@@ -3,11 +3,6 @@
# Policy for testing Infiniband Pkey access.
#
-gen_require(`
- type bin_t;
- type infiniband_mgmt_device_t;
-')
-
attribute ibendportdomain;
# Domain for process.
@@ -27,7 +22,9 @@ dev_rw_sysfs(test_ibendport_manage_subnet_t)
corecmd_bin_entry_type(test_ibendport_manage_subnet_t)
-allow test_ibendport_manage_subnet_t infiniband_mgmt_device_t:chr_file { read write open ioctl};
+ifdef(`dev_rw_infiniband_mgmt_dev', `
+dev_rw_infiniband_mgmt_dev(test_ibendport_manage_subnet_t)
+')
ifdef(`corenet_ib_access_unlabeled_pkeys',`
corenet_ib_access_unlabeled_pkeys(test_ibendport_manage_subnet_t)
Switch the Infiniband test policy to use the appropriate policy interface if defined rather than hardcoding a reference to the type, neither of which exist in Debian policy. Drop the dead hardcoded reference on bin_t since it is no longer used anywhere outside of an interface. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> --- policy/test_ibendport.te | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-)