[selinux-policy: 2352/3172] PCSCD patch from Dan Walsh.

[Daniel J Walsh]

commit 6df09cfef73be1e718e789a83e0e4efc141a3703
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Dec 18 10:44:59 2009 -0500

    PCSCD patch from Dan Walsh.

 policy/modules/services/pcscd.if |    3 +--
 policy/modules/services/pcscd.te |    6 +++++-
 2 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/services/pcscd.if b/policy/modules/services/pcscd.if
index 7622d76..913e857 100644
--- a/policy/modules/services/pcscd.if
+++ b/policy/modules/services/pcscd.if
@@ -53,6 +53,5 @@ interface(`pcscd_stream_connect',`
 	')
 
 	files_search_pids($1)
-	allow $1 pcscd_var_run_t:sock_file write;
-	allow $1 pcscd_t:unix_stream_socket connectto;
+	stream_connect_pattern($1, pcscd_var_run_t, pcscd_var_run_t, pcscd_t)
 ')
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index 0dc3371..37ddf3e 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -1,5 +1,5 @@
 
-policy_module(pcscd, 1.5.0)
+policy_module(pcscd, 1.5.1)
 
 ########################################
 #
@@ -29,9 +29,12 @@ allow pcscd_t self:tcp_socket create_stream_socket_perms;
 
 manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
+manage_fifo_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
 
+kernel_read_system_state(pcscd_t)
+
 corenet_all_recvfrom_unlabeled(pcscd_t)
 corenet_all_recvfrom_netlabel(pcscd_t)
 corenet_tcp_sendrecv_generic_if(pcscd_t)
@@ -40,6 +43,7 @@ corenet_tcp_sendrecv_all_ports(pcscd_t)
 corenet_tcp_connect_http_port(pcscd_t)
 
 dev_rw_generic_usb_dev(pcscd_t)
+dev_rw_smartcard(pcscd_t)
 dev_rw_usbfs(pcscd_t)
 dev_search_sysfs(pcscd_t)