LinuxLists.cc - [PATCH] Drop support for /dev/.udev and like

2020-04-17 12:37:26

Subject: [PATCH] Drop support for /dev/.udev and like

From: Laurent Bigonville <[email protected]>

This location is gone for quite some times and the udevdb has been moved
to /run/udev.

Drop the udev_tbl_t and deprecate the udev_read_db() function

This inspired from changes in the Red Hat policy

Signed-off-by: Laurent Bigonville <[email protected]>

Fixes: #221
---
policy/modules/admin/acct.te | 2 +-
policy/modules/admin/dmesg.te | 2 +-
policy/modules/admin/kudzu.te | 2 +-
policy/modules/admin/mrtg.te | 2 +-
policy/modules/admin/quota.te | 2 +-
policy/modules/admin/sxid.te | 2 +-
policy/modules/admin/updfstab.te | 2 +-
policy/modules/apps/chromium.te | 2 +-
policy/modules/apps/games.te | 2 +-
policy/modules/apps/mozilla.te | 2 +-
policy/modules/apps/pulseaudio.te | 2 +-
policy/modules/apps/uml.te | 2 +-
policy/modules/apps/vmware.te | 2 +-
policy/modules/services/acpi.te | 2 +-
policy/modules/services/apache.te | 2 +-
policy/modules/services/arpwatch.te | 2 +-
policy/modules/services/asterisk.te | 2 +-
policy/modules/services/automount.te | 2 +-
policy/modules/services/avahi.te | 2 +-
policy/modules/services/bind.te | 2 +-
policy/modules/services/bluetooth.te | 2 +-
policy/modules/services/canna.te | 2 +-
policy/modules/services/cipe.te | 2 +-
policy/modules/services/colord.te | 1 -
policy/modules/services/consolekit.te | 1 -
policy/modules/services/courier.te | 2 +-
policy/modules/services/cpucontrol.te | 2 +-
policy/modules/services/cron.te | 2 +-
policy/modules/services/cups.te | 7 +++----
policy/modules/services/cyrus.te | 2 +-
policy/modules/services/dante.te | 2 +-
policy/modules/services/dbus.te | 2 +-
policy/modules/services/dcc.te | 6 +++---
policy/modules/services/ddclient.te | 2 +-
policy/modules/services/devicekit.te | 5 ++---
policy/modules/services/dhcp.te | 2 +-
policy/modules/services/dictd.te | 2 +-
policy/modules/services/distcc.te | 2 +-
policy/modules/services/dnsmasq.te | 2 +-
policy/modules/services/dovecot.te | 2 +-
policy/modules/services/entropyd.te | 2 +-
policy/modules/services/fetchmail.te | 2 +-
policy/modules/services/finger.te | 2 +-
policy/modules/services/ftp.te | 2 +-
policy/modules/services/gatekeeper.te | 2 +-
policy/modules/services/gpm.te | 2 +-
policy/modules/services/hal.te | 2 +-
policy/modules/services/howl.te | 2 +-
policy/modules/services/i18n_input.te | 2 +-
policy/modules/services/imaze.te | 2 +-
policy/modules/services/inetd.te | 2 +-
policy/modules/services/inn.te | 2 +-
policy/modules/services/ircd.te | 2 +-
policy/modules/services/irqbalance.te | 2 +-
policy/modules/services/jabber.te | 2 +-
policy/modules/services/kerberos.te | 4 ++--
policy/modules/services/ldap.te | 2 +-
policy/modules/services/lpd.te | 2 +-
policy/modules/services/modemmanager.te | 2 +-
policy/modules/services/monop.te | 2 +-
policy/modules/services/mpd.te | 2 +-
policy/modules/services/munin.te | 2 +-
policy/modules/services/mysql.te | 2 +-
policy/modules/services/nagios.te | 4 ++--
policy/modules/services/nessus.te | 2 +-
policy/modules/services/networkmanager.te | 1 -
policy/modules/services/nis.te | 6 +++---
policy/modules/services/nscd.te | 2 +-
policy/modules/services/nsd.te | 2 +-
policy/modules/services/ntop.te | 2 +-
policy/modules/services/ntp.te | 2 +-
policy/modules/services/oav.te | 2 +-
policy/modules/services/openct.te | 2 +-
policy/modules/services/pcscd.te | 2 +-
policy/modules/services/pegasus.te | 2 +-
policy/modules/services/perdition.te | 2 +-
policy/modules/services/portmap.te | 2 +-
policy/modules/services/portslave.te | 2 +-
policy/modules/services/postfix.te | 2 +-
policy/modules/services/postgresql.te | 2 +-
policy/modules/services/postgrey.te | 2 +-
policy/modules/services/ppp.te | 4 ++--
policy/modules/services/privoxy.te | 2 +-
policy/modules/services/pxe.te | 2 +-
policy/modules/services/radius.te | 2 +-
policy/modules/services/radvd.te | 2 +-
policy/modules/services/rdisc.te | 2 +-
policy/modules/services/resmgr.te | 2 +-
policy/modules/services/rgmanager.te | 2 +-
policy/modules/services/rhcs.te | 2 +-
policy/modules/services/rhgb.te | 2 +-
policy/modules/services/roundup.te | 2 +-
policy/modules/services/rpc.te | 2 +-
policy/modules/services/samba.te | 6 +++---
policy/modules/services/sasl.te | 2 +-
policy/modules/services/sendmail.te | 2 +-
policy/modules/services/slrnpull.te | 2 +-
policy/modules/services/smartmon.te | 2 +-
policy/modules/services/snmp.te | 2 +-
policy/modules/services/snort.te | 2 +-
policy/modules/services/soundserver.te | 2 +-
policy/modules/services/spamassassin.te | 2 +-
policy/modules/services/speedtouch.te | 2 +-
policy/modules/services/squid.te | 2 +-
policy/modules/services/ssh.te | 2 +-
policy/modules/services/stunnel.te | 2 +-
policy/modules/services/tftp.te | 2 +-
policy/modules/services/timidity.te | 2 +-
policy/modules/services/transproxy.te | 2 +-
policy/modules/services/uptime.te | 2 +-
policy/modules/services/uwimap.te | 2 +-
policy/modules/services/virt.te | 1 -
policy/modules/services/watchdog.te | 2 +-
policy/modules/services/xfs.te | 2 +-
policy/modules/services/xprint.te | 2 +-
policy/modules/services/xserver.te | 3 +--
policy/modules/services/zebra.te | 2 +-
policy/modules/system/authlogin.te | 2 +-
policy/modules/system/clock.te | 2 +-
policy/modules/system/fstools.te | 2 +-
policy/modules/system/getty.te | 2 +-
policy/modules/system/hotplug.te | 2 +-
policy/modules/system/init.te | 2 +-
policy/modules/system/ipsec.te | 2 +-
policy/modules/system/iptables.te | 1 -
policy/modules/system/logging.te | 6 +++---
policy/modules/system/lvm.te | 3 +--
policy/modules/system/pcmcia.te | 2 +-
policy/modules/system/raid.te | 2 +-
policy/modules/system/sysnetwork.te | 2 +-
policy/modules/system/systemd.te | 2 --
policy/modules/system/udev.fc | 4 ----
policy/modules/system/udev.if | 25 +++++++----------------
policy/modules/system/udev.te | 13 ++----------
134 files changed, 148 insertions(+), 183 deletions(-)

