[selinux-policy: 572/3172] cleanup

[Daniel J Walsh]

commit 23ca91f8bb572a0a532596084eeaf26d09fb9316
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Aug 17 17:31:57 2005 +0000

    cleanup

 refpolicy/policy/modules/services/inetd.if    |   17 +++++++++++++++++
 refpolicy/policy/modules/system/userdomain.if |   14 +++++---------
 refpolicy/policy/modules/system/userdomain.te |    7 +++++++
 3 files changed, 29 insertions(+), 9 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/inetd.if b/refpolicy/policy/modules/services/inetd.if
index 062f13f..0dd31e5 100644
--- a/refpolicy/policy/modules/services/inetd.if
+++ b/refpolicy/policy/modules/services/inetd.if
@@ -113,6 +113,23 @@ interface(`inetd_service_domain',`
 
 ########################################
 ## <summary>
+##	Inherit and use file descriptors from inetd.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`inetd_use_fd',`
+	gen_require(`
+		type inetd_t;
+		class fd use;
+	')
+
+	allow $1 inetd_t:fd use;
+')
+
+########################################
+## <summary>
 ##	Connect to the inetd service using a TCP connection.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index a7342bd..19969fc 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -366,11 +366,11 @@ template(`base_user_template',`
 
 	ifdef(`inetd.te', `
 		# Connect to inetd.
-		can_tcp_connect($1_t, inetd_t)
+		inetd_tcp_connect($1_t)
 		can_udp_send($1_t, inetd_t)
 		can_udp_send(inetd_t, $1_t)
 		# Inherit and use sockets from inetd
-		allow $1_t inetd_t:fd use;
+		inetd_use_fd($1_t)
 		allow $1_t inetd_t:tcp_socket rw_stream_socket_perms;
 	')
 
@@ -453,12 +453,10 @@ template(`unpriv_user_template', `
 	typeattribute $1_t unpriv_userdomain; #, web_client_domain
 	domain_wide_inherit_fd($1_t)
 
-	#typeattribute $1_devpts_t userpty_type, user_tty_type;
-	#typeattribute $1_home_dir_t user_home_dir_type;
-	#typeattribute $1_home_t user_home_type;
-
+	typeattribute $1_devpts_t user_ptynode;
+	typeattribute $1_home_dir_t user_home_dir_type;
+	typeattribute $1_home_t user_home_type;
 	typeattribute $1_tmp_t user_tmpfile;
-
 	typeattribute $1_tty_device_t user_ttynode;
  
 	##############################
@@ -813,8 +811,6 @@ template(`admin_user_template',`
 
 	# for lsof
 	allow $1_t mtrr_device_t:file getattr;
-
-	# for lsof
 	allow $1_t eventpollfs_t:file getattr;
 
 	allow $1_t serial_device:chr_file setattr;
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 2ad973e..def3225 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -20,6 +20,13 @@ attribute home_type;
 # a user in writing regular files)
 attribute privhome;
 
+# all unprivileged users home directories
+attribute user_home_dir_type;
+attribute user_home_type;
+
+# all unprivileged users ptys
+attribute user_ptynode;
+
 # all unprivileged users tmp files
 attribute user_tmpfile;