Move some interfaces out of userdomain.if to use attributes to shrink size of policy

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 10ddf7d6d9b633f8cb882ae83bcd792dd91be21e..fe5913a7aa2dae492510404242a769c3a1329659 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -671,13 +671,6 @@ template(`userdom_common_user_template',`
                term_getattr_all_ttys($1_t)
        ')
 
-       optional_policy(`
-               alsa_read_rw_config($1_usertype)
-               alsa_manage_home_files($1_t)
-               alsa_relabel_home_files($1_t)
-               alsa_filetrans_named_content($1_t)
-       ')
-
        optional_policy(`
                # Allow graphical boot to check battery lifespan
                apm_stream_connect($1_usertype)

diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 6bdf7f77d5ea954734680b7e15add9c6968690cd..02686f5edc1042dfb96290d83e76df37d79dc0fa 100644 (file)
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -150,6 +150,13 @@ allow userdomain userdomain:process signull;
 # Nautilus causes this avc
 dontaudit unpriv_userdomain self:dir setattr;
 
+optional_policy(`
+       alsa_read_rw_config(unpriv_userdomain)
+       alsa_manage_home_files(unpriv_userdomain)
+       alsa_relabel_home_files(unpriv_userdomain)
+       alsa_filetrans_named_content(unpriv_userdomain)
+')
+
 optional_policy(`
        gnome_filetrans_home_content(userdomain)
 ')