From: cgzones@googlemail.com (=?UTF-8?q?Christian=20G=C3=B6ttsche?=)
Date: Thu,  4 Jan 2018 22:51:21 +0100
Subject: [refpolicy] [PATCH] init: add init_rw_inherited_stream_socket
Message-ID: <20180104215121.14271-1-cgzones@googlemail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 policy/modules/system/init.if | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 622bcec57..326581ecc 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -889,6 +889,24 @@ interface(`init_dgram_send',`
 	allow $1 init_t:unix_stream_socket getattr;
 ')
 
+########################################
+## <summary>
+##	Read and write to inherited init unix streams.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_rw_inherited_stream_socket',`
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to read/write to
-- 
2.15.1