move make_{daemon,init,system}_domain to init to fix type_transition'ing

This commit is contained in:
Chris PeBenito 2005-05-13 20:21:50 +00:00
parent 24a7ae1a5a
commit ff31386090
26 changed files with 125 additions and 179 deletions

View File

@ -9,8 +9,8 @@ policy_module(consoletype, 1.0)
type consoletype_t; type consoletype_t;
type consoletype_exec_t; type consoletype_exec_t;
domain_make_init_domain(consoletype_t,consoletype_exec_t) init_make_init_domain(consoletype_t,consoletype_exec_t)
domain_make_system_domain(consoletype_t,consoletype_exec_t) init_make_system_domain(consoletype_t,consoletype_exec_t)
role system_r types consoletype_t; role system_r types consoletype_t;
######################################## ########################################

View File

@ -9,7 +9,7 @@ policy_module(devices,1.0)
type netutils_t; type netutils_t;
type netutils_exec_t; type netutils_exec_t;
domain_make_system_domain(netutils_t,netutils_exec_t) init_make_system_domain(netutils_t,netutils_exec_t)
role system_r types netutils_t; role system_r types netutils_t;
type netutils_tmp_t; type netutils_tmp_t;
@ -17,12 +17,12 @@ files_make_temporary_file(netutils_tmp_t)
type ping_t; #, nscd_client_domain; type ping_t; #, nscd_client_domain;
type ping_exec_t; type ping_exec_t;
domain_make_system_domain(ping_t,ping_exec_t) init_make_system_domain(ping_t,ping_exec_t)
role system_r types ping_t; role system_r types ping_t;
type traceroute_t; #, nscd_client_domain; type traceroute_t; #, nscd_client_domain;
type traceroute_exec_t; type traceroute_exec_t;
domain_make_system_domain(traceroute_t,traceroute_exec_t) init_make_system_domain(traceroute_t,traceroute_exec_t)
role system_r types traceroute_t; role system_r types traceroute_t;
# #

View File

@ -33,7 +33,7 @@ files_make_temporary_file(crack_tmp_t)
type groupadd_t; #, nscd_client_domain; type groupadd_t; #, nscd_client_domain;
type groupadd_exec_t; type groupadd_exec_t;
kernel_make_object_identity_change_constraint_exception(groupadd_t) kernel_make_object_identity_change_constraint_exception(groupadd_t)
domain_make_system_domain(groupadd_t,groupadd_exec_t) init_make_system_domain(groupadd_t,groupadd_exec_t)
role system_r types groupadd_t; role system_r types groupadd_t;
type passwd_t; type passwd_t;
@ -55,7 +55,7 @@ files_make_file(sysadm_passwd_tmp_t)
type useradd_t; # nscd_client_domain; type useradd_t; # nscd_client_domain;
type useradd_exec_t; type useradd_exec_t;
kernel_make_object_identity_change_constraint_exception(useradd_t) kernel_make_object_identity_change_constraint_exception(useradd_t)
domain_make_system_domain(useradd_t,useradd_exec_t) init_make_system_domain(useradd_t,useradd_exec_t)
role system_r types useradd_t; role system_r types useradd_t;
######################################## ########################################

View File

@ -1,5 +1,23 @@
# Copyright (C) 2005 Tresys Technology, LLC # Copyright (C) 2005 Tresys Technology, LLC
########################################
#
# kernel_make_userland_entrypoint(domain,entrypoint)
#
define(`kernel_make_userland_entrypoint',`
requires_block_template(`$0'_depend)
allow kernel_t $2:file { getattr read execute };
allow kernel_t $1:process transition;
type_transition kernel_t $2:process $1;
dontaudit kernel_t $1:process { noatsecure siginh rlimitinh };
')
define(`kernel_make_userland_entrypoint_depend',`
type kernel_t;
class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute };
')
######################################## ########################################
# #
# kernel_share_state(domain) # kernel_share_state(domain)
@ -1069,24 +1087,6 @@ class lnk_file { getattr read };
# # # #
################################################################### ###################################################################
########################################
#
# kernel_transition_from(domain,entrypoint)
#
define(`kernel_transition_from',`
requires_block_template(`$0'_depend)
allow kernel_t $2:file { getattr read execute };
allow kernel_t $1:process transition;
type_transition kernel_t $2:process $1;
dontaudit kernel_t $1:process { noatsecure siginh rlimitinh };
')
define(`kernel_transition_from_depend',`
type kernel_t;
class file { getattr read execute };
class process transition;
')
######################################## ########################################
# #
# kernel_sigchld_from(domain) # kernel_sigchld_from(domain)

