From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 30 Dec 2016 22:23:19 +0100
Subject: [refpolicy] [PATCH v2] plymouth: use the correct running domain for
	the client
In-Reply-To: <1483132084.2893.3.camel@trentalancia.net>
References: <1483132084.2893.3.camel@trentalancia.net>
Message-ID: <1483132999.3820.0.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The plymouth client needs a domain for short running processes
which are started by init scripts instead of an application
domain.

Also add the ability to inherit init file descriptors (for the
console) and use it.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/plymouthd.te |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff -pru a/policy/modules/contrib/plymouthd.te b/policy/modules/contrib/plymouthd.te
--- a/policy/modules/contrib/plymouthd.te	2016-12-22 23:12:59.391081860 +0100
+++ b/policy/modules/contrib/plymouthd.te	2016-12-30 22:17:18.458090959 +0100
@@ -7,8 +7,7 @@ policy_module(plymouthd, 1.3.1)
 
 type plymouth_t;
 type plymouth_exec_t;
-application_domain(plymouth_t, plymouth_exec_t)
-role system_r types plymouth_t;
+init_system_domain(plymouth_t, plymouth_exec_t)
 
 type plymouthd_t;
 type plymouthd_exec_t;
@@ -115,12 +114,15 @@ domain_use_interactive_fds(plymouth_t)
 
 files_read_etc_files(plymouth_t)
 
-term_use_ptmx(plymouth_t)
+init_use_fds(plymouth_t)
 
 miscfiles_read_localization(plymouth_t)
 
 sysnet_read_config(plymouth_t)
 
+term_use_console(plymouth_t)
+term_use_ptmx(plymouth_t)
+
 ifdef(`hide_broken_symptoms',`
 	optional_policy(`
 		hal_dontaudit_write_log(plymouth_t)