Add files_add_entry_var_lib_dirs() interface

diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 6bcfc8cebe3d86df107ae31658640afc458706b7..4810d02e6455b2dfc8cda95c07f262121e3490a1 100644 (file)
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -472,6 +472,8 @@ domain_dontaudit_read_all_domains_state(useradd_t)
 files_search_var_lib(useradd_t)
 files_relabel_etc_files(useradd_t)
 files_read_etc_runtime_files(useradd_t)
+# needed by /var/lig/xguest
+files_add_entry_var_lib_dirs(useradd_t)
 
 fs_search_auto_mountpoints(useradd_t)
 fs_getattr_xattr_fs(useradd_t)

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index b682bcf3b2bc2015fc95d058bd1fb513c59ee67a..21972994e47ed0a8fdb228b90cd9c25d8bb67055 100644 (file)
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -5537,6 +5537,24 @@ interface(`files_list_var_lib',`
        list_dirs_pattern($1, var_t, var_lib_t)
 ')
 
+##########################################
+## <summary>
+##  Add entries to /var/lib directories
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`files_add_entry_var_lib_dirs',`
+    gen_require(`
+        type var_lib_t;
+    ')
+
+    add_entry_dirs_pattern($1, var_lib_t, var_lib_t)
+')
+
 ###########################################
 ## <summary>
 ##     Read-write /var/lib directories