diff --git a/policy/modules/admin/acct.te b/policy/modules/admin/acct.te
index 4f3550cf..6974a111 100644
--- a/policy/modules/admin/acct.te
+++ b/policy/modules/admin/acct.te
@@ -79,5 +79,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(acct_t)
+ udev_read_pid_files(acct_t)
')
diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te
index 5bbe71b2..6aa297c8 100644
--- a/policy/modules/admin/dmesg.te
+++ b/policy/modules/admin/dmesg.te
@@ -56,5 +56,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dmesg_t)
+ udev_read_pid_files(dmesg_t)
')
diff --git a/policy/modules/admin/kudzu.te b/policy/modules/admin/kudzu.te
index 33dea379..d581db34 100644
--- a/policy/modules/admin/kudzu.te
+++ b/policy/modules/admin/kudzu.te
@@ -128,7 +128,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(kudzu_t)
+ udev_read_pid_files(kudzu_t)
')

optional_policy(`
diff --git a/policy/modules/admin/mrtg.te b/policy/modules/admin/mrtg.te
index dd886f51..212b7f53 100644
--- a/policy/modules/admin/mrtg.te
+++ b/policy/modules/admin/mrtg.te
@@ -147,5 +147,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(mrtg_t)
+ udev_read_pid_files(mrtg_t)
')
diff --git a/policy/modules/admin/quota.te b/policy/modules/admin/quota.te
index 13027bbb..4a2bc8ff 100644
--- a/policy/modules/admin/quota.te
+++ b/policy/modules/admin/quota.te
@@ -98,7 +98,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(quota_t)
+ udev_read_pid_files(quota_t)
')

#######################################
diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te
index fbd95d2d..57101625 100644
--- a/policy/modules/admin/sxid.te
+++ b/policy/modules/admin/sxid.te
@@ -95,5 +95,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(sxid_t)
+ udev_read_pid_files(sxid_t)
')
diff --git a/policy/modules/admin/updfstab.te b/policy/modules/admin/updfstab.te
index e63ef612..5eda742b 100644
--- a/policy/modules/admin/updfstab.te
+++ b/policy/modules/admin/updfstab.te
@@ -112,5 +112,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(updfstab_t)
+ udev_read_pid_files(updfstab_t)
')
diff --git a/policy/modules/apps/chromium.te b/policy/modules/apps/chromium.te
index 05987d4c..b5b51683 100644
--- a/policy/modules/apps/chromium.te
+++ b/policy/modules/apps/chromium.te
@@ -196,7 +196,7 @@ tunable_policy(`chromium_bind_tcp_unreserved_ports',`

tunable_policy(`chromium_rw_usb_dev',`
dev_rw_generic_usb_dev(chromium_t)
- udev_read_db(chromium_t)
+ udev_read_pid_files(chromium_t)
')

tunable_policy(`chromium_read_system_info',`
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
index 2cee94b9..b403b98d 100644
--- a/policy/modules/apps/games.te
+++ b/policy/modules/apps/games.te
@@ -85,7 +85,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(games_srv_t)
+ udev_read_pid_files(games_srv_t)
')

########################################
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index ffa154fc..eb76c06d 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -586,7 +586,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(mozilla_plugin_t)
+ udev_read_pid_files(mozilla_plugin_t)
')

optional_policy(`
diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te
index 44974615..d28df142 100644
--- a/policy/modules/apps/pulseaudio.te
+++ b/policy/modules/apps/pulseaudio.te
@@ -235,7 +235,7 @@ optional_policy(`
optional_policy(`
udev_read_pid_files(pulseaudio_t)
udev_read_state(pulseaudio_t)
- udev_read_db(pulseaudio_t)
+ udev_read_pid_files(pulseaudio_t)
')

optional_policy(`
diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te
index 7c777765..8082c80f 100644
--- a/policy/modules/apps/uml.te
+++ b/policy/modules/apps/uml.te
@@ -168,5 +168,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(uml_switch_t)
+ udev_read_pid_files(uml_switch_t)
')
diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
index cfcba305..90727aae 100644
--- a/policy/modules/apps/vmware.te
+++ b/policy/modules/apps/vmware.te
@@ -158,7 +158,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(vmware_host_t)
+ udev_read_pid_files(vmware_host_t)
')

optional_policy(`
diff --git a/policy/modules/services/acpi.te b/policy/modules/services/acpi.te
index cb49d394..ab25fa1a 100644
--- a/policy/modules/services/acpi.te
+++ b/policy/modules/services/acpi.te
@@ -224,7 +224,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(acpid_t)
+ udev_read_pid_files(acpid_t)
udev_read_state(acpid_t)
')

diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index be587bab..8eb1aa84 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -897,7 +897,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(httpd_t)
+ udev_read_pid_files(httpd_t)
')

optional_policy(`
diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te
index 87aed96f..45e6839b 100644
--- a/policy/modules/services/arpwatch.te
+++ b/policy/modules/services/arpwatch.te
@@ -86,5 +86,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(arpwatch_t)
+ udev_read_pid_files(arpwatch_t)
')
diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te
index 87c45b0c..5e7adf66 100644
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@@ -187,5 +187,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(asterisk_t)
+ udev_read_pid_files(asterisk_t)
')
diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te
index 5116ceb3..62b218bf 100644
--- a/policy/modules/services/automount.te
+++ b/policy/modules/services/automount.te
@@ -165,5 +165,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(automount_t)
+ udev_read_pid_files(automount_t)
')
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index cb79d14c..da51ce0c 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -112,5 +112,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(avahi_t)
+ udev_read_pid_files(avahi_t)
')
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index 5eba462d..2118de2e 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -208,7 +208,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(named_t)
+ udev_read_pid_files(named_t)
')

