add read and search for etc_t:dir

refpolicy/policy/modules/system/authlogin.if

@@ -18,7 +18,7 @@ role $1_r types system_chkpwd_t;
 allow $1_chkpwd_t self:capability setuid;
 allow $1_chkpwd_t self:process getattr;
 
-# FIXME: read etc_t dir
+files_read_general_system_config_directory($1_chkpwd_t)
 allow $1_chkpwd_t shadow_t:file { getattr read };
 
 # is_selinux_enabled
@@ -155,7 +155,7 @@ class file { getattr read write setattr };
 #
 define(`authlogin_read_shadow_passwords',`
 requires_block_template(`$0'_depend)
-# FIXME: read etc_t dir
+files_read_general_system_config_directory($1)
 allow $1 shadow_t:file { getattr read };
 typeattribute $1 can_read_shadow_passwords;
 ')
@@ -186,7 +186,7 @@ class file { getattr read };
 #
 define(`authlogin_modify_shadow_passwords',`
 requires_block_template(`$0'_depend)
-# FIXME: read etc_t dir
+files_read_general_system_config_directory($1)
 allow $1 shadow_t:file { getattr read write };
 typeattribute $1 can_read_shadow_passwords;
 typeattribute $1 can_write_shadow_passwords;
@@ -224,6 +224,7 @@ class file { create ioctl read getattr lock write setattr append link unlink ren
 #
 define(`authlogin_relabel_to_shadow_passwords',`
 requires_block_template(`$0'_depend)
+files_search_general_system_config_directory($1)
 allow $1 shadow_t:file relabelto;
 typeattribute $1 can_relabelto_shadow_passwords;
 ')
@@ -240,6 +241,7 @@ class file relabelto;
 #
 define(`authlogin_modify_last_login_log',`
 requires_block_template(`$0'_depend)
+logging_search_system_log_directory($1)
 allow $1 lastlog_t:file { getattr read write setattr };
 ')
 

refpolicy/policy/modules/system/authlogin.te

@@ -266,8 +266,6 @@ sysnetwork_read_network_config(system_chkpwd_t)
 ')
 
 ifdef(`TODO',`
-# FIXME: read etc_t dir
-
 can_ypbind(system_chkpwd_t)
 can_kerberos(system_chkpwd_t)
 can_ldap(system_chkpwd_t)

refpolicy/policy/modules/system/clock.if

@@ -6,8 +6,8 @@
 #
 define(`clock_modify_drift_records',`
 requires_block_template(`$0'_depend)
-# FIXME: search etc_t dir
 allow $1 adjtime_t:file { getattr read write ioctl lock append };
+files_read_general_system_config_directory($1)
 ')
 
 define(`clock_modify_drift_records_depend',`

refpolicy/policy/modules/system/files.if

@@ -251,6 +251,34 @@ type root_t;
 class filesystem unmount;
 ')
 
+########################################
+#
+# files_search_general_system_config_directory(domain)
+#
+define(`files_search_general_system_config_directory',`
+requires_block_template(`$0'_depend)
+allow $1 etc_t:dir search;
+')
+
+define(`files_search_general_system_config_directory_depend',`
+type etc_t;
+class dir search;
+')
+
+########################################
+#
+# files_read_general_system_config_directory(domain)
+#
+define(`files_read_general_system_config_directory',`
+requires_block_template(`$0'_depend)
+allow $1 etc_t:dir { getattr search read };
+')
+
+define(`files_read_general_system_config_directory_depend',`
+type etc_t;
+class dir { getattr search read };
+')
+
 ########################################
 #
 # files_read_general_system_config(domain)

refpolicy/policy/modules/system/hotplug.if

@@ -80,7 +80,7 @@ class dir search;
 #
 define(`hotplug_read_config',`
 requires_block_template(`$0'_depend)
-# FIXME: search etc_t
+files_search_general_system_config_directory($1)
 allow $1 hotplug_etc_t:file { read getattr lock ioctl };
 allow $1 hotplug_etc_t:dir { read getattr lock search ioctl };
 allow $1 hotplug_etc_t:lnk_file { getattr read };

refpolicy/policy/modules/system/sysnetwork.if

@@ -42,7 +42,7 @@ class process { transition noatsecure siginh rlimitinh };
 #
 define(`sysnetwork_read_network_config',`
 requires_block_template(`$0'_depend)
-# FIXME: allow $1 etc_t:dir search;
+files_search_general_system_config_directory($1)
 allow $1 net_conf_t:file { getattr read };
 ')