View File

@ -18,7 +18,7 @@ files_make_file(cron_spool_t)
type crond_t; #, privmail, nscd_client_domain type crond_t; #, privmail, nscd_client_domain
type crond_exec_t; type crond_exec_t;
domain_make_daemon_domain(crond_t,crond_exec_t) init_make_daemon_domain(crond_t,crond_exec_t)
domain_make_file_descriptors_widely_inheritable(crond_t) domain_make_file_descriptors_widely_inheritable(crond_t)
type crond_log_t; type crond_log_t;
@ -35,7 +35,7 @@ files_make_file(crontab_exec_t)
type system_cron_spool_t; type system_cron_spool_t;
type system_crond_t; #, privmail, nscd_client_domain; type system_crond_t; #, privmail, nscd_client_domain;
domain_make_daemon_domain(system_crond_t,anacron_exec_t) init_make_daemon_domain(system_crond_t,anacron_exec_t)
corecommands_make_shell_entrypoint(system_crond_t) corecommands_make_shell_entrypoint(system_crond_t)
role system_r types system_crond_t; role system_r types system_crond_t;

View File

@ -142,7 +142,7 @@ define(`mta_per_userdomain_template_depend',`
# #
define(`mta_make_mailserver_domain',` define(`mta_make_mailserver_domain',`
requires_block_template(`$0'_depend) requires_block_template(`$0'_depend)
domain_make_daemon_domain($1,$2) init_make_daemon_domain($1,$2)
typeattribute $1 mailserver_domain; typeattribute $1 mailserver_domain;
') ')

View File

@ -32,7 +32,7 @@ tunable_policy(`targeted_policy',`',`
optional_policy(`sendmail.te', ` optional_policy(`sendmail.te', `
domain_make_entrypoint_file(system_mail_t,sendmail_exec_t) domain_make_entrypoint_file(system_mail_t,sendmail_exec_t)
', ` ', `
domain_make_system_domain(system_mail_t,sendmail_exec_t) init_make_system_domain(system_mail_t,sendmail_exec_t)
') dnl end if sendmail ') dnl end if sendmail
') dnl end targeted_policy ') dnl end targeted_policy

View File

@ -25,7 +25,7 @@ files_make_file(login_exec_t)
type pam_console_t; type pam_console_t;
type pam_console_exec_t; type pam_console_exec_t;
domain_make_system_domain(pam_console_t,pam_console_exec_t) init_make_system_domain(pam_console_t,pam_console_exec_t)
role system_r types pam_console_t; role system_r types pam_console_t;
domain_make_entrypoint_file(pam_console_t,pam_console_exec_t) domain_make_entrypoint_file(pam_console_t,pam_console_exec_t)

View File

@ -12,7 +12,7 @@ files_make_file(adjtime_t)
type hwclock_t; type hwclock_t;
type hwclock_exec_t; type hwclock_exec_t;
domain_make_system_domain(hwclock_t,hwclock_exec_t) init_make_system_domain(hwclock_t,hwclock_exec_t)
role system_r types hwclock_t; role system_r types hwclock_t;
######################################## ########################################

