Return-Path: <SRS0=cnuF=M5=vger.kernel.org=selinux-refpolicy-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.8 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,
	SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34EAAECDE32
	for <selinux-refpolicy@archiver.kernel.org>; Wed, 17 Oct 2018 14:20:56 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id DA50C214DD
	for <selinux-refpolicy@archiver.kernel.org>; Wed, 17 Oct 2018 14:20:55 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="DwgsgsZF"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DA50C214DD
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=tresys.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727254AbeJQWQu (ORCPT
        <rfc822;selinux-refpolicy@archiver.kernel.org>);
        Wed, 17 Oct 2018 18:16:50 -0400
Received: from mail-bn3nam01on0118.outbound.protection.outlook.com ([104.47.33.118]:48000
        "EHLO NAM01-BN3-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727103AbeJQWQt (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Wed, 17 Oct 2018 18:16:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=tresys.onmicrosoft.com; s=selector1-tresys-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=HQcJSnMLurfrlpIBZRo+bH0VokOoQib2aVdzrEU7ZYI=;
 b=DwgsgsZFb469tibeVk9j4w+1cOp1vBH3vVJyZ4UH27InReLTGUN7rFMr4eRb6HHUt1sEaxJWF5hUQ+yLsMpn2o+mFldSgSXfBPwZIvfX2h7NwPfPPGVtd+wIJY8WFgiA9iP6N3evl0leG8kDnveMD/3/GEmA701vRTH51nn3q6w=
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=dsugar@tresys.com; 
Received: from davelaptop.homeip.net.com (73.180.141.176) by
 DM5PR15MB1515.namprd15.prod.outlook.com (2603:10b6:3:d3::20) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1228.24; Wed, 17 Oct 2018 14:20:51 +0000
From:   Dave Sugar <dsugar@tresys.com>
To:     selinux-refpolicy@vger.kernel.org
Subject: [PATCH 1/1] Add interface udev_domtrans_to
Date:   Wed, 17 Oct 2018 10:19:49 -0400
Message-Id: <20181017141949.17119-1-dsugar@tresys.com>
X-Mailer: git-send-email 2.14.4
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [73.180.141.176]
X-ClientProxiedBy: LO2P265CA0367.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:a3::19) To DM5PR15MB1515.namprd15.prod.outlook.com
 (2603:10b6:3:d3::20)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1bf3499f-1195-45b3-b083-08d6343bbe2d
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(7020095)(4652040)(7021145)(8989299)(5600074)(711020)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7153060)(7193020);SRVR:DM5PR15MB1515;