########################################
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index 162b3bcf..a06d0412 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -157,7 +157,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(bluetooth_t)
+ udev_read_pid_files(bluetooth_t)
')

optional_policy(`
diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te
index a0b89da4..cf555af4 100644
--- a/policy/modules/services/canna.te
+++ b/policy/modules/services/canna.te
@@ -91,5 +91,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(canna_t)
+ udev_read_pid_files(canna_t)
')
diff --git a/policy/modules/services/cipe.te b/policy/modules/services/cipe.te
index 4cedadf0..dd489cb2 100644
--- a/policy/modules/services/cipe.te
+++ b/policy/modules/services/cipe.te
@@ -67,5 +67,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ciped_t)
+ udev_read_pid_files(ciped_t)
')
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
index 521308ac..69ed768e 100644
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -133,7 +133,6 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(colord_t)
udev_read_pid_files(colord_t)
')

diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te
index b1a68f9f..d5bff20b 100644
--- a/policy/modules/services/consolekit.te
+++ b/policy/modules/services/consolekit.te
@@ -165,7 +165,6 @@ optional_policy(`

optional_policy(`
udev_domtrans(consolekit_t)
- udev_read_db(consolekit_t)
udev_read_pid_files(consolekit_t)
udev_signal(consolekit_t)
')
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index a9b09a8d..3992e80c 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -76,7 +76,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(courier_domain)
+ udev_read_pid_files(courier_domain)
')

########################################
diff --git a/policy/modules/services/cpucontrol.te b/policy/modules/services/cpucontrol.te
index 555e7a45..97f5e085 100644
--- a/policy/modules/services/cpucontrol.te
+++ b/policy/modules/services/cpucontrol.te
@@ -55,7 +55,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(cpucontrol_domain)
+ udev_read_pid_files(cpucontrol_domain)
')

########################################
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 34654f1a..6f9ea95e 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -442,7 +442,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(crond_t)
+ udev_read_pid_files(crond_t)
')

########################################
diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te
index bdaedf3f..ae6a89f6 100644
--- a/policy/modules/services/cups.te
+++ b/policy/modules/services/cups.te
@@ -343,7 +343,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(cupsd_t)
+ udev_read_pid_files(cupsd_t)
')

optional_policy(`
@@ -485,7 +485,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(cupsd_config_t)
+ udev_read_pid_files(cupsd_config_t)
')

optional_policy(`
@@ -722,7 +722,6 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(hplip_t)
udev_read_pid_files(hplip_t)
')

@@ -787,5 +786,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ptal_t)
+ udev_read_pid_files(ptal_t)
')
diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te
index dbd1b99d..02d1b539 100644
--- a/policy/modules/services/cyrus.te
+++ b/policy/modules/services/cyrus.te
@@ -140,5 +140,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(cyrus_t)
+ udev_read_pid_files(cyrus_t)
')
diff --git a/policy/modules/services/dante.te b/policy/modules/services/dante.te
index 0a1d9831..a80dece6 100644
--- a/policy/modules/services/dante.te
+++ b/policy/modules/services/dante.te
@@ -74,5 +74,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dante_t)
+ udev_read_pid_files(dante_t)
')
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index 74e25786..95dee008 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -206,7 +206,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(system_dbusd_t)
+ udev_read_pid_files(system_dbusd_t)
')

optional_policy(`
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
index cd708772..b32d0a46 100644
--- a/policy/modules/services/dcc.te
+++ b/policy/modules/services/dcc.te
@@ -236,7 +236,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dccd_t)
+ udev_read_pid_files(dccd_t)
')

########################################
@@ -291,7 +291,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dccifd_t)
+ udev_read_pid_files(dccifd_t)
')

########################################
@@ -346,5 +346,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dccm_t)
+ udev_read_pid_files(dccm_t)
')
diff --git a/policy/modules/services/ddclient.te b/policy/modules/services/ddclient.te
index 7b42eec7..558bb122 100644
--- a/policy/modules/services/ddclient.te
+++ b/policy/modules/services/ddclient.te
@@ -112,5 +112,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ddclient_t)
+ udev_read_pid_files(ddclient_t)
')
diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
index 258b56b4..ebc2ca23 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -57,7 +57,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(devicekit_t)
+ udev_read_pid_files(devicekit_t)
')

optional_policy(`
@@ -202,7 +202,6 @@ optional_policy(`

optional_policy(`
udev_domtrans(devicekit_disk_t)
- udev_read_db(devicekit_disk_t)
udev_read_pid_files(devicekit_disk_t)
')

@@ -363,7 +362,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(devicekit_power_t)
+ udev_read_pid_files(devicekit_power_t)
udev_manage_pid_files(devicekit_power_t)
')

diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
index debfa171..92245607 100644
--- a/policy/modules/services/dhcp.te
+++ b/policy/modules/services/dhcp.te
@@ -129,5 +129,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dhcpd_t)
+ udev_read_pid_files(dhcpd_t)
')
diff --git a/policy/modules/services/dictd.te b/policy/modules/services/dictd.te
index 538c488e..9e1a60b6 100644
--- a/policy/modules/services/dictd.te
+++ b/policy/modules/services/dictd.te
@@ -81,5 +81,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dictd_t)
+ udev_read_pid_files(dictd_t)
')
diff --git a/policy/modules/services/distcc.te b/policy/modules/services/distcc.te
index eaeb6843..f8a6ab16 100644
--- a/policy/modules/services/distcc.te
+++ b/policy/modules/services/distcc.te
@@ -83,5 +83,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(distccd_t)
+ udev_read_pid_files(distccd_t)
')
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
index 7d4a6cae..a29c57cc 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -124,7 +124,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dnsmasq_t)
+ udev_read_pid_files(dnsmasq_t)
')

optional_policy(`
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
index 94e2bcfa..a5bcbb8d 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -235,7 +235,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dovecot_t)
+ udev_read_pid_files(dovecot_t)
')

