From: dominick.grift@gmail.com (Dominick Grift)
Date: Sun, 24 Jun 2012 21:28:37 +0200
Subject: [refpolicy] [PATCH v2 1/5] Add read interface for udev rules
In-Reply-To: <20120624180349.GB11810@siphos.be>
References: <20120624180258.GA11810@siphos.be>
	<20120624180349.GB11810@siphos.be>
Message-ID: <1340566117.8671.1.camel@x220.mydomain.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2012-06-24 at 20:03 +0200, Sven Vermeulen wrote:
> Applications, such as dracut or other initramfs creators, need read access to
> udev rules to see if they need to pull in additional requirements for the
> initramfs or not. This adds in the udev_read_rules_files() interface for
> this purpose.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/udev.if |   19 +++++++++++++++++++
>  1 files changed, 19 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
> index 025348a..57fd764 100644
> --- a/policy/modules/system/udev.if
> +++ b/policy/modules/system/udev.if
> @@ -132,6 +132,25 @@ interface(`udev_dontaudit_rw_dgram_sockets',`
>  
>  ########################################
>  ## <summary>
> +##	Read udev rules files
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`udev_read_rules_files',`
> +	gen_require(`
> +		type udev_rules_t;
> +	')
> +

files_search_etc($1)
> +	read_files_pattern($1, udev_rules_t, udev_rules_t)
> +')
> +
> +
> +########################################
> +## <summary>
>  ##	Manage udev rules files
>  ## </summary>
>  ## <param name="domain">