From cf0d7f66e56f6fc8a8824c259b5f3eb76fec4dbf Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Tue, 1 Mar 2016 10:47:40 -0800
Subject: [PATCH] init: avoid lengthy allow rules

Some of the init allow rules were well passed 100 characters and
were difficult to read. Format them to use the one-per-line
set subtraction format as seen in other locations within sepolicy.

Change-Id: Ifeeb3a8a81c4c19bfb1e56e7f2493f817e896eaf
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 init.te | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 52 insertions(+), 5 deletions(-)

diff --git a/init.te b/init.te
index e1a8217e9..1b99e902f 100644
--- a/init.te
+++ b/init.te
@@ -98,11 +98,58 @@ allow init rootfs:{ dir file } relabelfrom;
 # init.<board>.rc files often include device-specific types, so
 # we just allow all file types except /system files here.
 allow init self:capability { chown fowner fsetid };
-allow init {file_type -system_file -exec_type -app_data_file}:dir { create search getattr open read setattr ioctl };
-allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file -misc_logd_file }:dir { write add_name remove_name rmdir relabelfrom };
-allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file -misc_logd_file }:file { create getattr open read write setattr relabelfrom unlink };
-allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file -misc_logd_file }:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
-allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file -misc_logd_file }:lnk_file { create getattr setattr relabelfrom unlink };
+
+allow init {
+  file_type
+  -system_file
+  -exec_type
+  -app_data_file
+}:dir { create search getattr open read setattr ioctl };
+
+allow init {
+  file_type
+  -system_file
+  -exec_type
+  -keystore_data_file
+  -app_data_file
+  -shell_data_file
+  -vold_data_file
+  -misc_logd_file
+}:dir { write add_name remove_name rmdir relabelfrom };
+
+allow init {
+  file_type
+  -system_file
+  -exec_type
+  -keystore_data_file
+  -app_data_file
+  -shell_data_file
+  -vold_data_file
+  -misc_logd_file
+}:file { create getattr open read write setattr relabelfrom unlink };
+
+allow init {
+  file_type
+  -system_file
+  -exec_type
+  -keystore_data_file
+  -app_data_file
+  -shell_data_file
+  -vold_data_file
+  -misc_logd_file
+}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
+
+allow init {
+  file_type
+  -system_file
+  -exec_type
+  -keystore_data_file
+  -app_data_file
+  -shell_data_file
+  -vold_data_file
+  -misc_logd_file
+}:lnk_file { create getattr setattr relabelfrom unlink };
+
 allow init {file_type -system_file -exec_type}:dir_file_class_set relabelto;
 allow init { sysfs debugfs }:{ dir file lnk_file } { getattr relabelfrom };
 allow init { sysfs_type debugfs_type }:{ dir file lnk_file } relabelto;
-- 
GitLab