########################################
diff --git a/policy/modules/services/entropyd.te b/policy/modules/services/entropyd.te
index b29b01c7..cade687e 100644
--- a/policy/modules/services/entropyd.te
+++ b/policy/modules/services/entropyd.te
@@ -88,5 +88,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(entropyd_t)
+ udev_read_pid_files(entropyd_t)
')
diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
index a2c6bed2..323b0715 100644
--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@@ -109,5 +109,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(fetchmail_t)
+ udev_read_pid_files(fetchmail_t)
')
diff --git a/policy/modules/services/finger.te b/policy/modules/services/finger.te
index 570c230b..14ecc268 100644
--- a/policy/modules/services/finger.te
+++ b/policy/modules/services/finger.te
@@ -99,5 +99,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(fingerd_t)
+ udev_read_pid_files(fingerd_t)
')
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
index 1e7cae94..4a357ebe 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -407,7 +407,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ftpd_t)
+ udev_read_pid_files(ftpd_t)
')

########################################
diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te
index f105d9b2..60885c90 100644
--- a/policy/modules/services/gatekeeper.te
+++ b/policy/modules/services/gatekeeper.te
@@ -98,5 +98,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(gatekeeper_t)
+ udev_read_pid_files(gatekeeper_t)
')
diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te
index 74bba824..bf81f70e 100644
--- a/policy/modules/services/gpm.te
+++ b/policy/modules/services/gpm.te
@@ -79,5 +79,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(gpm_t)
+ udev_read_pid_files(gpm_t)
')
diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te
index 9379b794..c7ed2b40 100644
--- a/policy/modules/services/hal.te
+++ b/policy/modules/services/hal.te
@@ -314,7 +314,7 @@ optional_policy(`

optional_policy(`
udev_domtrans(hald_t)
- udev_read_db(hald_t)
+ udev_read_pid_files(hald_t)
')

optional_policy(`
diff --git a/policy/modules/services/howl.te b/policy/modules/services/howl.te
index 8025ae68..ee2249ed 100644
--- a/policy/modules/services/howl.te
+++ b/policy/modules/services/howl.te
@@ -73,5 +73,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(howl_t)
+ udev_read_pid_files(howl_t)
')
diff --git a/policy/modules/services/i18n_input.te b/policy/modules/services/i18n_input.te
index 35038096..6a6f3d82 100644
--- a/policy/modules/services/i18n_input.te
+++ b/policy/modules/services/i18n_input.te
@@ -121,5 +121,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(i18n_input_t)
+ udev_read_pid_files(i18n_input_t)
')
diff --git a/policy/modules/services/imaze.te b/policy/modules/services/imaze.te
index 52c3d80b..cdc987af 100644
--- a/policy/modules/services/imaze.te
+++ b/policy/modules/services/imaze.te
@@ -79,5 +79,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(imazesrv_t)
+ udev_read_pid_files(imazesrv_t)
')
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
index f4bf29a6..93a55545 100644
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@@ -191,7 +191,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(inetd_t)
+ udev_read_pid_files(inetd_t)
')

optional_policy(`
diff --git a/policy/modules/services/inn.te b/policy/modules/services/inn.te
index 773bf749..add8b9f9 100644
--- a/policy/modules/services/inn.te
+++ b/policy/modules/services/inn.te
@@ -118,5 +118,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(innd_t)
+ udev_read_pid_files(innd_t)
')
diff --git a/policy/modules/services/ircd.te b/policy/modules/services/ircd.te
index 7db83f3f..e5b359fc 100644
--- a/policy/modules/services/ircd.te
+++ b/policy/modules/services/ircd.te
@@ -84,5 +84,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ircd_t)
+ udev_read_pid_files(ircd_t)
')
diff --git a/policy/modules/services/irqbalance.te b/policy/modules/services/irqbalance.te
index 6217e0f0..41c4573a 100644
--- a/policy/modules/services/irqbalance.te
+++ b/policy/modules/services/irqbalance.te
@@ -58,5 +58,5 @@ userdom_dontaudit_use_unpriv_user_fds(irqbalance_t)
userdom_dontaudit_search_user_home_dirs(irqbalance_t)

optional_policy(`
- udev_read_db(irqbalance_t)
+ udev_read_pid_files(irqbalance_t)
')
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
index 183a1d32..e609b056 100644
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
@@ -121,7 +121,7 @@ userdom_dontaudit_use_unpriv_user_fds(jabberd_t)
userdom_dontaudit_search_user_home_dirs(jabberd_t)

optional_policy(`
- udev_read_db(jabberd_t)
+ udev_read_pid_files(jabberd_t)
')

########################################
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index a76016ca..d7449123 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -164,7 +164,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(kadmind_t)
+ udev_read_pid_files(kadmind_t)
')

########################################
@@ -268,7 +268,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(krb5kdc_t)
+ udev_read_pid_files(krb5kdc_t)
')

########################################
diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te
index 98a718e2..6cc600a9 100644
--- a/policy/modules/services/ldap.te
+++ b/policy/modules/services/ldap.te
@@ -149,5 +149,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(slapd_t)
+ udev_read_pid_files(slapd_t)
')
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index a71cfbdd..bf364a16 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -198,7 +198,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(lpd_t)
+ udev_read_pid_files(lpd_t)
')

