From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 23 Feb 2017 20:51:48 -0500
Subject: [refpolicy] [PATCH] rw_inherited_file_perms
In-Reply-To: <20170223041416.5dnpmekrggnkegif@athena.coker.com.au>
References: <20170223041416.5dnpmekrggnkegif@athena.coker.com.au>
Message-ID: <60e5273c-781b-a56b-71f9-86b579e57d5a@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/22/17 23:14, Russell Coker via refpolicy wrote:
> This patch defines rw_inherited_file_perms.  It's needed by a few patches
> I'm going to send soon so I need to get it in before they go in.
>
> Also it's generally a good thing to have.  We should reconsider some of the
> other policy for whether it should use this.
>
> Index: refpolicy-2.20170221/policy/support/obj_perm_sets.spt
> ===================================================================
> --- refpolicy-2.20170221.orig/policy/support/obj_perm_sets.spt
> +++ refpolicy-2.20170221/policy/support/obj_perm_sets.spt
> @@ -158,7 +158,8 @@ define(`mmap_file_perms',`{ getattr open
>  define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
>  define(`append_file_perms',`{ getattr open append lock ioctl }')
>  define(`write_file_perms',`{ getattr open write append lock ioctl }')
> -define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
> +define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }')
> +define(`rw_file_perms',`{ open rw_inherited_file_perms }')
>  define(`create_file_perms',`{ getattr create open }')
>  define(`rename_file_perms',`{ getattr rename }')
>  define(`delete_file_perms',`{ getattr unlink }')

Merged.

-- 
Chris PeBenito