From: gizmo@giz-works.com (Chris Richards)
Date: Wed, 29 Dec 2010 00:20:10 -0600
Subject: [refpolicy] [PATCH 1/2] udev create lnk files in openrc dirs
Message-ID: <1293603610-2195-1-git-send-email-gizmo@giz-works.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When starting and stopping dhcpcd, some scripts are fired off by udev as the
result of devices being hotplugged (net.eth0).  These scripts update status
information for openrc, specifically with respect to started or stopoed
services, as well as information regarding the hotplugged or scheduled state.
They also need to be able to read information regarding the current runlevel
of the system, also maintained by openrc.

Add interfaces to init.if

Signed-off-by: Chris Richards <gizmo@giz-works.com>
---
 policy/modules/system/init.if |   43 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index ed152c4..940b91f 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1461,6 +1467,25 @@ interface(`init_getattr_script_status_files',`
 
 ########################################
 ## <summary>
+##	Read init script status files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_read_script_status_files',`
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	list_dirs_pattern($1, initrc_state_t, initrc_state_t)
+	read_files_pattern($1, initrc_state_t, initrc_state_t)
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts to read init script
 ##	status files.
 ## </summary>
@@ -1481,6 +1506,24 @@ interface(`init_dontaudit_read_script_status_files',`
 
 ########################################
 ## <summary>
+##	Manage init script status link files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_manage_script_status_lnk_files',`
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	manage_lnk_files_pattern($1, initrc_state_t, initrc_state_t)
+')
+
+########################################
+## <summary>
 ##	Read init script temporary data.
 ## </summary>
 ## <param name="domain">
-- 
1.7.3.4