From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:36:50 +0100
Subject: [refpolicy] [PATCH 30/34]: patch to allow the cron module to manage
	job keys
Message-ID: <1297838210.3205.108.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch has been added as needed after recent (> 02022011) changes
affecting the cron module.

diff -pruN refpolicy-git-15022011-test-apply/policy/modules/services/cron.if refpolicy-git-15022011-new-modified/policy/modules/services/cron.if
--- refpolicy-git-15022011-test-apply/policy/modules/services/cron.if	2011-01-08 19:07:21.234740092 +0100
+++ refpolicy-git-15022011-new-modified/policy/modules/services/cron.if	2011-02-15 23:47:45.242997169 +0100
@@ -523,6 +523,24 @@ interface(`cron_use_system_job_fds',`
 
 ########################################
 ## <summary>
+##      Manage a system cron job key.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`cron_manage_system_job_key',`
+	gen_require(`
+		type system_cronjob_t;
+	')
+
+	allow $1 system_cronjob_t:key manage_key_perms;
+')
+
+########################################
+## <summary>
 ##	Write a system cron job unnamed pipe.
 ## </summary>
 ## <param name="domain">
diff -pruN refpolicy-git-15022011-test-apply/policy/modules/services/cron.te refpolicy-git-15022011-new-modified/policy/modules/services/cron.te
--- refpolicy-git-15022011-test-apply/policy/modules/services/cron.te	2011-01-08 19:07:21.234740092 +0100
+++ refpolicy-git-15022011-new-modified/policy/modules/services/cron.te	2011-02-15 23:53:14.772478379 +0100
@@ -203,6 +203,8 @@ files_list_usr(crond_t)
 files_search_var_lib(crond_t)
 files_search_default(crond_t)
 
+cron_manage_system_job_key(crond_t)
+
 init_rw_utmp(crond_t)
 init_spec_domtrans_script(crond_t)