X-Microsoft-Exchange-Diagnostics: 1;DM5PR15MB1515;3:nGYPi0i3IP7iAKac13mGcACw+MtrbLQXUUf6flmDkI3pYSAMq0VLL9VCAHREkWBIiTijDGaLATond53oUddDxYDV1tTnpL2QoNHxlGMDneTiIqJWXmly7FgEOiQ3vzS5gTdnoP7RqByO+TPE0LDPMlWTXq8RMn2mb1qjumQClVVE7numneWxjYoORzqixytIszSh1Zc9yuRjR6P4s3F9irk6ScyJoYTaem2sInSiUH6WiX0Q41YoXKniGM0yYg5c;25:m/6vCTeYAYps+0/ME0Ox6V1Iak+Ri4Sqt8FOFYMmfj4XwrjVmHr+3O/8MgoP7K0qW96br4o7ToxGGpRDP6y3Z2b/pLehrdWSAfp2Ud0Aim/e5o1HYCM+W1l1rzlpnpkWMOw6vIzdGqKrgiP3JuIv6ALJU4A4CY8C/caRckE/JEgH1qdHgbVy0tP9GJHS9dNG7uBTDC3Fd+V8b/UauNMRDO7AOr0JFR3ZaK0sG1ozShwhf1rwWOD62B+kccHvRZK/fGH4fxt5biN2p283PvKKoZF95EQsZrXKdq5tWw7sT7Cbe1eALtKAXdT2HbDd0DBu6QRmXeo/7zWQjhBB6nTYFQ==;31:6/6SLQp1oCwYszhvJ/aIRNC6rWv3T5/6xMdfcpcHiEhOZbQDgN8N5e4Bj5JS/QOagCXh/pMv2pydBAVrD1FVYyv/okkalMe47kuP4fPm5iDKNAtInj8vB7rmuBqfQlaQw7uYrmD5F3KVc9IvgVW3H4c1pXNXuIxpHoADNBftu3144O48GhwPBKmQcrjmGhobpHtyn9i43xluBxl58P/6yoH2HDXdVrIZNjQgyFF/1dc=
X-MS-TrafficTypeDiagnostic: DM5PR15MB1515:
X-Microsoft-Exchange-Diagnostics: 1;DM5PR15MB1515;20:LvHo3YUUTy7MinoLJVJphSkdIQigHQPRlbJgT4SFuhoilxhKdAxGKqoDI4to96ZIPwdQs98lHSdTTkX63cckB71GgcqWNGR4mrSNxBtyGvLYlZV28d8yP6Eh/eoZ0BCP8UrHcBYGjxxMMETcR0Al7fJlAtagZz38uvKA/rkdW4Vc4diPtNhhbMfXhGrwzxbm5x+fMz5AWGSWW0A6+uoGGujQIPeUB0c+M27h1SfuZKZgUdkLziKsYutXqfU0/OiBg6EGc6jNpNlu58pthBVfLPgSPHSnxxw3YUJEIMp9uKFwO5tX7QbiF7GRuSggiy9NjJsVcpp0XFknuTROqQdmog==;4:AjsCOk1EK4+WgxrfizOT5Tb7FZFVaOmkBb9C7hrunWoVZcR9CiuEbO+BQT8n0xShvVmE5/iS5Er6phdPj9dRmbhhLc0EZMFk/XQ+1w4xgv+A4i0mLeYxGbT6OvVdNiZFi7oR1AuU63Hk9iYNL1l5sv8xHkNEogr6p76MX2zg9L2db7Ep55uzGYDLFsp1Z4NU8V0uM3Aw2X0Gov9vTjfTadpjcCQBGQwxHv7EzLLJyWGB/QZKxQJ6/fJ/DXathjQfSVHwLF2FCFCHq8I5v/KpA1cMBzs8Kwhty7xxsj+ll4mOhqdNNFeAO7lgUelZmys1
X-Microsoft-Antispam-PRVS: <DM5PR15MB1515A266E7C73845D7F95EBCB9FF0@DM5PR15MB1515.namprd15.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(269456686620040);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231355)(944501410)(52105095)(149066)(150057)(6041310)(20161123564045)(20161123562045)(20161123558120)(2016111802025)(20161123560045)(6043046)(201708071742011)(7699051)(76991095);SRVR:DM5PR15MB1515;BCL:0;PCL:0;RULEID:;SRVR:DM5PR15MB1515;
X-Forefront-PRVS: 08286A0BE2
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(136003)(39830400003)(366004)(376002)(346002)(396003)(189003)(199004)(52116002)(53936002)(6116002)(5660300001)(51416003)(16586007)(316002)(3846002)(106356001)(36756003)(105586002)(2361001)(2351001)(6512007)(6486002)(2906002)(1076002)(47776003)(66066001)(508600001)(68736007)(6916009)(50466002)(476003)(2616005)(956004)(386003)(6506007)(486006)(305945005)(7736002)(97736004)(86362001)(16526019)(186003)(81166006)(8936002)(50226002)(48376002)(81156014)(8676002)(26005)(25786009);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR15MB1515;H:davelaptop.homeip.net.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
