From: pebenito@ieee.org (Chris PeBenito) Date: Fri, 5 Jan 2018 16:21:12 -0500 Subject: [refpolicy] [PATCH] init: add init_rw_inherited_stream_socket In-Reply-To: <20180104215121.14271-1-cgzones@googlemail.com> References: <20180104215121.14271-1-cgzones@googlemail.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/04/2018 04:51 PM, Christian G?ttsche via refpolicy wrote: > --- > policy/modules/system/init.if | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if > index 622bcec57..326581ecc 100644 > --- a/policy/modules/system/init.if > +++ b/policy/modules/system/init.if > @@ -889,6 +889,24 @@ interface(`init_dgram_send',` > allow $1 init_t:unix_stream_socket getattr; > ') > > +######################################## > +## > +## Read and write to inherited init unix streams. > +## > +## > +## > +## Domain allowed access. > +## > +## > +# > +interface(`init_rw_inherited_stream_socket',` > + gen_require(` > + type init_t; > + ') > + > + allow $1 init_t:unix_stream_socket { getattr read write ioctl }; > +') > + > ######################################## > ## > ## Allow the specified domain to read/write to Merged. -- Chris PeBenito