Allow pads_admin to search parent directories to be able to interact with pads content.

Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.

Allow postgresql admin to search parent directories to be able to manage postgresql content.

Allow prelude_admin to search parent directories to be able to manage prelude content.

Signed-off-by: Dominick Grift <domg472@gmail.com>

policy/modules/services/pads.if

@@ -39,6 +39,9 @@ interface(`pads_admin', `
 	role_transition $2 pads_initrc_exec_t system_r;
 	allow $2 system_r;
 
+	files_search_pids($1)
 	admin_pattern($1, pads_var_run_t)
+
+	files_search_etc($1)
 	admin_pattern($1, pads_config_t)
 ')

policy/modules/services/plymouthd.if

@@ -252,9 +252,11 @@ interface(`plymouthd_admin', `
 	allow $1 plymouthd_t:process { ptrace signal_perms getattr };
 	read_files_pattern($1, plymouthd_t, plymouthd_t)
 
+	files_search_var_lib($1)
 	admin_pattern($1, plymouthd_spool_t)
 
 	admin_pattern($1, plymouthd_var_lib_t)
 
+	files_search_pids($1)
 	admin_pattern($1, plymouthd_var_run_t)
 ')

policy/modules/services/postgresql.if

@@ -441,10 +441,13 @@ interface(`postgresql_admin',`
 
 	admin_pattern($1, postgresql_var_run_t)
 
+	files_search_var_lib($1)
 	admin_pattern($1, postgresql_db_t)
 
+	files_search_etc($1)
 	admin_pattern($1, postgresql_etc_t)
 
+	logging_search_logs($1)
 	admin_pattern($1, postgresql_log_t)
 
 	admin_pattern($1, postgresql_tmp_t)

policy/modules/services/prelude.if

@@ -136,9 +136,16 @@ interface(`prelude_admin',`
 	allow $2 system_r;
 
 	admin_pattern($1, prelude_spool_t)
+
+	files_search_var_lib($1)
 	admin_pattern($1, prelude_var_lib_t)
+
+	files_search_pids($1)
 	admin_pattern($1, prelude_var_run_t)
 	admin_pattern($1, prelude_audisp_var_run_t)
+
+	files_search_tmp($1)
 	admin_pattern($1, prelude_lml_tmp_t)
+
 	admin_pattern($1, prelude_lml_var_run_t)
 ')