From: aranea@aixah.de (Luis Ressel)
Date: Mon, 11 Sep 2017 08:40:53 +0200
Subject: [refpolicy] [PATCH 4/4] selinuxutil: Add map permissions neccessary
	for semanage
In-Reply-To: <20170911064053.6831-1-aranea@aixah.de>
References: <20170911064053.6831-1-aranea@aixah.de>
Message-ID: <20170911064053.6831-4-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 policy/modules/system/selinuxutil.if | 2 ++
 policy/modules/system/selinuxutil.te | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 34c0b465..20024993 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -1043,6 +1043,7 @@ interface(`seutil_read_module_store',`
 	list_dirs_pattern($1, selinux_config_t, semanage_store_t)
 	list_dirs_pattern($1, semanage_store_t, semanage_store_t)
 	read_files_pattern($1, semanage_store_t, semanage_store_t)
+	allow $1 semanage_store_t:file map;
 	read_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
 ')
 
@@ -1067,6 +1068,7 @@ interface(`seutil_manage_module_store',`
 	manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
 	manage_dirs_pattern($1, semanage_store_t, semanage_store_t)
 	manage_files_pattern($1, semanage_store_t, semanage_store_t)
+	allow $1 semanage_store_t:file map;
 	manage_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
 ')
 
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index ebf72de8..23b6fc70 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -500,6 +500,7 @@ domain_use_interactive_fds(semanage_t)
 
 files_read_etc_files(semanage_t)
 files_read_etc_runtime_files(semanage_t)
+files_map_usr_files(semanage_t)
 files_read_usr_files(semanage_t)
 files_list_pids(semanage_t)
 
@@ -536,7 +537,9 @@ seutil_manage_default_contexts(semanage_t)
 
 # Handle pp files created in homedir and /tmp
 userdom_read_user_home_content_files(semanage_t)
+userdom_map_user_home_content_files(semanage_t)
 userdom_read_user_tmp_files(semanage_t)
+userdom_map_user_tmp_files(semanage_t)
 
 ifdef(`distro_debian',`
 	files_read_var_lib_files(semanage_t)
-- 
2.14.1