move type delcarations after attribute delcarations to fix a typeattribute

ordering issue. comment out the TODO types with a # so they don't get moved

refpolicy/Makefile

@@ -80,7 +80,7 @@ POST_TE_FILES := $(addprefix $(MISCDIR),users constraints mls initial_sid_contex
 
 ALL_FC_FILES := $(foreach dir,$(ALL_MODULES),$(wildcard $(dir)/*.fc))
 
-POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attributes.conf tmp/only_te_rules.conf tmp/all_post.conf
+POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf
 
 override M4PARAM += -D monolithic_policy
 
@@ -176,11 +176,12 @@ tmp/post_te_files.conf: $(POST_TE_FILES)
 # extract attributes and put them first. extract post te stuff
 # like genfscon and put last.  portcon, nodecon, and netifcon
 # is delayed since they are generated by m4
-tmp/all_attributes.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_files.conf tmp/post_te_files.conf
+tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_files.conf tmp/post_te_files.conf
-	$(QUIET) grep ^attribute tmp/all_te_files.conf > tmp/all_attributes.conf || true
+	$(QUIET) grep ^attribute tmp/all_te_files.conf > tmp/all_attrs_types.conf || true
+	$(QUIET) grep '^type ' tmp/all_te_files.conf >> tmp/all_attrs_types.conf
 	$(QUIET) cat tmp/post_te_files.conf > tmp/all_post.conf
 	$(QUIET) grep ^genfscon tmp/all_te_files.conf >> tmp/all_post.conf || true
-	$(QUIET) sed -e /^attribute/d -e /^genfscon/d < tmp/all_te_files.conf > tmp/only_te_rules.conf
+	$(QUIET) sed -e /^attribute/d -e '/^type /d' -e /^genfscon/d < tmp/all_te_files.conf > tmp/only_te_rules.conf
 
 ########################################
 #

refpolicy/policy/modules/system/authlogin.te

@@ -7,8 +7,7 @@ policy_module(authlogin,1.0)
 # Declarations
 #
 type chkpwd_exec_t;
-authlogin_per_userdomain_template(system)
+files_make_file(chkpwd_exec_t)
-domain_make_entrypoint_file(system_chkpwd_t,chkpwd_exec_t)
 
 type faillog_t;
 logging_make_log_file(faillog_t)
@@ -222,6 +221,15 @@ allow pam_console_t xdm_var_run_t:file { getattr read };
 allow initrc_t pam_var_console_t:dir r_dir_perms;
 ') dnl endif TODO
 
+########################################
+#
+# System check password local policy
+#
+
+authlogin_per_userdomain_template(system)
+
+domain_make_entrypoint_file(system_chkpwd_t,chkpwd_exec_t)
+
 ########################################
 #
 # Utempter local policy

refpolicy/policy/modules/system/mount.te

@@ -73,10 +73,10 @@ allow mount_t var_lib_nfs_t:dir mounton;
 allow mount_t lib_t:file { getattr read };
 
 # TODO: Need to examine this further. Not sure how to handle this
-type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
+#type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
-allow sysadm_t sysadm_mount_source_t:file create_file_perms;
+#allow sysadm_t sysadm_mount_source_t:file create_file_perms;
-allow sysadm_t sysadm_mount_source_t:file { relabelto relabelfrom };
+#allow sysadm_t sysadm_mount_source_t:file { relabelto relabelfrom };
-allow mount_t sysadm_mount_source_t:file rw_file_perms;
+#allow mount_t sysadm_mount_source_t:file rw_file_perms;
 
 # TODO: Probably need a macro for reading/unlinking files
 # for when /etc/mtab loses its type

refpolicy/policy/modules/system/sysnetwork.te

@@ -200,9 +200,9 @@ allow ping_t cardmgr_t:fd use;
 ') dnl end if ping
 
 ifdef(`dhcpd.te', `', `
-type dhcp_state_t, file_type, sysadmfile;
+#type dhcp_state_t, file_type, sysadmfile;
-type dhcp_etc_t, file_type, sysadmfile, usercanread; 
+#type dhcp_etc_t, file_type, sysadmfile, usercanread; 
-typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
+#typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
 ')
 
 allow dhcpc_t dhcp_etc_t:dir { getattr read search };