From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 09 Feb 2017 17:25:15 +0100
Subject: [refpolicy] [PATCH 1/2] cups: read permission for cupsd_var_run_t
 socket files in cups_stream_connect()
Message-ID: <1486657515.28070.9.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Modify the cups_stream_connect() interface so that it can also
read cupsd_var_run_t socket files in addition to writing them.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/cups.if |    1 +
 1 file changed, 1 insertion(+)

diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
--- a/policy/modules/contrib/cups.if	2017-01-24 18:56:19.569106107 +0100
+++ b/policy/modules/contrib/cups.if	2017-02-09 16:57:59.936511815 +0100
@@ -69,6 +69,7 @@ interface(`cups_stream_connect',`
 	')
 
 	files_search_pids($1)
+	allow $1 cupsd_var_run_t:sock_file read_sock_file_perms;
 	stream_connect_pattern($1, cupsd_var_run_t, cupsd_var_run_t, cupsd_t)
 ')