##############################
diff --git a/policy/modules/services/modemmanager.te b/policy/modules/services/modemmanager.te
index 4875d041..745ef71d 100644
--- a/policy/modules/services/modemmanager.te
+++ b/policy/modules/services/modemmanager.te
@@ -55,6 +55,6 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(modemmanager_t)
+ udev_read_pid_files(modemmanager_t)
udev_manage_pid_files(modemmanager_t)
')
diff --git a/policy/modules/services/monop.te b/policy/modules/services/monop.te
index b82d8aeb..68f29a56 100644
--- a/policy/modules/services/monop.te
+++ b/policy/modules/services/monop.te
@@ -79,5 +79,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(monopd_t)
+ udev_read_pid_files(monopd_t)
')
diff --git a/policy/modules/services/mpd.te b/policy/modules/services/mpd.te
index 784fe528..6a97b218 100644
--- a/policy/modules/services/mpd.te
+++ b/policy/modules/services/mpd.te
@@ -195,7 +195,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(mpd_t)
+ udev_read_pid_files(mpd_t)
')

optional_policy(`
diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
index 8a703083..db48db0d 100644
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@@ -231,7 +231,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(munin_t)
+ udev_read_pid_files(munin_t)
')

###################################
diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te
index 922c8b8f..6beed823 100644
--- a/policy/modules/services/mysql.te
+++ b/policy/modules/services/mysql.te
@@ -152,7 +152,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(mysqld_t)
+ udev_read_pid_files(mysqld_t)
')

#######################################
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
index 6b893802..8b8ba847 100644
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
@@ -172,7 +172,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(nagios_t)
+ udev_read_pid_files(nagios_t)
')

########################################
@@ -284,7 +284,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(nrpe_t)
+ udev_read_pid_files(nrpe_t)
')

#####################################
diff --git a/policy/modules/services/nessus.te b/policy/modules/services/nessus.te
index 82398b9d..04a126ee 100644
--- a/policy/modules/services/nessus.te
+++ b/policy/modules/services/nessus.te
@@ -104,5 +104,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(nessusd_t)
+ udev_read_pid_files(nessusd_t)
')
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index 6fa85ba9..11fc8e26 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -359,7 +359,6 @@ optional_policy(`

optional_policy(`
udev_exec(NetworkManager_t)
- udev_read_db(NetworkManager_t)
udev_read_pid_files(NetworkManager_t)
')

diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te
index cad73924..12111fa5 100644
--- a/policy/modules/services/nis.te
+++ b/policy/modules/services/nis.te
@@ -141,7 +141,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ypbind_t)
+ udev_read_pid_files(ypbind_t)
')

########################################
@@ -225,7 +225,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(yppasswdd_t)
+ udev_read_pid_files(yppasswdd_t)
')

########################################
@@ -302,7 +302,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ypserv_t)
+ udev_read_pid_files(ypserv_t)
')

########################################
diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te
index 61430216..0f169de4 100644
--- a/policy/modules/services/nscd.te
+++ b/policy/modules/services/nscd.te
@@ -133,7 +133,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(nscd_t)
+ udev_read_pid_files(nscd_t)
')

optional_policy(`
diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te
index 4dae39f7..708e47c0 100644
--- a/policy/modules/services/nsd.te
+++ b/policy/modules/services/nsd.te
@@ -99,7 +99,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(nsd_t)
+ udev_read_pid_files(nsd_t)
')

########################################
diff --git a/policy/modules/services/ntop.te b/policy/modules/services/ntop.te
index 0a188e30..20b3dc6e 100644
--- a/policy/modules/services/ntop.te
+++ b/policy/modules/services/ntop.te
@@ -103,5 +103,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ntop_t)
+ udev_read_pid_files(ntop_t)
')
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index e05b06ed..7aa4bf58 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -200,5 +200,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ntpd_t)
+ udev_read_pid_files(ntpd_t)
')
diff --git a/policy/modules/services/oav.te b/policy/modules/services/oav.te
index 59ec0f6c..a7fd6fa9 100644
--- a/policy/modules/services/oav.te
+++ b/policy/modules/services/oav.te
@@ -121,5 +121,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(scannerdaemon_t)
+ udev_read_pid_files(scannerdaemon_t)
')
diff --git a/policy/modules/services/openct.te b/policy/modules/services/openct.te
index ae0ba0c5..2ad1d579 100644
--- a/policy/modules/services/openct.te
+++ b/policy/modules/services/openct.te
@@ -63,5 +63,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(openct_t)
+ udev_read_pid_files(openct_t)
')
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index c8780b8a..f97a4c00 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -89,5 +89,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(pcscd_t)
+ udev_read_pid_files(pcscd_t)
')
diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te
index 09231d54..df02730a 100644
--- a/policy/modules/services/pegasus.te
+++ b/policy/modules/services/pegasus.te
@@ -175,7 +175,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(pegasus_t)
+ udev_read_pid_files(pegasus_t)
')

optional_policy(`
diff --git a/policy/modules/services/perdition.te b/policy/modules/services/perdition.te
index 4d3b1c0a..c4b75e50 100644
--- a/policy/modules/services/perdition.te
+++ b/policy/modules/services/perdition.te
@@ -79,5 +79,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(perdition_t)
+ udev_read_pid_files(perdition_t)
')
diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te
index 23a7353d..e205d6cd 100644
--- a/policy/modules/services/portmap.te
+++ b/policy/modules/services/portmap.te
@@ -90,7 +90,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(portmap_t)
+ udev_read_pid_files(portmap_t)
')

########################################
diff --git a/policy/modules/services/portslave.te b/policy/modules/services/portslave.te
index 1c04aff5..03231b3c 100644
--- a/policy/modules/services/portslave.te
+++ b/policy/modules/services/portslave.te
@@ -105,5 +105,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(portslave_t)
+ udev_read_pid_files(portslave_t)
')
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 7c9928b4..9f50b58d 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -164,7 +164,7 @@ miscfiles_read_generic_tls_privkey(postfix_domain)
userdom_dontaudit_use_unpriv_user_fds(postfix_domain)

optional_policy(`
- udev_read_db(postfix_domain)
+ udev_read_pid_files(postfix_domain)
')

########################################
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index d42f1fd0..b024336d 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -386,7 +386,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(postgresql_t)
+ udev_read_pid_files(postgresql_t)
')

