From bf530f532ca01fe38658d4ef96e34944c33845d9 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Mar 03 2010 18:10:55 +0000
Subject: Various permission set fixes.


Fix various interfaces to use permission sets for compatiblity with open permission.

Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.

The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

---

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b3b08d6..990063c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1313,7 +1313,7 @@ interface(`userdom_setattr_user_ptys',`
 		type user_devpts_t;
 	')
 
-	allow $1 user_devpts_t:chr_file setattr;
+	allow $1 user_devpts_t:chr_file setattr_chr_file_perms;
 ')
 
 ########################################
@@ -1655,7 +1655,7 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file setattr;
+	dontaudit $1 user_home_t:file setattr_file_perms;
 ')
 
 ########################################
@@ -1730,7 +1730,7 @@ interface(`userdom_dontaudit_append_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file append;
+	dontaudit $1 user_home_t:file append_file_perms;
 ')
 
 ########################################
@@ -1748,7 +1748,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file write;
+	dontaudit $1 user_home_t:file write_file_perms;
 ')
 
 ########################################
@@ -1849,7 +1849,7 @@ interface(`userdom_dontaudit_exec_user_home_content_files',`
 		type user_home_t;
 	')
 
-	dontaudit $1 user_home_t:file execute;
+	dontaudit $1 user_home_t:file exec_file_perms;
 ')
 
 ########################################
@@ -2193,7 +2193,7 @@ interface(`userdom_dontaudit_append_user_tmp_files',`
 		type user_tmp_t;
 	')
 
-	dontaudit $1 user_tmp_t:file append;
+	dontaudit $1 user_tmp_t:file append_file_perms;
 ')
 
 ########################################
@@ -2467,7 +2467,7 @@ interface(`userdom_getattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	allow $1 user_tty_device_t:chr_file getattr;
+	allow $1 user_tty_device_t:chr_file getattr_chr_file_perms;
 ')
 
 ########################################
@@ -2485,7 +2485,7 @@ interface(`userdom_dontaudit_getattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	dontaudit $1 user_tty_device_t:chr_file getattr;
+	dontaudit $1 user_tty_device_t:chr_file getattr_chr_file_perms;
 ')
 
 ########################################
@@ -2503,7 +2503,7 @@ interface(`userdom_setattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	allow $1 user_tty_device_t:chr_file setattr;
+	allow $1 user_tty_device_t:chr_file setattr_chr_file_perms;
 ')
 
 ########################################
@@ -2521,7 +2521,7 @@ interface(`userdom_dontaudit_setattr_user_ttys',`
 		type user_tty_device_t;
 	')
 
-	dontaudit $1 user_tty_device_t:chr_file setattr;
+	dontaudit $1 user_tty_device_t:chr_file setattr_chr_file_perms;
 ')
 
 ########################################