From 582438054db047e1c471dd68e530af0d3f47987c Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Oct 27 2006 13:55:35 +0000
Subject: fix up corecommands perm sets, add seutil_manage_config_dirs()


---

diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 8eb3a9e..338068d 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -133,7 +133,7 @@ interface(`corecmd_search_bin',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir search;
+	allow $1 bin_t:dir search_dir_perms;
 ')
 
 ########################################
@@ -151,7 +151,7 @@ interface(`corecmd_list_bin',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir r_dir_perms;
+	allow $1 bin_t:dir list_dir_perms;
 ')
 
 ########################################
@@ -187,8 +187,8 @@ interface(`corecmd_read_bin_files',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir search;
-	allow $1 bin_t:file r_file_perms;
+	allow $1 bin_t:dir search_dir_perms;
+	allow $1 bin_t:file read_file_perms;
 ')
 
 ########################################
@@ -206,8 +206,8 @@ interface(`corecmd_read_bin_symlinks',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir search;
-	allow $1 bin_t:lnk_file r_file_perms;
+	allow $1 bin_t:dir search_dir_perms;
+	allow $1 bin_t:lnk_file read_file_perms;
 ')
 
 ########################################
@@ -225,8 +225,8 @@ interface(`corecmd_read_bin_pipes',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir search;
-	allow $1 bin_t:fifo_file r_file_perms;
+	allow $1 bin_t:dir search_dir_perms;
+	allow $1 bin_t:fifo_file read_file_perms;
 ')
 
 ########################################
@@ -244,8 +244,8 @@ interface(`corecmd_read_bin_sockets',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir search;
-	allow $1 bin_t:sock_file r_file_perms;
+	allow $1 bin_t:dir search_dir_perms;
+	allow $1 bin_t:sock_file read_file_perms;
 ')
 
 ########################################
@@ -264,8 +264,8 @@ interface(`corecmd_exec_bin',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir r_dir_perms;
-	allow $1 bin_t:lnk_file r_file_perms;
+	allow $1 bin_t:dir list_dir_perms;
+	allow $1 bin_t:lnk_file read_file_perms;
 	can_exec($1,bin_t)
 
 ')
@@ -368,7 +368,7 @@ interface(`corecmd_bin_spec_domtrans',`
 		type bin_t;
 	')
 
-	allow $1 bin_t:dir search;
+	allow $1 bin_t:dir search_dir_perms;
 	allow $1 bin_t:lnk_file { getattr read };
 
 	domain_trans($1,bin_t,$2)
@@ -469,7 +469,7 @@ interface(`corecmd_list_sbin',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir r_dir_perms;
+	allow $1 sbin_t:dir list_dir_perms;
 ')
 
 ########################################
@@ -524,8 +524,8 @@ interface(`corecmd_read_sbin_files',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir search;
-	allow $1 sbin_t:file r_file_perms;
+	allow $1 sbin_t:dir search_dir_perms;
+	allow $1 sbin_t:file read_file_perms;
 ')
 
 ########################################
@@ -543,8 +543,8 @@ interface(`corecmd_read_sbin_symlinks',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir search;
-	allow $1 sbin_t:lnk_file r_file_perms;
+	allow $1 sbin_t:dir search_dir_perms;
+	allow $1 sbin_t:lnk_file read_file_perms;
 ')
 
 ########################################
@@ -562,8 +562,8 @@ interface(`corecmd_read_sbin_pipes',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir search;
-	allow $1 sbin_t:fifo_file r_file_perms;
+	allow $1 sbin_t:dir search_dir_perms;
+	allow $1 sbin_t:fifo_file read_file_perms;
 ')
 
 ########################################
@@ -581,8 +581,8 @@ interface(`corecmd_read_sbin_sockets',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir search;
-	allow $1 sbin_t:sock_file r_file_perms;
+	allow $1 sbin_t:dir search_dir_perms;
+	allow $1 sbin_t:sock_file read_file_perms;
 ')
 
 ########################################
@@ -601,8 +601,8 @@ interface(`corecmd_exec_sbin',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir r_dir_perms;
-	allow $1 sbin_t:lnk_file r_file_perms;
+	allow $1 sbin_t:dir list_dir_perms;
+	allow $1 sbin_t:lnk_file read_file_perms;
 	can_exec($1,sbin_t)
 ')
 
@@ -705,7 +705,7 @@ interface(`corecmd_sbin_domtrans',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir search;
+	allow $1 sbin_t:dir search_dir_perms;
 	allow $1 sbin_t:lnk_file { getattr read };
 
 	domain_auto_trans($1,sbin_t,$2)
@@ -752,7 +752,7 @@ interface(`corecmd_sbin_spec_domtrans',`
 		type sbin_t;
 	')
 
-	allow $1 sbin_t:dir search;
+	allow $1 sbin_t:dir search_dir_perms;
 	allow $1 sbin_t:lnk_file { getattr read };
 
 	domain_trans($1,sbin_t,$2)
@@ -773,8 +773,8 @@ interface(`corecmd_check_exec_shell',`
 		type bin_t, shell_exec_t;
 	')
 
-	allow $1 bin_t:dir r_dir_perms;
-	allow $1 bin_t:lnk_file r_file_perms;
+	allow $1 bin_t:dir list_dir_perms;
+	allow $1 bin_t:lnk_file read_file_perms;
 	allow $1 shell_exec_t:file execute;
 ')
 
@@ -793,8 +793,8 @@ interface(`corecmd_exec_shell',`
 		type bin_t, shell_exec_t;
 	')
 
-	allow $1 bin_t:dir r_dir_perms;
-	allow $1 bin_t:lnk_file r_file_perms;
+	allow $1 bin_t:dir list_dir_perms;
+	allow $1 bin_t:lnk_file read_file_perms;
 	can_exec($1,shell_exec_t)
 ')
 
@@ -813,8 +813,8 @@ interface(`corecmd_exec_ls',`
 		type bin_t, ls_exec_t;
 	')
 
-	allow $1 bin_t:dir r_dir_perms;
-	allow $1 bin_t:lnk_file r_file_perms;
+	allow $1 bin_t:dir list_dir_perms;
+	allow $1 bin_t:lnk_file read_file_perms;
 	can_exec($1,ls_exec_t)
 ')
 
@@ -852,8 +852,8 @@ interface(`corecmd_shell_spec_domtrans',`
 		type bin_t, shell_exec_t;
 	')
 
-	allow $1 bin_t:dir r_dir_perms;
-	allow $1 bin_t:lnk_file r_file_perms;
+	allow $1 bin_t:dir list_dir_perms;
+	allow $1 bin_t:lnk_file read_file_perms;
 
 	domain_trans($1,shell_exec_t,$2)
 ')
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index b69a1c0..f86b65e 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,5 +1,5 @@
 
-policy_module(corecommands,1.4.0)
+policy_module(corecommands,1.4.1)
 
 ########################################
 #
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 5579a34..b0b5b81 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -718,6 +718,27 @@ interface(`seutil_manage_selinux_config',`
 	allow $1 selinux_config_t:lnk_file { getattr read };
 ')
 
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	the general selinux configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`seutil_manage_config_dirs',`
+	gen_require(`
+		type selinux_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir manage_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	Search the policy directory with default_context files.
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 99ab117..3380aac 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,5 +1,5 @@
 
-policy_module(selinuxutil,1.3.1)
+policy_module(selinuxutil,1.3.2)
 
 ifdef(`strict_policy',`
 	gen_require(`