########################################
diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te
index c4c3e10d..b6b46c95 100644
--- a/policy/modules/services/postgrey.te
+++ b/policy/modules/services/postgrey.te
@@ -105,5 +105,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(postgrey_t)
+ udev_read_pid_files(postgrey_t)
')
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index cdb73f7b..881dfb01 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -214,7 +214,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(pppd_t)
+ udev_read_pid_files(pppd_t)
')

########################################
@@ -314,7 +314,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(pptp_t)
+ udev_read_pid_files(pptp_t)
')

optional_policy(`
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
index 54664a87..54662f13 100644
--- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te
@@ -105,5 +105,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(privoxy_t)
+ udev_read_pid_files(privoxy_t)
')
diff --git a/policy/modules/services/pxe.te b/policy/modules/services/pxe.te
index 5e1d8e7d..8ea3d5a5 100644
--- a/policy/modules/services/pxe.te
+++ b/policy/modules/services/pxe.te
@@ -66,5 +66,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(pxe_t)
+ udev_read_pid_files(pxe_t)
')
diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te
index 82c6721d..53272d61 100644
--- a/policy/modules/services/radius.te
+++ b/policy/modules/services/radius.te
@@ -139,5 +139,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(radiusd_t)
+ udev_read_pid_files(radiusd_t)
')
diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te
index af505f9c..284ac238 100644
--- a/policy/modules/services/radvd.te
+++ b/policy/modules/services/radvd.te
@@ -73,5 +73,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(radvd_t)
+ udev_read_pid_files(radvd_t)
')
diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te
index b44a0265..d87da1a5 100644
--- a/policy/modules/services/rdisc.te
+++ b/policy/modules/services/rdisc.te
@@ -53,5 +53,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(rdisc_t)
+ udev_read_pid_files(rdisc_t)
')
diff --git a/policy/modules/services/resmgr.te b/policy/modules/services/resmgr.te
index 01fbbc5e..e90c79db 100644
--- a/policy/modules/services/resmgr.te
+++ b/policy/modules/services/resmgr.te
@@ -63,5 +63,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(resmgrd_t)
+ udev_read_pid_files(resmgrd_t)
')
diff --git a/policy/modules/services/rgmanager.te b/policy/modules/services/rgmanager.te
index c4339fe9..c20b2a22 100644
--- a/policy/modules/services/rgmanager.te
+++ b/policy/modules/services/rgmanager.te
@@ -192,7 +192,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(rgmanager_t)
+ udev_read_pid_files(rgmanager_t)
')

optional_policy(`
diff --git a/policy/modules/services/rhcs.te b/policy/modules/services/rhcs.te
index 7283b9e3..1002a77a 100644
--- a/policy/modules/services/rhcs.te
+++ b/policy/modules/services/rhcs.te
@@ -320,5 +320,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(qdiskd_t)
+ udev_read_pid_files(qdiskd_t)
')
diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te
index 944288bd..5fc6e1c5 100644
--- a/policy/modules/services/rhgb.te
+++ b/policy/modules/services/rhgb.te
@@ -122,5 +122,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(rhgb_t)
+ udev_read_pid_files(rhgb_t)
')
diff --git a/policy/modules/services/roundup.te b/policy/modules/services/roundup.te
index 32216133..bc03d46b 100644
--- a/policy/modules/services/roundup.te
+++ b/policy/modules/services/roundup.te
@@ -83,5 +83,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(roundup_t)
+ udev_read_pid_files(roundup_t)
')
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
index 00b2793f..8930b64c 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -135,7 +135,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(rpc_domain)
+ udev_read_pid_files(rpc_domain)
')

########################################
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index e4853f5f..19adfe1e 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -504,7 +504,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(smbd_t)
+ udev_read_pid_files(smbd_t)
')

########################################
@@ -609,7 +609,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(nmbd_t)
+ udev_read_pid_files(nmbd_t)
')

########################################
@@ -955,7 +955,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(winbind_t)
+ udev_read_pid_files(winbind_t)
')

########################################
diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te
index 640d2937..b9caec7b 100644
--- a/policy/modules/services/sasl.te
+++ b/policy/modules/services/sasl.te
@@ -111,5 +111,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(saslauthd_t)
+ udev_read_pid_files(saslauthd_t)
')
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 9806c963..ee4ccbd3 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -194,7 +194,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(sendmail_t)
+ udev_read_pid_files(sendmail_t)
')

optional_policy(`
diff --git a/policy/modules/services/slrnpull.te b/policy/modules/services/slrnpull.te
index 0a81906c..40d006c2 100644
--- a/policy/modules/services/slrnpull.te
+++ b/policy/modules/services/slrnpull.te
@@ -66,5 +66,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(slrnpull_t)
+ udev_read_pid_files(slrnpull_t)
')
diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te
index 5477e936..583bb200 100644
--- a/policy/modules/services/smartmon.te
+++ b/policy/modules/services/smartmon.te
@@ -121,5 +121,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(fsdaemon_t)
+ udev_read_pid_files(fsdaemon_t)
')
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index 7f949088..d087e439 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -165,7 +165,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(snmpd_t)
+ udev_read_pid_files(snmpd_t)
')

optional_policy(`
diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
index 4b6db4ea..5d5c3728 100644
--- a/policy/modules/services/snort.te
+++ b/policy/modules/services/snort.te
@@ -109,5 +109,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(snort_t)
+ udev_read_pid_files(snort_t)
')
diff --git a/policy/modules/services/soundserver.te b/policy/modules/services/soundserver.te
index 7c508a97..774ef409 100644
--- a/policy/modules/services/soundserver.te
+++ b/policy/modules/services/soundserver.te
@@ -104,5 +104,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(soundd_t)
+ udev_read_pid_files(soundd_t)
')
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
index e4c9210f..34858b5a 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -471,7 +471,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(spamd_t)
+ udev_read_pid_files(spamd_t)
')

