From 1e3f610b3b5f8a5834dd1897aaad661739b4e5d5 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Jul 20 2005 14:57:13 +0000
Subject: add missing dir and file perms for selinuxfs in unconfined



---

diff --git a/refpolicy/policy/modules/kernel/selinux.if b/refpolicy/policy/modules/kernel/selinux.if
index ccb61b7..983084c 100644
--- a/refpolicy/policy/modules/kernel/selinux.if
+++ b/refpolicy/policy/modules/kernel/selinux.if
@@ -279,6 +279,8 @@ interface(`selinux_unconfined',`
 	gen_require(`
 		attribute can_load_policy, can_setenforce, can_setsecparam;
 		type security_t;
+		class dir { getattr search read };
+		class file { getattr read write };
 		class security { load_policy setenforce setbool };
 	')
 
@@ -286,5 +288,9 @@ interface(`selinux_unconfined',`
 	allow $1 security_t:security *;
 	auditallow $1 security_t:security { load_policy setenforce setbool };
 
+	# use SELinuxfs
+	allow $1 security_t:dir { getattr search read };
+	allow $1 secuirty_t:file { getattr read write };
+
 	typeattribute $1 can_load_policy, can_setenforce, can_setsecparam;
 ')