From: russell@coker.com.au (Russell Coker) Date: Thu, 23 Feb 2017 15:14:16 +1100 Subject: [refpolicy] [PATCH] rw_inherited_file_perms Message-ID: <20170223041416.5dnpmekrggnkegif@athena.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch defines rw_inherited_file_perms. It's needed by a few patches I'm going to send soon so I need to get it in before they go in. Also it's generally a good thing to have. We should reconsider some of the other policy for whether it should use this. Index: refpolicy-2.20170221/policy/support/obj_perm_sets.spt =================================================================== --- refpolicy-2.20170221.orig/policy/support/obj_perm_sets.spt +++ refpolicy-2.20170221/policy/support/obj_perm_sets.spt @@ -158,7 +158,8 @@ define(`mmap_file_perms',`{ getattr open define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }') define(`append_file_perms',`{ getattr open append lock ioctl }') define(`write_file_perms',`{ getattr open write append lock ioctl }') -define(`rw_file_perms',`{ getattr open read write append ioctl lock }') +define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }') +define(`rw_file_perms',`{ open rw_inherited_file_perms }') define(`create_file_perms',`{ getattr create open }') define(`rename_file_perms',`{ getattr rename }') define(`delete_file_perms',`{ getattr unlink }')