From 8c77177b756349f6d7065bcaa072200e1dfdc051 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Apr 19 2005 20:44:07 +0000
Subject: add interface to send syslog messages



---

diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index 480d069..d5a4991 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -15,6 +15,27 @@ files_make_file_depend
 
 #######################################
 #
+# logging_send_system_log_message(type,[`optional'])
+#
+define(`logging_send_system_log_message',`
+requires_block_template(logging_send_system_log_message_depend,$2)
+allow $1 devlog_t:sock_file { ioctl read getattr lock write append };
+# the type of socket depends on the syslog daemon
+allow $1 syslogd_t:unix_dgram_socket sendto;
+allow $1 syslogd_t:unix_stream_socket connectto;
+allow $1 self:unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
+allow $1 self:unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
+')
+
+define(`logging_send_system_log_message_depend',`
+type syslogd_t, devlog_t;
+class sock_file { ioctl read getattr lock write append };
+class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown sendto };
+class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown connectto };
+')
+
+#######################################
+#
 # logging_append_all_logs(type,[`optional'])
 #
 define(`logging_append_all_logs',`