
 files_make_file(mount_tmp_t)

refpolicy/policy/modules/system/sysnetwork.te

@@ -10,6 +10,7 @@ policy_module(sysnetwork,1.0)
 type dhcpc_t;
 type dhcpc_exec_t;
 domain_make_daemon_domain(dhcpc_t,dhcpc_exec_t)
+role system_r types dhcpc_t;
 
 type dhcpc_state_t;
 files_make_file(dhcpc_state_t)
@@ -21,11 +22,9 @@ type dhcpc_var_run_t;
 files_make_file(dhcpc_var_run_t)
 
 type ifconfig_t;
-domain_make_domain(ifconfig_t)
-role system_r types ifconfig_t;
-
 type ifconfig_exec_t;
-domain_make_entrypoint_file(ifconfig_t, ifconfig_exec_t)
+domain_make_system_domain(ifconfig_t, ifconfig_exec_t)
+role system_r types ifconfig_t;
 
 type net_conf_t alias resolv_conf_t;
 files_make_file(net_conf_t)