trunk: Enable open permission checks policy capability.

[people/stevee/selinux-policy.git] / policy / modules / admin / firstboot.te

diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
index 2d221998efbb2280e7c2428eccb91f055d55b534..cadd3495f601c1fd6b51cae428f08b69d450e6cb 100644 (file)
--- a/policy/modules/admin/firstboot.te
+++ b/policy/modules/admin/firstboot.te
@@ -27,13 +27,12 @@ files_config_file(firstboot_etc_t)
 
 allow firstboot_t self:capability { dac_override setgid };
 allow firstboot_t self:process setfscreate;
-allow firstboot_t self:file { read write };
-allow firstboot_t self:fifo_file { getattr read write };
+allow firstboot_t self:fifo_file rw_fifo_file_perms;
 allow firstboot_t self:tcp_socket create_stream_socket_perms;
 allow firstboot_t self:unix_stream_socket { connect create };
 allow firstboot_t self:passwd rootok;
 
-allow firstboot_t firstboot_etc_t:file { getattr read };
+allow firstboot_t firstboot_etc_t:file read_file_perms;
 
 kernel_read_system_state(firstboot_t)
 kernel_read_kernel_sysctls(firstboot_t)