[selinux-policy: 2099/3172] trunk: add open perm to sock_file.

[Daniel J Walsh]

commit d3cdc3d07c5d527e1f019ea0ff058321a753df7a
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Mar 11 14:58:03 2009 +0000

    trunk: add open perm to sock_file.

 policy/flask/access_vectors      |    3 +++
 policy/support/ipc_patterns.spt  |    4 ++--
 policy/support/obj_perm_sets.spt |   10 +++++-----
 3 files changed, 10 insertions(+), 7 deletions(-)
---
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 2bb138a..bbe1ce7 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -157,6 +157,9 @@ inherits file
 
 class sock_file
 inherits file
+{
+	open
+}
 
 class fifo_file
 inherits file
diff --git a/policy/support/ipc_patterns.spt b/policy/support/ipc_patterns.spt
index 641f6e2..310f9ef 100644
--- a/policy/support/ipc_patterns.spt
+++ b/policy/support/ipc_patterns.spt
@@ -3,12 +3,12 @@
 #
 define(`stream_connect_pattern',`
 	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file { getattr write };
+	allow $1 $3:sock_file write_sock_file_perms;
 	allow $1 $4:unix_stream_socket connectto;
 ')
 
 define(`dgram_send_pattern',`
 	allow $1 $2:dir search_dir_perms;
-	allow $1 $3:sock_file { getattr write };
+	allow $1 $3:sock_file write_sock_file_perms;
 	allow $1 $4:unix_dgram_socket sendto;
 ')
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index 0960f33..f6e0de7 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -252,13 +252,13 @@ define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }')
 #
 define(`getattr_sock_file_perms',`{ getattr }')
 define(`setattr_sock_file_perms',`{ setattr }')
-define(`read_sock_file_perms',`{ getattr read }')
-define(`write_sock_file_perms',`{ getattr write append }')
-define(`rw_sock_file_perms',`{ getattr read write append }')
-define(`create_sock_file_perms',`{ getattr create }')
+define(`read_sock_file_perms',`{ getattr open read }')
+define(`write_sock_file_perms',`{ getattr write open append }')
+define(`rw_sock_file_perms',`{ getattr open read write append }')
+define(`create_sock_file_perms',`{ getattr create open }')
 define(`rename_sock_file_perms',`{ getattr rename }')
 define(`delete_sock_file_perms',`{ getattr unlink }')
-define(`manage_sock_file_perms',`{ create getattr setattr read write rename link unlink ioctl lock append }')
+define(`manage_sock_file_perms',`{ create open getattr setattr read write rename link unlink ioctl lock append }')
 define(`relabelfrom_sock_file_perms',`{ getattr relabelfrom }')
 define(`relabelto_sock_file_perms',`{ getattr relabelto }')
 define(`relabel_sock_file_perms',`{ getattr relabelfrom relabelto }')