From 24280a524d5347fbb9bf9c3dc52013f126bdbb28 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 11 May 2005 19:05:15 +0000
Subject: [PATCH] updates needed for cron

---
 refpolicy/policy/modules/system/files.if     | 14 ++++++++
 refpolicy/policy/modules/system/init.if      |  8 ++---
 refpolicy/policy/modules/system/logging.if   | 17 +++++++++
 refpolicy/policy/modules/system/miscfiles.if | 36 ++++++++++++++++++++
 4 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index d002a388..c334694d 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -90,6 +90,20 @@ attribute file_type;
 class dir search;
 ')
 
+########################################
+#
+# files_read_all_directories(domain)
+#
+define(`files_read_all_directories',`
+requires_block_template(`$0'_depend)
+allow $1 file_type:dir { getattr search read };
+')
+
+define(`files_read_all_directories_depend',`
+attribute file_type;
+class dir { getattr search read };
+')
+
 ########################################
 #
 # files_ignore_search_all_directories(domain)
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index d5a3356b..2d8337d3 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -218,12 +218,12 @@ class process getpgid;
 define(`init_script_read_runtime_data',`
 requires_block_template(`$0'_depend)
 files_read_runtime_data_directory($1)
-allow $1 initrc_var_run_t:file { getattr read };
+allow $1 initrc_var_run_t:file { getattr read lock };
 ')
 
 define(`init_script_read_runtime_data_depend',`
 type initrc_var_run_t;
-class file { getattr read };
+class file { getattr read lock };
 ')
 
 ########################################
@@ -233,12 +233,12 @@ class file { getattr read };
 define(`init_script_modify_runtime_data',`
 requires_block_template(`$0'_depend)
 files_read_runtime_data_directory($1)
-allow $1 initrc_var_run_t:file { getattr read write append };
+allow $1 initrc_var_run_t:file { getattr read write append lock };
 ')
 
 define(`init_script_modify_runtime_data_depend',`
 type initrc_var_run_t;
-class file { getattr read write append };
+class file { getattr read write append lock };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index 9b20f73c..9b15f3a6 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -89,6 +89,23 @@ class dir { getattr search read };
 class file { getattr read };
 ')
 
+#######################################
+#
+# logging_read_system_logs(domain)
+#
+define(`logging_read_system_logs',`
+requires_block_template(`$0'_depend)
+files_search_system_state_data_directory($1)
+allow $1 var_log_t:dir { getattr search read };
+allow $1 var_log_t:file { getattr read };
+')
+
+define(`logging_read_system_logs_depend',`
+type var_log_t;
+class dir { getattr search read };
+class file { getattr read };
+')
+
 #######################################
 #
 # logging_modify_system_logs(domain)
diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if
index ccceb518..351e836d 100644
--- a/refpolicy/policy/modules/system/miscfiles.if
+++ b/refpolicy/policy/modules/system/miscfiles.if
@@ -1,5 +1,22 @@
 # Copyright (C) 2005 Tresys Technology, LLC
 
+########################################
+#
+# miscfiles_manage_man_page_cache(domain)
+#
+define(`miscfiles_manage_man_page_cache',`
+requires_block_template(`$0'_depend)
+# FIXME: search var_t dir
+allow $1 catman_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
+allow $1 catman_t:file { create ioctl read getattr lock write setattr append link unlink rename };
+')
+
+define(`miscfiles_manage_man_page_cache_depend',`
+type catman_t;
+class dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
+class file { create ioctl read getattr lock write setattr append link unlink rename };
+')
+
 ########################################
 #
 # miscfiles_read_fonts(domain)
@@ -57,3 +74,22 @@ define(`miscfiles_read_localization_depend',`
 type locale_t;
 class file execute;
 ')
+
+########################################
+#
+# miscfiles_read_man_pages(domain)
+#
+define(`miscfiles_read_man_pages',`
+requires_block_template(`$0'_depend)
+# FIXME: search usr_t dir
+allow $1 man_t:dir { getattr read search };
+allow $1 man_t:file { getattr read };
+allow $1 man_t:lnk_file { getattr read };
+')
+
+define(`miscfiles_read_man_pages_depend',`
+type man_t;
+class dir { getattr read search };
+class file { getattr read };
+class lnk_file { getattr read };
+')