[selinux-policy: 2459/3172] Various permission set fixes.

[Daniel J Walsh]

commit bf530f532ca01fe38658d4ef96e34944c33845d9
Author: Dominick Grift <domg472 at gmail.com>
Date:   Wed Mar 3 17:54:34 2010 +0100

    Various permission set fixes.
    
    Fix various interfaces to use permission sets for compatiblity with open permission.
    
    Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.
    
    The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.
    
    Signed-off-by: Dominick Grift <domg472 at gmail.com>
    Signed-off-by: Chris PeBenito <cpebenito at tresys.com>

 policy/modules/system/userdomain.if |   20 ++++++++++----------
 1 files changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b3b08d6..990063c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1313,7 +1313,7 @@ interface(`userdom_setattr_user_ptys',`
 		type user_devpts_t;
 	')
 
-	allow $1 user_devpts_t:chr_file setattr;
+	allow $1 user_devpts_t:chr_file setattr_chr_file_perms;
 ')
 
 ########################################
@@ -1655,7 +1655,7 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file setattr;
+	dontaudit $1 user_home_t:file setattr_file_perms;
 ')
 
 ########################################
@@ -1730,7 +1730,7 @@ interface(`userdom_dontaudit_append_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file append;
+	dontaudit $1 user_home_t:file append_file_perms;
 ')
 
 ########################################
@@ -1748,7 +1748,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file write;
+	dontaudit $1 user_home_t:file write_file_perms;
 ')
 
 ########################################
@@ -1849,7 +1849,7 @@ interface(`userdom_dontaudit_exec_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file execute;
+	dontaudit $1 user_home_t:file exec_file_perms;
 ')
 
 ########################################
@@ -2193,7 +2193,7 @@ interface(`userdom_dontaudit_append_user_tmp_files',`
 		type user_tmp_t;
 	')
 
-	dontaudit $1 user_tmp_t:file append;
+	dontaudit $1 user_tmp_t:file append_file_perms;
 ')
 
 ########################################
@@ -2467,7 +2467,7 @@ interface(`userdom_getattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	allow $1 user_tty_device_t:chr_file getattr;
+	allow $1 user_tty_device_t:chr_file getattr_chr_file_perms;
 ')
 
 ########################################
@@ -2485,7 +2485,7 @@ interface(`userdom_dontaudit_getattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	dontaudit $1 user_tty_device_t:chr_file getattr;
+	dontaudit $1 user_tty_device_t:chr_file getattr_chr_file_perms;
 ')
 
 ########################################
@@ -2503,7 +2503,7 @@ interface(`userdom_setattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	allow $1 user_tty_device_t:chr_file setattr;
+	allow $1 user_tty_device_t:chr_file setattr_chr_file_perms;
 ')
 
 ########################################
@@ -2521,7 +2521,7 @@ interface(`userdom_dontaudit_setattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	dontaudit $1 user_tty_device_t:chr_file setattr;
+	dontaudit $1 user_tty_device_t:chr_file setattr_chr_file_perms;
 ')
 
 ########################################