View File

@ -62,60 +62,6 @@ attribute entry_type;
class file entrypoint; class file entrypoint;
') ')
########################################
#
# domain_make_init_domain(domain,entrypointfile)
#
define(`domain_make_init_domain',`
requires_block_template(`$0'_depend)
domain_make_domain($1)
domain_make_entrypoint_file($1,$2)
typeattribute $1 init_domain;
typeattribute $2 init_domain_entry;
role system_r types $1;
')
define(`domain_make_init_domain_depend',`
attribute init_domain, init_domain_entry;
role system_r;
')
########################################
#
# domain_make_daemon_domain(domain,entrypointfile)
#
define(`domain_make_daemon_domain',`
requires_block_template(`$0'_depend)
domain_make_domain($1)
domain_make_entrypoint_file($1,$2)
typeattribute $1 daemon_domain;
typeattribute $2 daemon_domain_entry;
role system_r types $1;
')
define(`domain_make_daemon_domain_depend',`
attribute init_domain, init_domain_entry;
role system_r;
')
########################################
#
# domain_make_system_domain(domain,entrypointfile)
#
define(`domain_make_system_domain',`
requires_block_template(`$0'_depend)
domain_make_domain($1)
domain_make_entrypoint_file($1,$2)
typeattribute $1 system_domain;
typeattribute $2 system_domain_entry;
role system_r types $1;
')
define(`domain_make_system_domain_depend',`
attribute system_domain, system_domain_entry;
role system_r;
')
######################################## ########################################
# #
# domain_make_file_descriptors_widely_inheritable(domain) # domain_make_file_descriptors_widely_inheritable(domain)
@ -157,60 +103,6 @@ attribute privfd;
class fd use; class fd use;
') ')
########################################
#
# domain_all_init_domains_transition(domain)
#
define(`domain_all_init_domains_transition',`
requires_block_template(`$0'_depend)
allow $1 init_domain:process transition;
allow $1 init_domain_entry:file { getattr read execute };
dontaudit $1 init_domain:process { noatsecure siginh rlimitinh };
')
define(`domain_all_init_domains_transition_depend',`
attribute init_domain, init_domain_entry;
class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute };
')
########################################
#
# domain_all_daemon_domains_transition(domain)
#
define(`domain_all_daemon_domains_transition',`
requires_block_template(`$0'_depend)
allow $1 daemon_domain:process transition;
allow $1 daemon_domain_entry:file { getattr read execute };
allow daemon_domain $1:fd use;
allow $1 daemon_domain:process { noatsecure siginh rlimitinh };
')
define(`domain_all_daemon_domains_transition_depend',`
attribute daemon_domain, daemon_domain_entry;
class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute };
')
########################################
#
# domain_all_system_domains_transition(domain)
#
define(`domain_all_system_domains_transition',`
requires_block_template(`$0'_depend)
allow $1 system_domain:process transition;
allow $1 system_domain_entry:file { getattr read execute };
allow system_domain $1:fd use;
allow $1 system_domain:process { noatsecure siginh rlimitinh };
')
define(`domain_all_system_domains_transition_depend',`
attribute system_domain, system_domain_entry;
class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute };
')
######################################## ########################################
# #
# domain_signal_all_domains(domain) # domain_signal_all_domains(domain)

View File

@ -8,20 +8,6 @@ attribute domain;
# entrypoint executables # entrypoint executables
attribute entry_type; attribute entry_type;
# processes started by init itself
attribute init_domain;
attribute init_domain_entry;
# short running processes started by init scripts,
# such as mount, usually for initializing the system
attribute system_domain;
attribute system_domain_entry;
# long running application processes started by
# init scripts, such as sshd
attribute daemon_domain;
attribute daemon_domain_entry;
# widely-inheritable file descriptors # widely-inheritable file descriptors
attribute privfd; attribute privfd;

View File

@ -4,7 +4,7 @@ policy_module(getty,1.0)
type getty_t; type getty_t;
type getty_exec_t; type getty_exec_t;
domain_make_init_domain(getty_t,getty_exec_t) init_make_init_domain(getty_t,getty_exec_t)
domain_make_file_descriptors_widely_inheritable(getty_t) domain_make_file_descriptors_widely_inheritable(getty_t)
type getty_etc_t; type getty_etc_t;

View File

@ -9,7 +9,7 @@ policy_module(hostname,1.0)
type hostname_t; type hostname_t;
type hostname_exec_t; type hostname_exec_t;
domain_make_system_domain(hostname_t,hostname_exec_t) init_make_system_domain(hostname_t,hostname_exec_t)
role system_r types hostname_t; role system_r types hostname_t;

View File

@ -9,7 +9,8 @@ policy_module(hotplug, 1.0)
type hotplug_t; type hotplug_t;
type hotplug_exec_t; type hotplug_exec_t;
domain_make_system_domain(hotplug_t,hotplug_exec_t) kernel_make_userland_entrypoint(hotplug_t,hotplug_exec_t)
init_make_system_domain(hotplug_t,hotplug_exec_t)
type hotplug_etc_t; #, usercanread; type hotplug_etc_t; #, usercanread;
files_make_file(hotplug_etc_t) files_make_file(hotplug_etc_t)
@ -46,7 +47,6 @@ kernel_read_kernel_sysctl(hotplug_t)
kernel_read_hardware_state(hotplug_t) kernel_read_hardware_state(hotplug_t)
kernel_read_network_sysctl(hotplug_t) kernel_read_network_sysctl(hotplug_t)
kernel_read_usb_hardware_state(hotplug_t) kernel_read_usb_hardware_state(hotplug_t)
kernel_transition_from(hotplug_t,hotplug_exec_t)
bootloader_read_kernel_modules(hotplug_t) bootloader_read_kernel_modules(hotplug_t)

