From: corentin.labbe@geomatys.fr (LABBE Corentin)
Date: Wed,  3 Mar 2010 16:37:18 +0100
Subject: [refpolicy] [PATCH 1/1] Portage_fetch_t need use of portage_devpts_
Message-ID: <1267630638-19006-1-git-send-email-corentin.labbe@geomatys.fr>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
---
 policy/modules/admin/portage.if |   19 +++++++++++++++++++
 policy/modules/admin/portage.te |    2 ++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
index 35161b2..a1b6a4b 100644
--- a/policy/modules/admin/portage.if
+++ b/policy/modules/admin/portage.if
@@ -281,3 +281,22 @@ interface(`portage_dontaudit_rw_tmp_files',`
 
 	dontaudit $1 portage_tmp_t:file rw_file_perms;
 ')
+
+########################################
+## <summary>
+##      Write the pty of portage.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`portage_use_pty',`
+        gen_require(`
+                type portage_devpts_t;
+        ')
+
+        term_search_ptys($1)
+        allow $1 portage_devpts_t:chr_file write_chr_file_perms;
+')
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index ba1a256..fd863a7 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -211,6 +211,8 @@ allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
 allow portage_fetch_t portage_conf_t:dir list_dir_perms;
 read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t)
 
+portage_use_pty(portage_fetch_t)
+
 manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
 manage_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
 
-- 
1.6.4.4