From: jason@perfinion.com (Jason Zaman)
Date: Mon, 25 May 2015 13:33:56 +0400
Subject: [refpolicy] [PATCH 2/2] postgresql: use init_startstop_service in
	_admin interface
In-Reply-To: <1432546436-17885-1-git-send-email-jason@perfinion.com>
References: <1432546436-17885-1-git-send-email-jason@perfinion.com>
Message-ID: <1432546436-17885-2-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The postgresql_admin interfaces had rules for RedHat sysvinit. This
replaces them with the interface init_startstop_service which can
easily be changed for other init systems.
---
 policy/modules/services/postgresql.if | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index 9d2f311..60395e7 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -577,10 +577,7 @@ interface(`postgresql_admin',`
 	allow $1 postgresql_t:process { ptrace signal_perms };
 	ps_process_pattern($1, postgresql_t)
 
-	init_labeled_script_domtrans($1, postgresql_initrc_exec_t)
-	domain_system_change_exemption($1)
-	role_transition $2 postgresql_initrc_exec_t system_r;
-	allow $2 system_r;
+	init_startstop_service($1, $2, postgresql_t, postgresql_initrc_exec_t)
 
 	admin_pattern($1, postgresql_var_run_t)
 
-- 
2.3.6