View File

@ -1,5 +1,77 @@
# Copyright (C) 2005 Tresys Technology, LLC # Copyright (C) 2005 Tresys Technology, LLC
########################################
#
# init_make_init_domain(domain,entrypointfile)
#
define(`init_make_init_domain',`
requires_block_template(`$0'_depend)
domain_make_domain($1)
domain_make_entrypoint_file($1,$2)
role system_r types $1;
allow init_t $1:process transition;
allow init_t $2:file { getattr read execute };
dontaudit init_t $1:process { noatsecure siginh rlimitinh };
type_transition init_t $2:process $1;
')
define(`init_make_init_domain_depend',`
type init_t;
class file { getattr read execute };
class fd use;
class process { transition noatsecure siginh rlimitinh };
role system_r;
')
########################################
#
# init_make_daemon_domain(domain,entrypointfile)
#
define(`init_make_daemon_domain',`
requires_block_template(`$0'_depend)
domain_make_domain($1)
domain_make_entrypoint_file($1,$2)
role system_r types $1;
allow initrc_t $1:process transition;
allow initrc_t $2:file { getattr read execute };
dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
allow $1 initrc_t:fd use;
type_transition initrc_t $2:process $1;
')
define(`init_make_daemon_domain_depend',`
type initrc_t;
class file { getattr read execute };
class fd use;
class process { transition noatsecure siginh rlimitinh };
role system_r;
')
########################################
#
# init_make_system_domain(domain,entrypointfile)
#
define(`init_make_system_domain',`
requires_block_template(`$0'_depend)
domain_make_domain($1)
domain_make_entrypoint_file($1,$2)
role system_r types $1;
allow initrc_t $1:process transition;
allow initrc_t $2:file { getattr read execute };
dontaudit initrc_t $1:process { noatsecure siginh rlimitinh };
allow $1 initrc_t:fd use;
type_transition initrc_t $2:process $1;
')
define(`init_make_system_domain_depend',`
type initrc_t;
class file { getattr read execute };
class fd use;
class process { transition noatsecure siginh rlimitinh };
role system_r;
')
######################################## ########################################
# #
# init_transition(domain) # init_transition(domain)

View File

@ -18,6 +18,7 @@ role system_r types init_t;
# init_exec_t is the type of the init program. # init_exec_t is the type of the init program.
# #
type init_exec_t; type init_exec_t;
kernel_make_userland_entrypoint(init_t,init_exec_t)
domain_make_entrypoint_file(init_t,init_exec_t) domain_make_entrypoint_file(init_t,init_exec_t)
# #
@ -82,7 +83,6 @@ allow init_t initrc_exec_t:file { getattr read execute };
allow init_t self:fifo_file { read write ioctl }; allow init_t self:fifo_file { read write ioctl };
kernel_transition_from(init_t,init_exec_t)
kernel_sigchld_from(init_t) kernel_sigchld_from(init_t)
# If you load a new policy that removes active domains, processes can # If you load a new policy that removes active domains, processes can
@ -100,7 +100,6 @@ terminal_use_all_terminals(init_t)
domain_signal_all_domains(init_t) domain_signal_all_domains(init_t)
domain_kill_all_domains(init_t) domain_kill_all_domains(init_t)
domain_all_init_domains_transition(init_t)
files_modify_system_runtime_data(init_t) files_modify_system_runtime_data(init_t)
@ -233,8 +232,6 @@ bootloader_read_kernel_symbol_table(initrc_t)
domain_kill_all_domains(initrc_t) domain_kill_all_domains(initrc_t)
domain_read_all_domains_process_state(initrc_t) domain_read_all_domains_process_state(initrc_t)
domain_all_daemon_domains_transition(initrc_t)
domain_all_system_domains_transition(initrc_t)
domain_use_widely_inheritable_file_descriptors(initrc_t) domain_use_widely_inheritable_file_descriptors(initrc_t)
libraries_modify_dynamic_loader_cache(initrc_t) libraries_modify_dynamic_loader_cache(initrc_t)

