[selinux-policy: 737/3172] add missing interface

Thu Oct 7 20:08:32 UTC 2010

commit 4c71994852ce8ad7e915c3496af93a57bc407e2d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Oct 12 17:32:41 2005 +0000

    add missing interface

 refpolicy/policy/modules/services/apache.te |   12 +---------
 refpolicy/policy/modules/services/mysql.if  |   30 +++++++++++++++++---------
 2 files changed, 21 insertions(+), 21 deletions(-)
---

diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index 0e4c007..0f5b1d6 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -360,6 +360,7 @@ optional_policy(`mta.te',`
 
 optional_policy(`mysql.te',`
 	mysql_stream_connect(httpd_t)
+	mysql_rw_db_socket(httpd_t)
 ')
 
 optional_policy(`nis.te',`
@@ -389,16 +390,6 @@ allow httpd_t home_root_t:dir getattr;
 dontaudit httpd_t sysadm_home_dir_t:dir getattr;
 allow httpd_sys_script_t var_spool_t:dir getattr;
 
-optional_policy(`mysql.te',`
-	allow httpd_t mysqld_db_t:dir search;
-	allow httpd_t mysqld_db_t:sock_file rw_file_perms;
-')
-
-optional_policy(`mysql.te',`
-	allow httpd_sys_script_t mysqld_db_t:dir search;
-	allow httpd_sys_script_t mysqld_db_t:sock_file rw_file_perms;
-')
-
 ifdef(`targeted_policy',`
 	if (httpd_enable_homedirs) {
 		allow httpd_t user_home_dir_t:dir { getattr search };
@@ -615,6 +606,7 @@ ifdef(`distro_redhat',`
 
 optional_policy(`mysql.te',`
 	mysql_stream_connect(httpd_sys_script_t)
+	mysql_rw_db_socket(httpd_sys_script_t)
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/services/mysql.if b/refpolicy/policy/modules/services/mysql.if
index fd6e75d..cbda7b4 100644
--- a/refpolicy/policy/modules/services/mysql.if
+++ b/refpolicy/policy/modules/services/mysql.if
@@ -11,7 +11,6 @@
 interface(`mysql_signal',`
 	gen_require(`
 		type mysqld_t;
-		class process signal;
 	')
 
 	allow $1 mysqld_t:process signal;
@@ -28,9 +27,6 @@ interface(`mysql_signal',`
 interface(`mysql_stream_connect',`
 	gen_require(`
 		type mysqld_t, mysqld_var_run_t;
-		class unix_stream_socket connectto;
-		class dir search;
-		class sock_file write;
 	')
 
 	allow $1 mysqld_var_run_t:dir search;
@@ -49,9 +45,6 @@ interface(`mysql_stream_connect',`
 interface(`mysql_read_config',`
 	gen_require(`
 		type mysqld_etc_t;
-		class dir { getattr read search };
-		class file { read getattr };
-		class lnk_file { getattr read };
 	')
 
 	allow $1 mysqld_etc_t:dir { getattr read search };
@@ -73,7 +66,6 @@ interface(`mysql_read_config',`
 interface(`mysql_search_db_dir',`
 	gen_require(`
 		type mysqld_db_t;
-		class dir search;
 	')
 
 	files_search_var_lib($1)
@@ -91,7 +83,6 @@ interface(`mysql_search_db_dir',`
 interface(`mysql_rw_db_dir',`
 	gen_require(`
 		type mysqld_db_t;
-		class rw_dir_perms;
 	')
 
 	files_search_var_lib($1)
@@ -109,7 +100,6 @@ interface(`mysql_rw_db_dir',`
 interface(`mysql_manage_db_dir',`
 	gen_require(`
 		type mysql_db_t;
-		class create_dir_perms;
 	')
 
 	files_search_var_lib($1)
@@ -118,6 +108,25 @@ interface(`mysql_manage_db_dir',`
 
 ########################################
 ## <summary>
+##	Read and write to the MySQL database
+##	named socket.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`mysql_rw_db_socket',`
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 mysqld_db_t:dir search;
+	allow $1 mysqld_db_t:sock_file rw_file_perms;
+')
+
+########################################
+## <summary>
 ##	Write to the MySQL log.
 ## </summary>
 ## <param name="domain">
@@ -127,7 +136,6 @@ interface(`mysql_manage_db_dir',`
 interface(`mysql_write_log',`
 	gen_require(`
 		type mysqld_log_t;
-		class file { write append setattr ioctl };
 	')
 
 	logging_search_logs($1)