########################################
diff --git a/policy/modules/services/speedtouch.te b/policy/modules/services/speedtouch.te
index e7bad7d5..1f209e5f 100644
--- a/policy/modules/services/speedtouch.te
+++ b/policy/modules/services/speedtouch.te
@@ -57,5 +57,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(speedmgmt_t)
+ udev_read_pid_files(speedmgmt_t)
')
diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te
index 2082a6d4..5396f193 100644
--- a/policy/modules/services/squid.te
+++ b/policy/modules/services/squid.te
@@ -235,5 +235,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(squid_t)
+ udev_read_pid_files(squid_t)
')
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 53261e9a..4c1b5d49 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -367,5 +367,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ssh_keygen_t)
+ udev_read_pid_files(ssh_keygen_t)
')
diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
index e9a07bc8..ff0ad302 100644
--- a/policy/modules/services/stunnel.te
+++ b/policy/modules/services/stunnel.te
@@ -97,7 +97,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(stunnel_t)
+ udev_read_pid_files(stunnel_t)
')

# hack since this port has no interfaces since it doesnt
diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
index e1bbc6ac..442347e4 100644
--- a/policy/modules/services/tftp.te
+++ b/policy/modules/services/tftp.te
@@ -135,5 +135,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(tftpd_t)
+ udev_read_pid_files(tftpd_t)
')
diff --git a/policy/modules/services/timidity.te b/policy/modules/services/timidity.te
index b88138b7..fe05d453 100644
--- a/policy/modules/services/timidity.te
+++ b/policy/modules/services/timidity.te
@@ -69,5 +69,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(timidity_t)
+ udev_read_pid_files(timidity_t)
')
diff --git a/policy/modules/services/transproxy.te b/policy/modules/services/transproxy.te
index 91b9c2d7..f6d5b5fc 100644
--- a/policy/modules/services/transproxy.te
+++ b/policy/modules/services/transproxy.te
@@ -64,5 +64,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(transproxy_t)
+ udev_read_pid_files(transproxy_t)
')
diff --git a/policy/modules/services/uptime.te b/policy/modules/services/uptime.te
index da62e535..c39489ef 100644
--- a/policy/modules/services/uptime.te
+++ b/policy/modules/services/uptime.te
@@ -69,5 +69,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(uptimed_t)
+ udev_read_pid_files(uptimed_t)
')
diff --git a/policy/modules/services/uwimap.te b/policy/modules/services/uwimap.te
index fc84f52b..12a1d2d4 100644
--- a/policy/modules/services/uwimap.te
+++ b/policy/modules/services/uwimap.te
@@ -102,5 +102,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(imapd_t)
+ udev_read_pid_files(imapd_t)
')
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index 6d154d64..edb4e59c 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -824,7 +824,6 @@ optional_policy(`

optional_policy(`
udev_domtrans(virtd_t)
- udev_read_db(virtd_t)
udev_read_pid_files(virtd_t)
')

diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te
index d206136d..f2ace35d 100644
--- a/policy/modules/services/watchdog.te
+++ b/policy/modules/services/watchdog.te
@@ -97,5 +97,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(watchdog_t)
+ udev_read_pid_files(watchdog_t)
')
diff --git a/policy/modules/services/xfs.te b/policy/modules/services/xfs.te
index 6f1eb97f..cfc77517 100644
--- a/policy/modules/services/xfs.te
+++ b/policy/modules/services/xfs.te
@@ -81,5 +81,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(xfs_t)
+ udev_read_pid_files(xfs_t)
')
diff --git a/policy/modules/services/xprint.te b/policy/modules/services/xprint.te
index a9b5f371..37737d7d 100644
--- a/policy/modules/services/xprint.te
+++ b/policy/modules/services/xprint.te
@@ -76,5 +76,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(xprint_t)
+ udev_read_pid_files(xprint_t)
')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index abaccb33..20c0efd7 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -591,7 +591,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(xdm_t)
+ udev_read_pid_files(xdm_t)
')

optional_policy(`
@@ -819,7 +819,6 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(xserver_t)
udev_read_pid_files(xserver_t)
')

diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te
index 1ad2a2a5..b009352b 100644
--- a/policy/modules/services/zebra.te
+++ b/policy/modules/services/zebra.te
@@ -134,5 +134,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(zebra_t)
+ udev_read_pid_files(zebra_t)
')
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 604cf27e..7bc66d2b 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -327,7 +327,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(pam_console_t)
+ udev_read_pid_files(pam_console_t)
')

optional_policy(`
diff --git a/policy/modules/system/clock.te b/policy/modules/system/clock.te
index bbd9d64b..3b981000 100644
--- a/policy/modules/system/clock.te
+++ b/policy/modules/system/clock.te
@@ -73,7 +73,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(hwclock_t)
+ udev_read_pid_files(hwclock_t)
')

optional_policy(`
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 71722180..0b2a5315 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -213,7 +213,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(fsadm_t)
+ udev_read_pid_files(fsadm_t)

# Xen causes losetup to run with a presumably accidentally inherited
# file handle for /run/xen-hotplug/block
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
index b77c9c24..bb000ed0 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -128,5 +128,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(getty_t)
+ udev_read_pid_files(getty_t)
')
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
index 2af9c850..5526587c 100644
--- a/policy/modules/system/hotplug.te
+++ b/policy/modules/system/hotplug.te
@@ -189,7 +189,7 @@ optional_policy(`
optional_policy(`
udev_domtrans(hotplug_t)
udev_helper_domtrans(hotplug_t)
- udev_read_db(hotplug_t)
+ udev_read_pid_files(hotplug_t)
')

optional_policy(`
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 765dcc7b..650424df 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -555,7 +555,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(init_t)
+ udev_read_pid_files(init_t)
udev_relabelto_db(init_t)
')

diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index 2d530a1a..0f28c580 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -191,7 +191,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(ipsec_t)
+ udev_read_pid_files(ipsec_t)
')

########################################
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index 0386dc5a..46a3e82c 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -145,7 +145,6 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(iptables_t)
# this is for iptables_t to inherit a file hande from xen vif-bridge
udev_manage_pid_files(iptables_t)
')
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 24adb26c..98ffbea5 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -238,7 +238,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(auditd_t)
+ udev_read_pid_files(auditd_t)
')

