From d3cdc3d07c5d527e1f019ea0ff058321a753df7a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mar 11 2009 14:58:03 +0000 Subject: trunk: add open perm to sock_file. --- diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 2bb138a..bbe1ce7 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -157,6 +157,9 @@ inherits file class sock_file inherits file +{ + open +} class fifo_file inherits file diff --git a/policy/support/ipc_patterns.spt b/policy/support/ipc_patterns.spt index 641f6e2..310f9ef 100644 --- a/policy/support/ipc_patterns.spt +++ b/policy/support/ipc_patterns.spt @@ -3,12 +3,12 @@ # define(`stream_connect_pattern',` allow $1 $2:dir search_dir_perms; - allow $1 $3:sock_file { getattr write }; + allow $1 $3:sock_file write_sock_file_perms; allow $1 $4:unix_stream_socket connectto; ') define(`dgram_send_pattern',` allow $1 $2:dir search_dir_perms; - allow $1 $3:sock_file { getattr write }; + allow $1 $3:sock_file write_sock_file_perms; allow $1 $4:unix_dgram_socket sendto; ') diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt index 0960f33..f6e0de7 100644 --- a/policy/support/obj_perm_sets.spt +++ b/policy/support/obj_perm_sets.spt @@ -252,13 +252,13 @@ define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }') # define(`getattr_sock_file_perms',`{ getattr }') define(`setattr_sock_file_perms',`{ setattr }') -define(`read_sock_file_perms',`{ getattr read }') -define(`write_sock_file_perms',`{ getattr write append }') -define(`rw_sock_file_perms',`{ getattr read write append }') -define(`create_sock_file_perms',`{ getattr create }') +define(`read_sock_file_perms',`{ getattr open read }') +define(`write_sock_file_perms',`{ getattr write open append }') +define(`rw_sock_file_perms',`{ getattr open read write append }') +define(`create_sock_file_perms',`{ getattr create open }') define(`rename_sock_file_perms',`{ getattr rename }') define(`delete_sock_file_perms',`{ getattr unlink }') -define(`manage_sock_file_perms',`{ create getattr setattr read write rename link unlink ioctl lock append }') +define(`manage_sock_file_perms',`{ create open getattr setattr read write rename link unlink ioctl lock append }') define(`relabelfrom_sock_file_perms',`{ getattr relabelfrom }') define(`relabelto_sock_file_perms',`{ getattr relabelto }') define(`relabel_sock_file_perms',`{ getattr relabelfrom relabelto }')