From: domg472@gmail.com (Dominick Grift)
Date: Mon, 14 Feb 2011 21:43:34 +0100
Subject: [refpolicy] [ access_vectors patch 1/2] Add access vectors:
 audit_access, read_policy.
Message-ID: <20110214204329.GA9388@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

I guess read_policy is a permissive required together with read_file_perms for /selinux/policy. What audit_access actually does i do not know. Also i re-ordered execmod and open because currently it was not complete.

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 0ef9b12... 1966443... M	policy/flask/access_vectors
 policy/flask/access_vectors |   18 ++++--------------
 1 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 0ef9b12..1966443 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -27,6 +27,9 @@ common file
 	swapon
 	quotaon
 	mounton
+	audit_access
+	open
+	execmod
 }
 
 
@@ -152,7 +155,6 @@ inherits file
 	reparent
 	search
 	rmdir
-	open
 }
 
 class file
@@ -160,8 +162,6 @@ inherits file
 {
 	execute_no_trans
 	entrypoint
-	execmod
-	open
 }
 
 class lnk_file
@@ -172,27 +172,16 @@ inherits file
 {
 	execute_no_trans
 	entrypoint
-	execmod
-	open
 }
 
 class blk_file
 inherits file
-{
-	open
-}
 
 class sock_file
 inherits file
-{
-	open
-}
 
 class fifo_file
 inherits file
-{
-	open
-}
 
 class fd
 {
@@ -363,6 +352,7 @@ class security
 	setbool
 	setsecparam
 	setcheckreqprot
+	read_policy
 }
 
 
-- 
1.7.4

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110214/4436a879/attachment.bin