[selinux-policy: 2515/3172] fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh

[Daniel J Walsh]

commit f7d413af27d2dab2c9c5ce18966bb8b4ed238cb8
Author: Jeremy Solt <jsolt at tresys.com>
Date:   Tue Mar 16 09:56:58 2010 -0400

    fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh
    
    Did not include dontaudit_leaks interface
    Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set

 policy/modules/services/fail2ban.if |   38 +++++++++++++++++++++++++++++++++++
 1 files changed, 38 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if
index aa53435..83d0241 100644
--- a/policy/modules/services/fail2ban.if
+++ b/policy/modules/services/fail2ban.if
@@ -98,6 +98,26 @@ interface(`fail2ban_read_pid_files',`
 	allow $1 fail2ban_var_run_t:file read_file_perms;
 ')
 
+#####################################
+## <summary>
+##	Connect to fail2ban over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fail2ban_stream_connect',`
+	gen_require(`
+		type fail2ban_t, fail2ban_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to administrate 
@@ -135,3 +155,21 @@ interface(`fail2ban_admin',`
 	files_list_pids($1)
 	admin_pattern($1, fail2ban_var_run_t)
 ')
+
+########################################
+## <summary>
+##	Read and write to an fail2ban unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fail2ban_rw_stream_sockets',`
+	gen_require(`
+		type fail2ban_t;
+	')
+
+	allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
+')