View File

@ -9,7 +9,7 @@ policy_module(iptables, 1.0)
type iptables_t; type iptables_t;
type iptables_exec_t; type iptables_exec_t;
domain_make_system_domain(iptables_t,iptables_exec_t) init_make_system_domain(iptables_t,iptables_exec_t)
role system_r types iptables_t; role system_r types iptables_t;
type iptables_tmp_t; type iptables_tmp_t;

View File

@ -24,8 +24,8 @@ type sulogin_exec_t;
kernel_make_object_identity_change_constraint_exception(sulogin_t) kernel_make_object_identity_change_constraint_exception(sulogin_t)
kernel_make_process_identity_change_constraint_exception(sulogin_t) kernel_make_process_identity_change_constraint_exception(sulogin_t)
kernel_make_role_change_constraint_exception(sulogin_t) kernel_make_role_change_constraint_exception(sulogin_t)
domain_make_init_domain(sulogin_t,sulogin_exec_t) init_make_init_domain(sulogin_t,sulogin_exec_t)
domain_make_system_domain(sulogin_t,sulogin_exec_t) init_make_system_domain(sulogin_t,sulogin_exec_t)
domain_make_file_descriptors_widely_inheritable(sulogin_t) domain_make_file_descriptors_widely_inheritable(sulogin_t)
role system_r types sulogin_t; role system_r types sulogin_t;

View File

@ -9,7 +9,7 @@ files_make_file(devlog_t)
type klogd_t; type klogd_t;
type klogd_exec_t; type klogd_exec_t;
domain_make_daemon_domain(klogd_t,klogd_exec_t) init_make_daemon_domain(klogd_t,klogd_exec_t)
type klogd_tmp_t; type klogd_tmp_t;
files_make_temporary_file(klogd_tmp_t) files_make_temporary_file(klogd_tmp_t)
@ -19,7 +19,7 @@ files_make_daemon_runtime_file(klogd_var_run_t)
type syslogd_t; type syslogd_t;
type syslogd_exec_t; type syslogd_exec_t;
domain_make_daemon_domain(syslogd_t,syslogd_exec_t) init_make_daemon_domain(syslogd_t,syslogd_exec_t)
type syslogd_tmp_t; type syslogd_tmp_t;
files_make_temporary_file(syslogd_tmp_t) files_make_temporary_file(syslogd_tmp_t)

View File

@ -9,7 +9,7 @@ policy_module(lvm,1.0)
type lvm_t; type lvm_t;
type lvm_exec_t; type lvm_exec_t;
domain_make_system_domain(lvm_t,lvm_exec_t) init_make_system_domain(lvm_t,lvm_exec_t)
# needs privowner because it assigns the identity system_u to device nodes # needs privowner because it assigns the identity system_u to device nodes
# but runs as the identity of the sysadmin # but runs as the identity of the sysadmin
kernel_make_object_identity_change_constraint_exception(lvm_t) kernel_make_object_identity_change_constraint_exception(lvm_t)

View File

@ -17,17 +17,18 @@ files_make_file(modules_dep_t)
type insmod_t; type insmod_t;
type insmod_exec_t; type insmod_exec_t;
domain_make_system_domain(insmod_t,insmod_exec_t) kernel_make_userland_entrypoint(insmod_t,insmod_exec_t)
init_make_system_domain(insmod_t,insmod_exec_t)
role system_r types insmod_t; role system_r types insmod_t;
type depmod_t; type depmod_t;
type depmod_exec_t; type depmod_exec_t;
domain_make_system_domain(depmod_t,depmod_exec_t) init_make_system_domain(depmod_t,depmod_exec_t)
role system_r types depmod_t; role system_r types depmod_t;
type update_modules_t; type update_modules_t;
type update_modules_exec_t; type update_modules_exec_t;
domain_make_system_domain(update_modules_t,update_modules_exec_t) init_make_system_domain(update_modules_t,update_modules_exec_t)
role system_r types update_modules_t; role system_r types update_modules_t;
type update_modules_tmp_t; type update_modules_tmp_t;
@ -49,8 +50,6 @@ allow insmod_t { modules_conf_t modules_dep_t }:file { getattr read };
allow insmod_t insmod_exec_t:file { getattr read execute execute_no_trans }; allow insmod_t insmod_exec_t:file { getattr read execute execute_no_trans };
kernel_transition_from(insmod_t,insmod_exec_t)
kernel_load_module(insmod_t) kernel_load_module(insmod_t)
# Rules for /proc/sys/kernel/tainted # Rules for /proc/sys/kernel/tainted

