From 6df09cfef73be1e718e789a83e0e4efc141a3703 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Fri, 18 Dec 2009 10:44:59 -0500
Subject: [PATCH] PCSCD patch from Dan Walsh.

---
 policy/modules/services/pcscd.if | 3 +--
 policy/modules/services/pcscd.te | 6 +++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/policy/modules/services/pcscd.if b/policy/modules/services/pcscd.if
index 7622d764..913e857e 100644
--- a/policy/modules/services/pcscd.if
+++ b/policy/modules/services/pcscd.if
@@ -53,6 +53,5 @@ interface(`pcscd_stream_connect',`
 	')
 
 	files_search_pids($1)
-	allow $1 pcscd_var_run_t:sock_file write;
-	allow $1 pcscd_t:unix_stream_socket connectto;
+	stream_connect_pattern($1, pcscd_var_run_t, pcscd_var_run_t, pcscd_t)
 ')
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index 0dc33712..37ddf3e9 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -1,5 +1,5 @@
 
-policy_module(pcscd, 1.5.0)
+policy_module(pcscd, 1.5.1)
 
 ########################################
 #
@@ -29,9 +29,12 @@ allow pcscd_t self:tcp_socket create_stream_socket_perms;
 
 manage_dirs_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
+manage_fifo_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
 files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file dir })
 
+kernel_read_system_state(pcscd_t)
+
 corenet_all_recvfrom_unlabeled(pcscd_t)
 corenet_all_recvfrom_netlabel(pcscd_t)
 corenet_tcp_sendrecv_generic_if(pcscd_t)
@@ -40,6 +43,7 @@ corenet_tcp_sendrecv_all_ports(pcscd_t)
 corenet_tcp_connect_http_port(pcscd_t)
 
 dev_rw_generic_usb_dev(pcscd_t)
+dev_rw_smartcard(pcscd_t)
 dev_rw_usbfs(pcscd_t)
 dev_search_sysfs(pcscd_t)