From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 29 Aug 2012 21:28:46 +0200
Subject: [refpolicy] [PATCH v1 5/5] Udev's tables (run data) is stored in
	directories
In-Reply-To: <1346268526-22260-1-git-send-email-sven.vermeulen@siphos.be>
References: <1346268526-22260-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1346268526-22260-6-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When udev creates a directory to store its runtime data in, it will attempt to
relabel the directory too. So allow udev SELinux policy to do so, as well as
manage the udev_tbl_t files and directories.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/udev.te |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 00fcf27..261055d 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -63,8 +63,11 @@ can_exec(udev_t, udev_helper_exec_t)
 # read udev config
 allow udev_t udev_etc_t:file read_file_perms;
 
-# create udev database in /dev/.udevdb
-allow udev_t udev_tbl_t:file manage_file_perms;
+allow udev_t udev_tbl_t:dir relabelto;
+manage_dirs_pattern(udev_t, udev_tbl_t, udev_tbl_t)
+manage_files_pattern(udev_t, udev_tbl_t, udev_tbl_t)
+manage_lnk_files_pattern(udev_t, udev_tbl_t, udev_tbl_t)
+
 dev_filetrans(udev_t, udev_tbl_t, file)
 
 list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t)
-- 
1.7.8.6