From: pebenito@ieee.org (Chris PeBenito)
Date: Sat, 31 Dec 2016 11:27:29 -0500
Subject: [refpolicy] [PATCH v3] plymouth: use the correct running domain
 for the client
In-Reply-To: <1483199933.3041.0.camel@trentalancia.net>
References: <1483132084.2893.3.camel@trentalancia.net>
	<1483132999.3820.0.camel@trentalancia.net>
	<45a4945b-2d61-a2ba-71a3-6fa13d07cc31@ieee.org>
	<1483199933.3041.0.camel@trentalancia.net>
Message-ID: <0f2044c6-1d68-a6f2-b10c-141445fded17@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/31/16 10:58, Guido Trentalancia via refpolicy wrote:
> The plymouth client needs a domain for short running processes
> which are started by init scripts instead of an application
> domain.
>
> Also add the ability to inherit init file descriptors (for the
> console) and use it.
>
> Compared to the previous version (v2), this one simply moves
> the terminal interfaces to the right location.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/plymouthd.te |    6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff -pru a/policy/modules/contrib/plymouthd.te b/policy/modules/contrib/plymouthd.te
> --- a/policy/modules/contrib/plymouthd.te	2016-12-22 23:12:59.391081860 +0100
> +++ b/policy/modules/contrib/plymouthd.te	2016-12-31 16:54:47.796736709 +0100
> @@ -7,8 +7,7 @@ policy_module(plymouthd, 1.3.1)
>
>  type plymouth_t;
>  type plymouth_exec_t;
> -application_domain(plymouth_t, plymouth_exec_t)
> -role system_r types plymouth_t;
> +init_system_domain(plymouth_t, plymouth_exec_t)
>
>  type plymouthd_t;
>  type plymouthd_exec_t;
> @@ -115,8 +114,11 @@ domain_use_interactive_fds(plymouth_t)
>
>  files_read_etc_files(plymouth_t)
>
> +term_use_console(plymouth_t)
>  term_use_ptmx(plymouth_t)
>
> +init_use_fds(plymouth_t)
> +
>  miscfiles_read_localization(plymouth_t)
>
>  sysnet_read_config(plymouth_t)

Merged.

-- 
Chris PeBenito