From bece7c48bbbbac3f46d1ad40dcb2fa07f20d714c Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Sep 20 2010 16:13:50 +0000
Subject: Use stream connect pattern.


Use stream connect pattern.

---

diff --git a/policy/modules/services/gpm.if b/policy/modules/services/gpm.if
index 7d97298..7d9378c 100644
--- a/policy/modules/services/gpm.if
+++ b/policy/modules/services/gpm.if
@@ -16,8 +16,7 @@ interface(`gpm_stream_connect',`
 		type gpmctl_t, gpm_t;
 	')
 
-	allow $1 gpmctl_t:sock_file rw_sock_file_perms;
-	allow $1 gpm_t:unix_stream_socket connectto;
+	stream_connect_pattern($1, gpmctl_t, gpmctl_t, gpm_t)
 ')
 
 ########################################
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
index ded2734..f1ee95b 100644
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@@ -164,8 +164,11 @@ interface(`nscd_shm_use',`
 	# nscd_socket_domain macro. need to investigate
 	# if they are all actually required
 	allow $1 self:unix_stream_socket create_stream_socket_perms;
-	allow $1 nscd_t:unix_stream_socket connectto;
-	allow $1 nscd_var_run_t:sock_file rw_file_perms;
+
+	# dg: This may not be required.
+	allow $1 nscd_var_run_t:sock_file read_sock_file_perms;
+
+	stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
 	files_search_pids($1)
 	allow $1 nscd_t:nscd { getpwd getgrp gethost };
 	dontaudit $1 nscd_var_run_t:file { getattr read };