From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 20 Jul 2011 23:12:18 +0200
Subject: [refpolicy] [PATCH 1/2] Create interface for NFS/RPC TCP access
In-Reply-To: <20110720211049.GA27870@siphos.be>
References: <20110720211049.GA27870@siphos.be>
Message-ID: <20110720211218.GB27870@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Create the rpc_tcp_rw_nfs_sockets() interface, allowing for the calling
domain to access the tcp_sockets managed by nfsd_t.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/rpc.if |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if
index cda37bb..dddabcf 100644
--- a/policy/modules/services/rpc.if
+++ b/policy/modules/services/rpc.if
@@ -329,6 +329,24 @@ interface(`rpc_manage_nfs_ro_content',`
 
 ########################################
 ## <summary>
+##	Allow domain to read and write to an NFS TCP socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rpc_tcp_rw_nfs_sockets',`
+	gen_require(`
+		type nfsd_t;
+	')
+
+	allow $1 nfsd_t:tcp_socket rw_socket_perms;
+')
+
+########################################
+## <summary>
 ##	Allow domain to read and write to an NFS UDP socket.
 ## </summary>
 ## <param name="domain">
-- 
1.7.3.4