commit: b6b208348814083b568c4aa64efcc644c5debeeb
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Jan 4 21:51:21 2018 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Jan 18 16:31:30 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b6b20834
init: add init_rw_inherited_stream_socket
policy/modules/system/init.if | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index a512a5a4..547720de 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -891,6 +891,24 @@ interface(`init_dgram_send',`
########################################
## <summary>
+## Read and write to inherited init unix streams.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_rw_inherited_stream_socket',`
+ gen_require(`
+ type init_t;
+ ')
+
+ allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+')
+
+########################################
+## <summary>
## Allow the specified domain to read/write to
## init with unix domain stream sockets.
## </summary>
