From c4bf97930287982d8ce827f142586e290b967ed6 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 12 Oct 2005 18:17:10 +0000
Subject: [PATCH] start adding perm sets with refpol names

---
 refpolicy/policy/support/obj_perm_sets.spt | 29 +++++++++++++++++-----
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/refpolicy/policy/support/obj_perm_sets.spt b/refpolicy/policy/support/obj_perm_sets.spt
index 500c16f5..03fcb24e 100644
--- a/refpolicy/policy/support/obj_perm_sets.spt
+++ b/refpolicy/policy/support/obj_perm_sets.spt
@@ -71,11 +71,6 @@ define(`r_file_perms', `{ read getattr lock ioctl }')
 #
 define(`rx_file_perms', `{ read getattr lock execute ioctl }')
 
-# 
-# Permissions for reading and writing files and their attributes.
-#
-define(`rw_file_perms', `{ ioctl read getattr lock write append }')
-
 # 
 # Permissions for reading and appending to files.
 #
@@ -193,9 +188,31 @@ define(`create_shm_perms', `{ associate getattr setattr create destroy read writ
 
 ########################################
 #
-# Specialized permission sets
+# New permission sets
 #
 
+#
+# Directory
+#
+define(`search_dir_perms',`{ search }')
+define(`getattr_dir_perms',`{ getattr }')
+define(`setattr_dir_perms',`{ setattr }')
+define(`list_dir_perms',`{ getattr search read lock ioctl }')
+define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }')
+define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
+define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
+
+#
+# File
+#
+define(`getattr_file_perms',`{ getattr }')
+define(`setattr_file_perms',`{ setattr }')
+define(`read_file_perms',`{ getattr read lock ioctl }')
+define(`append_file_perms',`{ getattr append lock ioctl }')
+define(`write_file_perms',`{ getattr write append lock ioctl }')
+define(`rw_file_perms', `{ getattr read write append ioctl lock }')
+define(`manage_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+
 #
 # Use (read and write) terminals
 #