add make temporary_file and daemon_runtime_file

refpolicy/policy/modules/services/cron.te

@@ -31,7 +31,7 @@ type crond_tmp_t;
 files_make_temporary_file(crond_tmp_t)
 
 type crond_var_run_t;
-files_make_file(crond_var_run_t)
+files_make_daemon_runtime_file(crond_var_run_t)
 
 type crontab_exec_t;
 files_make_file(crontab_exec_t)

refpolicy/policy/modules/system/authlogin.te

@@ -39,7 +39,7 @@ type pam_var_console_t; #, nscd_client_domain
 files_make_file(pam_var_console_t)
 
 type pam_var_run_t;
-files_make_file(pam_var_run_t)
+files_make_daemon_runtime_file(pam_var_run_t)
 
 type shadow_t;
 files_make_file(shadow_t)

refpolicy/policy/modules/system/files.if

@@ -15,6 +15,34 @@ define(`files_make_file_depend',`
 attribute file_type;
 ')
 
+########################################
+#
+# files_make_mountpoint(type)
+#
+define(`files_make_mountpoint',`
+requires_block_template(`$0'_depend)
+files_make_file($1)
+typeattribute $1 mountpoint;
+')
+
+define(`files_make_mountpoint_depend',`
+attribute mountpoint;
+')
+
+########################################
+#
+# files_make_daemon_runtime_file(type)
+#
+define(`files_make_daemon_runtime_file',`
+requires_block_template(`$0'_depend)
+files_make_file($1)
+typeattribute $1 pidfile;
+')
+
+define(`files_make_daemon_runtime_file_depend',`
+attribute pidfile;
+')
+
 ########################################
 #
 # files_make_temporary_file(type)
@@ -29,19 +57,6 @@ define(`files_make_temporary_file_depend',`
 attribute tmpfile;
 ')
 
-########################################
-#
-# files_make_mountpoint(type)
-#
-define(`files_make_mountpoint',`
-requires_block_template(`$0'_depend)
-typeattribute $1 mountpoint;
-')
-
-define(`files_make_mountpoint_depend',`
-attribute mountpoint;
-')
-
 ########################################
 #
 # files_get_all_file_attributes(type)
@@ -660,11 +675,9 @@ type_transition $1 var_run_t:file $2;
 ',`
 type_transition $1 var_run_t:$3 $2;
 ') dnl end ifelse
-typeattribute $1 pidfile;
 ')
 
 define(`files_create_daemon_runtime_data_depend',`
-attribute pidfile;
 type var_t, var_run_t;
 class dir { getattr search read write add_name remove_name };
 ')

refpolicy/policy/modules/system/hotplug.te

@@ -15,7 +15,7 @@ type hotplug_etc_t; #, usercanread;
 files_make_file(hotplug_etc_t)
 
 type hotplug_var_run_t;
-files_make_file(hotplug_var_run_t)
+files_make_daemon_runtime_file(hotplug_var_run_t)
 
 ########################################
 #

refpolicy/policy/modules/system/init.te

@@ -34,7 +34,7 @@ devices_create_dev_entry(init_t,initctl_t,fifo_file)
 # init_var_run_t is the type for /var/run/shutdown.pid.
 #
 type init_var_run_t;
-files_make_file(init_var_run_t)
+files_make_daemon_runtime_file(init_var_run_t)
 
 type initrc_t;
 domain_make_domain(initrc_t)
@@ -49,8 +49,7 @@ filesystem_noxattr_associate(initrc_devpts_t)
 terminal_make_pseudoterminal(initrc_t,initrc_devpts_t)
 
 type initrc_var_run_t;
-files_make_file(initrc_var_run_t)
+files_make_daemon_runtime_file(initrc_var_run_t)
-files_create_daemon_runtime_data(initrc_t,initrc_var_run_t)
 
 type initrc_state_t;
 files_make_file(initrc_state_t)
@@ -173,6 +172,8 @@ allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rena
 allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
 allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
 
+files_create_daemon_runtime_data(initrc_t,initrc_var_run_t)
+
 allow initrc_t initrc_tmp_t : file { create ioctl read getattr lock write setattr append link unlink rename };
 allow initrc_t initrc_tmp_t : dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
 files_create_private_tmp_data(initrc_t,initrc_tmp_t, { file dir })

refpolicy/policy/modules/system/iptables.te

@@ -15,8 +15,8 @@ role system_r types iptables_t;
 type iptables_tmp_t;
 files_make_temporary_file(iptables_tmp_t)
 
-type iptables_var_run_t; #, pidfile;
+type iptables_var_run_t;
-files_make_file(iptables_var_run_t)
+files_make_daemon_runtime_file(iptables_var_run_t)
 
 ########################################
 #

refpolicy/policy/modules/system/logging.te

@@ -15,7 +15,7 @@ type klogd_tmp_t;
 files_make_temporary_file(klogd_tmp_t)
 
 type klogd_var_run_t;
-files_make_file(klogd_var_run_t)
+files_make_daemon_runtime_file(klogd_var_run_t)
 
 type syslogd_t;
 type syslogd_exec_t;
@@ -25,7 +25,7 @@ type syslogd_tmp_t;
 files_make_temporary_file(syslogd_tmp_t)
 
 type syslogd_var_run_t;
-files_make_file(syslogd_var_run_t)
+files_make_daemon_runtime_file(syslogd_var_run_t)
 
 type var_log_t, logfile;
 files_make_file(var_log_t)

refpolicy/policy/modules/system/sysnetwork.te

@@ -19,7 +19,7 @@ type dhcpc_tmp_t;
 files_make_temporary_file(dhcpc_tmp_t)
 
 type dhcpc_var_run_t;
-files_make_file(dhcpc_var_run_t)
+files_make_daemon_runtime_file(dhcpc_var_run_t)
 
 type ifconfig_t;
 type ifconfig_exec_t;

refpolicy/policy/modules/system/udev.te

@@ -25,10 +25,9 @@ files_make_file(udev_runtime_t)
 
 type udev_tbl_t alias udev_tdb_t;
 files_make_file(udev_tbl_t)
-devices_create_dev_entry(udev_t,udev_tbl_t,file)
 
 type udev_var_run_t;
-files_make_file(udev_var_run_t)
+files_make_daemon_runtime_file(udev_var_run_t)
 
 ########################################
 #
@@ -56,6 +55,7 @@ allow udev_t udev_etc_t:file { read getattr lock ioctl };
 
 # create udev database in /dev/.udevdb
 allow udev_t udev_tbl_t:file { create ioctl read getattr lock write setattr append link unlink rename };
+devices_create_dev_entry(udev_t,udev_tbl_t,file)
 
 allow udev_t udev_var_run_t : dir { read getattr lock search ioctl add_name remove_name write };
 allow udev_t udev_var_run_t : file { create ioctl read getattr lock write setattr append link unlink rename };