[selinux-policy: 2099/3172] trunk: add open perm to sock_file.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:06:14 UTC 2010
commit d3cdc3d07c5d527e1f019ea0ff058321a753df7a
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Mar 11 14:58:03 2009 +0000
trunk: add open perm to sock_file.
policy/flask/access_vectors | 3 +++
policy/support/ipc_patterns.spt | 4 ++--
policy/support/obj_perm_sets.spt | 10 +++++-----
3 files changed, 10 insertions(+), 7 deletions(-)
---
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 2bb138a..bbe1ce7 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -157,6 +157,9 @@ inherits file
class sock_file
inherits file
+{
+ open
+}
class fifo_file
inherits file
diff --git a/policy/support/ipc_patterns.spt b/policy/support/ipc_patterns.spt
index 641f6e2..310f9ef 100644
--- a/policy/support/ipc_patterns.spt
+++ b/policy/support/ipc_patterns.spt
@@ -3,12 +3,12 @@
#
define(`stream_connect_pattern',`
allow $1 $2:dir search_dir_perms;
- allow $1 $3:sock_file { getattr write };
+ allow $1 $3:sock_file write_sock_file_perms;
allow $1 $4:unix_stream_socket connectto;
')
define(`dgram_send_pattern',`
allow $1 $2:dir search_dir_perms;
- allow $1 $3:sock_file { getattr write };
+ allow $1 $3:sock_file write_sock_file_perms;
allow $1 $4:unix_dgram_socket sendto;
')
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index 0960f33..f6e0de7 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -252,13 +252,13 @@ define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }')
#
define(`getattr_sock_file_perms',`{ getattr }')
define(`setattr_sock_file_perms',`{ setattr }')
-define(`read_sock_file_perms',`{ getattr read }')
-define(`write_sock_file_perms',`{ getattr write append }')
-define(`rw_sock_file_perms',`{ getattr read write append }')
-define(`create_sock_file_perms',`{ getattr create }')
+define(`read_sock_file_perms',`{ getattr open read }')
+define(`write_sock_file_perms',`{ getattr write open append }')
+define(`rw_sock_file_perms',`{ getattr open read write append }')
+define(`create_sock_file_perms',`{ getattr create open }')
define(`rename_sock_file_perms',`{ getattr rename }')
define(`delete_sock_file_perms',`{ getattr unlink }')
-define(`manage_sock_file_perms',`{ create getattr setattr read write rename link unlink ioctl lock append }')
+define(`manage_sock_file_perms',`{ create open getattr setattr read write rename link unlink ioctl lock append }')
define(`relabelfrom_sock_file_perms',`{ getattr relabelfrom }')
define(`relabelto_sock_file_perms',`{ getattr relabelto }')
define(`relabel_sock_file_perms',`{ getattr relabelfrom relabelto }')
More information about the scm-commits
mailing list