srivasta@debian.org--etch/refpolicy--debian--0.0--patch-21

Allow udev_t to manage links and directories in udev_tbl_t

I am not sure why the udev_exec_t write is removed - I think this is a follow
on from an earlier mismerge.

Index: policy/modules/system/udev.te
===================================================================
--- policy/modules/system/udev.te.orig
+++ policy/modules/system/udev.te
@@ -53,7 +53,6 @@
 allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
 allow udev_t self:rawip_socket create_socket_perms;
 
-allow udev_t udev_exec_t:file write;
 can_exec(udev_t, udev_exec_t)
 
 allow udev_t udev_helper_exec_t:dir list_dir_perms;
@@ -64,6 +63,8 @@
 
 # create udev database in /dev/.udevdb
 allow udev_t udev_tbl_t:file manage_file_perms;
+allow udev_t udev_tbl_t:lnk_file manage_lnk_file_perms;
+allow udev_t udev_tbl_t:dir manage_dir_perms;
 dev_filetrans(udev_t, udev_tbl_t, file)
 
 list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t)