From ab64c30fc33044c2f0d6593ee83b9f919df7fc2f Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 2 May 2005 21:01:31 +0000
Subject: [PATCH] add newrole:fd use

---
 refpolicy/policy/modules/system/selinux.if     | 14 ++++++++++++++
 refpolicy/policy/modules/system/selinuxutil.if | 14 ++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/refpolicy/policy/modules/system/selinux.if b/refpolicy/policy/modules/system/selinux.if
index 9804950a..04a72740 100644
--- a/refpolicy/policy/modules/system/selinux.if
+++ b/refpolicy/policy/modules/system/selinux.if
@@ -124,6 +124,20 @@ type newrole_t;
 class process sigchld;
 ')
 
+#######################################
+#
+# selinux_newrole_use_file_descriptors(domain)
+#
+define(`selinux_newrole_use_file_descriptors',`
+requires_block_template(selinux_newrole_use_file_descriptors_depend)
+allow $1 newrole_t:fd use;
+')
+
+define(`selinux_newrole_use_file_descriptors_depend',`
+type newrole_t;
+class fd use;
+')
+
 #######################################
 #
 # selinux_restorecon_transition(domain)
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 9804950a..04a72740 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -124,6 +124,20 @@ type newrole_t;
 class process sigchld;
 ')
 
+#######################################
+#
+# selinux_newrole_use_file_descriptors(domain)
+#
+define(`selinux_newrole_use_file_descriptors',`
+requires_block_template(selinux_newrole_use_file_descriptors_depend)
+allow $1 newrole_t:fd use;
+')
+
+define(`selinux_newrole_use_file_descriptors_depend',`
+type newrole_t;
+class fd use;
+')
+
 #######################################
 #
 # selinux_restorecon_transition(domain)