########################################
@@ -366,7 +366,7 @@ ifdef(`distro_ubuntu',`
')

optional_policy(`
- udev_read_db(klogd_t)
+ udev_read_pid_files(klogd_t)
')

optional_policy(`
@@ -607,7 +607,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(syslogd_t)
+ udev_read_pid_files(syslogd_t)
# for systemd-journal to read seat data from /run/udev/data
udev_read_pid_files(syslogd_t)
')
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 967341f9..8d065b72 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -155,7 +155,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(clvmd_t)
+ udev_read_pid_files(clvmd_t)
')

########################################
@@ -369,7 +369,6 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(lvm_t)
udev_read_pid_files(lvm_t)
')

diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te
index 946b88fd..f4751a5c 100644
--- a/policy/modules/system/pcmcia.te
+++ b/policy/modules/system/pcmcia.te
@@ -117,5 +117,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(cardmgr_t)
+ udev_read_pid_files(cardmgr_t)
')
diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
index 363c3706..2d3748cd 100644
--- a/policy/modules/system/raid.te
+++ b/policy/modules/system/raid.te
@@ -105,5 +105,5 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(mdadm_t)
+ udev_read_pid_files(mdadm_t)
')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index f95e1387..17e79011 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -253,7 +253,7 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(dhcpc_t)
+ udev_read_pid_files(dhcpc_t)
')

optional_policy(`
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 285cc665..c2894e8a 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -623,7 +623,6 @@ systemd_log_parse_environment(systemd_logind_t)
systemd_start_power_units(systemd_logind_t)

udev_list_pids(systemd_logind_t)
-udev_read_db(systemd_logind_t)
udev_read_pid_files(systemd_logind_t)

userdom_delete_all_user_runtime_dirs(systemd_logind_t)
@@ -829,7 +828,6 @@ optional_policy(`
')

optional_policy(`
- udev_read_db(systemd_networkd_t)
udev_read_pid_files(systemd_networkd_t)
')

diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
index 0ae7571c..f02e8195 100644
--- a/policy/modules/system/udev.fc
+++ b/policy/modules/system/udev.fc
@@ -1,7 +1,3 @@
-/dev/\.udev(/.*)? -- gen_context(system_u:object_r:udev_tbl_t,s0)
-/dev/\.udevdb -- gen_context(system_u:object_r:udev_tbl_t,s0)
-/dev/udev\.tbl -- gen_context(system_u:object_r:udev_tbl_t,s0)
-
/etc/dev\.d/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)

/etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index b736fcfd..53e764ce 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -214,10 +214,10 @@ interface(`udev_manage_rules_files',`
#
interface(`udev_dontaudit_search_db',`
gen_require(`
- type udev_tbl_t;
+ type udev_runtime_t;
')

- dontaudit $1 udev_tbl_t:dir search_dir_perms;
+ dontaudit $1 udev_runtime_t:dir search_dir_perms;
')

########################################
@@ -237,20 +237,9 @@ interface(`udev_dontaudit_search_db',`
## <infoflow type="read" weight="10"/>
#
interface(`udev_read_db',`
- gen_require(`
- type udev_tbl_t;
- ')
-
- allow $1 udev_tbl_t:dir list_dir_perms;
-
- read_files_pattern($1, udev_tbl_t, udev_tbl_t)
- read_lnk_files_pattern($1, udev_tbl_t, udev_tbl_t)
-
- dev_list_all_dev_nodes($1)
+ refpolicywarn(`$0($*) has been deprecated, please use udev_read_pid_files() instead.')

- files_search_etc($1)
-
- udev_search_pids($1)
+ udev_read_pid_files($1)
')

########################################
@@ -265,11 +254,11 @@ interface(`udev_read_db',`
#
interface(`udev_rw_db',`
gen_require(`
- type udev_tbl_t;
+ type udev_runtime_t;
')

- dev_list_all_dev_nodes($1)
- allow $1 udev_tbl_t:file rw_file_perms;
+ files_search_pids($1)
+ allow $1 udev_runtime_t:file rw_file_perms;
')

########################################
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 18d1f8cb..b0f5c370 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -28,13 +28,10 @@ files_config_file(udev_etc_t)
type udev_rules_t;
files_type(udev_rules_t)

-type udev_runtime_t alias udev_var_run_t;
+type udev_runtime_t alias {udev_tbl_t udev_var_run_t};
files_pid_file(udev_runtime_t)
init_daemon_pid_file(udev_runtime_t, dir, "udev")

-type udev_tbl_t alias udev_tdb_t;
-files_type(udev_tbl_t)
-
ifdef(`enable_mcs',`
kernel_ranged_domtrans_to(udev_t, udev_exec_t, s0 - mcs_systemhigh)
init_ranged_daemon_domain(udev_t, udev_exec_t, s0 - mcs_systemhigh)
@@ -74,9 +71,6 @@ can_exec(udev_t, udev_helper_exec_t)
# read udev config
allow udev_t udev_etc_t:file read_file_perms;

-allow udev_t udev_tbl_t:file manage_file_perms;
-dev_filetrans(udev_t, udev_tbl_t, file)
-
list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t)
manage_files_pattern(udev_t, udev_rules_t, udev_rules_t)
manage_lnk_files_pattern(udev_t, udev_rules_t, udev_rules_t)
@@ -403,12 +397,9 @@ delete_files_pattern(udevadm_t, udev_runtime_t, udev_runtime_t)
delete_lnk_files_pattern(udevadm_t, udev_runtime_t, udev_runtime_t)
list_dirs_pattern(udevadm_t, udev_runtime_t, udev_runtime_t)
read_files_pattern(udevadm_t, udev_runtime_t, udev_runtime_t)
+read_lnk_files_pattern(udevadm_t, udev_runtime_t, udev_runtime_t)
allow udevadm_t udev_runtime_t:dir watch;

-list_dirs_pattern(udevadm_t, udev_tbl_t, udev_tbl_t)
-read_files_pattern(udevadm_t, udev_tbl_t, udev_tbl_t)
-read_lnk_files_pattern(udevadm_t, udev_tbl_t, udev_tbl_t)
-
dev_rw_sysfs(udevadm_t)
dev_read_urand(udevadm_t)

--
2.26.1