Use stream connect pattern.

2010-09-20 11:54:26 +02:00 · 2010-09-20 11:54:26 +02:00 · bece7c48bb
commit bece7c48bb
parent ab33cc0cf1
2 changed files with 6 additions and 4 deletions
--- a/policy/modules/services/gpm.if
+++ b/policy/modules/services/gpm.if
@ -16,8 +16,7 @@ interface(`gpm_stream_connect',`
 		type gpmctl_t, gpm_t;
 	')

-	allow $1 gpmctl_t:sock_file rw_sock_file_perms;
-	allow $1 gpm_t:unix_stream_socket connectto;
+	stream_connect_pattern($1, gpmctl_t, gpmctl_t, gpm_t)
 ')

 ########################################
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@ -164,8 +164,11 @@ interface(`nscd_shm_use',`
 	# nscd_socket_domain macro. need to investigate
 	# if they are all actually required
 	allow $1 self:unix_stream_socket create_stream_socket_perms;
-	allow $1 nscd_t:unix_stream_socket connectto;
-	allow $1 nscd_var_run_t:sock_file rw_file_perms;
+
+	# dg: This may not be required.
+	allow $1 nscd_var_run_t:sock_file read_sock_file_perms;
+
+	stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
 	files_search_pids($1)
 	allow $1 nscd_t:nscd { getpwd getgrp gethost };
 	dontaudit $1 nscd_var_run_t:file { getattr read };