[selinux-policy: 944/3172] fix changed rules

[Daniel J Walsh]

commit 1904b01047a3e8b07ba4338175329434bec7793b
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Nov 10 16:54:18 2005 +0000

    fix changed rules

 refpolicy/policy/modules/services/comsat.te |    2 +-
 refpolicy/policy/modules/services/cups.te   |    4 ++--
 refpolicy/policy/modules/system/pcmcia.te   |    2 ++
 3 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 3f13e1c..ffeb150 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -29,7 +29,7 @@ allow comsat_t self:fifo_file rw_file_perms;
 allow comsat_t self:{ lnk_file file } { getattr read };
 allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
 allow comsat_t self:tcp_socket connected_stream_socket_perms;
-allow comsat_t self:udp_socket connected_socket_perms;
+allow comsat_t self:udp_socket create_socket_perms;
 
 allow comsat_t comsat_tmp_t:dir create_dir_perms;
 allow comsat_t comsat_tmp_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 33ce8a0..281f875 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -510,7 +510,7 @@ allow cupsd_config_t self:process signal_perms;
 allow cupsd_config_t self:fifo_file rw_file_perms;
 allow cupsd_config_t self:unix_stream_socket create_socket_perms;
 allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
-allow cupsd_config_t self:tcp_socket create_socket_perms;
+allow cupsd_config_t self:tcp_socket create_stream_socket_perms;
 
 allow cupsd_config_t cupsd_t:tcp_socket { connectto recvfrom };
 allow cupsd_t cupsd_config_t:tcp_socket { acceptfrom recvfrom };
@@ -720,7 +720,7 @@ allow cupsd_lpd_t cupsd_lpd_var_run_t:dir rw_dir_perms;
 files_create_pid(cupsd_lpd_t,cupsd_lpd_var_run_t)
 
 allow cupsd_lpd_t cupsd_rw_etc_t:dir list_dir_perms;
-allow cupsd_lpd_t cupsd_rw_etc_t:file { read getattr };
+allow cupsd_lpd_t cupsd_rw_etc_t:file r_file_perms;
 allow cupsd_lpd_t cupsd_rw_etc_t:lnk_file { getattr read };
 
 kernel_read_kernel_sysctl(cupsd_lpd_t)
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 913c88a..f96ee05 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -119,6 +119,8 @@ userdom_dontaudit_use_unpriv_user_fd(cardmgr_t)
 userdom_dontaudit_search_sysadm_home_dir(cardmgr_t)
 
 ifdef(`targeted_policy',`
+	term_use_unallocated_tty(cardmgr_t)
+	term_use_generic_pty(cardmgr_t)
 	term_dontaudit_use_unallocated_tty(cardmgr_t)
 	term_dontaudit_use_generic_pty(cardmgr_t)
 	files_dontaudit_read_root_file(cardmgr_t)