move "efivar" out of misc.cil

author: John Turner <jturner.usa@gmail.com> 2025-08-23 20:19:42 -0400
committer: John Turner <jturner.usa@gmail.com> 2025-08-23 20:19:42 -0400
commit: 99c9dafa7de761aeab18dc95a13f947c9d920c68 (patch)
tree: 2bd8a409bbab5d86a11addc6c4266b34c308ffc6
parent: 43917f18a8d29961f9500fd406a776b6fac33e1b (diff)
download: selinux-policy-99c9dafa7de761aeab18dc95a13f947c9d920c68.tar.gz
2 files changed, 3 insertions, 6 deletions
diff --git a/src/fs/noseclabelfs/efivarnoseclabelfs.cil b/src/fs/noseclabelfs/efivarnoseclabelfs.cil
index 7ff8fd2..b010b06 100644
--- a/src/fs/noseclabelfs/efivarnoseclabelfs.cil
+++ b/src/fs/noseclabelfs/efivarnoseclabelfs.cil
@@ -2,7 +2,9 @@
 ;; SPDX-License-Identifier: Unlicense
 
 (block efivar
+    (blockinherit .noseclabelfs.template)
 
     (genfscon "efivarfs" "/" fs_context)
 
-    (blockinherit .noseclabelfs.template))
+    (filecon "/sys/firmware/efi/efivars" dir ())
+    (filecon "/sys/firmware/efi/efivars/.*" any ()))
diff --git a/src/misc.cil b/src/misc.cil
index a805d24..b0d5736 100644
--- a/src/misc.cil
+++ b/src/misc.cil
@@ -3,11 +3,6 @@
 
 (sidcontext init (sys.id sys.role sys.subj sys.lowlow)) ;; userspace_initial_context
 
-(in efivar
-
-    (filecon "/sys/firmware/efi/efivars" dir ())
-    (filecon "/sys/firmware/efi/efivars/.*" any ()))
-
 (in exec
 
     (filecon "/usr/bin" dir file_context)
author	John Turner <jturner.usa@gmail.com>	2025-08-23 20:19:42 -0400
committer	John Turner <jturner.usa@gmail.com>	2025-08-23 20:19:42 -0400
commit	99c9dafa7de761aeab18dc95a13f947c9d920c68 (patch)
tree	2bd8a409bbab5d86a11addc6c4266b34c308ffc6
parent	43917f18a8d29961f9500fd406a776b6fac33e1b (diff)
download	selinux-policy-99c9dafa7de761aeab18dc95a13f947c9d920c68.tar.gz