diff --git a/policy/modules/apps/ptchown.if b/policy/modules/apps/ptchown.if index cc8a359..f1c2698 100644 --- a/policy/modules/apps/ptchown.if +++ b/policy/modules/apps/ptchown.if @@ -18,3 +18,27 @@ interface(`ptchown_domtrans',` domtrans_pattern($1, ptchown_exec_t, ptchown_t) ') +######################################## +## +## Execute ptchown in the ptchown domain, and +## allow the specified role the ptchown domain. +## +## +## +## Domain allowed access. +## +## +## +## +## The role to be allowed the ptchown domain. +## +## +# +interface(`ptchown_run',` + gen_require(` + type ptchown_t; + ') + + ptchown_domtrans($1) + role $2 types ptchown_t; +') diff --git a/policy/modules/apps/ptchown.te b/policy/modules/apps/ptchown.te index 7fbaec6..7f09e01 100644 --- a/policy/modules/apps/ptchown.te +++ b/policy/modules/apps/ptchown.te @@ -24,6 +24,7 @@ files_read_etc_files(ptchown_t) fs_rw_anon_inodefs_files(ptchown_t) term_setattr_generic_ptys(ptchown_t) +term_getattr_all_ptys(ptchown_t) term_setattr_all_ptys(ptchown_t) term_use_generic_ptys(ptchown_t) term_use_ptmx(ptchown_t)