Received-SPF: None (protection.outlook.com: tresys.com does not designate
 permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;DM5PR15MB1515;23:1QJPY0Ds5Kye0RKH3PRseeMVIKcARXmOYGQl14iM4?=
 =?us-ascii?Q?jU/PeU7aH7ZXS5QCT584NCRyjF2vJT8GThPv/NcyYo19YVXxZkZLukuOyikF?=
 =?us-ascii?Q?/3I2LzQJ6Hy8xvNee4tfgdeBnsp+k4CCJ89ZdEsqy6cRJVXOvvr+qjhwUakz?=
 =?us-ascii?Q?Eh7KH9PcEEXJWANgwbSouOQVcMAwShKthkfA2Lt33gcOKAy7CSpcxzHmrHvK?=
 =?us-ascii?Q?bN8oiFrGb8Tctg5bGvPEGVa366F0MzPo2ZAlBa5XgnOicTDjtQ9k4d141g/L?=
 =?us-ascii?Q?3m2+woOQLwJFkH0kLGKO9gTT13PKZK9detuj4CuwxPvFXslE90BnMiKGc+N5?=
 =?us-ascii?Q?yyLpXaegsu5fFqVosH4RZH6Zr8MxQlJ7tijcaMKzRI6+hZPG1EV4DZzYjYLB?=
 =?us-ascii?Q?2WA9LiDkuT6x4Kos1T+90c7BeSrsvAzK2gIe57k6P0ygbqWtkCd/OD4hcvZq?=
 =?us-ascii?Q?J1yXPvpb/p9rBGog03wRR7gAu9jUr94MpUkSswrq/BrMkxOez4qm8i/OiPGP?=
 =?us-ascii?Q?zkm9+CBuDih0Y863QeHvRxTvleUd7Q8nZOLgZ88LwoM7PlKVZ8LI4/Er+DN/?=
 =?us-ascii?Q?elQ/7/06Iy/7le+UCFZ/tUZ5GXBW49zpoM8ne2AUSHayfLBI2au2d7iDepFg?=
 =?us-ascii?Q?k9nHltcadje9JOi2IOj1WlYXvB6HhR9WGBrFQoelSKZPjIzUYl2RWqWSGaD2?=
 =?us-ascii?Q?MAdZtO2gzhbCGOSZ5WYwcpDQFtLriQLcI0wNLSFVRtqxdSTwVwWKOnO0k/BZ?=
 =?us-ascii?Q?rN/XKa4Q7mcyV+lMRsMEfmHedIZxK43HnoTBoLQ25sYDpPG2Xtd0V6DhOp4v?=
 =?us-ascii?Q?LPwZFCqGdG+WH/Ty9lEkoNb4JsmB0ynnBrfmbTZYUHEWogEUS8wuwpx5JidK?=
 =?us-ascii?Q?ybtXHhxr7LALrZYo8qmzorCGpC+7/knTEacrJn1ys4hWBkbH9uvhrVY61Y8X?=
 =?us-ascii?Q?afjIS00Vrib0Tcr6Rg6KWxQqm2R8s7XE+9mEWlD6uNdx8nXs//wS5Q/EdTP5?=
 =?us-ascii?Q?x8B+A4MN9mbTQvH9pnfjpOuhWofazDxKQvHKhndNmRnbXKTyPbftxdxLknxg?=
 =?us-ascii?Q?RPJ5Ox7tew30iKR9Ti5qN2eEMJEL4a7xf6M7lVTiDExh9fGComoxyqTQWCZO?=
 =?us-ascii?Q?A4aVLZ7tbs=3D?=
X-Microsoft-Antispam-Message-Info: LU/KN9onA20kbqEP3VTH+EVxQmi6gwP6bxU2eh9mU10aCUJVFM4dquJFa0K10Noy5DidVbFHc4q7/shifgXLwwsJzsvz5D79Hp5ySUagmMp0CIHGycCxmuhfAXzPyEGxk1fSe2N4qps5C6Ti7M6VX1UexUBd3nxvk/8QyjzUiprCGT0msdDao3F09HBcWF5F2VL4e/D5e/p4C5kwyUEJvHFrdyqe/3d4CrwMVH6rCFS4KsIUFxmkW7ETFh8R/RNBAHYCxmiSkayWPhNaiky9/mZgBTFRuR5xLAiTdgyv3pPSB7DciVUcWBwtE4cv3YG3Ok4sQnJGy+Jc+cXnlVgQAquPbvffVz6+L0IBPGJ7Bzg=
