PERFORCE change 113433 for review

[Todd Miller]

http://perforce.freebsd.org/chv.cgi?CH=113433

Change 113433 by millert at millert_macbook on 2007/01/22 20:23:26

	Enable automount policy; right now most of it is unused.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules.conf#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/automount.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.te#10 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules.conf#7 (text+ko) ====

@@ -782,7 +782,7 @@
 #
 # Filesystem automounter service.
 # 
-#automount = module
+automount = module
 
 # Layer: services
 # Module: avahi

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/automount.fc#2 (text+ko) ====

@@ -1,10 +1,4 @@
 #
-# /etc
-#
-/etc/apm/event\.d/autofs --	gen_context(system_u:object_r:automount_exec_t,s0)
-/etc/auto\..+		--	gen_context(system_u:object_r:automount_etc_t,s0)
-
-#
 # /usr
 #
 /usr/sbin/automount	--	gen_context(system_u:object_r:automount_exec_t,s0)
@@ -13,4 +7,4 @@
 # /var
 #
 
-/var/run/autofs(/.*)?		gen_context(system_u:object_r:automount_var_run_t,s0)
+/var/run/automount\..*		gen_context(system_u:object_r:automount_var_run_t,s0)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.te#10 (text+ko) ====

@@ -20,7 +20,6 @@
 type darwin_trash_t;
 type darwin_keychain_t;
 type darwin_network_t;
-type automount_t;
 
 fs_associate(darwin_cache_t)
 fs_associate(darwin_keychain_t)
@@ -69,8 +68,6 @@
 	allow unconfined_t configd_resource_t:file read;
 	allow unconfined_t configd_resource_t:dir { read search };
 
-	allow unconfined_t automount_t:dir search;
-
 	allow unconfined_t WindowServer_resource_t:file read;
 	allow unconfined_t WindowServer_resource_t:dir { read search };