View File

@ -2,7 +2,7 @@
type mount_t; type mount_t;
type mount_exec_t; type mount_exec_t;
domain_make_system_domain(mount_t,mount_exec_t) init_make_system_domain(mount_t,mount_exec_t)
role system_r types mount_t; role system_r types mount_t;
type mount_tmp_t; type mount_tmp_t;

View File

@ -67,7 +67,7 @@ files_make_file(policy_src_t)
type restorecon_t, can_relabelto_binary_policy; type restorecon_t, can_relabelto_binary_policy;
type restorecon_exec_t; type restorecon_exec_t;
kernel_make_object_identity_change_constraint_exception(restorecon_t) kernel_make_object_identity_change_constraint_exception(restorecon_t)
domain_make_system_domain(restorecon_t,restorecon_exec_t) init_make_system_domain(restorecon_t,restorecon_exec_t)
role system_r types restorecon_t; role system_r types restorecon_t;
# #

View File

@ -67,7 +67,7 @@ files_make_file(policy_src_t)
type restorecon_t, can_relabelto_binary_policy; type restorecon_t, can_relabelto_binary_policy;
type restorecon_exec_t; type restorecon_exec_t;
kernel_make_object_identity_change_constraint_exception(restorecon_t) kernel_make_object_identity_change_constraint_exception(restorecon_t)
domain_make_system_domain(restorecon_t,restorecon_exec_t) init_make_system_domain(restorecon_t,restorecon_exec_t)
role system_r types restorecon_t; role system_r types restorecon_t;
# #

View File

@ -9,7 +9,7 @@ policy_module(sysnetwork,1.0)
type dhcpc_t; type dhcpc_t;
type dhcpc_exec_t; type dhcpc_exec_t;
domain_make_daemon_domain(dhcpc_t,dhcpc_exec_t) init_make_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t; role system_r types dhcpc_t;
type dhcpc_state_t; type dhcpc_state_t;
@ -23,7 +23,7 @@ files_make_daemon_runtime_file(dhcpc_var_run_t)
type ifconfig_t; type ifconfig_t;
type ifconfig_exec_t; type ifconfig_exec_t;
domain_make_system_domain(ifconfig_t, ifconfig_exec_t) init_make_system_domain(ifconfig_t, ifconfig_exec_t)
role system_r types ifconfig_t; role system_r types ifconfig_t;
type net_conf_t alias resolv_conf_t; type net_conf_t alias resolv_conf_t;

View File

@ -10,8 +10,9 @@ policy_module(udev,1.0)
type udev_t; # nscd_client_domain type udev_t; # nscd_client_domain
type udev_exec_t; type udev_exec_t;
type udev_helper_exec_t; type udev_helper_exec_t;
kernel_make_userland_entrypoint(udev_t,udev_exec_t)
kernel_make_object_identity_change_constraint_exception(udev_t) kernel_make_object_identity_change_constraint_exception(udev_t)
domain_make_daemon_domain(udev_t,udev_exec_t) init_make_daemon_domain(udev_t,udev_exec_t)
domain_make_entrypoint_file(udev_t,udev_helper_exec_t) domain_make_entrypoint_file(udev_t,udev_helper_exec_t)
domain_make_file_descriptors_widely_inheritable(udev_t) domain_make_file_descriptors_widely_inheritable(udev_t)
@ -74,7 +75,6 @@ kernel_compute_selinux_av(udev_t)
kernel_compute_create(udev_t) kernel_compute_create(udev_t)
kernel_compute_relabel(udev_t) kernel_compute_relabel(udev_t)
kernel_compute_reachable_user_contexts(udev_t) kernel_compute_reachable_user_contexts(udev_t)
kernel_transition_from(udev_t,udev_exec_t)
devices_manage_device_nodes(udev_t) devices_manage_device_nodes(udev_t)