X-Microsoft-Exchange-Diagnostics: 1;DM5PR15MB1515;6:+WEc2Nizo36xFZ6tMGc85qqGn6EXkis9kf0mJFu73W6rFA++e9yyQnY/pgxJ+yV1gLl5WbHd+HDBN0Je7IgJIQ0tsuZld6YtTvwiNq9fevZfFaok6MricgdpFtMLbhdy6hXeRsyGPn5+mRx6rpjXJZkx50RN3Sdlz0iQjlXErtO87KEJmfBvPTEh/QRb4wg1iphPIKEEzD5gcj/zx0Fc1gJe2xO9wn99zncVa+gmpsSEV3pX2xbOB6Vld01IFaiE614ScpEx538whAiFIXL9Im9C6sp8i+ESmqdTs/vnTIymNtiERTrTKXnFUx3RGVtrk+Y9whaTtCAXsJ5Pc2fx/U10iC9gNvrOJF+RLctJBdFfcEHBKVF+uwNIw0cyn7bu2udb0EmkOkLBU2NwdArL+GZBT3jNTMbBFkg5zYduvTvV8STxhU+fyVWcFlbLhInQzgNc1vf66OoYL4oeebw1Xw==;5:PzqrekRm+ns+y1m3DzKAOic5VEDMqVdtz5Cay9WgmbWQfJ5lHxEEL53vUsqwsVDHPdeESL+EMtMzQK/PBRtxLreJDbf2Olk5hm84+csQkkqw61FT1sjPVyce2Ac2+qkfRpWOunhee9LOk4p+13QTLSDX5MoVZV3yO+WMD6P+4eQ=;7:afZZXrLX3vPQXYIHf/7UF8Reo8Xzx+eEjcv7MdFAWNwsrIy+il3k9osw+9dzfH0InP4CAzZmZYvch0iK+3oZ6A3wACN2XW4I4/QhV84MlXPAdGuI0100eZs/aECYDkQhlCquY2LEroldds71l05iDLFqIl5pGySo4hGxTBUmM7MrJoscZst523Pnht0ZpvF/+cyQ2JztVNEPa3VidT9BLbkK8QVkTGORVK8eFJkp53r2cU1QL/XppjgAFL8hmzLV
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: tresys.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Oct 2018 14:20:51.2102 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1bf3499f-1195-45b3-b083-08d6343bbe2d
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: a0d45667-6c07-4e88-868f-4ac9af95c7ed
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR15MB1515
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

This interface is useful when using the 'RUN' option in UDEV rules where udev will be executing a user function to perform some action.  This interface allows a domain transition to occur for the run action.

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/system/udev.if | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
index a2067895..45ab498c 100644
--- a/policy/modules/system/udev.if
+++ b/policy/modules/system/udev.if
@@ -36,6 +36,41 @@ interface(`udev_domtrans',`
 	domtrans_pattern($1, udev_exec_t, udev_t)
 ')
 
+########################################
+## <summary>
+##	Allow udev to execute the specified program in
+##	the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Allow udev to execute the specified program in
+##	the specified domain.
+##	</p>
+##	<p>
+##	This is an interface to support the UDEV 'RUN'
+##	command.  This will allow the command run by
+##	udev to be run in a domain other than udev_t.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+## <param name="entry_file">
+##	<summary>
+##	Domain entry point file.
+##	</summary>
+## </param>
+#
+interface(`udev_domtrans_to',`
+	gen_require(`
+		type udev_t;
+	')
+
+	domtrans_pattern(udev_t,$2,$1)
+')
+
 ########################################
 ## <summary>
 ##	Execute udev in the caller domain.
-- 
2.14.4