From mboxrd@z Thu Jan 1 00:00:00 1970
From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:00:35 +0100
Subject: [refpolicy] [PATCH 1/34]: patch to allow readahead read init_t fifo
files
Message-ID: <1297836035.3205.30.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
This patch adds a new interface init_read_fifo_file() and
uses it so that readahead can read init_t fifo files.
diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/admin/readahead.te refpolicy-git-02022011-new/policy/modules/admin/readahead.te
--- refpolicy-git-02022011/policy/modules/admin/readahead.te 2011-01-08 19:07:21.165729194 +0100
+++ refpolicy-git-02022011-new/policy/modules/admin/readahead.te 2011-01-26 01:40:07.208360132 +0100
@@ -79,6 +79,7 @@ term_dontaudit_use_console(readahead_t)
auth_dontaudit_read_shadow(readahead_t)
+init_read_fifo_file(readahead_t)
init_use_fds(readahead_t)
init_use_script_ptys(readahead_t)
init_getattr_initctl(readahead_t)
diff -pruN -x booleans.conf -x corenetwork.if -x corenetwork.te -x modules.conf refpolicy-git-02022011/policy/modules/system/init.if refpolicy-git-02022011-new/policy/modules/system/init.if
--- refpolicy-git-02022011/policy/modules/system/init.if 2011-02-06 23:07:41.774207748 +0100
+++ refpolicy-git-02022011-new/policy/modules/system/init.if 2011-01-26 01:40:07.026309900 +0100
@@ -947,6 +947,24 @@ interface(`init_read_state',`
########################################
##
+## Read init fifo file.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`init_read_fifo_file',`
+ gen_require(`
+ type init_t;
+ ')
+
+ allow $1 init_t:fifo_file read_fifo_file_perms;
+')
+
+########################################
+##
## Ptrace init
##
##